Skip to Content
Product Information
Author's profile photo Katrin Deissner

SAP S/4HANA Cloud, Public Edition 2302 – Localization, Identity and Access Management (IAM), and Security

Hello and welcome to this blog covering the release highlights for SAP S/4HANA Cloud 2302 regarding localization and Identity and Access Management (IAM). For localization, 2302 has been another milestone release with 3 additional local versions along with other important innovations. And with IAM, we are proud to deliver mass maintenance functionality for the maintenance of business roles and business users, a guide for identity management for SAP S/4HANA Cloud and Integrated Products as well as new APIs for business role and business user changes, and much more.

This blog covers the following topics:

Localization

Identity Management

Access Management

Security

If you are interested to learn what is new with this release regarding HR Connectivity, you can check out the blog ‘HR Connectivity in SAP S/4HANA Cloud, Public Edition 2302‘ by my colleague Claudia Rosbach.

Localization

Local Versions

Local versions help you meet local requirements by taking into account diverse legal frameworks, and different languages, and by complying with a wide range of local financial reporting standards, tax calculations and laws. With the new release, we add three new SAP-delivered local versions in 2302 for Argentina, Egypt, and Greece.

Value Proposition 

  • Steer business operations globally with ease utilizing SAP-delivered localizations​
  • Address increasing legal changes and compliance requirements on time​
  • Leverage standard processes and automation to address regulatory requirements worldwide, like taxes, e-invoicing, statutory reporting, and payments

Capabilities

  • 200 scope items planned to be released for the new local versions and country specific features

Back to Top

New Local Version for Argentina

Argentina released under Early Adoption Program for customers in 2302 with a subset of overall planned scope. General adoption delivery for all customers planned in 2308.

Highlights of Country-Specific Features

  • VAT fields validation in Sales Order
  • Daily VAT report for purchases and sales
  • RG 3685/2014
  • VAT perception and Withholding tax information for SICORE, SIRE
  • CAE/CAI/CAEA number validation in MM and FI Vendor Invoice
  • Outbound delivery form template
  • Manage withholding tax items (MWTI) as a pre-activity for withholding tax reports
  • Vendor and Customer payment notices report

Fig. 1: 2302 Innovations for Local Version for Argentina

More Information

Back to Top

New Local Version for Egypt

Highlights of Country-Specific Features

  • Electronic Invoicing for Inbound and outbound scenarios
  • ODN for outgoing invoices, credit and debit notes
  • VAT calculation for Imports and duty
  • VAT and Withholding tax reporting
  • Bills of exchange incoming post dated checks
  • Customer billing and credit memo forms
  • Purchase Order forms and supplier certificates
  • Cash flow statements

Fig. 2: 2302 Innovations for Local Version for Egypt

Back to Top

New Local Version for Greece

New local version for Greece released under Early Adoption Program for customers in 2302 with a subset of overall planned scope. General adoption delivery for all customers planned in 2308.

Highlights of Country-Specific Features

  • Purchasing Account management
  • ODN for outgoing billing documents
  • Legal printouts for outgoing billing documents
  • Manage withholding tax items (MWTI) as a pre-activity for withholding tax reports
  • General Ledger Trial Balance
  • Withholding tax monthly declaration report and certificates
  • eBooks for IAPR invoice types
  • SEPA outgoing payment formats
  • VAT reconciliation report

More Information

Fig. 3: 2302 Innovations for Local Version for Greece

Back to Top

Croatia Switch to Euro

Value Proposition 

  • Croatia plans to adopt the Euro as currency. The switch to Euro is approved by EU committee to be effective 1st January 2023
  • From the beginning of the year of Euro introduction, financial reports will have to be compiled using Euro
  • Croatia local version is released since October 2022 to be compliant with operations in Euro

Capabilities 

  • Local version for Croatia released in October 2022 with EUR as country currency
  • Customers can go live with the local version of Croatia after the EUR changeover happens avoiding currency conversion effort

Besides the 200 scope items released, key country-specific features include below:

  • Direct compensations
  • Output form templates for customer invoice, credit, and debit memo
  • Official document numbering (ODN) and enhancement point for customer-developed communication with tax authority platform
  • Purchase list – form PDV-S/Stjecanje,Sales list – form Zbirna prijava (ZP)
  • Balance Sheets, Profit & Loss and Cash Flow statements
  • VAT reporting, VAT monthly declaration and U-RA report
  • Manual e-invoicing for B2G customers
  • Payment and Bank statement formats

Fig. 4: 2302 Innovations for the Switch to Euro for Croatia

Back to Top

New Local Versions for SAP BRIM (CI/FI-CA)

New local versions for SAP BRIM (SAP S/4HANA Cloud for contract accounting and invoicing) for Australia and New Zealand.

