From 2025 (SAP has moved in early 2020 the sap ecc support term date to 2027 instead of 2025) SAP's support for the SAP ECC (ERP Central Component) product will end.
It is therefore important to prepare in time for migration to HANA and S/4HANA.
But what are HANA and S/4HANA and what impacts are there with SAP security?
Often these terms are used as synonyms, in fact they are not.
SAP HANA, is a database developed by SAP, for in-memory data processing. In other words, it replaces or is alternative to other solutions such as Oracle, DB2.
SAP S/4HANA (SAP Business Suite 4 SAP HANA) is the SAP product that replaces ERP in the ERP Central Component (ECC) version. This application unlike the previous one, SAP ECC, can only be installed on SAP HANA databases.
In this case it is a purely technological step. There are therefore no impacts at the application level. There may be in case the ECC business suite is also updated accordingly as a result of the switch to the HANA database.
In the latter case, however, this would be a normal SAP upgrade. The permit part and the segregation logic would also remain the same.
Here, unlike the previous scenario, there may be several situations.
As in the past, where in case of upgrades, we were talking about:
Also in the context of migration to S/4HANA there are two distinct types of migration, which follow the following:
In the case of brownfield, a technical migration actually takes place, without reviewing the processes currently in use and therefore without taking advantage of any new features.
While in the case of greenfield the upgrade process becomes a global reimagining of the processes currently in place. As if it were, in some respects, a newly implemented project.
Here are the main points of attention for SAP S/4HANA security:
Choosing the architecture of FES and BES certainly has an important impact.
Here, in fact, in case there is the SAP FIORI FES Hub it becomes important to use the authorization object S_RFCACL for the management of trusted connections.
It is one of the most critical objects that SAP makes available, in fact it is not present by default even in the SAP_ALL.
The design of catalogs and group flowers like. Access to the APPS is managed by the Front End system. In this system, apps and app groups in catalogs must be defined.
FIORI's catalogue must be seen as a kind of professional figure, which will be coupled, if possible, to the relative professional figure in the backend system (Back End Server), i.e. SAP S/4HANA.
It therefore becomes strategic to already have, if possible, an authorization concept based on professional figures. Where to integrate the features necessary for the connection between the APPS and the data present in S/4.
Beware, don't forget that some S/4 processes replace those defined in ECC. It means that if you have to manage segregation of duties in SAP S/4HANA you have to take these changes into account.
Blog post originally translated from: https://www.aglea.com/blog/migrazione-sap-hana-security-sap-cosa-cambia