SlideShare a Scribd company logo

S4H_790 IAM - Authorization Concept Guidelines for S4HANA Cloud.pptx

Download as PPTX, PDF
I
ITAdmin28

S$H

Software
1 of 23
CUSTOMER SAP S/4HANA Cloud, extended edition September 25, 2020 Identity and Access Management (IAM) Authorization Concepts for 3 Tier Landscape Approach
2 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ Purpose of this Document Overview Purpose of the Different Systems  Development System  Quality System  Production System Authorization Guidelines for Different Systems  Development System Authorization Guidelines  Quality System Authorization Guidelines  Production System Authorization Guidelines Agenda
3 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The purpose of this document is to describe the Identity and Access Management (IAM) Authorization Concept approach for 3 tier landscapes (Development, Quality, Production) for an implementation projects development, testing and cutover phases as well as the approach for maintaining an operational system. Purpose of this Document
Authorization Concept Overview
5 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Authorization Concept must be determined for all the systems provided with the solution and all potential users, not just for the Production System and the business users. The Systems provided with SAP S/4HANA Cloud, extended edition are as follows:  Development System (DEV)  Quality System (Q)  Production System (PRD) The purposes of the Development System, the Quality System, and the Production System are significantly different from each other. Therefore, the needs of a project team member and post go- live support user are significantly different than those of a business user when determining their Authorization. The Authorization Concepts are defined by guidelines as described in the following slides. Overview: Systems
Authorization Concept Purpose of the Different Systems
7 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Development System is where the project team members work to define what the solution will look like by utilizing preconfigured business processes and any specific customer related configuration during the fit-to-standard and planning and design processes to document backlog items and delta requirements. What activities are typically performed in the Development System for Authorization? • Master Data Definition and Creation • SAP Configuration • SAP Custom Development • SAP Security, Roles, and Authorizations • Unit Testing of Configuration, Development Objects, and Security Roles • Release of Configuration, Development and Security Transports for import to the Quality System • Audits of Unit Testing Development System: What is this system initially used for?
8 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After the Project Go-Live, the Development System is used to support the operation of the Production Landscape. What activities are typically performed in the Development System after Project Go-Live, when the Production System is in use, for Authorization? • Production System defect investigation. • Corrections/bug fix application and testing prior to introduction into the Quality System. • Upgrade of applications and testing prior to introduction into the Quality System. • New Enterprise Extension activation. • New functionality, business processes, and testing. • Role maintenance and transport creation. Development System: What is this system used for after Go-Live?
9 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Quality System is where the project team members build upon the work done in the Development system by testing end-to-end integrated business processes in a Production like environment. What activities are typically performed in the Quality System for Authorization? • Master Data Definition and Creation. • SAP Client Specific Configuration (example: number ranges). • Integration testing of configuration, development objects, and security roles in end to end business processes. • Conduct Authorization Tracing for any authorization incidents. • User Acceptance Testing. • Release of configuration, development, and security transports for import to the Production System • Audits of Integration Testing. • End User Training (optional). • Performance Testing (optional). Quality System: What is this system initially used for?
10 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After the Project Go-Live, the Quality System is used to support the operation of the Production Landscape. What activities are typically performed in the Quality System after Project Go-Live, when the Production System is in use, for Authorization? • Production System defect investigation. • Corrections/bug fix application and testing prior to introduction into the Production System. • Upgrade application and testing prior to introduction into the Production System. • New Enterprise Extension activation. • New functionality and business processes creation and testing. • Testing of Role changes prior to import into the Production System. Quality System: What is this system used for after Go-Live?
11 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Production System is where the project team members will execute Mock Cutovers ( a practice cutover), it is assumed, to ensure that the build of the Production System will be successful and that the business processes will work as designed for the business end-users. What activities are typically performed in the Production System for Authorization? • Master Data Definition and Creation using Conversions. • SAP Configuration (example: number ranges). • SAP Custom Z-Table Data Entry through manual entry and/or through data loads. • SAP Roles and Authorizations transport import. • Testing of configuration, development objects, and security roles and authorization. • Validation of configuration, development, and authorization and role transports imported from the Quality System. • Smoke testing of all in-scope business processes to ensure proper operation once a Mock Cutover is completed. • Audits of Mock Cutover testing. Production System: What is this system initially used for?
12 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After the Project Go-Live, the Production System is used to operate the business. What activities are typically performed in the Production System after Project Go-Live, when the Production System is in use, for Authorization? • Execution of all in-scope business processes designed by the project for use in the Production System. • Smoke testing of all in-scope business processes to ensure proper operation once the Production Cutover activities to build the Production System are completed. • Production System defect investigation. • Corrections/bug fix application after testing in the Development and Quality Systems. • Import of transports for any new functionality introduced. • Role assignment to users. • Authorization tracing to investigate any authorization issues. Production System: What is this system used for after Go-Live?
Authorization Concept Authorization Guidelines for the Different Systems
14 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ Authorization Concepts are dependent upon the following:  Who needs the authorization?  For what System do they need authorization?  What Activities do they need to perform in a particular SAP System?  How long do they need the authorization in a particular SAP System? System Authorization Considerations
