Influencing SAP: SAP Customer Connection 2 Delivery Call for SAP … · 2019-07-22 · Except for...
Transcript of Influencing SAP: SAP Customer Connection 2 Delivery Call for SAP … · 2019-07-22 · Except for...
PUBLIC
Nadine Engler – SAP Customer Connection Project Manager
Swetta Singh – SAP Access Governance Product Owner
Rajesh Shastry, Noopur Agarwal – Product Development
July 10, 2019
Influencing SAP: SAP Customer Connection2nd Delivery Call for SAP Access Control 2019
2PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
The information in this presentation is confidential and proprietary to SAP and may not be disclosed without the permission of SAP.
Except for your obligation to protect confidential information, this presentation is not subject to your license agreement or any other service
or subscription agreement with SAP. SAP has no obligation to pursue any course of business outlined in this presentation or any related
document, or to develop or release any functionality mentioned therein.
This presentation, or any related document and SAP's strategy and possible future developments, products and or platforms directions and
functionality are all subject to change and may be changed by SAP at any time for any reason without notice. The information in this
presentation is not a commitment, promise or legal obligation to deliver any material, code or functionality. This presentation is provided
without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a
particular purpose, or non-infringement. This presentation is for informational purposes and may not be incorporated into a contract. SAP
assumes no responsibility for errors or omissions in this presentation, except if such damages were caused by SAP’s intentional or gross
negligence.
All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from
expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates,
and they should not be relied upon in making purchasing decisions.
Disclaimer
3PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Agenda
Recap of project timeline and approach
Overview of delivered improvements
Next Steps
5PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Focus Topic Timeline: SAP Access Control 2019
Collection
of improvement requests
prioritized by votes
Selection
of improvement
requests for
implementation
Development
of improvements, delivery via
Notes/Support Package
Productive use in customers‘
systems
Collect Select Develop Use
Kick-Off
April 10, 2018
Final Call
June 14, 2018
Selection Call
Sep 27, 2018
1st Delivery Call
Mar 26, 2019
open project workspaceclose project workspace
June 23, 2018
Provide feedback
on productive use
Provide feedback on
specification (optional)
Makes detailed analysis
and decision on
implementation
Develops and delivers
SAP Notes and support
packages
Improves process for
Customer ConnectionFollows, moderates, and
comments on improvement
requests submitted
Submit improvement requests
and prioritize by votesCustomer
activities
Project phases
SAP project
team activities
2nd Delivery
Call
July 10, 2019
7PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Delivered Improvement Requests
Overview (1/2)
ID Title Votes Delivery Info
210691 Improve Performance of Action Usage by User, Role and Profile Report 9 SP06*
210833 Firefighter for Web Front End Applications 15 SP04
211424 Provide link between EAM request and Log review. Log review should be assigned request number. 13 SP06*
211042 Hit "ENTER" on keyboard should work rather than click on "Search" Button 12 SP04
212128 Synchronization of Business Roles assignment between GRC and Identity Management 11 SP05
211437 EAM Request 10 SP06*
211040 Please Provide Attribute : Allow Auto Provisioning in Role Mass Update - Step 2(Select Criteria) 8 SP04
(*1) only planned - no commitment concerning release dates
8PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Delivered Improvement Requests
Overview (2/2)
ID Title Votes Delivery Info
213678 Link Access Request and Mitigation Assignment Request 8 SP05
213101 Option to create one UAR request per user 7 SP04
213255
OTM & GRC - Program modification GRAC_PFCG_AUTHORIZATION_SYNC for Web services
connected system 6 SP04
(*1) only planned - no commitment concerning release dates
9PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Delivered Improvement Requests
presented in 1st Delivery Call (Mar 26, 2019)
ID Title Votes Status Delivery Info
210871 SAP FIORI / Approval Screen for roles 13 Delivered 2726079
211576 SAP FIORI /My Access Approvals - Rejection is shown as approved in GRC backend 10 Delivered 2726152
213482 Access Request in Fiori is rejected but approved by GRC 8 Delivered 2726645
213336 Compliance Approver App 6 Delivered 2726644
212413
Fiori request access - User should not always see all roles, only those roles he is
authorized 5 Delivered 2726153
211664 Notification Emails to have CC option - increased visibility for the requestors 11 Delivered 2726050
211418
Audit Log in Search Request should show the Approver ID & Full Name for the Forward
requests 10 Delivered 2738128
213679 Enable background risk analysis after approval stage 8 Delivered 2737662
(*1) only planned - no commitment concerning release dates
10PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Long-term items (Requests considered outside the scope of this project)
ID Title Votes Comment
208586 GRC Access Control 10.1 User Access Review Request Approval through FIORI App 22
For Long-term Consideration
(formerly “Under review for
Portfolio”)
213252 Ruleset Modification Simulations 7
Planned (Long-term)
(formerly “Planned for Portfolio”)
213508 Delivery of default rule sets for GDPR or DSAG Prueferleitfaden 5
Planned (Long-term)
(formerly “Planned for Portfolio”)
211092 Migrate existing users role assignments to Business roles in case of new Business role implementation 11 Planned roadmap – IAG Bridge
(*1) only planned - no commitment concerning release dates
12PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Synchronization of Business Roles assignment between GRC and Identity Management
Link Access Request and Mitigation Assignment Request
Option for one UAR request per user
Allow auto provisioning in Role Mass Update
Demo
13PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
DemoSynchronization of Business Roles assignment between GRC and Identity Management
SAP Identity Management (IDM) and SAP Access Control (AC) as an
integrated solution for identity and access governance
▪ Unified business role management
▪ SAP Access Control 12.0* and higher as the solution to model
business roles and implement access governance
SAP Access Control
SAP Identity Management
Roles
User interface
Audit
Solution:
▪ AC imports privileges of business applications from IDM
▪ Role administrator defines business roles in AC, based on the imported
privileges
▪ IDM loads business roles from GRC, making them available for
provisioning
▪ Models are continuously kept in sync
*refer to documentation for minimum SP
requirement
14PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
DemoLink Access Request and Mitigation Assignment Request
Link between the access request and mitigation assignment
request to have complete visibility into the associated
processes
Solution:
▪ Associated request numbers, when access request
triggers a mitigation assignment request.
