on 10-22-2018 3:17 AM
Hi All,
Our client is in the process of implementing S4 HANA together with FIORI apps.
As per our initial analysis, we noticed that this will impact our existing GRC SOD ruleset.
We are currently reviewing the impact to existing rules and it seems like we may need to include the corresponding Hash values of each app in the rules for S_SERVICE authorization object to eliminate false positives.
Following is the scenario:
User has been assigned with a FIORI role and S/4 HANA role. S_SERVICE authorization with corresponding O Data service details have been included in both FIORI and S4 HANA role. However, the corresponding hash values in S4 HANA and FIORI for the same service and not the same.
So, just wanted to understand what is the best way to define our SoD rule? Do we need to define Cross System rules by incorporating hash value from FIORI system or define Single system rule by using the hash value from S4 HANA system?
(Note: We are using Central Hub gateway model where our front end and backend are separate)
Need your expert advise.
Regards,
Paddhu
Hi Bipul,
Thanks for your response. Do you have any example on how you did this?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I think defining single system rule by using hash value from S4 HANA will be sufficient as front end system authorization just give access to a screen whereas back-end system gives access to service which brings the data and without that access one has no use of front end authorizations.
Regards,
Bipul Kumar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
6 | |
5 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.