15 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ These Development System guidelines are for the Project Team and Production Support Teams. In the Development System, during a project, the authorization concept used is to give each Project Team and Production Support Team Member as much access as possible. Follow these Development System Authorization guidelines:  #1: Limit a user’s access where their actions would cause significant problems such as damage requiring a system restoration or which would result in unnecessary additional costs. ▫ Example 1: Configurator would have display access only and would not be given change access to the SAP Switch Framework to activate enterprise extensions because some of these extensions are irreversible and if activated by a user, a system restore from backup would be required to correct the issue resulting in lost project time and additional project costs. ▫ Example 2: Configurator would not have a developer’s license as that license is an additional cost and the configurator does not have the responsibility to write custom code.  #2: Limit a user’s access where there is a separation of duty requirement. ▫ Example 1: The configurator and developer will not have authorization to release their own transports as the company has made the decision that they want a separation of duty in this area to control the transports released to the Quality Assurance system. ▫ Example 2: Roles administration and Basis administration need to be separated. Developer. ▫ Example 3: Configurator System Authorization Guidelines: Development System
16 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ In the Quality System, during a project, the authorization concept used is a combination of the Development System and Production System Authorization Concepts. Follow these Quality System Authorization guidelines:  #1: Limit a Project Team and Production Support Team User’s access where their actions would cause significant problems such as damage requiring a system restoration or which would result in unnecessary additional costs. • Project Team and Production Support Team Members should continue to have broad access in the Quality System  #2: Limit a Project Team/Production Support Team User’s access where there is a separation of duty requirement.  #3: Limit a Business User to the same authorization they have in their Production System.  #4: Limit a Test User to the same authorization for the position for which they were created. System Authorization Guidelines: Quality System
17 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ In the Production System, the Authorization Concept used is dependent upon the state of the Production System. For the purpose of this document, the three states are: 1. Before Production Go-Live  The Project Team will execute Mock Cutovers and validate the results of those Mock Cutovers.  The Business Users will execute Smoke Tests to validate that the business processes are working as expected after a Mock Cutover is completed. 2. During Cutover for Production Go-Live  The Project Team will execute the Production Go-Live Cutover and validate the results.  The Business Users will execute Smoke Tests to validate that the business processes are working as expected. 3. After Production Go-Live  The Production Support Team will investigate Production Defects.  The Business Users will execute the in scope business processes. System Authorization Guidelines: Production System
18 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ Before Production Go-Live Project Team members: should have the access needed to execute the Mock Cutover Activities that they are responsible for. Business Users: should have authorization equivalent to their Production System access in order to execute Smoke Tests. Production Support Team members: should have access to the various firefighter user ids and use them to troubleshoot any issues identified during Mock Cutover where Production System access beyond a normal Business User is required. Follow these Production System (Before Production Go-Live) Authorization guidelines:  #1: Limit the Project Team Users’ access to only those needed for them to execute their Mock Cutover Activities.  #2: Limit the Business Users’ access to their Production System access.  #3: Limit the Production Support Team Users’ access to only those firefighter roles created for troubleshooting issues. System Authorization Guidelines: Production System
19 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ During Cutover for Production Go-Live Project Team members: should have the access needed to execute and validate that the Production Go-Live Cutover Activities that they are responsible for have been properly performed. Business Users : should have authorization equivalent to their Production System access in order to execute Smoke Tests to confirm that the system is functioning properly after the Project Team has validated that the Cutover Activities supporting the Business Process are successfully completed. Production Support Team members: should confirm that the firefighter user ids provide the designed access for troubleshooting in the Production System. Follow these Production System (During Cutover for Production Go-Live) Authorization guidelines:  #1: Limit a Project Team User’s access to only those needed for them to execute and validate their Production Go-Live Cutover Activities.  #2: Limit a Business Users access to their Production System access.  #3: Temporarily allow the Production Support Team members to use their various firefighter user ids to confirm that they provide the desired access for troubleshooting. System Authorization Guidelines: Production System
20 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After Production Go-Live Project Team members: should not have any project related access to the Production System. Business Users: should have their normal Production System access in order to execute any in- scope business processes for which they are responsible. Production Support Team members: should not have any project related access to the Production System but would be able to utilize the firefighter user ids for limited periods of time in order to troubleshoot issues identified by Business Users in the Production System. Follow these Production System (After Production Go-Live) Authorization guidelines:  #1: Remove a Project Team User’s access related to any project specific activities.  #2: Provide the Business User with their normal Production System access.  #3: Temporarily allow the Production Support Team members to use their various firefighter user ids only when an issue is identified in the Production System by the Business Users that needs investigated in that System. System Authorization Guidelines: Production System
Thank you.
© 2020 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. See www.sap.com/copyright for additional trademark information and notices. www.sap.com/contactsap Follow us
www.sap.com/germany/contactsap © 2020 SAP SE oder ein SAP-Konzernunternehmen. Alle Rechte vorbehalten. Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden. Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten. Produkte können länderspezifische Unterschiede aufweisen. Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschließlich zu Informationszwecken. Die SAP SE oder ihre Konzernunternehmen übernehmen keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren. Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehörigen Präsentation dargestellte Geschäftsabläufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu veröffentlichen. Diese Publikation oder eine zugehörige Präsentation, die Strategie und etwaige künftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen können von der SAP SE oder ihren Konzernunternehmen jederzeit und ohne Angabe von Gründen unangekündigt geändert werden. Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder Funktionen dar. Sämtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatsächlichen Ergebnisse von den Erwartungen abweichen können. Dem Leser wird empfohlen, diesen vorausschauenden Aussagen kein übertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu stützen. SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Ländern weltweit. Alle anderen Namen von Produkten und Dienstleistungen sind Marken der jeweiligen Firmen. Zusätzliche Informationen zur Marke und Vermerke finden Sie auf der Seite www.sap.com/corporate/de/legal/copyright.html. SAP folgen auf

