SAP GRC Access Control

SAP GRC Access Control

 

Access Requests (ARM) – You can implement your company’s policies for creating and maintaining access requests in ARQ.

  • Users can create requests to access
    • systems - such as SAP S/4, CRM, MDM
    • Applications - Concur, Successfactors
  • Approvers can
    • review the requests,
    • perform analysis for
      • user access and
      • Segregation of Duties (SoD) risks, and then
    • approve, reject, or modify the requests

__________

Access Risk Analysis (ARA) – You can implement your company’s policies for SoD and user access risk in ARA.

  • Security analysts and business process owners (BPO) run reports to determine if
    • violations of SoD or
    • user access policies have occurred.
    • They can identify
      • the root cause of the violations and
      • remediate the risks.
  • Compliance persons can use this function to
    • monitor compliance with company policies.

 

________

Business Role Management (BRM) – In an SAP landscape, users’ authorizations to applications are managed through the use of roles.

  • Role designers, role owners, and security analysts can use
    • BRM to
      • maintain roles and
      • analyze them for
        • violations of company policies.

______

Emergency Access Management (EAM) – You can implement your company’s policies for managing emergency access in EAM.

  • Users can create
    • self-service requests for
      • emergency access to systems and applications.
  • Business process owners can
    • review requests for emergency access and
    • grant access.
  • Compliance persons(Auditors) can
    • perform periodic audits of usage and logs to monitor compliance with company policies.

______

Periodic Reviews of User Access and Segregation of Duties (SoD) – You can use the application to carry out your company’s policies on periodic reviews for compliance.

  • Security and business process owners
    • identify policies that require periodic reviews and
    • define review processes.
  • Reviewers perform
    • the reviews and then
  • Security and business process owners determine if
    • corrective actions are required.

 Popular Videos from Youtube --->> we are not owners of these videos , please reach out to respective owners