Mitigate Risk with SAP Access Control

Product Details

This exclusive compendium of articles on SAP Access Control, recently published in SAP Professional Journal, has been curated to help you advance your GRC skills and stay on the leading edge of SAP technology.

SAP Access Control offers functionality that covers four areas of user management and access provisioning: Access Risk Analysis, Access Request Management, Business Role Management, and Emergency Access Management. Readers benefit immediately from little-known tips on how to overcome audit issues specific to an SAP Access Control 10.0 system. You’ll also learn how to use SAP Access Control to mitigate cross-system risk in SAP Business Planning and Consolidation (BPC) and ERP environments, and how to configure SAP Access Control to allow manual provisioning of non-SAP applications. Other topics include SAP Access Control 10.0 approval workflow, management of multiple user access requests in SAP Access Control, the functionality of SAP Access Control Launchpad, and the integration of SAP ID Management with SAP Access Control.

Each of these hand-picked articles has not only been written by an expert, but has also been reviewed for quality, completeness and accuracy by the seasoned SAP Professional Journal editorial team and our trusted panel of advisors.   

Table of Contents

How to Prepare for a Comprehensive System Audit and Technical Review of SAP Access Control 10.0 ..... 3
by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd 

Learn invaluable tricks and tips for overcoming top auditing issues specific to an SAP Access Control 10.0 system.

How to Detect BPC Risk in SAP Access Control ..... 33
by Gary Prewett, Senior SAP Security Consultant, NIMBL
Discover how to detect cross-system risk between SAP ERP and SAP Business Planning andConsolidation (BPC). See how BPC task profiles map to business functions and understand how to create cross-system connector groups and assign appropriate connectors to that group.

Manual Provisioning of Non-SAP Roles Using SAP Access Control ..... 43
by Kavitha Nareshetty, SAP GRC Security Senior Consultant (Lead), Capgemini 
Minimize multiple access requests by configuring SAP Access Control so that you can manually provision access for non-SAP applications.

Enhance User Access Risk Reporting in SAP Access Control 10.1 with User Master Data Attributes ..... 60
by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd 
Learn how to enhance user risk analysis and user risk simulation analysis by leveraging a custom user group based on user master data (transaction code SU01) attributes. You will also learn how to improvise with custom variants (based on SU01 attributes) when defined custom user groups are not available for your business case or you need to bring in more flexibility to user risk reporting.

Understand and Extend SAP Access Control 10.0 Approval Workflow ..... 76
by Richard Calaba, Director, Value Prototyping, SAP America Inc
SAP Access Control 10.0 uses a Multistage, Multipath (MSMP) workflow engine (an enhancement of SAP Business Workflow) to achieve a flexible configuration process for approval workflows needed for SAP Access Control business functionality. Because of the huge customer base of SAP Access Control, the MSMP workflow engine was developed to be robust and flexible to accommodate the variety of different company scenarios for approval processes. Learn about some of the enhancements that make the whole approval process configuration flexible enough to be able to cover particular user-specific requirements.

Manage Multiple Access Requests Efficiently with SAP Access Control 10.0 ..... 98
by Rudr, Senior GRC Consultant
One of the key advantages of SAP Access Control 10.0 is the multiuser request feature. With this feature, multiple user access requests can be combined into a single request to save time and effort. This feature was available in SAP Access Control 5.3’s compliant user provisioning functionality, but it had limited capabilities. Learn about how SAP has enhanced multiuser request submission in SAP Access Control 10.0. You can use SAP Access Control 10.0 for multiuser request submissions during go-live or to provide the same roles to numerous SAP users.

How to Add, Remove, or Move Links from SAP Access Control 10.0 Launchpad ..... 108
by Alpesh Parmar, Managing Partner, ultimumIT, Inc
Learn the steps to create a new work center (Launchpad) or change an existing one in SAP Access Control. Discover how to customize predelivered tabs or links to suit your business needs.

Why Implementing SAP Access Control Alone Is Not the Panacea to Your SAP Security Issues ..... 130
by Alex Joseph, Practice Manager, SAP GRC, itelligence Inc
See how a railroad company redesigned its SAP security roles to ensure that these roles align with its internal controls pertaining to segregation of duties.

Combine SAP Identity Management and SAP Access Control to Automate Management of IT and ERP Access and Identity ..... 136
by Swetta Singh, Director of GRC Solution Management at SAP Labs, Chris Radkowski, Director of GRC Solution Management at SAP Labs, and Keith Grayson, Business Development Manager, EMEA Center of Excellence, Middleware and Platform, SAP
Learn about options for combining SAP Access Control and SAP Identity Management to support automation of identity and access processes and compliance requirements within your organization.