SAP Access Control Implementation: The Myths, Truths, and Tricks (Part 2)
- by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
- January 4, 2016
Correct certain assumptions about the SAP Access Control system that are not necessarily true and obtain guidance on how to meet specific complex business requirements during an implementation project, including maintenance and support activities.
Reading this article, you’ll learn:
- Tips on how to successfully configure stage task settings and the PFCG user group agent type
- Strategies for efficient change log reporting and role management configuration
- How to customize approval screens and enhanced user experience when working with Web Dynpro applications
often the result of wishful thinking about the capability of a product that
most times is unfounded. This can materialize in the form of high expectations
about product capabilities. Knowing the truth about the functionalities of a
product can be invaluable in the different stages of software acquisition
(pre-sales), implementation, and support.
The SAP Access Control system provides many functionalities that can be harnessed to improve the processes around access risk analysis, access request management, business role management, and emergency access management. These capabilities are designed to ensure that there are sufficient controls within an enterprise to forestall fraudulent and malicious practices that can have adverse implications.
Organizations should be interested in optimizing the tool, which can be achieved only by aligning business requirements with an acute understanding of the potentials of the product. This can be challenging as the knowledge gap is commonplace. To close the knowledge gap, I provide use cases and real-life examples on specific configuration settings that can be adopted during an implementation project (or adapted following implementation) to meet specific business requirements.
The article addresses frequently asked questions often encountered during and after implementation of an SAP Access Control system. I intend to simplify a couple of complexities associated with the configuration of the SAP Access Control product by offering tips and tricks to meet specific business requirements.
In this article I discuss the following topics:
- PFCG user group agent type
- Front-end printing
- Multiple access requests per user per system
- Making changes to access request forms in the approval screen
- Change log activation and reporting
- NetWeaver Business Client (NWBC) launch page
- Ruleset for risk terminator
- Role deletion in the back-end system
- User default settings in the personal object worklist (POWL)
- Risk analysis result screen when no violations exist
Would you like to see this full item?