Introducing Roles and Authorizations for Defense & Security

RADS is short for "Roles and Authorization for D&S". RADS enhances SAP Authorization concept with additional capabilities around the Force Element structure and other D&S Business objects. The content of RADS is defined by the Security Working Group of the DEIG in collaboration with SAP. This is an ongoing process. The requirements are checked, modified, and extended based on the feedback by D&S customers.

Depending on the functional and organizational scope of your Defense Project, the processes covered may behave like core ERP or be industry specific. The industry specific processes can be managed and protected using Roles and Authorization for D&S.

• RADS is not a specific technology or separate product but an integral part of the D&S solution

  (although it reuses and extends non-Defense security features like Context Based Structural Authorization)

• RADS is not an overarching security concept for all SAP solutions but especially designed for D&S

  (although it reuses overarching concepts like DCL and integrates important non-Defense objects like Product)

• RADS does notsolve external requirements like secure data exchange or intrusion protection

  (although these topics are discussed in the Security Working Group)

By understanding these points, you'll have a clearer grasp of the role and limitations of RADS within the SAP ecosystem.

Integration Over Separation

RADS is not an isolated entity but a deeply integrated part of SAP's D&S solution.

Tailored for D&S

RADS is designed specifically for the security needs of the D&S environment, leveraging broader concepts and integrations where applicable.

Focused Security Scope

RADS addresses particular security aspects within D&S, leaving broader security concerns to other dedicated mechanisms and discussions.

RADS continues to use the well known and mature security concepts and authorization checks provided by SAP. Hence, it is not disruptive but an enhancement. New authorization objects are provided for new functionality in D&S for SAP S/4HANA.

In addition, RADS is supported by the following techniques

• Context Based Structural Authorization: authorization dependent on the position of the user in the organization
• Sensitivity Field: restricted access by the level of sensitivity of an information
• User-based and position-based Role Manager: collects organizational values of Force Element Structure and creates specific role for the position or user

Context Based Structural Auth. is reused from HCM and extended by D&S, the Sensitivity Field and the RM functionality is a D&S specific development

RADS leverages the established and reliable security concepts and authorization checks that SAP is known for. This means that RADS is not a disruptive technology but rather an enhancement to the existing SAP security framework. Here's how it is realized:

1. Continued Use of SAP's Security Infrastructure

   RADS builds upon the mature security foundation of SAP, ensuring that authorization checks remain robust and effective. This integration ensures a seamless user experience while enhancing security features.

2. New Authorization Objects

   To accommodate the new functionalities introduced by Defense & Security (D&S) for SAP S/4HANA, new authorization objects are provided. This ensures that the specific security needs of these new features are comprehensively addressed.

3. Supporting Techniques

   Context-Based Structural Authorization:

   • Sensitivity Field
   • User-Based and Position-Based Role Manager

By leveraging these existing and new techniques, RADS effectively enhances SAP's security framework, providing a robust and tailored solution for D&S in SAP S/4HANA.