SAP Access Control Implementation: The Myths, Truths, and Tricks (Part 1)

  • by Kehinde Eseyin, Security Architect
  • December 14, 2015
Gain an understanding of supported and unsupported functionalities in the SAP Access Control system. See how to configure the system correctly to achieve your defined business requirements.
Learning Objectives

Reading this article you will learn:

  • Tips on client customizing settings comparison and risk analysis dashboard reporting
  • How to configure routing rules and related workflow functionalities
  • Strategies for effective management of access requests and cancellation of workflow instances
Key Concept

Myth often refers to certain assumptions or thoughts about the capability of a tool or product, either positive or negative, with or without an empirical basis of fact or technical explanation. A detailed explanation about the reasoning and concept behind the truth, coupled with validated tips and tricks, goes a long way toward demystifying the product. Therefore, it is important to clarify common assumptions about the SAP Access Control system that are untrue and to provide guidance on how to meet specific business requirements during an implementation project and operation of the system.

It is commonplace for users not to optimize the capabilities of a system, which happens mostly because of ignorance rather than from the absence of a business need. Acute knowledge of the strengths and weaknesses of the software product gives insight into how to map business requirements to the capability of the SAP Access Control 10.x solution.

Therefore, in this article, I discuss important customization settings, transaction codes, and standard ABAP programs that are invaluable for the administration, operation, and support of an SAP Access Control 10.x system. Setting appropriate values for configuration parameters can be challenging as a result of lack of understanding of how these configuration parameters work independently, the dependencies on other configuration parameters, or the wider customization settings. Addressing this common concern is the crux of this article.

This is the first part of a series of two articles on this subject. In this article, I cover the following topics:

  • Client copy operation
  • Dashboard report and browser settings
  • Workflow path with no assigned stage
  • User details based on multiple data sources
  • Threshold for access request line items
  • Deletion of access request
  • Risk analysis for locked and expired users

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.