SAP
Strategy Technology Support Process Risk Management Information Access Compliance
Home SAP® Security and GRC SAP® BuinessObjects GRC Access Control
What is SAP® BusinessObjects GRC Access Control? Print E-mail

SAP® BusinessObjects GRC Access Control contains the following tools which are becoming increasingly integrated for optimum usage:

  1. Compliance Calibrator (Risk Analysis and Remediation RAR)

    This tool supports real-time compliance by stopping security and controls violations before they occur. It contains the most comprehensive library of Segregation of Duty (SoD) rules available for enterprise applications from SAP, Oracle, and PeopleSoft. This makes it easy for business-process owners to deploy rules applicable to their organisation and to eliminate risks from enterprise applications.

  2. Firefighter (Super Privilege Management SPM)

    This enables super-users to perform emergency activities outside the parameters of their normal role, but to do so within a controlled, fully auditable environment. The application assigns a temporary ID that grants the super-user broad yet regulated access, and tracks and logs every activity the super-user performs using that temporary ID.

  3. Role Expert (Enterprise Role Management - ERM)

    ERM centralises and standardises enterprise wide role management. This helps to eliminate manual errors, provides an audit trail for changes, and enforces best practices. Using the application, business managers can define functional roles, and IT managers can define the associated technical permissions.

  4. Access Enforcer (Compliant User Provisioning - CUP)

    CUP supports fully compliant user provisioning across applications throughout the employee life cycle. Multi-step guided procedures automate approval processes and enforce mandatory, real-time risk assessments prior to provisioning users to enterprise applications.

What is the version roadmap?

The current version of SAP®BusinessObjects GRC Access Control is version 5.2. Version 5.3 is already in ramp-up and is expected to be on general release in August/September 08. Version 6.0 is planned for release in 2009.

What are the new features in version 5.3?

There are > 150 improvements between Access Control 5.2 and 5.3. Here are a few highlights:

Across all components:

  • One launch pad for all components
  • Configuration now transportable
  • Improved export / import options
  • Enhanced change history

Compliance Calibrator (Risk Analysis and Remediation RAR)

  • Risk analysis works on UME and Portal role
  • Integration with BI 7.0 for better reporting
  • Performance improvement by multi-processing

Firefighter (Super Privilege Management SPM)

  • Performance issues addressed
  • Less on-going configuration
  • Centralised reporting
  • Automated archiving

Role Expert (Enterprise Role Management - ERM)

  • Better integration with PFCG

Access Enforcer (Compliant User Provisioning - CUP)

  • Periodic review of users
  • Review users who have not used roles
  • Re-affirm mitigations
copyright