Skip to Content
Integration and Certification Center

SAP Access Control

Proper segregation of duties (SoD) and access control over key information assets are among the most effective safeguards against fraud and mistakes -- and a prerequisite for the sound corporate oversight required by various regulatory mandates around the world, such as the Sarbanes-Oxley Act and 8th EU Directive. These are also some of the most difficult controls to deploy and sustain given the thousands of users, roles, and processes that require access and authorization evaluation, testing, and remediation.

SAP BusinessObjects Access Control enables companies to confidently control access and prevent fraud throughout the enterprise by intelligently managing employee authorizations across mixed IT environments, allowing authorized exceptions, and accelerating resolution of any violations, all while reducing costs.

Innovative new features in SAP BusinessObjects Access Control 5.3 take customers to the next level of compliance by:

Reducing access risk across the enterprise

  • A robust database of validated segregation of duties (SoD) rules based on business process expertise and best practice experience.
  • Cross-system access risk analysis and remediation for SAP and non-SAP environments.
  • Risk analysis of user access requests and role definitions.
  • SoD implementation and critical access risk prevention.
  • Management and assignment of mitigating controls.

Streamlining compliance processes

  • Technical access risks translated into business language.
  • Automated user access review and collaboration.
  • Business-centered roles definition and design that follow best practices.
  • Role design workflows and flexible role-building methodology.
  • Automated self-service user access request and approval process
  • Standards-based identity management and integration.

Obtaining real-time oversight

  • Real-time access risk analysis reporting and dashboards.
  • Emergency access privileges with integrated monitoring and reporting.
  • Critical transaction usage monitoring.
  • Real-time alerts and transaction monitoring.
  • Efficient document-based audit process for external and internal audits.
  • Business Intelligence integration and enablement of Crystal Reports.

You are also encouraged to learn more about SAP GRC Access Control 10.0.

Getting Started

SAP BusinessObjects Access Control 5.3 Support Pack 9 - Functional Overview

This document provides an overview of the enhancements introduced in Access Control Support Package 09.

AC Useful SAP Notes for Access Control Customers

This document lists SAP Notes that are helpful to Access Control (AC) customers. The notes range from general SAP notes to notes regarding common functionality of the four AC capabilities. It also includes notes from Virsa 4.0 to Access Control 5.3.

Access Control 5.3 Pre-Implementation Checklists for Implementation Consultants

GRC Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. This document discusses key pre- and post-technical implementation considerations for each of the Access Control capabilities. It also provides checklists to assist project teams in completing key steps for a basic installation of Access Control.

SAP GRC Access Control - Installation Best Practices FAQ

This document summarizes frequently asked questions regarding the installation of GRC Access Control 5.x.

SAP GRC Access Control 5.3 - Pre-Installation

The presentation explains the necessary prerequisites for a successful installation of SAP GRC Access Control 5.3 and guides the reader through the installation procedure of the software.

SAP GRC Access Control 5.3 Pre-Installation

This demo provides an overview of the important prerequisites for a successful installation of SAP GRC Access Control 5.3 and guides the reader through the installation procedure of the software. The related presentation is a helpful aid in learning more.

SAP GRC Access Control 5.3 - Post-Installation - RAR

This article walks the reader through the configuration tasks required for GRC Access Control 5.3 Risk Analysis & Remidiation

SAP GRC Access Control 5.3 Post-Installation - Risk Analysis & Remediation

This eLearning session outlines necessary post-installation steps for the implementation of risk analysis and remediation in SAP GRC Access Control 5.3. The related presentation is a helpful tool.

SAP GRC Access Control 5.3 - Post-Installation - CUP

The presentation explains the required post-installation steps in SAP GRC Access Control 5.3's solution component Compliant User Provisioning in order to enable customers to start customizing and implementation of customer specific workflows.

SAP GRC Access Control 5.3 Post-Installation - CUP

This eLearning session outlines necessary post-installation steps to enable compliant user provisioning in SAP GRC Access Control 5.3. Completing the required post-installation tasks allows to start customizing and implementation of individual workflows. The related presentation will be a helpful tool.

SAP GRC Access Control 5.3 - Post-Installation - ERM Part 1

The presentation explains the required post-installation steps in SAP GRC Access Control 5.3's solution component Enterprise Role Management in order to enable customers to start customizing and implementation of their role management process.

SAP GRC Access Control 5.3 Post-Installation - ERM I

This eLearning session explains the required post-installation steps for enterprise role management in SAP GRC Access Control 5.3. This is a prerequisite to start customizing and implementation of their role management. The related presentation will be a helpful tool.

SAP GRC Access Control 5.3 - Post-Installation - ERM Part 2

The presentation runs through the SAP Deafault Methodology Process in SAP GRC Access Control 5.3's solution component Enterprise Role Management. It explains how roles are created within this default methodology process. Note that customers can define multiple methodology processes that can be different to the SAP process delivered with the software.

