cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

"Enabling" Fiori for users after migrating from ECC to S/4HANA EM

Go to solution
Bernard
Participant

on ‎09-15-2016 9:03 AM

0 Kudos

Hi,

This is a newbie question in relation to S/4HANA

We are in the process of migrating off ECC onto S/4HANA EM. I have a question around the different options around enabling users to access SAP Fiori apps/functionality. Our implementation partner has suggested that it is possible to enable Fiori functionality by COMPANY (as in SAP Company) or by module. As our divisions are represented by Companies this would allow a progressive enablement of Fiori by division.

The above understanding is not my understanding. I have always understood that Fiori applications act at the functional layer (and not at the data layer as the above approach implies as regards COMPANY).

Is it correct to say that Fiori apps are initiated from Launchpad and that Launchpad apps accessibility is driven by roles. And that Users are assigned to these roles? If the last statement is true how could any restrictions by Company be placed on Fiori apps. Do the roles established for Launchpad map directly to roles already established within a GRC type role?

Appreciate any insights or references that assist in easily clarifying this difference in understanding.

With appreciation, B

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-15-2016 4:45 PM
0 Kudos

Bernard,

Your integration partner is correct.  Current roles and personalizations are respected in S/4HANA Fiori apps. So for instance, you have restricted the user's ability to see only specific cost center data, any S/4 apps must respect that restriction.  The apps have all been written in such a way that they will not change how you have secured or segregated your data. The previous roles will still control what data a user gets to see.

In my experience, the challenge will be making sure that the correct Fiori groups are assigned to the correct backend roles based on your existing security complexities. What you will find, is that you have standard Fiori groups, that may have or lack access to applications that existed in ECC. So you will either need to create a Fiori group that is specific for each job role. Doing this you will need to create a new catalog and control the apps that are available.

Perhaps this page will help:

Regards,

Andy Prier

Show replies
Show replies
Bernard
Participant
‎09-16-2016 9:09 AM
0 Kudos

Highly appreciate the answer Andy. I now have a better understanding that there is a front-end / back-end decoupling and that the backend security remains intact (and independent) from front end security arrangements - whence, i presume, the challenge of ensuring a level of resonance across backend and frontend security configs.

Thanks again for your help.

Answers (0)

Ask a Question