Blog
Johan Wouters

Support Pack 19 is available for Access Control 10.1!

 Nov 22, 2017 2:11:44 PM by Johan Wouters

Integration

Finally, there is integration between SAP Access Control and SuccessFactors!

SAP released OSS note 2538932 with configuration and application steps for the modules ARM, ARA and BRM and a pdf document with more details.

Blog 1.png

In addition, an enhancement is introduced in OSS note 2481822 to allow risk analysis integration while using S/4HANA Fiori Apps. This note refers to improvement note 2539742 that gives info on configuration parameters to set, connectors to build and BC sets to activate.

Blog 2.png

Blog 3.png

Mitigation

Mitigating Controls can be assigned to risk violations in an access request and stored temporarily until the request is approved and closed.

However, if you are using multiple paths in your access request flow with provisioning at end of each path, roles can be assigned before a request has been approved.

Some access is already granted but the mitigations assigned by approvers are not permanent yet. Compliance issue!

Following note introduces a new configuration parameter 1074 (Save Mitigation Control in temporary table)

Blog 4.png

Security

To protect against use of dynamic SQL statements, OSS note 2491763 has been introduced for Access Control

Blog 5.png

More info on these SQL injection attacks and how to protect can be found here

Topics: SAP, GRC, security, Access Control, ARM, BRM, ARA, Risk Management