▪ Navigate from mitigation assignment request to
access request for more contextual information
*refer to documentation for minimum SP
requirement
15PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
In user access review request , the
Manager views many users and their
corresponding assignments in a single
UAR request. A large number of users
for approval in one request is
challenging for approver.
Solution:
▪ Providing the option of one UAR
request per user for manager review
will result in improved and easier
processing for approvers.
DemoEnable One UAR request per user
16PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
In AC, role had to be downloaded to set the
provisioning values and then uploaded.
There was no possibility to set the parameter
for mass role update.
Solution:
▪ In GRC BRM Role Mass Maintenance, an
attribute allow auto provisioning has been
added.
▪ With the new enhancement users can now
update these parameter values, in front-end
Role Mass Update.
DemoAllow Auto Provisioning in Role Mass Update
17PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Improvement Project Results
Visit the SAP Improvement Finder now to find & use delivered enhancements consistently:
▪ Easy to use
▪ Search (by topic, by date) & translation functionalities included
▪ Accessible to everyone, S-user only needed for accessing SAP notes
▪ Quick results – downloadable for immediate consumption
Replaces former Excel-based solutions.
Accessible under https://sapimprovementfinder.com
19PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
What’s next ?
▪ Adopt the new improvements in your productive environment
▪ Respond to our survey
▪ Do you have further enhancement requests???
→ Contact your SAP User group to request a successor project
▪ Follow https://influence.sap.com/GRCAccessControl2019 to get informed
about a successor project
Questions or remarks? We are here for you.
Simply contact us via e-mail:
Nadine Engler
SAP Customer Connection Engagement OwnerT +49 6227 7-47425
www.sap.com
Thank you.
Join us:
twitter.com/sapinfluencing
Discover Innovations:
http://www.sap.com/innovationdiscovery
Visit us:https://influence.sap.com
23PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Delivered Improvement Requests
presented in 1st Delivery Call (Mar 26, 2019)
ID Title Votes Status Delivery Info
210871 SAP FIORI / Approval Screen for roles 13 Delivered 2726079
211576SAP FIORI /My Access Approvals - Rejection is shown as approved in GRC backend 10 Delivered 2726152
213482Access Request in Fiori is rejected but approved by GRC 8 Delivered 2726645
213336Compliance Approver App 6 Delivered 2726644
212413
Fiori request access - User should not always see all roles, only those roles he is
authorized 5 Delivered 2726153
211664Notification Emails to have CC option - increased visibility for the requestors 11 Delivered 2726050
211418
Audit Log in Search Request should show the Approver ID & Full Name for the Forward
requests 10 Delivered 2738128
213679Enable background risk analysis after approval stage 8 Delivered 2737662
(*1) only planned - no commitment concerning release dates
24PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Enhancements to Access Approver app /
Compliance Approver app
Fiori request access – Roles visibility based
on authorization..
Delivered ImprovementsUsability : Fiori Approver Apps
25PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Delivered ImprovementsNotification Emails to have CC for requestors
Notification ( CC ) to requestor
This will help requestor get visibility and
transparency on workflow approval
process.
26PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
• Provide transparency in Access
request audit log.
• Audit log in search request
enhancements for forward requests.
• Introduce Approver User Name along
with User ID.
Delivered ImprovementsAudit log
27PUBLIC© 2019 SAP SE or an SAP affiliate company. All rights reserved. ǀ
Delivered ImprovementsEnable Background Analysis Simulation at Approval stage
During access request approval it is challenging
to manually perform risk analysis before
proceeding with approval.
Providing the option of background processing
for risk analysis simulation will result in
improved and easier processing for approvers.