SAP GRC Access Control has a central repository for access and authorization based risks and controls:-

1. Provides risk analysis for every Process that can be covered by the solution

2. Supports the creation and assignment of a mitigation control out of an approval workflow via

the mitigation service

SAP Access Control contains the following tools which are becoming increasingly integrated for optimum usage:

1. Compliance Calibrator (Risk Analysis and Remediation u2013 RAR)

This tool supports real-time compliance by stopping security and controls violations before they occur. It contains the most comprehensive library of Segregation of Duty (SoD) rules available for enterprise applications from SAP, Oracle, and PeopleSoft. This makes it easy for business-process owners to deploy rules applicable to their organization and to eliminate risks from enterprise applications.

2. Firefighter (Super Privilege Management u2013 SPM)

This enables super-users to perform emergency activities outside the parameters of their normal role, but to do so within a controlled, fully auditable environment. The application assigns a temporary ID that grants the super-user broad yet regulated access, and tracks and logs every activity the super-user performs using that temporary ID.

3. Role Expert (Enterprise Role Management - ERM)

ERM centralizes and standardizes enterprise wide role management. This helps to eliminate manual errors, provides an audit trail for changes, and enforces best practices. Using the application, business managers can define functional roles, and IT managers can define the associated technical permissions.

4. Access Enforcer (Compliant User Provisioning - CUP)

CUP supports fully compliant user provisioning across applications throughout the employee life cycle. Multi-step guided procedures automate approval processes and enforce mandatory, real-time risk assessments prior to provisioning users to enterprise applications.