Recommended

Development Best Practices
Development Best PracticesDevelopment Best Practices
Development Best PracticesSalesforce Partners
 
Deepti Debnath_Citi Corp-2015
Deepti Debnath_Citi Corp-2015 Deepti Debnath_Citi Corp-2015
Deepti Debnath_Citi Corp-2015 deepti Debnath
 
Release and Enviromental Management
Release and Enviromental ManagementRelease and Enviromental Management
Release and Enviromental ManagementSalesforce Partners
 
Best Practices for a Repeatable Shift-Left Commitment
Best Practices for a Repeatable Shift-Left CommitmentBest Practices for a Repeatable Shift-Left Commitment
Best Practices for a Repeatable Shift-Left CommitmentApplause
 
Ais development strategy
Ais development strategyAis development strategy
Ais development strategyRahat Chowdhury
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
SAP License Audit Tips
SAP License Audit TipsSAP License Audit Tips
SAP License Audit TipsAuditBot SAP Security Audit
 
Introduction to ERP Concept
Introduction to ERP ConceptIntroduction to ERP Concept
Introduction to ERP ConceptAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 

Recommended

Development Best Practices
Development Best PracticesDevelopment Best Practices
Development Best PracticesSalesforce Partners
 
Deepti Debnath_Citi Corp-2015
Deepti Debnath_Citi Corp-2015 Deepti Debnath_Citi Corp-2015
Deepti Debnath_Citi Corp-2015 deepti Debnath
 
Release and Enviromental Management
Release and Enviromental ManagementRelease and Enviromental Management
Release and Enviromental ManagementSalesforce Partners
 
Best Practices for a Repeatable Shift-Left Commitment
Best Practices for a Repeatable Shift-Left CommitmentBest Practices for a Repeatable Shift-Left Commitment
Best Practices for a Repeatable Shift-Left CommitmentApplause
 
Ais development strategy
Ais development strategyAis development strategy
Ais development strategyRahat Chowdhury
 
SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...SaaS System Validation, practical tips on getting validated for go-live and t...
SaaS System Validation, practical tips on getting validated for go-live and t...Steffan Stringer
 
SAP License Audit Tips
SAP License Audit TipsSAP License Audit Tips
SAP License Audit TipsAuditBot SAP Security Audit
 
Introduction to ERP Concept
Introduction to ERP ConceptIntroduction to ERP Concept
Introduction to ERP ConceptAmity University | FMS - DU | IMT | Stratford University | KKMI International Institute | AIMA | DTU
 
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...Emtec Inc.
 