Value Proposition

  • Enables scalable subscription and usage-based digital business models as well as complex B2B billing and revenue management processes across countries and industries.
  • End-to-end process and automation from Billing to Cash in compliance with local regulations at the scale and volume demanded in the digital economy: tax, invoicing, statutory reports, payment processing and collections activities

Capabilities 

  • The new local version delivers 19 new scope items under Subscription Billing and Revenue Management as well as covers main legal requirements for Australia and New Zealand

Back to Top

Australia

Highlights of Country-Specific Features

  • Electronic invoicing via Peppol using SAP Document and Reporting Compliance
  • Template of invoices is provided in PDF form
  • Enablement of statutory reports with contract accounting data – GST Calculation for BAS Report / Business Activity Statement (BAS) Overview
  • Payment formats and bank statement processing in Contract Accounting

Fig. 4: 2302 innovations for SAP Billing and Revenue Management for Australia

Back to Top

New Zealand

Highlights of Country-Specific Features

  • Electronic invoicing via Peppol using SAP Document and Reporting Compliance
  • Template of invoices is provided in PDF form
  • Enablement of statutory reports with contract accounting data – GST Report
  • Payment formats and bank statement processing in Contract Accounting

Fig. 5: 2302 innovations for SAP Billing and Revenue Management for New Zealand

Back to Top

Identity Management

Guide for Identity Management for SAP S/4HANA Cloud and Integrated Products

  • The first version of the guide is published on the SAP Help documentation.
  • It provides reference architectures and step-by-step instructions for identity management in a SAP Cloud landscape (incl. SAP S/4HANA Cloud, SAP BTP, SAP Cloud Identity Services, Corporate User Store, HR System).
  • Depending on the setup of your IT landscape, you can choose between different identity management scenarios for your SAP S/4HANA Cloud system and integrated products.
  • The identity management scenarios differ with regard to the leading system of the user, worker, and work agreement.
  • Identity Management Scenarios without an Integrated HR System:
  • SAP S/4HANA Cloud as the Leading System for Users
  • SAP Cloud Identity Services as the Leading System for Users
  • Corporate User Store as the Leading System for Users

 

Fig. 6: SAP S/4HANA Cloud as the Leading System for Users

 

Back to Top

 

Fig. 7: SAP Cloud Identity Services as the Leading System for Users

Back to Top

 

Fig. 8: Corporate User Store as the Leading System for Users

Back to Top

 

Video 1: How to Find the New Guide for Identity Management for SAP S/4HANA Cloud and Integrated Products on the SAP Help Portal

Back to Top

Access Management

New Apps for Access Management

Maintain Business Role Groups

New app ‘Maintain Business Role Groups’

  • Create business role groups and assign multiple business roles to them
  • Organize and easily search for all business roles of a certain category
  • Mass handling of business roles belonging to a business role group
  • New restriction type Business Role (S_BRL) allows to determine, whether key users are authorized to display/maintain business roles belonging to certain groups
  • New restriction type Business Role User Assignment (S_BRL_ASG) allows to determine, whether key users are authorized to assign business roles to business users

 

Fig. 9: With the new ‘Maintain Business Role Groups’ app, you can create business role groups and assign multiple business roles to them

Back to Top

Maintain Business User Groups

New app ‘Maintain Business User Groups’

  • Create business user groups and assign multiple business users to them
  • Organize and easily search for all business users of a certain category
  • Mass handling of business users belonging to a business user group
  • Newly introduced restriction type Business User (CLASS) allows to determine, whether key users are authorized to display/maintain business users belonging to certain groups
  • New restriction type Business Role User Assignment (S_BRL_ASG) allows to determine, whether key users are authorized to assign business users to business roles

Fig. 10: With the new ‘Maintain Business User Groups’ app, you can create business user groups and assign multiple business users to them

