IFF. International Flavors & Fragrances. Jan Nouwens SAP SOLUTION CENTER

Transcription

1 IFF International Flavors & Fragrances Jan Nouwens

2 Agenda IFF Status SAP Implementation and Planned Implementations One Global Template Authorization Design

3

4 Products

5 Status SAP implementations at IFF Nov Total Global IFF locations Purch. FICO SD MM PP QM APO HR ASPAC LATAM 6 3 EAME NA Planned Implementations (Locations per Area) R/3 (FICO/SD/MM/PP/QM) APO HR Wave 1 Wave 2 Wave ASPAC LATAM EAME NA 1 1 INDIA 1 1

6 One Global Template Why Template releases? Stability Functionality Limited risks production disturbance Users not confronted with daily changes Controlled Production Environment Transports to production planned and tested

7 QC2 PR1 AVAILABLE FUNCTIONALITY ONLY PLANNED RELEASE Rollout New Location? 1to3 Months Remaining Implementation Transports 2to4 Weeks One Week FINAL DECISION TEMPLATE RELEASE Two Weeks Two Weeks 2to10 Days Go-Live Support Preparations Go-Live Release Support Regression Testing User Acceptance Testing PR1 Preparations QC2 DECISION CONTENTS RELEASE Template Release Cycle DV1 QC1 UNIT Testing Component Testing Developments PMO Request PMO PMO Request Request PAR Project Project Approval Approval Request Deliver Request Specs ONLY PLANNED RELEASE SELECTION TRANSPORTS FOR ONE RELEASE CONCURRENT RELEASES Documentation Training Material Test Scenarios Integration Testing Preparations QC1 PLAN CONTENTS TEMPLATE RELEASE

8 Authorization Design Roles and Responsibilities: What is our goal? Globally one function supported by one role SAP role based security SAP role based training Minimize security maintenance Usage of future Enterprise Portal and one sign on

9 Authorization Design Decisions taken to achieve our goal IFF will use SAP delivered standard roles, both composite and single roles IFF only implements selective roles as described in the assessment documents During creation of role based training by BE s, the main transactions per role will be checked Inactivate the critical unwanted transactions IFF will leave the not critical transactions in the role For missing transactions we will create an IFF single role per composite role The security design will be based on templates with derived roles

10 Authorization Design SAP Roles

11 Authorization Design: Create Role (Process) (1/3) Download from MySAP Workplace the selected composite roles Create Excel spreadsheet with all transactions Evaluation of composite roles by Business Owner and Business Engineer Delete single roles (not needed) Add missing single roles Add missing transaction in IFF single role Development team (owners) evaluate role

12 Authorization Design: Create Role (Process) (2/3) Create (template) requested composite role, fill missing values with * Deliver print of role with all object values delivered by SAP and for the open valued filled with * to Business Engineer Business Engineer evaluates values SAP template created for the role (one single role) Delivery template with possible organizational values to BE (Excel spreadsheet) Create requested derived role(s)

13 Authorization Design Available Roles

14 Authorization Design Available Roles

15 Authorization Design Possible Organizational Values

16 Authorization Design: Create Role (Process) (3/3) Deliver test form for positive/negative transaction testing (Word document, including all transactions plus organizational values) Process results transaction testing Connects users to role (Excel spreadsheet with all available roles) Train users, use only existing role(s) and what is requested Integrated user test Transport roles to production and connect users

17 Authorization Design Test form

18 Authorization Design Test form

19 Authorization Design Users per Role

20 SAP (release 3.1/ 4.6) Differences Release 3.1 Release 4.6 R/3 140 original jobs 800 users 59 template roles 2059 users 617 variants 494 derived roles 302 activity groups 2186 variants APO 9 template roles 5 users 15 derived roles BW 26 template roles 863 users 264 derived roles KW 1 role All users

21 SAP (release 4.6C) new roles (2/2) Advantages Maintenance decreased (3.1-2 fte, fte) Rollout new locations easy (0.5% of total project hours) Standard roles in IFF R/3, BW, and APO same approach Issues: Retrofit (previous implementation) CUA

22 Security Processes in place Development processes to support security administration: Access new user or change in authorization existing user Change in security design

23 Process Overview - Change in Access New user Authorization failure User No Access Change Request Input from HR department Valid request? Yes SU53 Report Security Coordinator Revoke User Access Create ARS ticket Assign Ticket to User Admin Yes Solve with existing job? No Assign Ticket Security Administrator Update User Master Record User admin SAP CHANGE OR DESIGN PROCESS OVERVIEW

24 Process Overview - Change of Security Design Security Co-ordinator or Business Engineers or Process Owners Security design request by Sec. Co-ordinator ` Assign ticket to Security Administrator New piece of design by Business Engineer Development team Assign ticket to responsible Development Owner No Multiple processes? Yes Assign ticket to Development Team Valid request? No Yes Status ARS: Work in Progress Yes Valid request? No Business Engineer Process Owner Status ARS: Not Fixed Assign ticket to Security Administrator Status ARS: Not Fixed Transport to QC1and perform negative/positive testing Composite role and/or Single role SAP Security Administrator Test successful? No Yes Transport to PR1 Assign to User Administrator (if necessary) Status ARS: Fixed

25 Authorizations Questions?