Learn software testing with tech partnerz 1
Learn software testing with tech partnerz 1Learn software testing with tech partnerz 1
Learn software testing with tech partnerz 1Techpartnerz
 
Deepti Debnath_2015
Deepti Debnath_2015Deepti Debnath_2015
Deepti Debnath_2015deepti Debnath
 
A Complete Guide to Functional Testing
A Complete Guide to Functional TestingA Complete Guide to Functional Testing
A Complete Guide to Functional TestingMatthew Allen
 
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systemsSITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systemssitist
 
BVT_Swamy_Abap_4
BVT_Swamy_Abap_4BVT_Swamy_Abap_4
BVT_Swamy_Abap_4BOGGARAPU VENKATA TRINADHA SWAMY
 
Automating Deployment Between Orgs Using Git & Continuous Integration
Automating Deployment Between Orgs Using Git & Continuous IntegrationAutomating Deployment Between Orgs Using Git & Continuous Integration
Automating Deployment Between Orgs Using Git & Continuous IntegrationSebastian Wagner
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digitalrajni singh
 
Continuous Performance Testing: The New Standard
Continuous Performance Testing: The New StandardContinuous Performance Testing: The New Standard
Continuous Performance Testing: The New StandardTechWell
 
Continuous testing
Continuous testing Continuous testing
Continuous testing Dr Ganesh Iyer
 
Neev QA Offering
Neev QA OfferingNeev QA Offering
Neev QA OfferingNeev Technologies
 
Best Practices in Testing Force.com Application
Best Practices in Testing Force.com ApplicationBest Practices in Testing Force.com Application
Best Practices in Testing Force.com ApplicationEmtec Inc.
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 
Tech Mastermind - Test Suite 20.10.pdf
Tech Mastermind - Test Suite 20.10.pdfTech Mastermind - Test Suite 20.10.pdf
Tech Mastermind - Test Suite 20.10.pdfSaiKumarBorusu
 
The quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingThe quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingMaitrikpaida
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingCygnet Infotech
 
RajivRanjan_Resume
RajivRanjan_ResumeRajivRanjan_Resume
RajivRanjan_ResumeRajiv Ranjan
 
ERP Training
ERP TrainingERP Training
ERP TrainingSoumya De
 
Salesforce Continuous Integration with AutoRABIT
Salesforce Continuous Integration with AutoRABITSalesforce Continuous Integration with AutoRABIT
Salesforce Continuous Integration with AutoRABITVishnu Raju Datla
 
Simplify Salesforce Testing with AI-Driven Codeless Tools
Simplify Salesforce Testing with AI-Driven Codeless ToolsSimplify Salesforce Testing with AI-Driven Codeless Tools
Simplify Salesforce Testing with AI-Driven Codeless ToolsSauce Labs
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 

More Related Content

Similar to S4H_790 IAM - Authorization Concept Guidelines for S4HANA Cloud.pptx

Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...Emtec Inc.
 
Learn software testing with tech partnerz 1
Learn software testing with tech partnerz 1Learn software testing with tech partnerz 1
Learn software testing with tech partnerz 1Techpartnerz
 
A Complete Guide to Functional Testing
A Complete Guide to Functional TestingA Complete Guide to Functional Testing
A Complete Guide to Functional TestingMatthew Allen
 
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systemsSITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systemssitist
 
Automating Deployment Between Orgs Using Git & Continuous Integration
Automating Deployment Between Orgs Using Git & Continuous IntegrationAutomating Deployment Between Orgs Using Git & Continuous Integration
Automating Deployment Between Orgs Using Git & Continuous IntegrationSebastian Wagner
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digitalrajni singh
 
Continuous Performance Testing: The New Standard
Continuous Performance Testing: The New StandardContinuous Performance Testing: The New Standard
Continuous Performance Testing: The New StandardTechWell
 
Best Practices in Testing Force.com Application
Best Practices in Testing Force.com ApplicationBest Practices in Testing Force.com Application
Best Practices in Testing Force.com ApplicationEmtec Inc.
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudrsg00usa
 
Tech Mastermind - Test Suite 20.10.pdf
Tech Mastermind - Test Suite 20.10.pdfTech Mastermind - Test Suite 20.10.pdf
Tech Mastermind - Test Suite 20.10.pdfSaiKumarBorusu
 
The quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingThe quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingMaitrikpaida
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingCygnet Infotech
 
RajivRanjan_Resume
RajivRanjan_ResumeRajivRanjan_Resume
RajivRanjan_ResumeRajiv Ranjan
 
