SAP Access Control automatically detects and prevents access violations in SAP systems. Role management helps ensure that companies adhere to internal and external compliance guidelines. Continuous risk assessment is based on the functional separation check against the corresponding SoD matrix. SAP Access Control consists of four modules: Access Risk Analysis (ARA), Business Role Management (BRM), User Access Management (UAM) and Emergency Access Management (EAM). Fiori interfaces ensure high usability and intuitive operation – even on mobile devices.
Roles in the company should be as risk-free as possible in terms of the SAP authorizations they contain. In combination with all SAP roles of a user, these should also contain as few risks as possible. And if risks cannot be avoided entirely, it should at least be possible to monitor them.
For this reason, it is necessary to check which risks arise as early as the creation of the roles. In addition, when roles are assigned to a corresponding user, it must be checked which risks, if any, could arise from the role assignment. On the one hand, the system checks the actual status of the user against the SoD matrix. On the other hand, SAP Access Control simulates which risks would arise if the user were given additional authorizations. In conjunction with an SAP Identity Management solution, potential risks can be checked in the application and assignment processes before the authorizations are actually granted.
Firefighter processes, i.e., the approval and monitoring of emergency access, can also be clearly mapped using the Fiori apps. In such a case, a user requests a superuser in a Fiori app and SAP Access Control logs the exceptions.
The firefighter user is necessary to resolve and further process a potentially critical situation in the productive environment. To assign it to a specific person, a corresponding workflow process must be started, which includes an approval. The overview of such a request also shows the respective approvers, so that they can be contacted again directly in case of doubt.
Only after approval has been granted can the user access the respective system via SAP Access Control with further authorizations. By displaying which accesses actually happened, the Fiori apps make the processes during Firefighter use traceable.
With the Fiori apps, users can take advantage of even more SAP Access Control functionalities. The apps map almost all functionalities that SAP Access Control offers in daily use. These include, for example, performing mass maintenance and displaying functional separation conflicts directly in roles, profiles and users. The actual applications available depend on the role of the SAP Access Control user – for example, employee, compliance officer, administrator, or security manager. All roles can do their work in the various Fiori apps.
The various customizing options of the Fiori apps facilitate the daily work routine. Users have the option of specifying which information should be displayed. Depending on requirements, relevant data can be shown or hidden, for example. The exact customizing options depend on the individual requirements of the company. They should therefore be discussed in detail in each individual case.