IFF. International Flavors & Fragrances. Jan Nouwens SAP SOLUTION CENTER
|
|
- Silvia McLaughlin
- 5 years ago
- Views:
Transcription
1 IFF International Flavors & Fragrances Jan Nouwens
2 Agenda IFF Status SAP Implementation and Planned Implementations One Global Template Authorization Design
3
4 Products
5 Status SAP implementations at IFF Nov Total Global IFF locations Purch. FICO SD MM PP QM APO HR ASPAC LATAM 6 3 EAME NA Planned Implementations (Locations per Area) R/3 (FICO/SD/MM/PP/QM) APO HR Wave 1 Wave 2 Wave ASPAC LATAM EAME NA 1 1 INDIA 1 1
6 One Global Template Why Template releases? Stability Functionality Limited risks production disturbance Users not confronted with daily changes Controlled Production Environment Transports to production planned and tested
7 QC2 PR1 AVAILABLE FUNCTIONALITY ONLY PLANNED RELEASE Rollout New Location? 1to3 Months Remaining Implementation Transports 2to4 Weeks One Week FINAL DECISION TEMPLATE RELEASE Two Weeks Two Weeks 2to10 Days Go-Live Support Preparations Go-Live Release Support Regression Testing User Acceptance Testing PR1 Preparations QC2 DECISION CONTENTS RELEASE Template Release Cycle DV1 QC1 UNIT Testing Component Testing Developments PMO Request PMO PMO Request Request PAR Project Project Approval Approval Request Deliver Request Specs ONLY PLANNED RELEASE SELECTION TRANSPORTS FOR ONE RELEASE CONCURRENT RELEASES Documentation Training Material Test Scenarios Integration Testing Preparations QC1 PLAN CONTENTS TEMPLATE RELEASE
8 Authorization Design Roles and Responsibilities: What is our goal? Globally one function supported by one role SAP role based security SAP role based training Minimize security maintenance Usage of future Enterprise Portal and one sign on
9 Authorization Design Decisions taken to achieve our goal IFF will use SAP delivered standard roles, both composite and single roles IFF only implements selective roles as described in the assessment documents During creation of role based training by BE s, the main transactions per role will be checked Inactivate the critical unwanted transactions IFF will leave the not critical transactions in the role For missing transactions we will create an IFF single role per composite role The security design will be based on templates with derived roles
10 Authorization Design SAP Roles
11 Authorization Design: Create Role (Process) (1/3) Download from MySAP Workplace the selected composite roles Create Excel spreadsheet with all transactions Evaluation of composite roles by Business Owner and Business Engineer Delete single roles (not needed) Add missing single roles Add missing transaction in IFF single role Development team (owners) evaluate role
12 Authorization Design: Create Role (Process) (2/3) Create (template) requested composite role, fill missing values with * Deliver print of role with all object values delivered by SAP and for the open valued filled with * to Business Engineer Business Engineer evaluates values SAP template created for the role (one single role) Delivery template with possible organizational values to BE (Excel spreadsheet) Create requested derived role(s)
13 Authorization Design Available Roles
14 Authorization Design Available Roles
15 Authorization Design Possible Organizational Values
16 Authorization Design: Create Role (Process) (3/3) Deliver test form for positive/negative transaction testing (Word document, including all transactions plus organizational values) Process results transaction testing Connects users to role (Excel spreadsheet with all available roles) Train users, use only existing role(s) and what is requested Integrated user test Transport roles to production and connect users
17 Authorization Design Test form
18 Authorization Design Test form
19 Authorization Design Users per Role
20 SAP (release 3.1/ 4.6) Differences Release 3.1 Release 4.6 R/3 140 original jobs 800 users 59 template roles 2059 users 617 variants 494 derived roles 302 activity groups 2186 variants APO 9 template roles 5 users 15 derived roles BW 26 template roles 863 users 264 derived roles KW 1 role All users
21 SAP (release 4.6C) new roles (2/2) Advantages Maintenance decreased (3.1-2 fte, fte) Rollout new locations easy (0.5% of total project hours) Standard roles in IFF R/3, BW, and APO same approach Issues: Retrofit (previous implementation) CUA
22 Security Processes in place Development processes to support security administration: Access new user or change in authorization existing user Change in security design
23 Process Overview - Change in Access New user Authorization failure User No Access Change Request Input from HR department Valid request? Yes SU53 Report Security Coordinator Revoke User Access Create ARS ticket Assign Ticket to User Admin Yes Solve with existing job? No Assign Ticket Security Administrator Update User Master Record User admin SAP CHANGE OR DESIGN PROCESS OVERVIEW
24 Process Overview - Change of Security Design Security Co-ordinator or Business Engineers or Process Owners Security design request by Sec. Co-ordinator ` Assign ticket to Security Administrator New piece of design by Business Engineer Development team Assign ticket to responsible Development Owner No Multiple processes? Yes Assign ticket to Development Team Valid request? No Yes Status ARS: Work in Progress Yes Valid request? No Business Engineer Process Owner Status ARS: Not Fixed Assign ticket to Security Administrator Status ARS: Not Fixed Transport to QC1and perform negative/positive testing Composite role and/or Single role SAP Security Administrator Test successful? No Yes Transport to PR1 Assign to User Administrator (if necessary) Status ARS: Fixed
25 Authorizations Questions?