ERP Training
ERP TrainingERP Training
ERP TrainingSoumya De
 
Salesforce Continuous Integration with AutoRABIT
Salesforce Continuous Integration with AutoRABITSalesforce Continuous Integration with AutoRABIT
Salesforce Continuous Integration with AutoRABITVishnu Raju Datla
 
Simplify Salesforce Testing with AI-Driven Codeless Tools
Simplify Salesforce Testing with AI-Driven Codeless ToolsSimplify Salesforce Testing with AI-Driven Codeless Tools
Simplify Salesforce Testing with AI-Driven Codeless ToolsSauce Labs
 

Similar to S4H_790 IAM - Authorization Concept Guidelines for S4HANA Cloud.pptx (20)

Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
Webinar Presentation: Best Practices in QA Testing - Leveraging Open Source T...
 
Learn software testing with tech partnerz 1
Learn software testing with tech partnerz 1Learn software testing with tech partnerz 1
Learn software testing with tech partnerz 1
 
Deepti Debnath_2015
Deepti Debnath_2015Deepti Debnath_2015
Deepti Debnath_2015
 
A Complete Guide to Functional Testing
A Complete Guide to Functional TestingA Complete Guide to Functional Testing
A Complete Guide to Functional Testing
 
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systemsSITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
SITIST 2018 Part 1 - Installation of custom CIC Certified Add-On client systems
 
BVT_Swamy_Abap_4
BVT_Swamy_Abap_4BVT_Swamy_Abap_4
BVT_Swamy_Abap_4
 
Automating Deployment Between Orgs Using Git & Continuous Integration
Automating Deployment Between Orgs Using Git & Continuous IntegrationAutomating Deployment Between Orgs Using Git & Continuous Integration
Automating Deployment Between Orgs Using Git & Continuous Integration
 
Quality at the speed of digital
Quality at the speed of digitalQuality at the speed of digital
Quality at the speed of digital
 
Continuous Performance Testing: The New Standard
Continuous Performance Testing: The New StandardContinuous Performance Testing: The New Standard
Continuous Performance Testing: The New Standard
 
Continuous testing
Continuous testing Continuous testing
Continuous testing
 
Neev QA Offering
Neev QA OfferingNeev QA Offering
Neev QA Offering
 
Best Practices in Testing Force.com Application
Best Practices in Testing Force.com ApplicationBest Practices in Testing Force.com Application
Best Practices in Testing Force.com Application
 
DevOps in Salesforce AppCloud
DevOps in Salesforce AppCloudDevOps in Salesforce AppCloud
DevOps in Salesforce AppCloud
 
Tech Mastermind - Test Suite 20.10.pdf
Tech Mastermind - Test Suite 20.10.pdfTech Mastermind - Test Suite 20.10.pdf
Tech Mastermind - Test Suite 20.10.pdf
 
The quality assurance checklist for progressive testing
The quality assurance checklist for progressive testingThe quality assurance checklist for progressive testing
The quality assurance checklist for progressive testing
 
The Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive TestingThe Quality Assurance Checklist for Progressive Testing
The Quality Assurance Checklist for Progressive Testing
 
RajivRanjan_Resume
RajivRanjan_ResumeRajivRanjan_Resume
RajivRanjan_Resume
 
ERP Training
ERP TrainingERP Training
ERP Training
 
Salesforce Continuous Integration with AutoRABIT
Salesforce Continuous Integration with AutoRABITSalesforce Continuous Integration with AutoRABIT
Salesforce Continuous Integration with AutoRABIT
 
Simplify Salesforce Testing with AI-Driven Codeless Tools
Simplify Salesforce Testing with AI-Driven Codeless ToolsSimplify Salesforce Testing with AI-Driven Codeless Tools
Simplify Salesforce Testing with AI-Driven Codeless Tools
 

Recently uploaded

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)OPEN KNOWLEDGE GmbH
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfkalichargn70th171
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideChristina Lin
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxbodapatigopi8531
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...OnePlan Solutions
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 

Recently uploaded (20)

EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)Der Spagat zwischen BIAS und FAIRNESS (2024)
Der Spagat zwischen BIAS und FAIRNESS (2024)
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdfLearn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
Learn the Fundamentals of XCUITest Framework_ A Beginner's Guide.pdf
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop SlideBuilding Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
Building Real-Time Data Pipelines: Stream & Batch Processing workshop Slide
 
Hand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptxHand gesture recognition PROJECT PPT.pptx
Hand gesture recognition PROJECT PPT.pptx
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...Advancing Engineering with AI through the Next Generation of Strategic Projec...
Advancing Engineering with AI through the Next Generation of Strategic Projec...
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 

