Securing Fiori – Excerpt from Securing SAP S/4HANA

Excerpt from Securing SAP S/4HANA.

SAP Fiori is a new user experience (UX) for SAP software and applications. It provides a set of applications that are used in regular business functions such as work approvals, financial apps, calculation apps, and various self-service apps.

The SAP user interface, or SAP GUI as we know it today, was first introduced in 1992 together with the official release of SAP R/3. SAP R/3, the client server edition, was the successor to the SAP R/2 release, the mainframe edition. Although SAP has made several attempts to modernize SAP GUI, an end user from the time it was introduced would still find their way around today. Many transactions and screens have remained the same or changed very little. Since the initial release of SAP GUI, SAP has released several alternative user interfaces such as the SAP Workplace (which was part of the mySAP.com offering), the SAP Enterprise Portal, and the NetWeaver Business Client or NWBC. None were as successful as SAP GUI except, perhaps, for the NetWeaver Business Client. The NetWeaver Business Client is, however, an extension to the SAP GUI. The conclusion of all this is that although many people complained about the old-fashioned look of SAP GUI, they kept using it and will probably continue to do so in the future.

But there is no denying the fact that the user community is changing fast. The SAP users of tomorrow are the youngsters of today, who are used to accessing data from their mobile devices. To them, SAP GUI is a relic from the dark ages. This shift is not limited to youngsters—many end users want data access from any device, from any place, at any time. SAP released SAP Fiori to respond to this demand. SAP Fiori is built using modern design principles you might expect from applications designed for smartphones and tablets. There are already more than 500 role-based Fiori applications such as for HR, Finance, and Business Intelligence. An SAP Fiori application is always limited to a specific task or activity. The design is responsive and deployable on multiple platforms.
There are three types of SAP Fiori applications: transactional apps, fact sheets, and analytical apps.

• Transactional or task-based applications: The transactional SAP Fiori applications are limited to specific tasks such as entering a holiday request or expense note. They give end users fast access to data and represent a simplified view of an existing business process or workflow. 
• Fact sheets: Fact sheets have far more capabilities than transactional applications. From a fact sheet, you can drill down into the details. You can even navigate from one fact sheet to another or jump to the related transactional applications. For fact sheets, the underlying database must be SAP HANA. An example of a fact sheet is an application that shows the overview and details of a piece of equipment and its maintenance schedule. 
• Analytical applications: Analytical applications build on business intelligence using the capabilities of SAP HANA. They allow you to monitor key performance indicators (KPIs) of your business operations and to react immediately as changes occur. An example is the sales orders application, which immediately shows your sales representative the sales history from his customer, allowing him to take discount decisions immediately.

Keep reading in Securing SAP S/4HANA. 

Explore how to protect and defend your SAP S/4HANA applications, Fiori, Gateway, and the SAP HANA database platform. Learn how to create a consistent cross-system authorization concept and translate the technical specifics for each system into a comprehensive and consistent security model. Explore technical security aspects such as privileges and roles, authentication and encryption, and monitoring for S/4HANA. Compare and contrast SAP S/4HANA applications to the SAP ERP security model and identify what has changed. This book is up to date for SAP HANA 2.0! Dive into SAP S/4HANA authorizations and gain an understanding of the impact on the new front-end and database security setup, and why the different levels need to be consistent. Get best practices for SAP Fiori and Gateway. Find out why it is important to secure SAP HANA from an application layer point of view, as well as a database point of view. Take an in-depth look at how to secure the SAP Application Server, database, operating system, and the network infrastructure.

– Effectively secure SAP S/4HANA, Fiori, and Gateway
– Privileges and roles, authentication, encryption, and monitoring
– Mobile access and SSO considerations
– Cross-system authorization concepts and implementation

Christophe Decamps is a GRC Senior Consultant at Expertum and has extensive experience in SAP security. He specializes in leveraging SAP FIORI and HANA for authorizations.

Bert Vanstechelman is the founder of and principal technical consultant at Expertum. He specializes in platform migrations, SAP release upgrades, and SAP HANA conversions.

Chris Walravens is the GRC Community Lead at Expertum and specializes in designing, implementing, and supporting logical access architectures.