Finally, there is integration between SAP Access Control and SuccessFactors!
SAP released OSS note 2538932 with configuration and application steps for the modules ARM, ARA and BRM and a pdf document with more details.
In addition, an enhancement is introduced in OSS note 2481822 to allow risk analysis integration while using S/4HANA Fiori Apps. This note refers to improvement note 2539742 that gives info on configuration parameters to set, connectors to build and BC sets to activate.
Mitigating Controls can be assigned to risk violations in an access request and stored temporarily until the request is approved and closed.
However, if you are using multiple paths in your access request flow with provisioning at end of each path, roles can be assigned before a request has been approved.
Some access is already granted but the mitigations assigned by approvers are not permanent yet. Compliance issue!
Following note introduces a new configuration parameter 1074 (Save Mitigation Control in temporary table)
To protect against use of dynamic SQL statements, OSS note 2491763 has been introduced for Access Control
More info on these SQL injection attacks and how to protect can be found here