Develop a complete authorization concept for SAP S/4HANA and SAP Fiori with this guide! Start by understanding how authorizations work in an ABAP system and exploring the main transactions youll use for configuration. Then learn to create roles with Transaction SU24 and the Profile Generator, track and correct missing authorizations with traces, manage users, and more. See how SAP Access Control can be a useful tool to manage authorizations and learn to migrate authorizations to SAP S/4HANA.Highlights include:1) ABAP authorizations2) Roles3) Transaction SU24 4) Profile Generator5) Authorization traces6) User maintenance7) SAP Access Control8) Debugging9) Migration10) Xiting Authorizations Management Suite (XAMS)

Alessandro Banzer is the chief executive officer of Xiting. He has worked in information technology since 2004, specializing in SAP in 2009. Since then, Alessandro has been involved with global SAP projects in various roles. Alessandro is an active contributor and moderator in the governance, risk, and compliance space on SAP Community, as well as a speaker at SAPPHIRE, ASUG, SAPinsider, and other SAP-related events. He holds a degree in business information technology, as well as an Executive Master of Business Administration from Hult International Business School in London, UK.

... Target Audience ... 19 ... Structure of This Book ... 20 ... Acknowledgments ... 21 1.1 ... What Are Authorizations? ... 24 1.2 ... User Access in the SAP System ... 25 1.3 ... Evolution of Authorizations from SAP ERP to SAP S/4HANA ... 26 1.4 ... SAP Fiori (Presentation Layer) ... 34 1.5 ... Native Authorizations in SAP HANA (Database Layer) ... 37 1.6 ... Hybrid System Landscapes and Implications on Authorizations ... 38 1.7 ... Summary ... 45 2.1 ... Influences on the SAP Authorization Concept ... 48 2.2 ... Basic Principles for an SAP Authorizations Concept ... 49 2.3 ... ABAP Authorizations ... 51 2.4 ... Roles and Profiles ... 65 2.5 ... Users ... 70 2.6 ... Authority Checks ... 74 2.7 ... Critical Authorizations ... 87 2.8 ... Authorizations in SAP ERP Human Capital Management ... 102 2.9 ... Different Transaction Types ... 106 2.10 ... SAP System Check for Security Flaws ... 121 2.11 ... Customizing of SAP Security Settings ... 130 2.12 ... Summary ... 133 3.1 ... Role Design Approaches ... 135 3.2 ... Role Types ... 139 3.3 ... Segregation of Duties ... 146 3.4 ... Determining When to Use Enabler Roles ... 147 3.5 ... Role Naming Convention ... 152 3.6 ... Summary ... 154 4.1 ... Overview ... 158 4.2 ... Xiting Role Designer ... 159 4.3 ... Xiting ABAP Alchemist ... 165 4.4 ... Xiting Role Replicator ... 169 4.5 ... Xiting Role Builder ... 172 4.6 ... Xiting Times ... 174 4.7 ... Xiting Role Profiler ... 176 4.8 ... Xiting Security Architect ... 179 4.9 ... Summary ... 182 5.1 ... Overview ... 184 5.2 ... Transaction SU24 Maintenance ... 192 5.3 ... Transaction SU24N ... 200 5.4 ... Populating Data from Traces ... 205 5.5 ... Best Practice Maintenance of Transaction SU24 ... 208 5.6 ... Upgrading Authorization Default Values ... 223 5.7 ... Transaction SU24 Optimization Tools ... 239 5.8 ... Xiting Authorizations Management Suite: Transaction SU24 Optimization Tools ... 241 5.9 ... Summary ... 243 6.1 ... Navigation within Transaction PFCG ... 247 6.2 ... Creation of Different Roles ... 256 6.3 ... Role Menu Objects ... 