SAP Access Control Implementation: The Myths, Truths, and Tricks (Part 1)

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • December 14, 2015
Gain an understanding of supported and unsupported functionalities in the SAP Access Control system. See how to configure the system correctly to achieve your defined business requirements.
Learning Objectives

Reading this article you will learn:

  • Tips on client customizing settings comparison and risk analysis dashboard reporting
  • How to configure routing rules and related workflow functionalities
  • Strategies for effective management of access requests and cancellation of workflow instances
Key Concept

Myth often refers to certain assumptions or thoughts about the capability of a tool or product, either positive or negative, with or without an empirical basis of fact or technical explanation. A detailed explanation about the reasoning and concept behind the truth, coupled with validated tips and tricks, goes a long way toward demystifying the product. Therefore, it is important to clarify common assumptions about the SAP Access Control system that are untrue and to provide guidance on how to meet specific business requirements during an implementation project and operation of the system.

It is commonplace for users not to optimize the capabilities of a system, which happens mostly because of ignorance rather than from the absence of a business need. Acute knowledge of the strengths and weaknesses of the software product gives insight into how to map business requirements to the capability of the SAP Access Control 10.x solution.

Therefore, in this article, I discuss important customization settings, transaction codes, and standard ABAP programs that are invaluable for the administration, operation, and support of an SAP Access Control 10.x system. Setting appropriate values for configuration parameters can be challenging as a result of lack of understanding of how these configuration parameters work independently, the dependencies on other configuration parameters, or the wider customization settings. Addressing this common concern is the crux of this article.

This is the first part of a series of two articles on this subject. In this article, I cover the following topics:

  • Client copy operation
  • Dashboard report and browser settings
  • Workflow path with no assigned stage
  • User details based on multiple data sources
  • Threshold for access request line items
  • Deletion of access request
  • Risk analysis for locked and expired users

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.