cancel
Showing results for 
Search instead for 
Did you mean: 

Sap S4 Hana security implementation approach

0 Kudos
1,513

Hello All,

I am working in a new green field implementation project , where I am handling role of security implementation for S4 hana. Everything is good with the security strategy of which roles to be used and naming convention ..etc ?

But when it comes to realise phase , I am not sure how to start with Roles discussions with the business teams .. For example , we have catalogs , groups , and also Business roles and Authorization data to be maintained, what will be the trigger point to initiate discussions with business teams ??

If any one of you can help me what is the 1 level of discussion we need to do initiate for security roles implementation ?

Accepted Solutions (0)

Answers (2)

Answers (2)

Colleen
Product and Topic Expert
Product and Topic Expert
0 Kudos

before getting into technical specifics -

What project methodology is being used - is it SAP Activate? Is Best Practices being used?

Is SAP Solution Manager Solution documentation being used as the starting point for process models including executables?

Is there a UX architect on the project guiding Fiori Launchpad design, etc

What is the general project governance - are functional teams responsible for obtaining security requirements from the business or is security doing the work?

Regards

Colleen

former_member612251
Participant
0 Kudos

"Everything is good with the security strategy of which roles to be used and naming convention ..etc ?" I would question this? How do you know what roles you are using if you havent even gathered your requirements based on business processes yet? Or have you? The business should be capturing their business processes along with the tcodes. My advice would be to get buy in from all streams and teams on capturing the tcodes right from the get go. Your first point of call is gathering the tcodes/fiori apps and WDA's. These will be in a constant state of flux, believe me! Capturing the backend data for the derived/splitting out of roles for company codes/personnel areas, etc is after this step.

When you said its greenfield, is the role build greenfield also? Are you building a complete new set of roles, or are you re-using old roles? If you are re-using you'll have to retrofit all the new apps and tcodes into these, not to mention cleaning the roles for any violations.