Beruflich Dokumente
Kultur Dokumente
Copyright Notice
This document contains proprietary information of HCL Technologies Ltd. No part of this document may be reproduced, stored, copied, or transmitted in any form or by means of electronic, mechanical, photocopying or otherwise, without the express consent of HCL Technologies. This document is intended for internal circulation only and not meant for external distribution.
Vishal Bhanti & 51302335 Vishal.bhanti@hcl.com +91 9899 078 902 IT Client projects
Project Engagement Delivery Unit SDU Practice implementation completed by Approximate effort for implementation of this practice (in man days) Is customer approval required to publish this practice (Yes/No)?
GE-NBCU Universal NBCUniversal Media, LLC SAP-(Capability name for security) SAP Security part only 210 Days No
HCL Internal
Contents
Context................................................................................................................................ 3 About the Project ................................................................................................................. 3 About the Author ................................................................................................................. 3 References ........................................................................................................................... 3 Appreciations received for the Good Practice ................................................................ 4 Case Study: SAP SECURITY UPGRADE APPROCHES ............................................... 5 Introduction........................................................................................................................... 5 Abbreviations ....................................................................................................................... 5 SAP........................................................................................................................................ 5 ECC ....................................................................................................................................... 5 ERP ....................................................................................................................................... 5 Problem Faced/ What Went Wrong: ................................................................................ 5 Solution Approach/ Remedial Action ............................................................................... 7 Benefits ............................................................................................................................... 9 Key Benefits ......................................................................................................................... 9 Learning/ Improvements .................................................................................................... 9 Applicability to Other Projects ...................................................................................... 10
HCL Internal
Context
About the Project
Customer Name
SAP Code
C/081515
Project Name
NBCUniversal is one of the worlds leading media and entertainment companies in the development, production, and marketing of entertainment, news, and information to a global audience. NBCUniversal owns and operates a valuable portfolio of news and entertainment television networks, a premier motion picture company, significant television production operations, a leading television stations group, and world-renowned theme parks. Comcast Corporation owns a controlling 51% interest in NBCUniversal, with GE holding a 49% stake.
References
I have taken help from a document SAP R/3 Security upgrade document that I have prepared after the same project. Few more web links are as follows thru which I collected important information: http://www.sans.org/reading_room/whitepapers/authentication/technical-aspect-implementingupgrading-sap-security-46_119 http://www.erpgenie.com/sap/basis/Security%20upgrade%20white%20paper.htm
HCL Internal
VERY IMPORTANT: Make sure all roles assigned to which user within this list are generated and all tabs in
Profile Generator are GREEN. If you have any doubt or question, don not hesitate to let me know. Thank you for all great work you done for our team already! Subject: RE: Run team access to RD4, RR4 Nice work.
HCL Internal
Introduction
The purpose of this document is to provide information and practices that could be helpful with SAP Security upgrades, especially pertaining to ECC 6.0
Abbreviations
SAP Systems, application and products in the data processing.
ECC
ERP
This can cause issues with the field values defined for this object. User would be able to access the transactions based on these field values only. If role has any duplicate field value having activity value as *, then user would be able to perform each and every task like display, change or delete the report that was actually not given to him/her thru this role.
HCL Internal
During upgrading the roles we did not consider the OS field values of the new servers that had caused issues while posting some payments later after the upgrade. This is the issue due to the different OS of 4.6C and ECC6.0 version. Earlier system was on AIX and now it is on SUN OS.
Thats why in the ECC 6.0 user was getting the authorization check for this object as now OS is being used as SUN OS.
Transactions levels:
Adding the replacement transactions that aim at substituting obsolete or old-version transactions, including the new enjoy transactions. We can have the problem in this part, as while replacing the old transaction with the new transaction can cause issues with the users those are very much familiar with the old transactions. I can remind many such cases in which user had logged such complaints that they are not able to perform the transaction that they were earlier able to perform, or they are not able to see the same screen that they were able to see earlier before the upgrade.
HCL Internal
Transactions levels:
In this section please make sure that you have not deleted the old transactions at the time of upgrading the roles. This can be replaced later when users would be familiar with the new similar transactions.
HCL Internal
Provide extended list of cutover team members and roles over cutover activities 100 Map cutover user ids to project team roles - MOCK 1 ONLY Create cutover user ids - MOCK 1 ONLY Lock current ID's in new system 100 100 100
HCL Internal
Benefits
Operational Excellence - Business challenges and business user demand for new functionality to improve operational excellence, enable innovation, and support new business models
Key Benefits
Concepts CUTOVER Authorization objects values Without good practices Business hours can be effected Extra and unnecessary activities can be accessed by users that they should not have actually User would complaint that they are not able to perform the earlier transactions Wait time would be very much high in any disaster cases, if clear responsibility is not defined User can perform any critical transaction that can cause business loss to organization With good practice Assurance of GO LIVE of new servers before the start of business hours Only appropriate and suitable access will be given to users
Transactions replacement Identification of high availability and disaster recovery requirements Security Checks
Comparatively less complaints will be logged Each and every issue will be addressed to the correct person and can be solved with in the certain time span Access will be restricted and there would not be any possibility of such harms
Learning/ Improvements
Extra care is needed during the hyper care time after the GO-LIVE of upgraded systems. During this time any improvements or remedial action can be performed, however, this should be done as soon as possible otherwise; it can cause business loss as well, if not solved immediately. These are some points which should be followed during any upgrade: Each and every step must be well documented. Team managers must be informed about any disasters or human errors immediately. Clear Identification of responsibilities
HCL Internal
HCL Internal