Automate Your SoD Review with SAP BusinessObjects Access Control 5.3: Five Configuration Steps

  • by Frank Rambo, PhD, Director, Customer Solution Adoption (CSA), EMEA
  • January 5, 2010
The Segregation of Duties (SoD) Review feature in SAP BusinessObjects Access Control 5.3 allows for an automated and decentralized SoD review by business managers or risk owners. The SoD Review takes the SoD violations detected during a batch risk analysis and organizes their resolution in a request-based approval workflow. Reviewers can assign mitigation controls for users with SoD violations or request removal of detected violations from the security administrators in the same workflow.
Key Concept
The SoD Review feature was first introduced in SAP BusinessObjects Access Control 5.3 and enhanced in some aspects with Support Package 6. Similar to the User Access Review (UAR) feature, the SoD Review is a feature of the product capability Compliant User Provisioning (CUP), where diverse options are configured and the approval workflow for SoD resolution is set up. However, detection of SoD violations and risk mitigation requires the Risk Analysis and Remediation (RAR) capability being invoked via Web service calls out of CUP. RAR also holds all master data related to risks and mitigation controls.

The SoD Review uses the Risk Analysis and Remediation (RAR) and Compliant User Provisioning (CUP) capabilities of SAP BusinessObjects Access Control. On a high level, you can divide its configuration into the following tasks:

  • Verification of SAP BusinessObjects Access Control 5.3 post-installation steps
  • Configuration of user review options
  • Setup of the approval workflow
  • Maintenance of rejection reasons
  • Maintenance of coordinator-to-reviewer relationships

The following sections explain each of these tasks in more detail.

Frank Rambo, PhD

Frank Rambo, PhD, is managing a team within SAP’s Customer Solution Adoption (CSA) organization working with customers in the SAP analytics area with the objective to drive adoption of new, innovative solutions. Prior to this position, he worked eight years for SAP Germany as a senior consultant focusing on SAP security and identity management. Before he joined SAP in 1999, Frank worked as a physicist in an international research team. He lives in Hamburg, Germany.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.