Migration to S4HANA

New S/4HANA Role Migration Analysis Tool

by

Xiting offers a free S/4HANA role migration analysis tool to estimate the impact of a S/4HANA migration on your roles and authorizations.

S/4HANA is the next generation of enterprise software from SAP, and it comes with an entirely new security model. With S/4HANA, SAP has decided to combine, replace or remove a long list of legacy transactions. When it comes time for your team to do the security migration from ABAP to HANA, the question is how to start? Your first stop should be to do a quick “compatibility scan” of your existing roles and authorizations. Xiting offers a new web service that can help you analyze the compatibility of your roles with S/4HANA. The compatibility scan is free and will provide you with an overview of how a migration to S/4HANA would impact your roles. The free compatibility scanner uses the 400+ page Simplification List SAP has created for its customers.

Getting started with a S/4HANA role migration

Download role(s) from PFCG

To get started with the role migration, first, download the role you would like to analyze from the profile generation (transaction PFCG). You can also use the report PFCG_MASS_DOWNLOAD if it is available on your system to analyze multiple roles at the same time.

  1. Go into the Profile Generator (PFCG)
  2. Select the role you wish to download
  3. Then go to Role > Download or Ctrl + F11
  4. Save the role to your computer as TXT or SAP file

Analyze role(s) for S/4HANA compatibility

Once you have downloaded your role(s) from PFCG, you can upload them to Xiting’s S/4HANA role migration analyzer:

  1. Go to the S/4HANA role migration web service and upload your role(s)
  2. After submitting the request, you will get an instant summary report with role compatibility information

S/4HANA role migration report

In the example above, our analyzed role (FI_DB_ALL) has a total of 323 transactions in it.  From that list, and based on information from the 400+ page SAP Simplification List, the role will need to have 60 new transactions added and 30 transactions removed as they are now obsolete.

How to take the next step in your S/4HANA role migration

Manually analyzing role change requirements for migration from the ABAP security model to the new S/4HANA security model is very labor-intensive, time-consuming, and costly. Xiting’s S/4HANA role migration analyzer is a good “first step” in analyzing your roles. This first step will give you an idea as to the scope of your security migration effort, and, secondly, you have to dive deeper into the actual authorization changes required. Therefore, Xiting has developed solutions to make your job much easier. Current estimates are that the Xiting Authorizations Management Suite (XAMS) can reduce your security migration effort by more than 50%. With the XAMS, you can run detailed role migration analysis reports that will accurately define which transactions are obsolete, newly introduced with S/4HANA, or are being combined to simplify the role architecture.

The Xiting Role Designer also allows you to update your current roles automatically with the required S/4HANA simplifications.

Conclusion

S/4HANA is an exciting new technology that introduces an entirely new data model. That new data model is incompatible with legacy role and authorization concepts. As a result, migrating to S/4HANA requires a redesign of your existing roles and the XAMS can significantly expedite these processes. Contact us to learn more.

Jeff Porter

Jeff Porter

Jeff is a Senior SAP Security Consultant at Xiting in the United States. He has over 20 years of experience in the SAP security industry.
Jeff Porter

Latest posts by Jeff Porter (see all)

Subscribe to our SAP Security Newsletter

Stay up to date with the latest SAP security news and receive valuable tips and tricks by subscribing to our newsletter.