SAP GRC Access Control 5.3 Post-Installation - ERM II

This eLearing session runs through typical implementation steps of enterprise role management in SAP GRC Access Control 5.3. It explains how roles may be created. Projects may apply a different methodology. The related presentation will be a helpful tool.

SAP GRC Access Control 5.3 - Post-Installation - SPM

The presentation explains the required post-installation steps in SAP GRC Access Control 5.3's solution component Superuser Privilege Management. It is explains how to effectively set up Superuser Privilege Management in SAP backend systems and enable the Java reporting component, which allows for centralized access to log reports in multiple SAP backend systems.

SAP GRC Access Control 5.3 Post-Installation - SPM

This eLearning session outlines post-installation tasks that are a prerequisite for the implementation of superuser privilege management in SAP GRC Access Control 5.3. The session explains how to effectively set up superuser privilege management in SAP backend systems and enable the Java reporting component, which allows for centralized access to log reports in multiple SAP backend systems. The related presentation will be a helpful tool.

SAP BusinessObjects GRC Access Control: Landscape Diagram (Ver 2.1)

GRC Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. The intent of this document is to provide an understanding of the data flow and integration between the Access Control capabilities. This knowledge can be leveraged to ensure the most effective landscape is established for Access Control.

Getting Started with SAP GRC Access Control

This page provides an overview of GRC Access Control. To maintain compliance with current and future regulations, organizations must implement a sustainable, automated solution that provides end-to-end automation for detecting, remediating, mitigating, and preventing access and authorization risk across the business.

SAP GRC Access Control 5.3 Integrated Project Plan in MS Project

The integrated Access Control project plan contains steps to be performed in the implementation of Access Control. The steps and task durations represent a basic implementation and may be modified to suit a company's project. This document is in Microsoft Project format.

SAP GRC Access Control 5.3 Integrated Project Plan in Adobe Acrobat

The integrated Access Control project plan contains steps to be performed in the implementation of Access Control. The steps and task durations represent a basic implementation and may be modified to suit a company's project.

SAP GRC Access Control 5.3: Implementation Roles and Responsibilities

An overview of SAP GRC Access Control 5.3 implementation roles and responsibilities.

GRC GRC Access Control - Access Risk Management Guide

The access risk management guide helps you set up and implement risk identification and remediation with GRC Access Control.

Compliant User Provisioning

Configuring Distribution List in Compliant User Provisioning

How to Configure Distribution List in Compliant User Provisioning - AC 5.3

Integration of Training and Verification System with CUP

This document provides an overview of various aspects of SAP GRC solutions, and specifically outlines the steps involved in the integration of Training and Verification system with CUP.

How to Configure HR Triggers in CUP

This guide outlines the steps to be followed for configuration and troubleshooting of HR Triggers in CUP.

Configuring Multiple User Detail Sources in CUP 5.3

This document outlines the steps involved in configuring multiple User Details Sources in CUP 5.3.

Risk Analysis and Remediation

SAP GRC How-to Guide: Performing Risk Analysis with Enterprise Portal Roles

This document will enable the implementation partners and implementers to configure the Rules and perform Risk Analysis on the Enterprise Portal Roles. This guide will also discuss about all the steps which are required to achieve analysis of Enterprise Portal and seek as well as remove SoD Violations from the Enterprise Portal Environment.

SAP GRC Access Control: Background Jobs for Risk Analysis and Remediation (formerly Virsa Compliance Calibrator)

This article discusses the background jobs available in the context of using risk analysis and remediation in SAP GRC Access Control. Best practices on executing these jobs are given, e.g. the order in which background jobs should be executed, the difference between full synch mode and incremental mode.

SAP GRC Access Control: Offline-Mode Risk Analysis

ERP system is exported to files and may subsequently be imported into to GRC Access Control by using the data extractor utility.

SAP GRC Access Control: Organizational Rules and Organizational Level Reporting

SAP GRC Access Control handles sustainable prevention of segregation-of-duties violations. Use this Quick Reference Guide to understand and create organizational rules.

Superuser Privilege Management

Access Control 5.3 Implementation Considerations for Superuser Privilege Management

Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. This document discusses the key features of Superuser Privilege Management. It also provides scenarios to assist project teams in deciding whether to implement role-based or ID-based firefighting.

Enterprise Role Management

SAP Access Control 5.3: Implementation Considerations for Enterprise Role Management V1.3

SAP Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. This document provides a quick reference guide to understand the main features, business benefits, and implementation best practices of the Access Control 5.3 capability for enterprise role management.