S4H_790 IAM - Authorization Concept Guidelines for S4HANA Cloud.pptx

  • 1. CUSTOMER SAP S/4HANA Cloud, extended edition September 25, 2020 Identity and Access Management (IAM) Authorization Concepts for 3 Tier Landscape Approach
  • 2. 2 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ Purpose of this Document Overview Purpose of the Different Systems  Development System  Quality System  Production System Authorization Guidelines for Different Systems  Development System Authorization Guidelines  Quality System Authorization Guidelines  Production System Authorization Guidelines Agenda
  • 3. 3 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The purpose of this document is to describe the Identity and Access Management (IAM) Authorization Concept approach for 3 tier landscapes (Development, Quality, Production) for an implementation projects development, testing and cutover phases as well as the approach for maintaining an operational system. Purpose of this Document
  • 5. 5 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Authorization Concept must be determined for all the systems provided with the solution and all potential users, not just for the Production System and the business users. The Systems provided with SAP S/4HANA Cloud, extended edition are as follows:  Development System (DEV)  Quality System (Q)  Production System (PRD) The purposes of the Development System, the Quality System, and the Production System are significantly different from each other. Therefore, the needs of a project team member and post go- live support user are significantly different than those of a business user when determining their Authorization. The Authorization Concepts are defined by guidelines as described in the following slides. Overview: Systems
  • 6. Authorization Concept Purpose of the Different Systems
  • 7. 7 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Development System is where the project team members work to define what the solution will look like by utilizing preconfigured business processes and any specific customer related configuration during the fit-to-standard and planning and design processes to document backlog items and delta requirements. What activities are typically performed in the Development System for Authorization? • Master Data Definition and Creation • SAP Configuration • SAP Custom Development • SAP Security, Roles, and Authorizations • Unit Testing of Configuration, Development Objects, and Security Roles • Release of Configuration, Development and Security Transports for import to the Quality System • Audits of Unit Testing Development System: What is this system initially used for?
  • 8. 8 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After the Project Go-Live, the Development System is used to support the operation of the Production Landscape. What activities are typically performed in the Development System after Project Go-Live, when the Production System is in use, for Authorization? • Production System defect investigation. • Corrections/bug fix application and testing prior to introduction into the Quality System. • Upgrade of applications and testing prior to introduction into the Quality System. • New Enterprise Extension activation. • New functionality, business processes, and testing. • Role maintenance and transport creation. Development System: What is this system used for after Go-Live?
  • 9. 9 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Quality System is where the project team members build upon the work done in the Development system by testing end-to-end integrated business processes in a Production like environment. What activities are typically performed in the Quality System for Authorization? • Master Data Definition and Creation. • SAP Client Specific Configuration (example: number ranges). • Integration testing of configuration, development objects, and security roles in end to end business processes. • Conduct Authorization Tracing for any authorization incidents. • User Acceptance Testing. • Release of configuration, development, and security transports for import to the Production System • Audits of Integration Testing. • End User Training (optional). • Performance Testing (optional). Quality System: What is this system initially used for?
  • 10. 10 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After the Project Go-Live, the Quality System is used to support the operation of the Production Landscape. What activities are typically performed in the Quality System after Project Go-Live, when the Production System is in use, for Authorization? • Production System defect investigation. • Corrections/bug fix application and testing prior to introduction into the Production System. • Upgrade application and testing prior to introduction into the Production System. • New Enterprise Extension activation. • New functionality and business processes creation and testing. • Testing of Role changes prior to import into the Production System. Quality System: What is this system used for after Go-Live?
  • 11. 11 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ The Production System is where the project team members will execute Mock Cutovers ( a practice cutover), it is assumed, to ensure that the build of the Production System will be successful and that the business processes will work as designed for the business end-users. What activities are typically performed in the Production System for Authorization? • Master Data Definition and Creation using Conversions. • SAP Configuration (example: number ranges). • SAP Custom Z-Table Data Entry through manual entry and/or through data loads. • SAP Roles and Authorizations transport import. • Testing of configuration, development objects, and security roles and authorization. • Validation of configuration, development, and authorization and role transports imported from the Quality System. • Smoke testing of all in-scope business processes to ensure proper operation once a Mock Cutover is completed. • Audits of Mock Cutover testing. Production System: What is this system initially used for?
