SAP Access Control Implementation: The Myths, Truths, and Tricks (Part 2)

  • by Kehinde Eseyin, Security Architect
  • January 4, 2016
Correct certain assumptions about the SAP Access Control system that are not necessarily true and obtain guidance on how to meet specific complex business requirements during an implementation project, including maintenance and support activities.
Learning Objectives

Reading this article, you’ll learn:

  • Tips on how to successfully configure stage task settings and the PFCG user group agent type
  • Strategies for efficient change log reporting and role management configuration
  • How to customize approval screens and enhanced user experience when working with Web Dynpro applications
Key Concept

Myth is often the result of wishful thinking about the capability of a product that most times is unfounded. This can materialize in the form of high expectations about product capabilities. Knowing the truth about the functionalities of a product can be invaluable in the different stages of software acquisition (pre-sales), implementation, and support.

The SAP Access Control system provides many functionalities that can be harnessed to improve the processes around access risk analysis, access request management, business role management, and emergency access management. These capabilities are designed to ensure that there are sufficient controls within an enterprise to forestall fraudulent and malicious practices that can have adverse implications.

Organizations should be interested in optimizing the tool, which can be achieved only by aligning business requirements with an acute understanding of the potentials of the product. This can be challenging as the knowledge gap is commonplace. To close the knowledge gap, I provide use cases and real-life examples on specific configuration settings that can be adopted during an implementation project (or adapted following implementation) to meet specific business requirements.

The article addresses frequently asked questions often encountered during and after implementation of an SAP Access Control system. I intend to simplify a couple of complexities associated with the configuration of the SAP Access Control product by offering tips and tricks to meet specific business requirements.

In this article I discuss the following topics:

  • PFCG user group agent type
  • Front-end printing
  • Multiple access requests per user per system
  • Making changes to access request forms in the approval screen
  • Change log activation and reporting
  • NetWeaver Business Client (NWBC) launch page
  • Ruleset for risk terminator
  • Role deletion in the back-end system
  • User default settings in the personal object worklist (POWL)
  • Risk analysis result screen when no violations exist

Kehinde Eseyin

Kehinde Eseyin is a security architect. He holds a bachelor’s degree in computer science. He has about 12 years of IT security, governance framework, IS risk, and compliance experience gained by working in numerous global organizations. Over the years, he has demonstrated competencies in security design, information assurance, cyber security, data privacy, threat and vulnerability management, penetration testing, business architecture, project management, IT audit, IS controls framework, and identity and access management.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.