Role Design vs. Role Redesign in S/4HANA
-
Role Design (New Implementation)
- Involves creating SAP roles from scratch based on business processes, security requirements, and segregation of duties (SoD).
- Typically done in a greenfield S/4HANA implementation where no previous roles exist.
- Aligns with SAP Fiori role-based access and new authorization concepts in S/4HANA.
- Focuses on mapping business functions to system roles (e.g., end-user, approver, super-user).
- Ensures compliance with governance, risk, and compliance (GRC) standards from the beginning.
-
Role Redesign (Optimization of Existing Roles)
- Involves modifying and optimizing existing SAP roles to meet new business and security requirements.
- Common in brownfield migrations or system upgrades where legacy ECC roles need adaptation for S/4HANA.
- Includes removing obsolete transactions (e.g., replaced by Fiori apps) and aligning with S/4 authorization concepts.
- Addresses SoD conflicts and unnecessary access privileges that have accumulated over time.
- Enhances performance by ensuring roles are structured efficiently (e.g., fewer composite roles, more task-based roles).
Key Differences
| Aspect | Role Design | Role Redesign |
|---|---|---|
| When Used? | New S/4 implementation | Migration, upgrade, or security audit |
| Approach | Built from scratch | Optimization of existing roles |
| Scope | Defined per business needs | Adjustments based on gaps in legacy roles |
| SAP Fiori Alignment | Designed with Fiori in mind | Adapts old roles to support Fiori apps |
| SoD Consideration | Prevents conflicts upfront | Fixes existing conflicts |
| Obsolete TCodes | Not included | Identifies and removes old transactions |
No comments:
Post a Comment