SAP Access Control

Manage compliance-compliant access to all SAP applications in your IT landscape with the help of appropriate authorizations

Distribute authorizations

Identify and avoid risks

Map workflows flexibly

How to connect third-party applications to SAP Access Control

 

What is SAP Access Control?

SAP Access Control focuses on the traceable management and consistent distribution of users and authorizations throughout their lifecycle – assignment, repeated adjustments, deletion. The solution enables you to flexibly map your individual workflows so that required user accounts, roles and authorizations can be assigned in a rule-based and automated manner. All changes to authorizations and user data are logged traceably. In addition, emergency access (EAM) can be created via the firefighter workflow to minimize economic damage.

The risk analysis of users and authorizations helps to avoid SoD conflicts and to significantly increase security in applications. Already during the role application via Access Request, it is calculated which risks will arise from new authorizations. The approver can directly store a mitigation to eliminate the resulting risk.

Your contact person

Simon Toepper IBsolution

Simon Toepper

simon.toepper@ibsolution.com

+49 7131 2711-3000

SAP Access Control as part of Identity & Access Management

SAP Access Control is a product to identify risks, minimize risks and automate workflows.

  • Access Request Management
  • Access Risk Analysis
  • Emergency Access Management (EAM)
  • Business Role Management (BRM)
SAP Access Control | IBsolution

SAP Cloud Identity solutions enable authentication (IAS), single sign-on (SSO) and provisioning (IPS) against SAP cloud systems. SAP Cloud Identity Access Governance (IAG) provides the ability to manage workflows, risk checks and emergency access. Especially in a hybrid system landscape and in the communication between on-premise and cloud systems, the products ensure complete integration.

Click here for SAP Cloud Identity

SAP Cloud Identity | IBsolution

SAP Identity Management focuses on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion. The SAP IdM solution makes it possible to flexibly map individual workflows so that required user accounts, roles, and authorizations can be assigned in a rule-based and automated manner.

Click here for SAP Identity Management

SAP Identity Management | IBsolution

Single sign-on enables end-to-end authentication against SAP and non-SAP applications. Central management of access data increases security, as only one user ID is required for all applications. This means that passwords can be made truly secure without restricting user convenience too much. Constantly changing passwords for each application is a thing of the past, and password resets are minimized. You also avoid duplicate administration efforts in your IT and free up valuable resources.

Click here for SAP Single Sign-On

SAP Single Sign-On | IBsolution

 

The functionalities of SAP Access Control

Identify and minimize risks

With SAP Access Control, you manage legally compliant access to all SAP applications in your IT landscape. This includes, among other things, a cyclical and demand-driven check for risks in SAP authorizations, the management of business roles, and the use of processes to map the entire user lifecycle in compliance with SoD rules.

Risk analysis in SAP Access Control uncovers risks inherent in the user role set. Risks arising from future role assignment can also be simulated.

Avoid risks proactively

Conflicts of segregation of duties and other risks can already be identified and minimized or even prevented during the assignment processes. The risks of the requested roles are displayed directly to the approver, or even simulated with the roles already assigned. This prevents risks from arising in the first place. Security is also proactively increased in interaction with SAP Identity Management.

Manage emergency access

Unexpected disruptions in operation are resolved in a business process-oriented and traceable manner through the use of specialized emergency users. The use of SAP_ALL is thus explicitly avoided.

Emergency users (firefighters), who have extended authorizations, can be used for troubleshooting. A workflow guarantees the logging of the session and the subsequent approval by a responsible person. The emergency user concept is thus mapped in a fully comprehensive and compliance-conforming manner.

SAP Access Control comprises four main modules

Access Risk Analysis

Access Risk Analysis (ARA) provides ad hoc audits and cyclic audits of users and roles to identify and eliminate segregation of duties conflicts.

Access Request Management

Access Request Management (ARM) can be used to request users and authorizations. In combination with risk analysis, the requests are proactively checked for risks.

 

Business Role Management

Business Role Management (BRM) allows efficient and risk-checked administration of business roles. General authorizations can thus be assigned automatically and without risk.

Emergency Access Management

Real emergency situations are managed and logged with Emergency Access Management (EAM). In this way, downtimes in business processes can be minimized and resolved in a traceable manner.

SAP GRC Access Control | IBsolution

 

Integration of SAP Identity Management and SAP Access Control

SAP Identity Management and SAP Access Control focus on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion. The interaction of the two solutions enables you to flexibly map your individual workflows so that required user accounts, roles and authorizations can be assigned in a rule-based and automated manner. All changes to authorizations and user data are logged in a traceable manner. In this way, SAP Identity Management and SAP Access Control make an important contribution when it comes to adhering to legal and internal compliance regulations.

Power Workshop for SAP Access Governance

You would like to newly implement SAP Access Control, SAP Cloud Identity Access Governance or SAP Identity Management (IdM) or extend your existing system? With our Power Workshop for SAP Access Governance, you benefit from de facto standards that we adapt step by step to your individual requirements. As a result, you will receive a recommended action with a suitable project plan for introducing the access governance product that is optimal for you.

Learn more

Learn more about SAP Access Control

End of Maintenance 2027 SAP Access Control | IBsolution
Blog

Maintenance for SAP Access Control expires in 2027: What comes next?

SAP has set the end of maintenance for SAP Access Control for December 31, 2027. In view of the imminent end of maintenance, companies are asking themselves how they can cover the topics of governance, risk management and compliance in the SAP cosmos in the future.
Read more
Avoid conflicts in authorizations | IBsolution
Blog

How to avoid conflicts and risks in authorizations

SAP Access Control and SAP Cloud Identity Access Governance (IAG) address the compliant management of users and authorizations. What are the similarities and differences between the two solutions?
Read more
Fiori apps in SAP Access Control | IBsolution
Blog

Fiori apps in SAP Access Control: Access without risk

SAP Access Control automatically detects and prevents access violations in SAP systems. Role management helps ensure that companies adhere to internal and external compliance guidelines. Fiori interfaces ensure high usability and intuitive operation – even on mobile devices.
Read more

Would you like to learn more about the benefits of SAP Access Control?

Simply complete the form and submit it. We look forward to receiving your inquiry.

More SAP Identity & Access Management solutions

SAP Identity Management | IBsolution

SAP Identity Management

SAP Identity Management focuses on the traceable management and consistent distribution of digital identities throughout their lifecycle – assignment, repeated adjustments, deletion.

Learn more
SAP Cloud Identity | IBsolution

SAP Cloud Identity

SAP Cloud Identity solutions enable authentication (IAS), single sign-on (SSO) and provisioning (IPS) against SAP cloud systems. Especially in hybrid system landscapes, they ensure complete integration.

Learn more
SAP Single Sign-On | IBsolution

SAP Single Sign-On

SAP Single Sign-On enables end-to-end authentication against SAP and non-SAP applications. Central management of access data increases security, as only one user ID is required for all applications.

Learn more