The new Features of XAMS with Service Pack 19

Once again this year, with the XAMS Support Package 19, there are innovations surrounding the Xiting Authorization Management Suite (XAMS). Taking into account our experiences from various projects and the feedback from our customers, the developers at Xiting have implemented a multitude of new functions.

This blog post sheds light on some of the new features that have been implemented as part of Service Pack 19 to give you an insight into the changes that have been made.

Simplified License Analysis with XAMS

In today’s world, the topic of user licenses is more relevant than ever, and many SAP customers are facing the challenge of dealing with the current changes and innovations in license management, especially in the context of S/4HANA migrations.

For this reason, the existing tools for license analysis have been expanded and optimized with XAMS Service Pack 19. These improvements now allow for a detailed analysis of users, taking into account the ST03N statistical data and the assigned roles.

These innovations provide SAP customers with an efficient solution to analyze their user licenses and determine the licensing requirements within the scope of S/4HANA.

Figure 1: License analysis in Role Designer

To delve deeper into this exciting topic, we offer a live webinar for customers and interested parties. The session includes a live demo as well as the opportunity for you to ask your individual questions to our experts.

Even More Extensive Virtual Role Management

In Kundenprojekten erweist sich der Role Designer als ein äußerst nützliches virtuelles Rollenverwaltungstool. Im Laufe der Jahre wurden kontinuierlich weitere Funktionen integriert, um die virtuelle Verwaltung von Benutzern und Rollen zu erleichtern. Mit dem Service Pack 19 wurden Funktionen aus dem Coverage Analyzer integriert. Diese Integration ermöglicht es nun, die Anzahl der gesammelten Daten aus der Produktiven Testsimulation (PTS) im Projekt anzuzeigen und direkt in den Coverage Analyzer zu navigieren.

Eine bedeutende Entwicklung im Zusammenhang mit Fiori-Applikationen war die Einführung des Fiori App Trackers mit Service Pack 18. Die Funktionalitäten dieses Tools wurden nun mit dem neuen Service Pack in den Role Designer integriert. So besteht nun die Möglichkeit, die verwendeten Apps in der Nutzungstatistik anzeigen zu lassen. Diese Integration verbessert die Effizienz bei der Rollenerstellung nach „Need-to-know-Prinzip“ und bietet den Benutzern eine umfassende Übersicht über die Anwendungsaktivitäten.

Simplified Management of UIAD Applications

XAMS SP19 bietet nicht nur die bereits erwähnte Integration des Fiori App Trackers in den Role Designer, sondern auch weitere Funktionen im Zusammenhang mit Fiori, die in anderen XAMS-Modulen verfügbar sind. So wurden zum Beispiel die Massenverarbeitungstools im Role Replicator angepasst, erweitert und benutzerfreundlicher gestaltet:

Constraints regarding the semantic object and action during the mass creation of UIAD applications have been removed with SP19. This now allows for complete flexibility in the creation of Fiori-related transactions.

Would you like to gain further insights into this topic and experience the Role Replicator in XAMS live in a demo? Then sign up for this special webinar marking the release of the new Service Pack 19:

Efficient Adjustment of Authorizations

In Verbindung mit dem Modul Xiting Times bietet der Role Builder mit der Produktiven Testsimulation (PTS) eine revolutionäre Möglichkeit des Testens neuer Berechtigungen im Zuge von Redesign-Projekten. Hierbei wird den Endbenutzern erlaubt mit ihren alten Rollen weiterzuarbeiten, während die neuen Rollen „im Rucksack“ indirekt bereitgestellt werden. Immer wenn eine Berechtigungsprüfung durchgeführt wird, erfolgt diese zuerst gegen die neuen Rollen im „Rucksack“ und sofern notwendig im zweiten Schritt gegen die aktuell zugewiesene Rolle. Während der Endbenutzer von diesen „virtuellen“ Berechtigungsfehlern nicht betroffen ist, kann der Rollenadministrator sie verwenden, um die neue Rolle im Rucksack zu optimieren.

To make optimization more efficient, a function requested by many of our customers is available with SP19: It is now possible to adjust authorizations of a role directly via the Role Builder Coverage Analyzer:

Figure 2: Evaluation and adjustment of test data in the Role Builder Coverage Analyzer

Auch in der Xiting Times wurde die Auswertung der Fiori Logs übersichtlicher und benutzerfreundlicher gestaltet. So finden wir nun detaillierte Informationen zu den Xiting Times Sessions:

Figure 3: Fiori Logs in Xiting Times

Centralized Interface and Automated Validation in XAMS CRAF

The XAMS Critical Authorization Framework (CRAF) provides companies with an integrated tool for analyzing critical authorizations and function separation conflicts (SoDs). Ad-hoc analyses offer a quick insight into the critical authorizations of existing roles and/or users.

Significant adjustments have been made with SP19: The selection criteria can now be defined more comprehensively, and the check can be executed in the background in the CRAF Ad-hoc Check. There is no longer a need to switch back and forth between Role Profiler and Security Architect (e.g., for risk analysis via background processing or for exporting results). This integration allows the CRAF Ad-hoc Check to be used as the central entry point for risk analysis in the future. All functionalities for risk analysis are now consolidated under one menu node.

Furthermore, a new function allows for the validation of critical authorization and combination IDs against applications: Results that are critical on an object level (e.g., S_USER_GRP with ACTVT 06) can be displayed as “False Positive” if the user is not authorized for the corresponding application (in this example, transaction “SU01 – User Maintenance”). The validation also supports the analysis of authorizations for accessing Fiori apps. This enables comprehensive checking of functional as well as application-related (i.e., transaction, Web Dynpro, Fiori App, etc.) authorizations. An existing rule set in XAMS CRAF can be easily extended for this purpose.

Mit Hilfe des Check-Modes im Security Architect können Sie den aktuellen Ist-Zustand Ihrer Systeme gegen den im Dokument definierten Soll-Zustand prüfen.

Two new checks are introduced in SP19 in the Security Architect: It is now possible to check the validity of all PSE certificates and to view role changes by unauthorized users. For all checks, there is now also the option to specify the email address of a responsible person in the email customization depending on the check ID, system, and client. Furthermore, the System Check Tool has also been expanded to include CRAF checks in the evaluation and to select various systems for ST03N evaluations.

Since its initial introduction with SP17, the SIEM Connector has also been continuously developed. A new monitoring tool is now available, which displays the last 1000 alerts already on the SAP central system. This is especially helpful for monitoring log extraction and identifying potential operational issues. A Debug Mode is available with SP19 to provide detailed information about the behavior of the SIEM background job, which is helpful for troubleshooting and resolution. Furthermore, the customization of the email adapter has been expanded and optimized.

In summary, it can be said that great innovations have been developed with SP19 in XAMS as well. For an application-oriented insight into the new features, you can participate in our new Use Case Webinars. The focus here is on license analysis using XAMS, as well as the mass creation of Fiori applications.

Would you like to experience the new SP19 features live?

Karin Fertich
Latest posts by Karin Fertich (see all)

Leave a Reply

Your email address will not be published. Required fields are marked *


Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now