NTT DATA Business Solutions
Steen Schledermann | juni 7, 2021

Have you Considered the Readiness of Your SAP Roles & Authorizations for Your S/4HANA Migration?

Cloud and IT Security Data Center

Most SAP customers have already started considering their approach and the strategy of their ERP system migration to S/4HANA. Some have already completed the migration and some are still in the process of migrating.

One of the learnings from migration projects where Lift-and-Shift, Greenfield or Brownfield approaches have been taken, is that little focus has been placed on the challenges of realizing a successful role design that supports business processes. In other words, a design that takes both the technical and organizational migration challenges into account for the new S/4HANA solution.

At NTT DATA Business Solution we have successfully engaged in S/4HANA projects by applying a data-driven approach to the design of business relevant and appropriate roles and authorizations. Furthermore, we apply technology accelerated testing of Roles and Authorizations, both during the pre-production and the go-live phase, eliminating the often extensive and challenging draw on business experts for manual testing.

This approach is supported by the use of the Xiting Authorizations Management Suite (XAMS) from our strategic partner Xiting. The following chapters explain the three accelerators applied to enable a successful S/4HANA migration, testing and go-live.


Migrate to SAP S/4HANA With XAMS

SAP S/4HANA introduces an entirely new data model. As a result, role administrators must update their existing role concept and authorizations. Analyzing and updating old roles is a time-consuming process that takes up valuable project resources. SAP has documented many, but not all, of the required changes associated with both the new and obsolete transaction codes in an extensive document called the Simplification List.

As part of XAMS, Xiting has developed a solution that can expedite the time spent on migration of roles and authorizations to SAP S/4HANA with up to 75% compared to a manual approach.

By analyzing the old roles and the usage of these roles in the existing SAP ERP system and by performing an automated gap analysis to the latest SAP Simplification list, the Role Designer solution enables a highly effective data-driven role redesign process, eliminating the traditional extensive draw of the business experts in a manual redesign process.

XAMS enables the project team to automate the migration of existing roles and authorizations to SAP S/4HANA in a highly effective manner.  At the same time XAMS will perform an in-depth analysis on how well the existing roles are supporting the daily processes carried out by the users.


Automate Role Testing – Productive Test Simulation

The testing of new roles or changes to existing roles, is a time-consuming and expensive process which requires input from various business experts within your organization.

Xiting has developed a unique solution that virtually eliminates the need for traditional role-acceptance or user-acceptance testing (UAT).

Productive Test Simulation is made possible by the integrative operation of the XAMS modules Xiting Times (operation) and Role Builder (analysis).

Productive Test Simulation enables role administrators to simulate authority checks against new or changed roles without negatively impacting the productivity of end-users. Efficiencies are gained by allowing the role administrators to analyze and redesign missing authorization values in a structured manner instead of fixing individual errors on-the-fly. Further benefits are gained through integrated reports that allow for SU24 optimization and filtering of logged data.

During traditional UAT phases, testers often have to wait for role administrators to add any missing authorizations encountered during the testing phase. XAMS can automate this process by dynamically creating and assigning delta roles with missing and whitelisted authorizations any time the tester triggers a failed authority check.

Reduce Risk During Go-Live: Protected Go-Live with XAMS

After a role redesign project, missing authorizations due to gaps in test protocols constitute a significant risk. Frustrated end-users, loss of productivity, hasty emergency changes and an increase in help desk tickets are some of the classic impacts of manual redesigns. These challenges are the reason why many companies shy away from role redesign projects. Some organizations find it easier and less expensive to just live with the inherent risk that comes with over-authorized users.

Xiting has developed a solution called Protected Go-Live, which is a core part of the Xiting Times module. With Protected Go-Live, security administrators can enable end users to temporarily get their old roles back if they run into issues with their new roles during go-live.

Stakeholders can build customized workflows around those temporary assignments, including various approval processes, and all actions taken are logged in an audit-compliant fashion. For end users, the process is simple and painless because requesting their old roles can be performed using a simple self-service transaction directly in the system in which they encounter the issue. The end user is able to continue supporting the business without any disruption in daily operation. At the same time, the issue has been logged and can now be analyzed together with process owners in an orderly fashion, to ensure that any changes to the roles are staying true to the authorization concept.

How do You Ensure Your Successful S/4HANA Migration?

To learn more about how you can include a data-driven effective role-redesign and reducing risk of your S/4HANA go-live, please contact NTT DATA Business Solutions to learn how we can help you assessing your S/4HANA migration situation.

Join our webinar about Effective data-driven SAP Role Redesign

Schedule a Security Inspiration Meeting to discuss your specific situation in relation to Cybersecurity here