270 6.4 ... Authorization Maintenance in Roles ... 274 6.5 ... Sustainable Role Building ... 290 6.6 ... Role Versions ... 297 6.7 ... Roles Overview Status ... 299 6.8 ... Selected Mass Maintenance Options for Roles ... 301 6.9 ... Transfer of Roles ... 306 6.10 ... Xiting Authorizations Management Suite: Virtual Role Design with Xiting Role Designer ... 308 6.11 ... Summary ... 312 7.1 ... Overview ... 316 7.2 ... Transaction SU53 ... 320 7.3 ... Transactions ST01/STAUTHTRACE ... 323 7.4 ... Transaction STUSOBTRACE ... 329 7.5 ... Transaction STUSERTRACE ... 333 7.6 ... Authorization Debugging ... 337 7.7 ... Xiting Authorizations Management Suite: Enhanced Trace Evaluation ... 344 7.8 ... Summary ... 347 8.1 ... Overview ... 349 8.2 ... SAP Fiori Architecture ... 351 8.3 ... Deployment Options ... 353 8.4 ... SAP Fiori Apps Reference Library ... 356 8.5 ... SAP Fiori Administrative Tools ... 360 8.6 ... OData Services ... 366 8.7 ... SAP Fiori Concept Implementation ... 369 8.8 ... Frontend/Backend Server Authorizations ... 379 8.9 ... Troubleshooting Tools for SAP Fiori ... 386 8.10 ... Xiting Authorizations Management Suite: Tool-Driven SAP Fiori Objects Implementation and Analysis ... 392 8.11 ... Summary ... 394 9.1 ... Maintenance of the User Master Record ... 395 9.2 ... Password Rules ... 415 9.3 ... The User Buffer ... 417 9.4 ... User Naming Conventions ... 419 9.5 ... User Classification ... 421 9.6 ... User-Related Tables ... 421 9.7 ... User Access Reviews ... 422 9.8 ... User Lock Status ... 423 9.9 ... Security Policies ... 423 9.10 ... Securing Default Accounts ... 428 9.11 ... Maintaining User Groups ... 430 9.12 ... Central User Administration ... 432 9.13 ... SAP Usage Data for Users ... 436 9.14 ... Summary ... 437 10.1 ... SAP Access Control ... 439 10.2 ... SAP Cloud Identity Access Governance ... 443 10.3 ... Understanding the Ruleset ... 449 10.4 ... Segregation of Duties Management Process ... 456 10.5 ... Custom Transactions for the Ruleset ... 463 10.6 ... Business Roles ... 468 10.7 ... User Access Review ... 470 10.8 ... Roles for Firefighters ... 471 10.9 ... Impact to Governance, Risk, and Compliance When Migrating and Upgrading SAP Systems ... 475 10.10 ... Summary ... 476 11.1 ... Remote Function Call Security ... 477 11.2 ... Best Practices ... 486 11.3 ... SAP Unified Connectivity ... 491 11.4 ... Xiting Authorizations Management Suite: Automated and Risk-Free Role Testing and Go-Live ... 493 11.5 ... Summary ... 494 12.1 ... Overview ... 498 12.2 ... SAP HANA Database ... 504 12.3 ... SAP S/4HANA Deployment Options ... 507 12.4 ... Business Process Changes through SAP S/4HANA ... 516 12.5 ... Core Data Services in SAP S/4HANA ... 519 12.6 ... Preparing for an SAP S/4HANA Migration ... 527 12.7 ... Migrating Authorizations to SAP S/4HANA with Standard SAP Tools ... 541 12.8 ... Xiting Authorizations Management Suite: Helpful SAP S/4HANA Migration Features ... 563 12.9 ... Summary ... 566 13.1 ... SAP S/4HANA Migration Strategies with the Xiting Authorizations Management Suite ... 568 13.2 ... Preparation Phase: Role Concept Validation ... 574 13.3 ... Design Phase: Conceptual Role Migration ... 583 13.4 ... Implementation Phase: SAP S/4HANA Role Implementation ... 588 13.5 ... Validation Phase: SAP S/4HANA Role Concept Analysis ... 599 13.6 ... Activation Phase: Role Concept-Protected Go-Live ... 605 13.7 ... Summary ... 609