SAP S/4HANA Cloud 2102 – Extensibility, Identity and Access Management (IAM), and Localization
Dear SAP S/4HANA Cloud enthusiasts, welcome to my blog illustrating the latest about extensibility, identity and access management, and localization. In this blog, you will learn about side-by-side extensibility with SAP S/4HANA Cloud and the SAP Extension Suite, the new change overview and a new microlearning for Identity and Access Management, as well as new starter packs.
This blog covers the following topics:
Identity and Access Management
- IAM Change Overview for SAP S/4HANA Cloud 2102
- Microlearning Available: Accelerating IAM Activities with SAP Activate
As you might know, the extensibility concept for S/4HANA Cloud has two different components: In-app extensibility which takes place directly in the SAP S/4HANA stack and side-by-side extensibility which is done on SAP Business Technology Platform (formerly called SAP Cloud Platform). The reason behind this is to ensure lifecycle stability. With S/4HANA Cloud, we have a strict public extension model of artefacts which are exposed and can be consumed. Here, we have a high degree of standardization, but only very limited flexibility. On SAP Business Technology Platform, however, we have a high degree of flexibility, but only a very limited level of standardization. So, it’s really a trade-off between flexibility and standardization.
Side-by-side extensions come on top of in-app extensions and are enhancements which should not impair existing system functions and are an addition or modification of functionality. You can compare in-app extensibility and side-by-side extensibility with a car and its trailer. And the connection between the two are APIs and events in order to transport data between your car and the trailer, meaning S/4HANA Cloud and your extensions which is running on SAP Business Technology Platform.
So what are typical use cases for side-by-side extensions?
- Well first of all, you could extend the user experience meaning you could create a different UI to tailor it to the needs of your users or you could provide controlled access to additional user groups. If you e.g. imagine that you have a user group which is not supposed to have access to an S/4HANA backend system, but still needs the data from an S/4HANA system, you solve this with an extension app table, for example on a mobile device.
- The second busines case is that you could extend business processes with additional business steps in order to optimize the process or to innovate by coming up with completely new ideas.
- You could extend data insights by bringing together data from different backend systems, e.g. data from an S/4HANA system and a SuccessFactors system to consolidate and combine this data in a single central place on SAP Business Technology Platform.
- You could extend an ecosystem by creating and operating SaaS applications and then by selling it to multiple customers.
Before we dive deeper into the SAP Extension Suite, let’s first discuss what events are. We define an event as a significant state change of an object in an enterprise system. There are two types of events: Notification events and data events. Notification events are small events with limited data, e.g. an event informing you that a sales order has been created (see screenshot below). Data events, in contrast to this, contain the complete data meaning they are a lot bigger.
Fig. 1: Example of a notification event in cloud events format
Cloud events is a specification for describing event data in a common way and is supported by a number of huge players, such as SAP, Google, Microsoft, Amazon, Alibaba, IBM, and Oracle. Thanks to this, it’s possible to consume events, e.g. by Microsoft, in the same format as the ones from SAP. If you want to check out which events are currently supported, you can do so on SAP API Business Hub.
Now, what is the difference between APIs and events? Application programming interfaces (APIs) are contracts between client and server, they are synchronous and blocking and they have to be called actively. As an example, you could take a police man stopping a car.
In contrast, event notifications inform interested parties on significant changes, but they are asynchronous and non-blocking. You have to register only once and no additional action is needed. As an example, we could take a speed cam. If you are driving too fast, the car can drive through, an event will get raised and certain follow-up actions are triggered. If you are going at the correct speed, everything is fine and no event is raised and you can simply drive through.
To understand the concept of event-driven architectures a bit better, you could compare the messaging broker with a spider’s web which passes on the events via vibrations. The event consumer is the spider which than can look at the events taking place in its web and decide whether it wants to react on them or not.
Fig. 2: Comparison between Enterprise Messaging and a spider’s web
Fig. 3: Example of a notification-event-based side-by-side extension
In the IT world, this is very similar. On left, we have an SAP S/4HANA system, where there is a change event with a business object. A notification event is raised and a event message is transported to the event consumer, meaning the extension application, on SAP Business Technology Platform. The extension app consumes the event and decides whether the notification event is important or whether it isn’t. As mentioned, notification events only contain a limited set of data. If the notification event is not of interest to the event consumer, it will simply be ignored. However, if the notification event is interesting for the event consumer, it will react by calling an API for the complete set of event details. However, this does not mean that all changes to a business object are transported to the the consumer, but only events which are enabled will be transported to the backend.