Back to Top

New Features for Access Management

Mass Maintenance for ‘Maintain Business Roles’ App

New mass maintenance features in ‘Maintain Business Roles’ app 

  • Selection of a set of business roles individually or through attributes like business role groups
  • Examples of mass maintenance possibilities with a set of business roles:
  • Assign a business role group
  • Assign a set of business users
  • Assign a set of business catalogs
  • Add/remove launchpad space assignments
  • Assign the SAP-delivered spaces of business role templates
  • Maintain access categories

 

Fig. 11: In the ‘Maintain Business Roles’ app, you can now do mass maintenance

Back to Top

Mass Maintenance for ‘Maintain Business Users’ App

New mass maintenance features in ‘Maintain Business Users’ app

  • Selection of a set of business users individually or through attributes like business user groups
  • Examples of mass maintenance possibilities with a set of business users:
  • Assign a business user group
  • Maintain user data attributes like validity, time zone, decimal/time/date format, language
  • Lock/unlock
  • Add or remove business roles

Fig. 12: In the ‘Maintain Business Users’ app, you can now do mass maintenance

Back to Top

SAP Fiori Launchpad – Spaces and Pages

  • SAP-delivered SAP Fiori launchpad spaces are now also available for Business Role Templates SAP_BR_EMPLOYEE and SAP_BR_ADMINISTRATOR
  • Default entry page layout for new systems from now on is based on home page with spaces and pages and not based on groups any longer. The former ‘Home’ page will be removed in a future version of SAP S/4HANA Cloud for all customers.
    (For details about replacement/timeline see SAP Note 2970113)
  • SAP-delivered SAP Fiori Launchpad spaces can now be assigned to business roles directly without the needhttps://launchpad.support.sap.com/ to copy them first. They can be assigned to business roles created from scratch and to business roles derived from business role templates. Via mass change options in application ‘Maintain Business Roles’, it is possible change existing assignments to SAP-delivered spaces or to do initial space assignments to business roles and with that move faster from the classic home page to the new spaces and pages layout.

Fig. 13: Via mass change options in the ‘Maintain Business Roles’ app, you can change existing assignments to SAP-delivered spaces or to do initial space assignments to business roles

Back to Top

Security

Security Audit Log API

In the 2302 release, the security audit log app has been enhanced. As you know, the security audit log shows the most the most relevant security events in your SAP S/4HANA Cloud system. You can review security relevant activities of your customer users and SAP staff. The security audit log shows the events with:

  • Timestamp
  • Terminal ID
  • Audit Log Event

Fig. 14: In the 2302 release, the security audit log app has been enhanced

In this release, the corresponding SAP Fiori app ‘Display Security Audit Log’ has been enhanced. There are now two mandatory fields and additional filter options provided. To get detailed information on what has changed, check out this system demo:

Video 2: With the 2302 release, the ‘Display Security Audit Log’ app has been enhanced

More Information

Back to Top

Business User Change API

Customer can review all changes made to a business user, with information about changes made:

  • When (Timestamp)
  • By whom (User)
  • Which value has changed

 

Video 3: The new Business User Change API allows you to review all business-user-related changes.

More Information

Back to Top

Business Role Change API

Customer can review changes to business roles with information about:

  • Changed by whom (user)
  • New Role
  • Timestamp

Fig. 15: The new Business Role Change API allows you to review all business-role-related changes

More Information

Back to Top

Cross Origin Resource Sharing

Cross-origin resource sharing (CORS) is a way to let your users successfully access live data in an SAP Analytics Cloud page from their Web browser. Cross-origin resource sharing (CORS) is a mechanism that allows restricted resources on a Web page to be requested from another domain outside the domain from which the first resource was served

Benefits

  • More flexibility while retaining high security standards
  • Enhancing same-origin policy (SOP) for selected use cases
  • Strictly restricted by usage of allow lists

 

Fig. 16: Cross-origin resource sharing (CORS) allows restricted resources on a Web page to be requested from another domain outside the domain from which the first resource was served

More Information

Back to Top

Security Recommendations

SAP S/4HANA Cloud is delivered with secure default configurations wherever this is possible. However, you might want to review some settings and adjust them to your particular use case and corporate policies.

Suggesting a best practices approach for customer security settings:

  • Communication users
  • Front-end security
  • Authentication of business users
  • Authorizations of business users
  • On-premise components
  • Trusted certificates
  • Read access logging

More Information

Back to Top

 

Watch the Replays of Our SAP S/4HANA Cloud, Public Edition 2302 Early Release Series!

We’ve hosted a series of compelling live sessions from the heart of the SAP S/4HANA Engineering organization. Missed the live sessions? Watch our replays on demand!

