Skip to Content

SOD Rules Impact - S/4 Hana and Fiori

Hi All,

Our client is in the process of implementing S4 HANA together with FIORI apps.

As per our initial analysis, we noticed that this will impact our existing GRC SOD ruleset.

We are currently reviewing the impact to existing rules and it seems like we may need to include the corresponding Hash values of each app in the rules for S_SERVICE authorization object to eliminate false positives.

Following is the scenario:

User has been assigned with a FIORI role and S/4 HANA role. S_SERVICE authorization with corresponding O Data service details have been included in both FIORI and S4 HANA role. However, the corresponding hash values in S4 HANA and FIORI for the same service and not the same.

So, just wanted to understand what is the best way to define our SoD rule? Do we need to define Cross System rules by incorporating hash value from FIORI system or define Single system rule by using the hash value from S4 HANA system?

(Note: We are using Central Hub gateway model where our front end and backend are separate)

Need your expert advise.



Add comment
10|10000 characters needed characters exceeded

2 Answers

  • Posted on Dec 14, 2018 at 10:22 AM

    I think defining single system rule by using hash value from S4 HANA will be sufficient as front end system authorization just give access to a screen whereas back-end system gives access to service which brings the data and without that access one has no use of front end authorizations.


    Bipul Kumar

    Add comment
    10|10000 characters needed characters exceeded

  • Posted on Dec 16, 2018 at 06:38 AM

    Hi Bipul,

    Thanks for your response. Do you have any example on how you did this?

    Add comment
    10|10000 characters needed characters exceeded