Solved: Cut Over Activities

Former Member · ‎03-04-2008

Hi

Can anyone please mention the list of Cutover activities/tasks that has to be addressed from Security/Controls point of view for the PILOT Go-Live and also the actual GO-LIVE.

Any input would be appreciated and <removed_by_moderator>

Thanks

KV

Edited by: Julius Bussche on Mar 4, 2008 10:18 AM

Former Member · ‎03-04-2008

Pilot go-live and go-live should be very similar. You need accurate times for your security tasks.

I'll update my post if I forgot to add a step.

=====================================================================

Some steps are only relevant to HR base position security and CUA.

Security procedure – Access Forms and Help Desk procedures. Will you require training before access? How will the SAP security credentials (User ID & Password) be sent to the user. Who do they contact for support?

Gather Security Matrix (Map Roles to Position) or Roles to Users – this should be done ahead of time. You need to know who gets what roles.

System Preparation – if applicable

SM30 - modify (PRGN_CUST table) – HR_ORG_ACTIVE=YES.

Create new RFC connection to target Cutover client. Preparation for SECATT scripts

Create CUA for Cutover clients (ECC & SRM) – if applicable

Check and configure security access on Cutover client.

Work with cutover manager to grant access for list of users with cutover task only.

Create backup USERIDs for the Security Team. Make sure you have SAP_ALL.

Transport all Custom Security Roles to cutover client/clients

Limit access for general user population during cutover task.

Limit access to HR/Payroll data. Only authorized and approved by HR/Payroll access.

Verify info type 105 and Create User IDs

Assign roles to position or roles to UMR. Run Security Script to populate roles to positions or roles to UMR.

Assign defaults and parameters to all user IDs, Create random password for all user ID via Secatt.

Lock all general user access, unlock during go-live for the users that completed training.

Good Luck!

-John N.

Former Member · ‎03-04-2008

Pilot go-live and go-live should be very similar. You need accurate times for your security tasks.

I'll update my post if I forgot to add a step.

=====================================================================

Some steps are only relevant to HR base position security and CUA.

Security procedure – Access Forms and Help Desk procedures. Will you require training before access? How will the SAP security credentials (User ID & Password) be sent to the user. Who do they contact for support?

Gather Security Matrix (Map Roles to Position) or Roles to Users – this should be done ahead of time. You need to know who gets what roles.

System Preparation – if applicable

SM30 - modify (PRGN_CUST table) – HR_ORG_ACTIVE=YES.

Create new RFC connection to target Cutover client. Preparation for SECATT scripts

Create CUA for Cutover clients (ECC & SRM) – if applicable

Check and configure security access on Cutover client.

Work with cutover manager to grant access for list of users with cutover task only.

Create backup USERIDs for the Security Team. Make sure you have SAP_ALL.

Transport all Custom Security Roles to cutover client/clients

Limit access for general user population during cutover task.

Limit access to HR/Payroll data. Only authorized and approved by HR/Payroll access.

Verify info type 105 and Create User IDs

Assign roles to position or roles to UMR. Run Security Script to populate roles to positions or roles to UMR.

Assign defaults and parameters to all user IDs, Create random password for all user ID via Secatt.

Lock all general user access, unlock during go-live for the users that completed training.

Good Luck!

-John N.

Former Member · ‎03-04-2008

Thanks for the reply John. Do you have any idea about the activities pertaining to R/3 and CRM mainly.

Regards

KV

Former Member · ‎03-04-2008

KV,

R/3 & CRM should be the same. You need to identify the users or positions that will need access and set the security policies and procedures. I had 37,000 user IDs and the SECATT saved the day.

Are you looking at cut-over procedures beyond security?

==================================================================

Thanks for the reply John. Do you have any idea about the activities pertaining to R/3 and CRM mainly.

Regards

KV

Former Member · ‎03-04-2008

Hi Vamsi,

Cutover is actually a very crucial term for any team. It mainly is the period to finalize your readiness to go live as production.

From a security standpoint- We have to create a cutover baseplan!

We have to ensure the roles are transported to PRD, the end users are setup with proper access and validity, and also the other cutover/config/ manual config teams are setup with proper access. A dry run of this is helpful in determining and documenting the pre-defined access for various teams. Since the dependency of tasks are very high, that is, one task is dependant on the other, the cutover baseplan is expected to give time critical and time accountable tasks allotment to various teams.

The security team not only is responsible for their own tasks, but also is responsible to support any authorization failure to any team.

Go-live checks have to be performed, like the super users are secured, the security parameters and profile parameters for the system are setup as desired. Earlywatch checks by SAP have been done. Background security jobs have been scheduled.

There are so many more.....the experts will add to this

Hope this was helpful.

Abhishek