|
Sure, there are two big issues between the two. Technically, 4.6x
versions have entirely new table structures and program code around how
Roles and associated profiles are created, maintained and assigned. The
4.6x version introduces a menu structure that can be associated with each
role, providing the basis for the assigned user's interface when logging
in. Additionally, there are now composite roles, and the ability to link
file folders, HTML addresses, and a number of other options to the role
itself.
Philosophically, most 3.1x implementations did not focus on security, the
focus was on implementing SAP and security got in the way. As a result,
many implementations did not take advantage of the S_TCODE object that was
introduced in version 3.1G. This choice means that many companies are secured
using the authorization objects only, rather than identifying specific
transactions for each profile. This dilemma creates considerable
complications when auditing the system, ensuring appropriate controls and
(most of all) upgrading to a 4.x version. Though it is not technically
required to have Transaction code based security in versions 4.x, it is
strongly recommended and ideal. In future versions of SAP (Portals and
New Dimension) the reliance on menu-driven roles and transaction-based
security will be paramount.
|
