Skip to Content

Implementing NWBC : A Security Consultant Writes

Is this the end of SAP GUI?

No it’s not, but it is certainly hello to a far more flexible and modern looking user interface with NetWeaver Business Client 4.0.
At last, we can truly provide a single point of entry for multiple business suite applications – ERP, CRM, SRM, BW, SBOP; as well as multiple platforms –
ABAP and JAVA. The tabbed navigation is easy to use and cross system navigation is (almost) seamless.

I am writing this from a Security Consultant’s perspective. A UX (user experience) consultant, would likely talk more about the look and feel, the enhancements that can be made and improvements to the user experience. I would like to focus on the practicalities of getting NWBC up and running.

The latest version, NWBC 4.0 PL5, allows you to log in without having to assign NWBC menus to your user profile. So that gets everyone on to NWBC much faster than with version 3.5. The Search facility helps locate transactions and applications quickly and easily. For example, if I am looking for sales orders I can enter ‘Create Sale’ or if I know the transaction code starts with ‘VA’ I can enter that into the search. This will generally satisfy seasoned consultants who know their most used transactions by heart! They can also upload their existing SAPGUI Favourites to NWBC.

That’s our functional and technical team sorted, now to our end users. Here is where the workload increases for the Security Consultant. I say Security Consultant because the work is done in the Profile Generator (PFCG) and this is a restricted transaction. If you need to nominate someone else to build the menus then you need to restrict their access within PFCG.

So how do you implement NWBC?

If you are implementing NWBC at a greenfield site then your job will be easier than at an established SAPGUI/Portal location. During a greenfield implementation discussions centre around processes and design and it’s just an extra step to ask the functional team and the business how they want to action their processes. Involving the Change Team will also facilitate this process. We have recently used the Business Process Master List (BPML) to define menu paths at a greenfield site. This has worked reasonably well although some discretion and common sense is required to tidy up excessively deep menu levels and groupings of actions greater than about 8.

Transitioning an existing SAPGUI/Portal user over to NWBC will be trickier. You don’t want to build a menu per user so you need to find some common ground. Discovering transaction usage per user would be useful, and there are a number of tools to help, including GRC Access Control. Next, define
commonality across users and their action usage, and then armed with that information discuss with the business what would be needed to define meaningful menus across the company. The scope of this task and the time required to achieve it would depend on the maturity of the business. Where business processes are clearly defined and roles and responsibilities are embedded in the processes then the business will most likely quickly be able to define their menu structures. Once defined these menu roles are built without affecting any of the existing security design.

NWBC allows you to build process based menus specific to user requirements. Menus, transactions and applications can be enriched with notes,  side-panels and object based  navigation. This all takes time and is not the job of a security consultant. My view is that we (security consultants) can quickly get you up and running on NWBC and provide simple menu structures, but that’s just the start of your journey.

You must be Logged on to comment or reply to a post.
  • Hi Julie,

    I had to change this slightly before publishing.

    However, I think it's very interesting, and I will be including it in featured content tomorrow - which should get people's attention ;-).

    If you want to get in touch with me about this, please feel free.

    Best wishes,

    Julie Plummer.

  • Hi Julie,

    Just noticed your post about your NWBC experience. You make a good point, and my manager at the same client summed it up a few weeks ago...When you go with NWBC and not the Portal, you should not drop the Portal consultant who usually looks at things like menu design, what users should get with that menu, look and feel, etc. Unfortunately with no non-security PFCG transaction to do the maintenance, we're stuck between a rock and hard place with security owning it, but I'm sure that will have to come.

    Another lesson learnt I would add is the need on a greenfield implementation to think about all stakeholders who are involved in position, role design, etc; and ensure owners and appropriate timelines are in place.  Getting the security team to whip it up at the last minute is never going to be fun, especially when for end users, nothing really exists for them without the menus now being created in PFCG! Oh, and what the functional team produce and what change management and security wants, are all slightly but significantly different things (well in the real world at least).



    • Hi Matt, hi everyone,

      Yes, we are very much aware of this issue, and want to improve the situation as soon as possible. At present, this is in the "Future Vision" section of our roadmap (see slide 9 NWBC 4.0 Overview Slides), but I hope to move it to "Planned" soon. (As usual, there are no guarantees, but as a rule of thumb, "Planned" means there is a good chance of implementing a feature within the next 12 months).

      Best wishes,