SAP Access Control Implementation: The Myths, Truths, and Tricks (Part 2)

  • by Kehinde Eseyin, Senior SAP GRC Consultant, Turnkey Consulting Ltd.
  • January 4, 2016
Correct certain assumptions about the SAP Access Control system that are not necessarily true and obtain guidance on how to meet specific complex business requirements during an implementation project, including maintenance and support activities.
Learning Objectives

Reading this article, you’ll learn:

  • Tips on how to successfully configure stage task settings and the PFCG user group agent type
  • Strategies for efficient change log reporting and role management configuration
  • How to customize approval screens and enhanced user experience when working with Web Dynpro applications
Key Concept

Myth is often the result of wishful thinking about the capability of a product that most times is unfounded. This can materialize in the form of high expectations about product capabilities. Knowing the truth about the functionalities of a product can be invaluable in the different stages of software acquisition (pre-sales), implementation, and support.

The SAP Access Control system provides many functionalities that can be harnessed to improve the processes around access risk analysis, access request management, business role management, and emergency access management. These capabilities are designed to ensure that there are sufficient controls within an enterprise to forestall fraudulent and malicious practices that can have adverse implications.

Organizations should be interested in optimizing the tool, which can be achieved only by aligning business requirements with an acute understanding of the potentials of the product. This can be challenging as the knowledge gap is commonplace. To close the knowledge gap, I provide use cases and real-life examples on specific configuration settings that can be adopted during an implementation project (or adapted following implementation) to meet specific business requirements.

The article addresses frequently asked questions often encountered during and after implementation of an SAP Access Control system. I intend to simplify a couple of complexities associated with the configuration of the SAP Access Control product by offering tips and tricks to meet specific business requirements.

In this article I discuss the following topics:

  • PFCG user group agent type
  • Front-end printing
  • Multiple access requests per user per system
  • Making changes to access request forms in the approval screen
  • Change log activation and reporting
  • NetWeaver Business Client (NWBC) launch page
  • Ruleset for risk terminator
  • Role deletion in the back-end system
  • User default settings in the personal object worklist (POWL)
  • Risk analysis result screen when no violations exist

Kehinde Eseyin

Kehinde Eseyin is a senior SAP security and GRC consultant with Turnkey Consulting (UK) Limited. He has more than eight years of SAP authorizations, GRC, and Basis experience. In the past, he has managed teams to coordinate security, GRC, and Basis administration activities within a multinational environment and operated as an independent consultant, performing SAP system audits and SAP GRC Access Control implementations. He holds a bachelor’s degree in computer science. He has different certifications, including SAP Access Control 10.0 Consultant; SAP Technical Consultant (SAP NetWeaver on Oracle); SAP Solution Manager Operations Consultant; SAP Support Engineer – SAP Solutions Manager; SAP Business One Consultant; Oracle Database Administration Professional (OCP DBA); ITIL v3; and PRINCE2. He is the co-author of SAP BusinessObjects Access Control 10.0 Application Associate Certification [Review Questions and Answers].

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.