• Dmitrij Spolwind, Director |


  • The conversion of the ERP system to S/4HANA requires changes in authorisation management.

  • In the new ERP generation, there is a focus on user-friendliness and user experience (UX).

  • A data-based approach to customising authorisations saves time and increases quality.

The ERP system is the heart of IT-supported business processes in companies. Therefore, the upcoming conversion of the ERP from SAP to the new generation S/4HANA in many organisations means that processes in numerous company areas will be or must be adapted.

As a result, the introduction of S/4HANA will also affect the management of authorisations - i.e. the permitted accesses to the processes and the information stored on the IT side: it will be necessary to adapt existing authorisations as part of the ERP migration.

This usually involves complex authorisation concepts, because so many participants and processes have to be taken into account. In addition, the authorisations must be aligned with internal and external compliance requirements.

Adaptations also necessary for brownfield

It is important to understand that the adaptation of the authorisation concepts is necessary in all cases when introducing S/4HANA - regardless of whether a greenfield approach is pursued, in which all company processes are set up anew in S/4HANA, or the existing ERP system is transformed within the existing modifications, processes and IT architecture (brownfield).

This should be considered and appropriate preparation made in advance of the S/4HANA planning. Otherwise, problems and additional costs may arise later. On the other hand, those who optimise the business processes and the corresponding authorisation management in parallel will benefit from synergy effects.

Several factors need to be taken into account here. One is the changed transactions, authorisation objects and their characteristics as well as authorisation combinations. Another is the new apps offered by S/4HANA and the strategic question of how the new Fiori launchpad will be used. This is the dashboard through which users in S/4HANA control their apps and data.

Even if the apps are only to be used sporadically, using S/4HANA means that some applications are indispensable. New authorisations must be created for these so that they are visible and usable in the user's launchpad.

User experience depends on the authorisation concept

In addition, user-friendliness and user experience are particularly important in S/4HANA. The new Fiori interface is a central element of this: the launchpad can be designed in such a way that the apps are arranged according to the business processes and the user can thus control the processes intuitively and efficiently.

This must be taken into account when adapting the authorisations, because the design of the authorisation concept has a great influence on the user experience and helps to provide intuitive navigation. Since SAP also offers new applications with each new version, the authorisations must be checked continuously. If necessary, the authorisation concepts must be adapted again and visualised in the launchpad in such a way that users are guided efficiently through the processes.

In addition to the new authorisation objects, the migration to S/4HANA creates many new functionalities in administration. Here, clear responsibilities must be defined for IT depending on the role design. Otherwise, a lean allocation process for authorisations and apps cannot be implemented.

Data-based authorisation management

In order for the authorisations to optimally correspond to the business processes in the company departments, the creators of the authorisation concepts need a good understanding of the users and their processes in the system. However, recording the requirements and specifications is usually resource-intensive. This is where a data-based approach can help.

Comprehensive process and usage data from the SAP system are analysed and evaluated. Based on modern analysis methods, custom-fit authorisation roles can then be determined and the testing of these new roles can be simulated. 

In addition, an analysis can be conducted to see which applications have been used frequently; this will help to select the appropriate Fiori apps from S/4HANA or to evaluate the launchpad design.

Data-based authorisation management has several advantages:

  • the authorisation concepts are created efficiently
  • specialist departments are less involved, which frees up their capacity, and 
  • companies can ensure that compliance requirements are met.

The existing system of authorisation management can also be standardised and optimised in order to automate authorisation management processes governed by this system. This can reduce operating costs.

Conclusion: It is worth considering the necessary changes in authorisation management already in the preliminary study for the S/4HANA migration and determining the necessary adjustments with a data-based approach. This allows the project to be designed efficiently and implemented successfully. We will be happy to support you in this.