  • 12. 12 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After the Project Go-Live, the Production System is used to operate the business. What activities are typically performed in the Production System after Project Go-Live, when the Production System is in use, for Authorization? • Execution of all in-scope business processes designed by the project for use in the Production System. • Smoke testing of all in-scope business processes to ensure proper operation once the Production Cutover activities to build the Production System are completed. • Production System defect investigation. • Corrections/bug fix application after testing in the Development and Quality Systems. • Import of transports for any new functionality introduced. • Role assignment to users. • Authorization tracing to investigate any authorization issues. Production System: What is this system used for after Go-Live?
  • 14. 14 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ Authorization Concepts are dependent upon the following:  Who needs the authorization?  For what System do they need authorization?  What Activities do they need to perform in a particular SAP System?  How long do they need the authorization in a particular SAP System? System Authorization Considerations
  • 15. 15 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ These Development System guidelines are for the Project Team and Production Support Teams. In the Development System, during a project, the authorization concept used is to give each Project Team and Production Support Team Member as much access as possible. Follow these Development System Authorization guidelines:  #1: Limit a user’s access where their actions would cause significant problems such as damage requiring a system restoration or which would result in unnecessary additional costs. ▫ Example 1: Configurator would have display access only and would not be given change access to the SAP Switch Framework to activate enterprise extensions because some of these extensions are irreversible and if activated by a user, a system restore from backup would be required to correct the issue resulting in lost project time and additional project costs. ▫ Example 2: Configurator would not have a developer’s license as that license is an additional cost and the configurator does not have the responsibility to write custom code.  #2: Limit a user’s access where there is a separation of duty requirement. ▫ Example 1: The configurator and developer will not have authorization to release their own transports as the company has made the decision that they want a separation of duty in this area to control the transports released to the Quality Assurance system. ▫ Example 2: Roles administration and Basis administration need to be separated. Developer. ▫ Example 3: Configurator System Authorization Guidelines: Development System
  • 16. 16 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ In the Quality System, during a project, the authorization concept used is a combination of the Development System and Production System Authorization Concepts. Follow these Quality System Authorization guidelines:  #1: Limit a Project Team and Production Support Team User’s access where their actions would cause significant problems such as damage requiring a system restoration or which would result in unnecessary additional costs. • Project Team and Production Support Team Members should continue to have broad access in the Quality System  #2: Limit a Project Team/Production Support Team User’s access where there is a separation of duty requirement.  #3: Limit a Business User to the same authorization they have in their Production System.  #4: Limit a Test User to the same authorization for the position for which they were created. System Authorization Guidelines: Quality System
  • 17. 17 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ In the Production System, the Authorization Concept used is dependent upon the state of the Production System. For the purpose of this document, the three states are: 1. Before Production Go-Live  The Project Team will execute Mock Cutovers and validate the results of those Mock Cutovers.  The Business Users will execute Smoke Tests to validate that the business processes are working as expected after a Mock Cutover is completed. 2. During Cutover for Production Go-Live  The Project Team will execute the Production Go-Live Cutover and validate the results.  The Business Users will execute Smoke Tests to validate that the business processes are working as expected. 3. After Production Go-Live  The Production Support Team will investigate Production Defects.  The Business Users will execute the in scope business processes. System Authorization Guidelines: Production System
  • 18. 18 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ Before Production Go-Live Project Team members: should have the access needed to execute the Mock Cutover Activities that they are responsible for. Business Users: should have authorization equivalent to their Production System access in order to execute Smoke Tests. Production Support Team members: should have access to the various firefighter user ids and use them to troubleshoot any issues identified during Mock Cutover where Production System access beyond a normal Business User is required. Follow these Production System (Before Production Go-Live) Authorization guidelines:  #1: Limit the Project Team Users’ access to only those needed for them to execute their Mock Cutover Activities.  #2: Limit the Business Users’ access to their Production System access.  #3: Limit the Production Support Team Users’ access to only those firefighter roles created for troubleshooting issues. System Authorization Guidelines: Production System