Cross-Capability Topics

GRC Access Control 5.3 - Applying Support Packages

This presentation provides an overview of how to apply support packages for SAP GRC Access Control 5.3. The related presentation is a helpful tool.

SAP BusinessObjects Access Control 5.3 SP09 Configuration Validator

This document outlines the goal for using SAP GRC Access Control's Configuration Validator and the checks performed by the tool.

Access Control 5.3 Sizing Guide    (Log-in required)

We have updated the hardware sizing guide for SAP BusinessObjects Access Control 5.3 on the hardware sizing site in the SAP Service Marketplace

SAP GRC Access Control 5.3: User Access Review

The User Access Review feature of Access Control 5.3 automates and documents periodic reviews of system access. This document discusses the configuration and execution of the User Access Review.

Integration of CUP and SPM Capabilities of SAP GRC Access Control 5.3

This document provides the steps for integration of CUP and SPM capabilites of GRC AC 5.3.

SAP BusinessObjects GRC Access Control Migration to Production

This guide will document the migration details of Compliant User Provisioning 5.3, Risk Analysis and Remediation 5.3 and Enterprise Role Management 5.3 to Production. These steps, in addition, can also be applied when migrating from instance to instance prior to Production.

SAP GRC Access Control 5.3 - How to Apply Support Packages in AC5.3

In this document, we address tasks to apply support package for SAP GRC Access Control 5.3.

Single Sign-On with SAP GRC Access Control 5.3

This document outlines all the scenarios where SAP GRC Access Control 5.3 can be configured for Single Sign-On with different applications.

How to performance optimize SAP GRC Access Control 5.3

The guide provides an overview of the technical architecture of SAP GRC Access Control 5.3 and a structured list of recommendations and preferred practices for performance optimization.

Access Control 5.3: Segregation of Duties Review

GRC Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. This document discusses the Segregation of Duties Review feature introduced in AC 5.3 including it benefits, configuration, use of the feature and workflow options.

SAP GRC Access Control 5.3 SP9 Data Mart - Sample Reports

The file contains two sample reports for 'List of request with same requestor and approver' and 'SOD Review History'. Customers who have Crystal Reports can take these sample reports as the starting point and modify for their own requirements. These sample reports are examples only.

GRC Access Control - Troubleshooting Background Jobs

GRC Access control requires background jobs to be run. This document will help consultants in troubleshooting issues associated with those background jobs.

Integration With Other Applications

Configuring LDAP connector in compliant user provisioning

When implementing compliant user provisioning in SAP GRC Access Control the system is typically linked to an LDAP repository. This paper outlines the configuration of LDAP connectors and provides sample mappings for Active Directory, SunOne, E-Directory, and Tivoli.

SAP GRC Access Control: Compliant Provisioning Goes Identity Management

According to Gartner, Governance, Risk, and Compliance (GRC) is the ultimate driver for today's identity management projects. SAP GRC Access Control has the technology to provide customers with a cross ERP-platform solution for compliant user provisioning and at the same time provides an open API/interface for existing identity management vendors to integrate seamlessly with SAP GRC Access Control for an end-to-end user, role and rule provisioning solution.

SAP GRC Access Control 5.3: Integration Between Compliant User Provisioning and NetWeaver Identity Management (IdM) 

This paper shows the configuration steps necessary to be able to send requests from SAP GRC Access Control 5.3 SP4 Compliance USer Provisioning to SAP Identity Management 7.0 SP1.

How-to Integrate SAP GRC Access Control 5.3 and Business Warehouse 7.0

The integration of Access Control with Business Warehouse will give the opportunity to elaborate Access Control data in Business Warehouse to meet the demand of an enterprise reporting structure or custom reports and queries. This guide will explain the prerequisites and configuration.

How-to Configure SAP BusinessObjects Access Control 5.3 for SAP NetWeaver Portal 7.0

This document will explain the major steps to configure AC 5.3 to connect and integrate with NW Portal.

SAP GRC Access Control 5.3 IdM Integration Implementation Assistance Guide

This document provides information on integrating Access Control 5.3 with various Identity Management solutions.

SAP GRC Process Controls 2.5 Integration with SAP GRC Access Control 5.3

The key integration points between Process Control 2.5 and Access Control 5.3 are with the Risk Analysis and Remediation component. This document describes how to configure the Rules in PC2.5 which pulls out user information from AC5.3 Risk Analysis and Remediation component.

Related Information

J-SOX Insights

"J-SOX" is an unofficial term that refers to the Japanese requirements similar to Sarbanes-Oxley Act Section 302 (management certification) and Section 404 (management evaluation and report on internal controls) in the USA. This FAQ about J-SOX appears here with the permission of Protiviti.

J-SOX Flash Report

Information on Japanese compliance legislation as of November 2006. This report appears here with the permission of Protiviti.

Former Member

No comments