SAP Access Control (GRC) Risk Owner and Mitigating Control Owner Mass Maintenance
SAP has released the long-awaited Mass Maintenance of Risk Owners, and Mitigation Control Owners feature with Support Package 18 (see SAP Note 2491450). This enhancement is a result of Customer Connect (issue D7638).
Table of Contents
Risk Owners Mass Maintenance
The Risk Owners mass maintenance feature provides flexibility in maintaining multiple risk Owners at the same time. You can do this by uploading an XML file using a template, or you can directly edit the table where the risk owners are displayed. You can change the risk ownersā assignments as well as add new risk owners.
Mitigating Control Owners Mass Maintenance
The Mitigation Control Owners mass maintenance feature works similar to the Risk Owners mass maintenance feature except that you cannot change the mitigating control owners’ assignments or add new mitigation control owners.
Prerequisites
- Upgrade to Support Package 18
- Activate Services
- Add new functions to your launchpads
Activate Services in SICF
If you get a 403 Forbidden error, go to transaction SICF and activate the following services:
– grac_ui_risk_owner_maint
– grac_risk_owners_reassign
– grac_mitigation_owners
Launchpad Customizing
In case you are missing the navigation in your NWBC launchpad, go to transaction LPD_CUST and add the new applications. Then, open the desired launchpad (e.g., GRACSETUP) in edit mode and add a new application to a folder. I recommend adding the application to the “Access Rule Maintenance” folder below the “Access Risk” application. In that way, both access risk maintenance applications are located together.
Set the following parameters for the Risk Owners Mass Maintenance:
- Link Text: Access Risk Owners Mass Maintenance
- Application Type: Web Dynpro ABAP
- Namespace: SAP
- Application: GRAC_UI_RISK_OWNER_MAINT
- System Alias: SAP-GRC-AC
Set the following parameters for the Mitigating Control Owners Mass Maintenance:
- Link Text: Mass Maintenance of Mitigation Control Owners
- Application Type: Web Dynpro ABAP
- Namespace: SAP
- Application: GRAC_MITIGATION_OWNERS
- System Alias: SAP-GRC-AC
The newly created application will then be available in your NWBC work center.
How to use the mass maintenance functions
How to use the two applications is well documented in SAP note 2491450. The PDF document that is attached to the SAP Note shows a step by step guide how to use and perform mass maintenance.
Conclusion
The long-awaited mass maintenance feature is finally available and brings back some of the functionality that was already present in SAP Access Control 5.3. Companies that have large numbers of mitigating controls and decentralized risk owners will be very thankful for these improvements. One of Xiting’s clients has 6,800 mitigating controls and maintaining these has been a big headache. Therefore, I strongly recommend upgrading to the latest support package to make this new functionality, along with many others, available to your business users.
I hope this article helps you with implementing the new features in your SAP Access Control environment.