There are many SAP based organizations that manually give users access rights on an individual basis, even for those who carry out similar tasks. Though it is doable, it isn’t an effective way of maintaining user access in SAP and it’s also not an effective use of time. Assigning access rights on an individual user basis typically requires extra administrative overhead, which could be avoided.
For instance, when a new employee is hired, the company must specify access rights for every view. Also the IT onboarding, does the onboarding of these new employees smoothly. Obviously, this is cumbersome for companies who may have 250+ employees, with 200 employees all doing the same tasks with the same access rights.
Fortunately, one tool that SAP GRC has is access controls (AC). SAP GRC AC offers ‘business roles’ which allows companies to group employees based on job tasks and access rights. When creating and editing an employee’s business role, employers can easily assign the work centers, work center views, and define the access restrictions.
There are great SAP GRC tools. Not all of the tools are easy to navigate, companies like Pathlock help employers get set-up to manage these time-saving tools. SAP GRC tools not only help companies with their users’ access, they also provide a lot of other advantages.
SAP GRC Advantages
Using the SAP GRC AC tool helps companies identify and prevent any kind of access or authorization risks, which are important for cross-enterprise SAP solutions. It helps to decrease the possibility of fraud. Furthermore, this tool helps to decrease the complete cost of the continued oversight and helps keep the company compliant.
SAP GRC is well-equipped with the risk analysis. It helps to cut down on the time required to identify and remediate access of users across various IT systems. This tool offers a centralized request tool that makes the approval process quicker and one that can be integrated with the HR systems to offer holistic support to the user life cycle.
Exploring Possible Options
There’re a lot of questions about access requests for cloud apps or how they offer solutions for implementation of SAP access controls. Let’s explore the overview of options and steps for the access requests for standalone SAP AC implementation.
SAP Identity Access Governance – With this option, the company has the SAP cloud identity governance solution will be able to integrate it with the cloud and on-premise services for the access requests.
SAP Cloud Access Governance + bridge option – With this option, the company has the current SAP AC option with the on-premise integrations and integrate cloud apps. There will not be a direct integration of SAP Access Control, so companies can easily use SAP cloud governance for accessing any kind of request.
SAP AC – Is There Something New Here?
SAP Access Control apps available in the market provide new and improved functionalities. Here are some of the changes:
- Refreshed interface for the NWBC transactions – Standard look accessible from NWBC transaction level has been adapted to latest changes in the appearance by providing new SAP theme
- Look based on Fiori interface – Because of the new interface, it’s now possible to access the SAP GRC AC function by using the Launchpad Fiori that increases the package’s accessibility for the users throughout an organization. The current interface is accessible without any Fiori application
- Extension of EAM module with proper support for HANA database
- New rules for the SAP S4 or HANA – These change the present authorization model; thus a new set of rules addresses change effectively
- Integration with the SAP Success Factors (available in 10.1)
- Optimization for synchronization tasks – The new version optimizes the operation of a few demanding synchronization improving inclusion synchronization of the repository objects, tasks associated with applications generation for the periodic review, and LDAP synchronization
- Simplified mechanisms to manage controllers & FF ID, owners
- Integration with the SAP Identity Management
- Integration with the cloud apps due to the SAP Cloud Identity Governance or Emergency Access of the WebApps component