RISE with SAP
The digitalization and modernization of enterprise landscapes has become one of the key priorities for decision makers by 2025. When it comes to SAP S4/HANA, this cloud transition has earned its own name: RISE with SAP (SAP Private Cloud Edition).
RISE with SAP is a Transformation as a Service offering that supports organizations on their journey into the S/4HANA private cloud. Depending on the starting point, the transformation can follow a Greenfield (new implementation), Brownfield (conversion from an existing ECC system), or Bluefield (hybrid approach).
Additional components include Business Process Intelligence (such as Signavio), the SAP Business Technology Platform (BTP), and deployment on hyperscalers like Microsoft Azure, AWS, or Google Cloud. The goal is a modern, standardized process and system landscape with clear Governance, Risk, and Compliance guidelines, including robust Identity and Access Management.
Good to know:
RISE with SAP is typically delivered with the S/4HANA private cloud. The public cloud edition is primarily addressed through GROW with SAP.
The introduction of RISE with SAP provides multiple advantages:
Standardized methods and best practices accelerate your move to S/4HANA.
Instead of significant infrastructure investments, you use a flexible subscription model.
Future technologies such as artificial intelligence, machine learning, and process automation integrate seamlessly.
A robust private cloud environment operated in SAP data centers or on hyperscalers such as AWS, Microsoft Azure, or Google Cloud.
SAP works closely with partners for planning, migration, and ongoing operations.
RISE with SAP combines technologies, services, and operational models to guide companies into the S/4HANA private cloud in a structured and economically viable way.
Success depends on a solid SAP authorization concept that reliably covers SoD risks, compliance requirements, and the specifics of cloud and hybrid architectures.
→ Build a secure SAP authorization concept together with Xiting.
The RISE with SAP Private Cloud is technically based on a classic ABAP system operating in a cloud environment. This leads to several practical implications for your SAP authorization design.
In the Private Edition, existing ABAP roles can be adopted and adapted. At the same time, the target environment requires mapping to S/4HANA structures as well as the integration of Fiori roles (Business Roles, Spaces and Pages) and catalogs (Business Catalogs).
Many classic SAP GUI transactions are removed, merged, or replaced by Fiori apps. SU24 and SU25 adjustments, authorization object reviews, and the consistent use of Fiori services such as OData and ICF become essential redesign activities.
Segregation of Duties conflicts must be resolved both functionally and technically. Continuous risk analysis, audit proof documentation, and clear mitigation controls safeguard compliance.
RFC and Batch users remain relevant but require restrictive authorizations, strong authentication such as certificates, and regular recertifications. Cross system interfaces should follow the principle of minimal privilege and clear responsibilities.
Integrated scenarios with SAP Cloud Identity Services and external identity providers such as Azure AD change the interaction between central IAM and ABAP user management. Unified authentication standards and Single Sign On improve both security and user experience.
Good to know:
Our Xiting Authorizations Management Suite (XAMS) supports all migration approaches in the Private Edition and can consolidate and migrate your data directly within the Role Designer.
XAMS supports you across your SAP authorization lifecycle:
• Support for SAP S/4HANA Cloud, Private Edition
• Accelerated role redesign
• Standardization of SU24 and SU25 driven adjustments
• Full transparency of authorization objects, usage data, and conflict analysis
To execute the RISE migration successfully, you must understand the critical steps in the transition process and how to overcome common challenges.
To implement the necessary S/4HANA and Fiori adjustments, your SAP authorization concept must be migrated.
This is achieved through six structured steps:
Unexpected issues during the RISE migration can delay processes, disrupt operations after go live, or even threaten the overall project. The most common pitfalls include:
• Unclear role ownership between IT, compliance, and business
• Shadow IT privileges and historically accumulated special access
• Limited understanding of Fiori catalogs and dependency services
• Over privileged technical users and interface permissions
• Time pressure versus thorough SoD and compliance review
• Hybrid landscapes across on premise, private cloud, and BTP with inconsistent IAM processes
The best practices can be grouped into three categories: preparation before the project, activities at project kickoff, and measures during project execution.
Xiting supports your S/4HANA authorization migration using the Xiting Authorizations Management Suite (XAMS) in a transparent, efficient, and audit compliant way.
Automated impact analysis based on the SAP Simplification List highlights required adjustments and allows new start objects to be adopted directly into your roles.
The Role Designer visualizes coverage of new transactions and Fiori apps, enabling early detection and closure of gaps.
Critical authorizations and SoD conflicts can be validated quickly to ensure system security and compliance.
Fast and reliable license analysis helps you control costs under the new licensing model.
All this reduces manual effort, avoids unnecessary costs, and minimizes preventable errors.
Move into RISE with Xiting and XAMS and experience a smooth authorization migration to S/4HANA.
Yes. In the Private Edition, existing ABAP roles can be reused but must be adapted to S/4HANA structures and new Fiori apps.
In the Private Cloud, organizations can maintain their individual authorization concept with custom roles, transactions, and enhancements.
In the Public Cloud (GROW with SAP), roles are highly standardized and customization options are limited.
Not strictly, but SAP Fiori with the Fiori Launchpad is the primary user interface for S/4HANA. Many new features are delivered exclusively as Fiori apps, which makes Fiori the de facto standard.