  • 19. 19 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ During Cutover for Production Go-Live Project Team members: should have the access needed to execute and validate that the Production Go-Live Cutover Activities that they are responsible for have been properly performed. Business Users : should have authorization equivalent to their Production System access in order to execute Smoke Tests to confirm that the system is functioning properly after the Project Team has validated that the Cutover Activities supporting the Business Process are successfully completed. Production Support Team members: should confirm that the firefighter user ids provide the designed access for troubleshooting in the Production System. Follow these Production System (During Cutover for Production Go-Live) Authorization guidelines:  #1: Limit a Project Team User’s access to only those needed for them to execute and validate their Production Go-Live Cutover Activities.  #2: Limit a Business Users access to their Production System access.  #3: Temporarily allow the Production Support Team members to use their various firefighter user ids to confirm that they provide the desired access for troubleshooting. System Authorization Guidelines: Production System
  • 20. 20 CUSTOMER © 2020 SAP SE or an SAP affiliate company. All rights reserved. ǀ After Production Go-Live Project Team members: should not have any project related access to the Production System. Business Users: should have their normal Production System access in order to execute any in- scope business processes for which they are responsible. Production Support Team members: should not have any project related access to the Production System but would be able to utilize the firefighter user ids for limited periods of time in order to troubleshoot issues identified by Business Users in the Production System. Follow these Production System (After Production Go-Live) Authorization guidelines:  #1: Remove a Project Team User’s access related to any project specific activities.  #2: Provide the Business User with their normal Production System access.  #3: Temporarily allow the Production Support Team members to use their various firefighter user ids only when an issue is identified in the Production System by the Business Users that needs investigated in that System. System Authorization Guidelines: Production System
  • 22. © 2020 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. The information contained herein may be changed without prior notice. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE’s or its affiliated companies’ strategy and possible future developments, products, and/or platforms, directions, and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. All other product and service names mentioned are the trademarks of their respective companies. See www.sap.com/copyright for additional trademark information and notices. www.sap.com/contactsap Follow us
  • 23. www.sap.com/germany/contactsap © 2020 SAP SE oder ein SAP-Konzernunternehmen. Alle Rechte vorbehalten. Weitergabe und Vervielfältigung dieser Publikation oder von Teilen daraus sind, zu welchem Zweck und in welcher Form auch immer, ohne die ausdrückliche schriftliche Genehmigung durch SAP SE oder ein SAP-Konzernunternehmen nicht gestattet. In dieser Publikation enthaltene Informationen können ohne vorherige Ankündigung geändert werden. Die von SAP SE oder deren Vertriebsfirmen angebotenen Softwareprodukte können Softwarekomponenten auch anderer Softwarehersteller enthalten. Produkte können länderspezifische Unterschiede aufweisen. Die vorliegenden Unterlagen werden von der SAP SE oder einem SAP-Konzernunternehmen bereitgestellt und dienen ausschließlich zu Informationszwecken. Die SAP SE oder ihre Konzernunternehmen übernehmen keinerlei Haftung oder Gewährleistung für Fehler oder Unvollständigkeiten in dieser Publikation. Die SAP SE oder ein SAP-Konzernunternehmen steht lediglich für Produkte und Dienstleistungen nach der Maßgabe ein, die in der Vereinbarung über die jeweiligen Produkte und Dienstleistungen ausdrücklich geregelt ist. Keine der hierin enthaltenen Informationen ist als zusätzliche Garantie zu interpretieren. Insbesondere sind die SAP SE oder ihre Konzernunternehmen in keiner Weise verpflichtet, in dieser Publikation oder einer zugehörigen Präsentation dargestellte Geschäftsabläufe zu verfolgen oder hierin wiedergegebene Funktionen zu entwickeln oder zu veröffentlichen. Diese Publikation oder eine zugehörige Präsentation, die Strategie und etwaige künftige Entwicklungen, Produkte und/oder Plattformen der SAP SE oder ihrer Konzernunternehmen können von der SAP SE oder ihren Konzernunternehmen jederzeit und ohne Angabe von Gründen unangekündigt geändert werden. Die in dieser Publikation enthaltenen Informationen stellen keine Zusage, kein Versprechen und keine rechtliche Verpflichtung zur Lieferung von Material, Code oder Funktionen dar. Sämtliche vorausschauenden Aussagen unterliegen unterschiedlichen Risiken und Unsicherheiten, durch die die tatsächlichen Ergebnisse von den Erwartungen abweichen können. Dem Leser wird empfohlen, diesen vorausschauenden Aussagen kein übertriebenes Vertrauen zu schenken und sich bei Kaufentscheidungen nicht auf sie zu stützen. SAP und andere in diesem Dokument erwähnte Produkte und Dienstleistungen von SAP sowie die dazugehörigen Logos sind Marken oder eingetragene Marken der SAP SE (oder von einem SAP-Konzernunternehmen) in Deutschland und verschiedenen anderen Ländern weltweit. Alle anderen Namen von Produkten und Dienstleistungen sind Marken der jeweiligen Firmen. Zusätzliche Informationen zur Marke und Vermerke finden Sie auf der Seite www.sap.com/corporate/de/legal/copyright.html. SAP folgen auf