Integrate the Four Capabilities of SAP GRC Access Control

  • by Jayne Gibbon, Director of Customer Care, SAP
  • September 15, 2008
Learn about integration points of the four capabilities of SAP GRC Access Control in one place.
Key Concept

Risk Analysis is the process by which user access is evaluated against segregation of duties (SoD) rules to determine if the access causes any SoD conflicts.

SAP GRC Access Control is comprised of four separate capabilities:

  • Risk Analysis and Remediation (RAR) – Formerly called Compliance Calibrator
  • Compliant User Provisioning (CUP) – Formerly called Access Enforcer
  • Enterprise Role Management (ERM) – Formerly called Role Expert
  • SuperUser Privilege Management (SPM) – Formerly called Firefighter

You can implement each of these as a standalone capability. However, it is the integration of all four that allows a user to realize the full benefit of GRC Access Control.

This article is intended for those users who have already implemented the GRC Access Control capabilities and are familiar with the various functions of each capability. I’ll present a high-level understanding of the various integration points of the four GRC Access Control capabilities. Before getting into the integration, I’ll start with some master data requirements.

To obtain more detailed technical instructions on how to actually perform the integration steps, go to the Business Process Expert Web site at and select Governance, Risk and Compliance on the left side. Under How-to Guides, click on GRC How-to Guides. Under GRC Access Control, you see a document titled SAP GRC Access Control - Application Integration Documentation. For more information, see the sidebar “Key SAP Notes.”

Jayne Gibbon

Jayne Gibbon, CPA, has been implementing SAP applications since 1996 and is currently a director in the Chief Customer Office at SAP. Jayne’s focus is making customers successful with their SAP HANA deployments. She has helped more than 100 customers drive business value with SAP HANA. Prior to joining SAP in 2007, Jayne worked for two multinational manufacturing companies based in Wisconsin. While an SAP customer, Jayne led the very first implementation of Virsa’s Compliance Calibrator, which is now part of SAP Access Control. Jayne’s experience includes internal audit; computer security; governance, risk, and compliance; SAP HANA; and SAP analytics.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.