Administration

What Is SAP Access Control?

Five key capabilities are enabled by SAP Access Control. This blog post provides a detailed description of these capabilities and how they benefit an organization.

 

The figure below shows these capabilities.

 

SAP Access Control: Capabilities

 

Key Capabilities

The primary purpose of SAP Access Control, as mentioned earlier, is to ensure that your organization can adhere to compliance requirements. Three phases are followed in the implementation of SAP Access Control.

Get Clean

Get clean begins with identifying the existing risks. SAP Access Control’s risk analysis and management features identify SoD and critical risks. Further, business teams are responsible for adjusting their processes to reduce potential risks.

Stay Clean

Once risks have been mitigated and remedied, your enterprise must maintain clean systems, which is referred to as “stay clean.” This goal can be achieved through business role management, user provisioning, and privilege management.

Stay in Control

To keep the system clean, periodic reviews of user access, SoD, and firefighter IDs (FFIDs) can be conducted. The process is referred to as compliance recertification.

 

The table below lists the SAP Access Control components used during each phase.

 

Components Used in SAP Access Control Phases

 

The next table lists some new features that SAP Access Control 12.0 offers in addition to its standard features.

 

New Features in SAP Access Control 12.0

 

Supported Systems

SAP Access Control can be integrated with all SAP NetWeaver systems, as mentioned in Section 1.3.1. To utilize the various components, you must install the GRCPINW plug-in (SAP NetWeaver plug-in for SAP GRC solutions). As of version 12.0, SAP Access Control supports both v1100 and v1200, but not v1000.

 

RFC connections can be established once the plug-ins are installed.

 

Additionally, SAP Access Control 12.0 supports HR integration with SAP ERP and SAP S/4HANA for configuring HR triggers. To use this feature of SAP Access Control, the GRCPIERP plug-in must also be installed.

 

SAP Access Control 12.0 also supports SAP Identity Management and non-SAP identity management applications, which you can integrate with web services. Cloud applications like SAP Ariba, SAP Concur, and SAP SuccessFactors Employee Central can be connected using SAP Cloud Identity Access Governance/SAP Business Technology Platform (SAP BTP) cloud connectors.

 

When an application lacks a standard connector or integration capability, Pathlock adapters can be used.

 

 

Editor’s note: This post has been adapted from a section of the book SAP Access Control: The Comprehensive Guide by Raghu Boddu.

Recommendation

SAP Access Control: The Comprehensive Guide
SAP Access Control: The Comprehensive Guide

Manage on-premise user access with this comprehensive guide to SAP Access Control. Begin with step-by-step installation and configuration instructions. Then implement key SAP Access Control modules, including access risk analysis, emergency access management, and access request management. Learn to manage business roles, review user access, evaluate segregation of duties risks, and configure automation workflows. This is your all-in-one guide to SAP Access Control!

Learn More
SAP PRESS
by SAP PRESS

SAP PRESS is the world's leading SAP publisher, with books on ABAP, SAP S/4HANA, SAP IBP, intelligent technologies, SAP Business Technology Platform, and more!

Comments

The official SAP PRESS Blog

As the world’s leading SAP publisher, SAP PRESS’ goal is to create resources that will help you accelerate your SAP journey. The SAP PRESS Blog is designed to provide helpful, actionable information on a variety of SAP topics, from SAP ERP to SAP S/4HANA. Explore ABAP, FICO, SAP HANA, and more!

© 2025 Rheinwerk Publishing, Inc. | Change Privacy Options