The Extension Suite (formerly called Extension Factory) is part of the SAP Business Technology Platform and it provides an ideal foundation for rapid, business-ready application development. With the suite of services and development tools, you can deliver consistent, collaborative experiences across all digital touch points and channels. Business users can increase productivity by interacting with applications uniformly across channels, from Web browsers to mobile devices. Extend business processes in your existing applications, automate repetitive and mundane tasks, and take advantage of ready-to-use business content and services. Optimize business processes and accelerate time to value while leveraging your current investments in SAP and non-SAP solutions – whether they are in the cloud or on premise.The suite also allows you to adopt agile development approaches, making it easier to manage the entire application lifecycle from development to deployment. Simplify development with low-code tools to create innovative applications faster with fewer IT resources while giving professional developers flexibility to use the tools and runtime environments that fit their needs.
- SAP API Business Hub
Identity and Access Management (IAM)
In the following chapters, I will focus on IAM-related topics, but if you are interested in other security-related aspects of S/4HANA Cloud, I recommend that you read the blog ‘Enhanced security for the S/4HANA Public Cloud‘ by Patrick Boch.
What I wanted to draw here attention to first is the new IAM Change Overview for S/4HANA Cloud 2102. As with the last releases, we continue to have this release-specific SAP Note. Attached to this note, there is a central spreadsheet in the form of an Excel file which lists all IAM-related changes that have been introduced since the SAP S/4HANA Cloud release 2011. With IAM-related changes I mean all changes that affect applications, business catalogs, business role templates, and restriction type assignments. Please note that the spreadsheet only shows changed objects, it is not meant as a comprehensive list.
The changes listed in the attached central spreadsheet cover:
- New, renamed, deprecated, or deleted apps
- New, renamed, deprecated, deleted, or dependent business catalogs
- New and renamed business role templates
- Renamed business groups
- Restriction type assignments
- New and renamed business role templates
Fig. 5: The IAM Change Overview for SAP S/4HANA Cloud 2102 comprises all IAM-related changes compared to SAP S/4HANA Cloud 2011
In addition, we are very proud to announce that there is now an SAP S/4HANA Cloud microlearning in the area of Identity and Access Management available. It is called ‘Accelerating IAM Activities with SAP Activate’. In this microlearning, you will learn how to identify IAM-related activities within your projects and how to tackle them best.
Fig. 6: A new SAP S/4HANA Cloud microlearning for Identity and Access Mangement is available on OpenSAP: Accelerating IAM Activities with SAP Activate
With S/4HANA Cloud 20102, we offer 43 local versions along with 25 languages. As with the last releases, we continue to deliver so-called starter packs for select countries. By now we provide 29 of them already. New with this release are Bulgaria, Chile, Colombia, and Peru.
As you are well aware, starter packs are different from local versions as they come with a basic list of scope times only and don’t offer country/regional-specific legal requirements. What is important to know as well is that starter packs are part of the S/4HANA Cloud subscription.
Fig. 2: With the 2102 release, the location coverage regarding SAP Best Practices for SAP S/4HANA Cloud comprises 43 local versions, 29 starter packs, and 25 languages.
If you are interested in a comprehensive list of scope items that are included in the starter packs, you can go to SAP Innovation Discovery. If you search for the key words ‘starter pack’ and the current release number, you find the corresponding innovation which leads you to the respective release-specific list. However, you also have the option to individually check whether a scope item is part of a certain starter pack by calling it up in Best Practice Explorer.
If you’re interested to learn more about these innovations, join our SAP Learning Hub and participate in our SAP S/4HANA Cloud Early Release Series. Read this blog to find out how you can license for the Enterprise Support Edition as a Customer / Partner and benefit from our regular release series either live or on-demand.
For more information on SAP S/4HANA Cloud, check out the following links:
- SAP S/4HANA Cloud release info: http://www.sap.com/s4-cloudrelease
- Sven Denecken’s SAP S/4HANA Cloud 2011 Release Blog
- Link Collection – Technology Topics with SAP S/4HANA Cloud here
- SAP S/4HANA PSCC Digital Enablement Wheel here
- SAP S/4HANA Cloud Early Release Series here
- Inside SAP S/4HANA Podcast here
- Best practices for SAP S/4HANA Cloud here
- SAP S/4HANA Cloud Customer Community here
- Feature Scope Description here
- What’s New here
- Help Portal Product Page here
- Implementation Portal here