Among the replays, you can find a replay, a presentation, and demos for Localization and Identity and Access Management (IAM) as part of the SAP S/4HANA Cloud, public edition 2302 release as well as 19 other sessions on diverse topics like manufacturing, finance, two-tier ERP, SAP User Experience, developer extensibility, and many more. For more information on the SAP S/4HANA Cloud, Public Edition Early Release Series and how to sign up for it, see this link.

 

For more information on SAP S/4HANA Cloud, check out the following links:

  • Link Collection – Technology Topics with SAP S/4HANA Cloud here
  • SAP S/4HANA Cloud release info: http://www.sap.com/s4-cloudrelease
  • Latest SAP S/4HANA Cloud Release Blogs here and previous release highlights here
  • Product videos on our SAP S/4HANA Cloud and SAP S/4HANA YouTube playlist
  • SAP S/4HANA PSCC Digital Enablement Wheel here
  • Early Release Webinar Series here
  • Inside SAP S/4HANA Podcast here
  • openSAP Microlearnings for SAP S/4HANA for Finance and GRC here
  • Best practices for SAP S/4HANA Cloud here
  • SAP S/4HANA Cloud Customer Community for Finance here
  • Feature Scope Description here
  • Help Portal Product Page here
  • Implementation Portal here

Follow us via @SAP and #S4HANA, or myself via LinkedIn or @DeissnerKatrin

Assigned Tags

      4 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Andreas Martin
      Andreas Martin

      Hello,

      regarding Maintain Business Role Groups, is it possible to assign the group to users?
      If so, where can I find this option?

      Otherwise, I don't quite understand the point in this app.

      And it would be nice if you could increase the number of characters for Business User Groups and Business User Roles.

      Best Regards
      Andreas

      Author's profile photo Christian Hochwarth
      Christian Hochwarth

      Hello Andreas,

       

      thank you for your comment.

      Coming to your questions:

      Inside the mass maintenance dialog it is currently not possible to assign a Business Role Group to users. What you can do though, to achieve the same result, is to start application “Maintain Business Roles”. There, via “Adapt Filters”, add the field “Business Role Group”. Then select the Business Role Group(s) you want to assign to users. A list of Business Roles is shown. Mark all Business Roles and start “Mass Change”. Choose “Business User Assignment / Add Business Users”. Search and select all users the roles shall be assigned to, then proceed to “Review” and finally submit the changes. I can imagine, that in the future also assignment of Business Role Groups will be enabled inside the mass change dialog, as we plan to add further mass capabilities there over time (e.g. maintenance of restrictions etc.).

      The apps for defining Business User- and Business Role Groups, apart from enabling such mass handling tasks, are essential for being able to distribute responsibilities among role and user administrators. Each Business User- and Business Role Group also is represented as a restriction type value. And there’s an additional restriction type combining User- and Role Groups.

      Example: Business Catalog SAP_CORE_BC_IAM_RA (IAM - Role Assignment) now can be restricted in a way, that a key user responsible for role assignments can be limited to a certain User Group / Role Group combination. All other role assignments are forbidden. Even the possibility to see users of a certain group or roles of a certain group can be limited.

      Many IAM related business catalogs (SAP_CORE_BC_IAM*) can now be restricted with these new restriction types in order to improve possibilities to separate responsibilities in administrative tasks.

       

      Regarding the field length: unfortunately the length can’t be increased for technical reasons.

       

      Best regards,

      Christian

      Author's profile photo HARROUCHE Ghania
      HARROUCHE Ghania

      Hello,

      Is there an alternative option to consolidate roles within the same package for the same business role in S4H CLOUD PUBLIC? I cannot find the 'Composite Roles' feature that we are using for the others S4H version.

      Thanks for your help

      Author's profile photo Christian Hochwarth
      Christian Hochwarth

      Dear Ghania,

      "Composite Roles" as in SAP S/4HANA On Premise, SAP S/4HANA Cloud, private edition or ECC are not available in SAP S/4HANA Cloud, public edition.

      Best practice regarding definition of business roles is to define workplaces in fit to standard workshops. For each defined workplace a business role is created as a combination of business catalogs. For more details see Plan and Design Identity and Access Management in SAP Activate. Especially the assigned Accelerator How to Create Application - Workplace List.pdf (SAP Customer). Each business user should ideally only be assigned to one business role.

      Best regards,
      Christian