Product Report: SAP Business Objects GRC Access Control

Report Details

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP systems using real-time adapters from Greenlight. It covers a substantial subset of the overall GRC requirements – it provides a leading-edge solution for SAP environments, which are at the centre of many IT environments and is able to perform as a realtime cross-platform solution.

The core of the product suite - Risk Analysis and Remediation (RAR) - is the most valuable part and helps effectively to reduce risks in ABAP-based SAP systems - and correspondingly in the implemented business processes - mostly by the set of predefined risks delivered with the product. RAR also supports non-SAP systems in real time due to the risk definition at business process level and the mapping to technology-specific controls through a number of OEMed adapters from Greenlight. Mitigating controls need to be added per project, which is in general appropriate, but a few predefined elements would be of great help to customers. The existing guidelines and offerings from SAP such as the Customer Advisory Office can help implementing the mitigation, as there is no best practice available because of the massive customization of the role assignment processes in customer organizations.
An important aspect of AC is the possibility to automate access rights assignment with Compliant User Provisioning (CUP), since this enables real-time risk analysis of planned authorization assignments. A critical factor for success is an appropriate and intelligent definition of the workflows. There are templates and standard workflows - pre-filled with  e.g. HR master data - to start from.

Role creation is the objective of the Enterprise Role Management component. It benefits from the integration with RAR and CUP, from an enterprise-wide methodology making especially naming consistent and from a capability of role mass maintenance. Detailed role creation is not the focus of ERM, experts prefer the standard transactions - which are actually supported from within ERM - or specialized non-SAP tools.

Integration with Identity Management systems is state-of-the-art, all major LDAP based directory service products are supported, as well as HR systems, including a user mapping functionality.

Finally, Superuser Privilege Management (SPM) allows to create specific IDs for short-term remediation firefighter activities requiring elevated privileges. The application is well conceived and simple to use, the emergency access through the SPM interface ensures fine-grained audit, which makes it a quick win. Yet, the privileged user concept should be developed and planned in advance. The integration with the other AC tools is limited, it does support non-SAP privileged account management through the Greenlight adapters.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Apr 15, 2010

Product Report: SAP Business Objects GRC Access Control

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP…

€95.00 Get Access

Latest Related Reports

Executive View

Executive View: SAP HANA Enterprise Cloud – Security and Compliance - 71117

An overview of the SAP HANA Enterprise Cloud together with an assessment of the security and assurance provided in respect of five critical risks faced by a cloud customer. 

Executive View

Executive View: SAP Enterprise Threat Detection - 71181

In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to…

Executive View

Executive View: akquinet SAST GRC Suite - 70979

Today’s SAP security requirements go far beyond traditional Access Governance needs regarding users, their access and roles. akquinet offers a full-featured product suite for GRC and security for SAP environments. The provided modules cover a wide range of aspects in this sensitive…

Leadership Brief

Leadership Brief: Prioritäten in der SAP-Sicherheit - 72017

Die Sicherheit aller wichtigen geschäftsunterstützenden Systeme und Prozesse wird durch den Wandel der Unternehmensinfrastrukturen und den grundlegend steigenden Bedrohungsgrad beeinflusst. Prioritäten beim Absichern der SAP-Infrastruktur zu identifizieren und ein…

Leadership Compass

Leadership Compass: Access Control/Governance für SAP-Umgebungen - 71104

Dieser Report bietet einen Überblick und eine Analyse des Markts für Access Control & Access Governance-Lösungen für SAP-Umgebungen. Unternehmen können ihr Risikomanagement und ihre Corporate Compliance bezüglich geltender Gesetze und Verordnungen…

Executive View

Executive View: Onapsis Security Platform - 71290

Onapsis Security Platform es una solución de seguridad para aplicaciones críticas de negocio en SAP. Una plataforma con conocimiento del contexto, segura y lista para la nube, que integra controles de vulnerabilidad y cumplimiento normativo, detección y respuesta a…

Executive View

Executive View: Onapsis Security Platform - 71290

Onapsis Security Platform ist eine Sicherheitslösung für kritische Unternehmensanwendungen in SAP-Umgebungen. Diese Sicherheitslösung bietet eine kontextsensitive, sichere und cloud-fähige Plattform, die Schwachstellen- und Compliance-Steuerung, Echtzeiterkennung und…

Leadership Brief

Leadership Brief: SAP Security Priorities - 72017

Changing enterprise infrastructures and the overall growing threat level influence the security of all vital business-supporting systems and processes. Identifying the priorities for securing your SAP infrastructure and maintaining appropriate security is a continuous business and…

Leadership Compass

Leadership Compass: Access Control / Governance for SAP environments - 71104

This report provides an overview and analysis of the market for Access Control & Access Governance Solutions for SAP environments. By adding the right Access Control components to their SAP infrastructure, organizations can significantly improve enterprise risk management and corporate…

Executive View

Executive View: Onapsis Security Platform - 71290

Onapsis Security Platform is a business-critical application security solution for SAP environments. It provides a context-aware, secure and cloud-ready platform to integrate vulnerability and compliance controls, real-time detection and response, as well as advanced threat protection…

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.



GDPR as opportunity to build trusted relationships with consumers

During the KuppingerCole webinar run March 16th, 2017, which has been supported by ForgeRock, several questions from attendees were left unanswered due to a huge number of questions and a lack of time to cover them all. Here are answers to questions that couldn’t be answered live during the [...]

Latest Insights

Hot Topics


Learn more

Cyber Defence Center

Today, the Cyber Defence Center (CDC) or Security Operations Center (SOC) is at the heart of enterprise security management. It is used to monitor and analyze security alerts coming from the various systems across the enterprise and to take actions against detected threats. However, the rapidly growing number and sophistication of modern advanced cyber-attacks make running a SOC an increasingly challenging task even for the largest enterprises with their fat budgets for IT security. The overwhelming number of alerts puts a huge strain even on the best security experts, leaving just minutes [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00