Q

Security concerns when upgrading from v.3.1 to v.4.6x

I am new to SAP applications. We are at v.3.1 I_com and 3.1 H o/s and functionality. Now I would like to upgrade to v. 4.6. I have heard that the security is very different between the two versions, so can you give me some insight into what the differences are and how best I can make the transition without causing much pain for the users? Any suggested reading material would be greatly appreciated.


Sure, there are two big issues between the two. Technically, 4.6x versions have entirely new table structures and program code around how Roles and associated profiles are created, maintained and assigned. The 4.6x version introduces a menu structure that can be associated with each role, providing the basis for the assigned user's interface when logging in. Additionally, there are now composite roles, and the ability to link file folders, HTML addresses, and a number of other options to the role itself.

Philosophically, most 3.1x implementations did not focus on security, the focus was on implementing SAP and security got in the way. As a result, many implementations did not take advantage of the S_TCODE object that was introduced in version 3.1G. This choice means that many companies are secured using the authorization objects only, rather than identifying specific transactions for each profile. This dilemma creates considerable complications when auditing the system, ensuring appropriate controls and (most of all) upgrading to a 4.x version. Though it is not technically required to have Transaction code based security in versions 4.x, it is strongly recommended and ideal. In future versions of SAP (Portals and New Dimension) the reliance on menu-driven roles and transaction-based security will be paramount.


This was first published in September 2002

Dig deeper on SAP implementation and upgrades

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchManufacturingERP

SearchOracle

SearchDataManagement

SearchAWS

SearchBusinessAnalytics

SearchCRM

SearchContentManagement

SearchFinancialApplications

Close