New XAMS Features with SP17

XAMS Service Pack 17 is now available

Like every year, Xiting is all set up for a new release of the Xiting Authorizations Management Suite (XAMS) this year as well. Numerous features have been further improved or newly developed, in particular with regard to SAP Fiori, Extended Access Management (EAM) and management of organizational structures. This blog highlights some of these features to help you get an idea of the new optimizations.

Currently, based on both customer feedback and the projects we carried out, we concluded that the topic of Fiori administration is becoming increasingly important – especially in correlation with the migration to SAP S/4HANA. Accordingly, the Fiori tools in the XAMS have been extended to enable you to manage your Fiori applications in an easy and consistent way.

Virtual modeling of Fiori catalogues

With XAMS SP17, one cannot only assign existing Fiori catalogues to the roles in a purely virtual project environment, but the contents of the Fiori catalogues can also be modelled in a pure virtual manner. This is made possible through an integration of the Fiori Content Manager in the Role Designer, by means of which both the tile and the target mapping can be automatically read out for Fiori app IDs and can be added to an initially purely virtual catalog, as can be seen in Figure 1.

Figure 1: Virtual modeling of Fiori catalogs

This enables a consistent and far-reaching integration of Fiori objects into your role concept. Virtual catalogues as well as virtual role definitions can then be implemented at the touch of a button in the real system. The assignment of catalogues to roles can also be prepared virtually, so that in the actual implementation in the PFCG the role is created, but also catalogues including corresponding tiles and target mappings are considered.

Another challenge in managing Fioris is the identification of related apps. With XAMS SP17, apps in catalogs can be automatically checked for available related apps.

Mass management of Fiori Spaces, Sections, Pages

A further improvement with the new release is the (mass) management of spaces, sections, and pages. These, like Fiori catalogues, can be fully managed in the Role Replicator: the creation, copy, deletion, export and transport of Fiori objects can be done in bulk via Excel. This enables you to easily manage the required Fiori elements, especially when introducing SAP Fiori or as part of your S/4HANA project.

Xiting Times and Security Architect with modern Fiori interfaces

In their daily work, the administrators not only deal with the assignment of Fiori authorizations, but end users should also be given access to XAMS functions.

This is particularly the case with Xiting Times when more far-reaching authorizations are to be assigned as part of Extended Access Management (EAM). This can be used as part of an emergency user concept but can also be used for use cases such as support scenarios or holiday replacements. In addition, access to the previous authorizations for end users is also possible as part of a redesign project during the Protected Go-Live (PGL).

In order to make this access to Xiting Times as convenient as possible for end users, XAMS SP17 provides Fiori interfaces for requesting Xiting Times sessions. Likewise, the preceding approval of a session (if it is used) can now also be done via a Fiori app.

In the Security Architect area, SP17 also provides a central Fiori dashboard for analyzing the system checks that have been carried out. This is of particular interest when the Security Architect is operated in central mode and a large number of systems are scanned at regular intervals. The results generated can now be checked via a clear Fiori dashboard. Of course, further drill-down into the various results is possible.

Figure 2: The new Fiori dashboard in Security Architect

Improved Extended Access Management (EAM) functions

In addition to the numerous Fiori functionalities, many improvements have been implemented, especially in Xiting Times. It is now possible to extend sessions without prior approval during a running session. The previously requested period of use can therefore be increased up to the limit defined in Customizing without leaving the session.

If a preceding approval of the session is planned, the user can be provided with a time window during which the user can flexibly start the requested period of use. If the user no longer plans any further activities before the end of his time frame, this can be closed independently. Otherwise, it is automatically closed after the time has run out.

This is an interesting use case, especially for planned maintenance work on the SAP system, during which increased authorizations are only required at specific times.

Such sessions with increased authorizations may also require a corresponding review by internal or external parties.

With XAMS SP17, the logging of completed Xiting Times sessions is much more flexible, in particular with the option to generate special logs for departments such as financial accounting, sales or master data management. In the future, for example, change documents for purchase requisitions can also be logged.

Handling of organizational levels and similar features further simplified

The SAP-specific company structure consisting of company codes, manufacturing plants, etc. can be mapped in the XAMS with the help of the Role Replicator. Based on this, roles can be derived along your organizational structure. So far, only the organizational levels defined in the SAP standard have been considered.

What is new with SP17 is that already defined orgsets can now be reused in other orgset groups. Thus, it is possible to map the organizational structure from different perspectives without maintaining the concrete values several times.

It also often happens that certain fields in authorization objects are not classified as an organizational level, but nevertheless differ in their organization-specific characteristics. Therefore, these values should be included in the organization set.

With SP17, management of non-organizational levels is possible in the Role Replicator.

In Figure 3 we see the definition of the non-organization level field PERSA (personnel area) for the authorization object P_ORGIN in the organization set for Xiting AG Switzerland. So, if a role is replicated with this organization set and P_ORGIN is included, P_ORGIN is filled with the personnel area (PERSA) CH01.

Figure 3: Considering PERSA in the context of P_ORGIN in the Role Replicator

According to our example, access to sensitive HR master data can be specifically controlled along the organizational structure, which eliminates the time-consuming creation and maintenance of additional roles (add-on roles).

In accordance with customer needs, relevant topics were further developed in this XAMS Release S/4HANA and customers were given assistance with regard to cloud products. Likewise, the increased demand regarding the Fiori topic is displayed – and on the one hand the administration of the Fioris is further simplified for the administrators, on the other hand the XAMS functionalities of interest to end users are made available as Fiori user interfaces.

If you would like to get a use case-related insight into the new XAMS SP17 features, you are welcome to register for one of our webinars.

Annika Braun
Latest posts by Annika Braun (see all)

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now