SAP Access Control (GRC) Risk Owner and Mitigating Control Owner Mass Maintenance

GRC Alessandro Banzer

SAP has released the long-awaited Mass Maintenance of Risk Owners, and Mitigation Control Owners feature with Support Package 18 (see SAP Note 2491450). This enhancement is a result of Customer Connect (issue D7638).

Risk Owners Mass Maintenance

The Risk Owners mass maintenance feature provides flexibility in maintaining multiple risk Owners at the same time. You can do this by uploading an XML file using a template, or you can directly edit the table where the risk owners are displayed. You can change the risk owners’ assignments as well as add new risk owners.

Mitigating Control Owners Mass Maintenance

The Mitigation Control Owners mass maintenance feature works similar to the Risk Owners mass maintenance feature except that you cannot change the mitigating control owners’ assignments or add new mitigation control owners.

Prerequisites

  • Upgrade to Support Package 18
  • Activate Services
  • Add new functions to your launchpads

Activate Services in SICF

If you get a 403 Forbidden error, go to transaction SICF and activate the following services:

– grac_ui_risk_owner_maint

– grac_risk_owners_reassign

– grac_mitigation_owners

SAP Access Control (GRC) Risk Owner and Mitigating Control Owner Mass Maintenance

Launchpad Customizing

In case you are missing the navigation in your NWBC launchpad, go to transaction LPD_CUST and add the new applications. Then, open the desired launchpad (e.g., GRACSETUP) in edit mode and add a new application to a folder. I recommend adding the application to the “Access Rule Maintenance” folder below the “Access Risk” application. In that way, both access risk maintenance applications are located together. SAP Access Control (GRC) Risk Owner and Mitigating Control Owner Mass Maintenance

Set the following parameters for the Risk Owners Mass Maintenance:

  • Link Text: Access Risk Owners Mass Maintenance
  • Application Type: Web Dynpro ABAP
  • Namespace: SAP
  • Application: GRAC_UI_RISK_OWNER_MAINT
  • System Alias: SAP-GRC-AC

Set the following parameters for the Mitigating Control Owners Mass Maintenance:

  • Link Text: Mass Maintenance of Mitigation Control Owners
  • Application Type: Web Dynpro ABAP
  • Namespace: SAP
  • Application: GRAC_MITIGATION_OWNERS
  • System Alias: SAP-GRC-AC

The newly created application will then be available in your NWBC work center.

SAP Access Control (GRC) Risk Owner and Mitigating Control Owner Mass Maintenance

How to use the mass maintenance functions

How to use the two applications is well documented in SAP note 2491450. The PDF document that is attached to the SAP Note shows a step by step guide how to use and perform mass maintenance.

Conclusion

The long-awaited mass maintenance feature is finally available and brings back some of the functionality that was already present in SAP Access Control 5.3. Companies that have large numbers of mitigating controls and decentralized risk owners will be very thankful for these improvements. One of Xiting’s clients has 6,800 mitigating controls and maintaining these has been a big headache. Therefore, I strongly recommend upgrading to the latest support package to make this new functionality, along with many others, available to your business users.

I hope this article helps you with implementing the new features in your SAP Access Control environment.

Contact

Get in touch with us!

Do you have questions about our products?

+41 43 422 8803
[email protected]
+49 7656 8999 002
[email protected]
+1 855 594 84 64
[email protected]
+44 1454 838 785
[email protected]
Contact
Webinars

Attend our live webinars and learn more from our experts about SAP authorizations, XAMS, SAP IDM and many other topics in the context of SAP security.

Register now