What are the focus points in SAP S/4HANA projects?
What is worth doing to prepare? How to approach new things?
We already talked about this topic in this post. But what should you do?
Greenfield:upgrade becomes a comprehensive review of the processes currently in place. As if it were, in some respects, a new implementation project. This is an excellent opportunity to revise processes, either by improving parts of them or by taking advantage of new features in the suite.
Beware this, however, may involve more time for analysis and complexity. You need to take this into account if you want to go this route. Consequently, the profiling aspects can also become much more challenging than a "technical" or brownfield upgrade.
Brownfield: In this case it is a more technical upgrade. That is, all the features (or almost all) of the past continue to work while introducing none or few new features of the new releases.
It can be easier than greenfield however in some contexts it is still challenging.
Remember that if you have defined a good authorization concept such an upgrade can certainly be less complicated than if you have not defined an authorization concept or have not followed SAP profiling management rules.
Unfortunately, in many cases, because permissions anyway "work" regardless of how you have managed them you discover difficulties only during times of upgrade or release update.
The tools SAP provides will only work if you have adhered to all SAP role construction best practices.
Read here why during a release upgrade the SAP authorizations are often forgotten.
There are several ways to build the architecture of S/4HANA. Several components are needed for example:
The first (FES) represents the SAP Gateway where the APPs (Applications) are exposed in the second (BES) the ERP. For the placement of the Gateway there are several ways of deployment.
In general from a permissions point of view, the difference is whether the SAP Gateway (FES) is on the same machine where the backend resides or whether it is on a different stand-alone machine.
In case it is on a stand-alone machine you will have to define there roles (called Catalogs and Groups) that define the APPs that a user will be able to see in the FIORI interface.
Whereas if the BES and FES coincide it will all happen on the same machine.
What are the focus points?
This represents one of the most important and impactful innovations, including the permitting aspect.
A series of transactions related to customer and supplier master records are replaced by a single transaction, already present in SAP, called BP Business Partner.
This transaction depending on usage can operate on customers or suppliers. A similar substitution had happened before but for the part related to goods movement, i.e., the MIGO transaction.
By the way, do you know what MIGO means?
There are different versions:
What to do then?
In the past, SAP, during releases of new releases, has always decided to limit impacts on the business if possible.
That is, in the case of security features, these had to be explicitly activated once the update is complete.
Otherwise, they were present in the system but not active. Since release 1909, for some SAP instance profiles, it has been decided to activate them in operational mode. In other words if before the value of these parameters was "conservative", from this release it becomes as restrictive as possible.
Here is the list:
Also look at the following note: OSS: 2713544 - New security settings during conversion to S4HANA 1909 with SUM 2.0 SP6
Some new features are available despite not having S/4HANA, however during this transition it may be important to evaluate them and think about activating them.
For example:
The database security is one of the most important aspects, other than the application security take a look here.
Enable HANA database-level encryption before starting and take advantage of all the security features this database of offers.