The SAP Approach: SAP GRC Access Control ..........................................
Like many of the dilemmas in GRC, automation can reduce the scope of the
effort and make day-to-day enforcement of business rules easier and more
cost effective. For example, a major retailer recently took its company public.
Before going public, the retailer had six employees scouring Excel spread-
sheets to validate that the company was not creating risks by giving one
employee too much access to any of the systems. It chose to automate this
process instead, saving considerable time and cost.
SAP GRC Access Control provides a comprehensive, cross-enterprise set of
preventive and detective access controls that enables business managers,
auditors, and the IT team to define and oversee proper SoD enforcement. It
addresses risk analysis and remediation, enterprise role management, com-
pliant user provisioning, and superuser access management.
Risk analysis thoroughly scans existing roles to check for violations. This
analysis handles a heterogeneous system landscape, which means it encom-
passes not only SAP software but also enterprise applications from Oracle,
PeopleSoft, and JD Edwards. The application delivers a comprehensive data-
base of SoD rules that addresses all core processes (see Figure 6-1).
SAP GRC Access Control also offers oversight of exceptional access. When
special privileges are needed, a temporary ID grants the user regulated access.
Such a user may be given access to conflicting roles and be able to perform
Figure 6-1:
SAP GRC
Access
Control
uncovers
access
control risks
across
diverse
system
landscapes.
Chapter 6: Access Control and the Role of Roles 125
