S-User Authorizations for SAP Support Applications: The Curtain Falls on Clusters
Diesen Beitrag gibt es auch auf Deutsch.
SUMMARY: Clusters, which allowed large companies’ super-administrators to group customer numbers and installation numbers and then assign S-users authorizations on this level, are being phased out. On January 17th, 2019, a report will break up remaining cluster level authorizations into individual permissions for installation and customer numbers. If you prefer to use the modern alternative Authorization Packages, reach out to SAP who will assist through a variety of services.
Earlier this year, SAP announced that the Cluster feature in the S-user administration will be phased out. We offer several services to help you with the migration to the superior alternative, Authorization Packages:
- We can send you a list of all S-user IDs that have a permission granted on cluster level.
- We can remove all these authorizations from your users’ profiles. You can then decide if you want to use authorization packages or grant individual authorizations on customer and/or installation numbers instead. In the first case:
- We can assign an authorization package (that you have prepared in advance) to a list of S-user IDs that you share with us.
Next (and final) step in the cluster phase-out project
On Thursday January 17th, 2019, our next release date for the SAP ONE Support Launchpad and the User Administration application, clusters will completely disappear from this application and all S-user profiles. Authorizations that had been granted on cluster level will be broken up into individual ones. To make it clear what this means, let’s look at an example:
Today, some of your users may have the privilege to report incidents for a cluster X, which consists of two installations A and B.
A long while ago, it would have been possible to amend the cluster X and add an installation C. As a result of that change, all these users would have had the mandate to report incidents for C as well. Clusters acted as a kind of “mass update feature”. (Though with lots of limitations and inconsistencies, which got addressed through authorization packages.)
Anyway, while phasing out clusters, several months ago their maintenance was disabled: This “mass update feature” is long gone!
Coming back to our example, on January 17th, 2019, above mentioned users would get their authorization to report incidents for cluster X revoked. Instead, they will get two individual authorizations: one to report incidents for installation A, one to open tickets for B.
You may ask, what’s the difference? And indeed: Nowadays, where clusters can no longer be changed, there is none!
What you should do
If you prefer to have some control, or if you’d like to replace clusters by authorization packages, you may want to change your users’ authorizations manually, perhaps with some help from SAP. See the list of services above.
However, if all you are interested in is that after the cut-off date all your users have got the same permissions as before, you can simply lean back and wait for the automatic migration that will happen on January 17th, 2019. How easy is that?