Skip to Content
avatar image
Former Member

Risk Analysis of S4HANA Fiori Authorisations / Tiles

Dear GRC Experts,

Do we have any SAP documentation which shows how to perform risk analysis / SoD check for S4HANA Fiori authorizations? i.e SoD check between Fiori tiles.

Most of the business processes in S4HANA have only fiori UI, these fiori apps don't call the legacy SAP tcodes to post transactions. Hence we cannot perform risk analysis with actions and permissions defined in the access control rule set.

For e.g. for using Fiori tile "Create Purchase Order", an user will not require access to ME21N.

Request the experts to share their knowledge on this aspect.

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Sep 13, 2016 at 11:48 AM

    HI Sivanesh

    Wouldn't the risk be ability to execute the BAPI/Function in the backend

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 14, 2016 at 12:22 PM

    Hi Sivanesh,

    There is some discussion here: 

    on this topic and using S_SERVICE to monitor access to Fiori applications.

    Add comment
    10|10000 characters needed characters exceeded