Product Report: SAP Business Objects GRC Access Control

Report Details

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP systems using real-time adapters from Greenlight. It covers a substantial subset of the overall GRC requirements – it provides a leading-edge solution for SAP environments, which are at the centre of many IT environments and is able to perform as a realtime cross-platform solution.

The core of the product suite - Risk Analysis and Remediation (RAR) - is the most valuable part and helps effectively to reduce risks in ABAP-based SAP systems - and correspondingly in the implemented business processes - mostly by the set of predefined risks delivered with the product. RAR also supports non-SAP systems in real time due to the risk definition at business process level and the mapping to technology-specific controls through a number of OEMed adapters from Greenlight. Mitigating controls need to be added per project, which is in general appropriate, but a few predefined elements would be of great help to customers. The existing guidelines and offerings from SAP such as the Customer Advisory Office can help implementing the mitigation, as there is no best practice available because of the massive customization of the role assignment processes in customer organizations.
 
An important aspect of AC is the possibility to automate access rights assignment with Compliant User Provisioning (CUP), since this enables real-time risk analysis of planned authorization assignments. A critical factor for success is an appropriate and intelligent definition of the workflows. There are templates and standard workflows - pre-filled with  e.g. HR master data - to start from.

Role creation is the objective of the Enterprise Role Management component. It benefits from the integration with RAR and CUP, from an enterprise-wide methodology making especially naming consistent and from a capability of role mass maintenance. Detailed role creation is not the focus of ERM, experts prefer the standard transactions - which are actually supported from within ERM - or specialized non-SAP tools.

Integration with Identity Management systems is state-of-the-art, all major LDAP based directory service products are supported, as well as HR systems, including a user mapping functionality.

Finally, Superuser Privilege Management (SPM) allows to create specific IDs for short-term remediation firefighter activities requiring elevated privileges. The application is well conceived and simple to use, the emergency access through the SPM interface ensures fine-grained audit, which makes it a quick win. Yet, the privileged user concept should be developed and planned in advance. The integration with the other AC tools is limited, it does support non-SAP privileged account management through the Greenlight adapters.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Apr 15, 2010

Product Report: SAP Business Objects GRC Access Control

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP…

€95.00 Get Access
Mastercard Visa PayPal INVOICE

Latest Related Reports

Leadership Compass

Leadership Compass: Identity Provisioning - 71139

Leaders in innovation, product features, and market reach for Identity Provisioning. Delivering the capabilities for managing accounts and entitlements across heterogeneous IT environments on premises and in the cloud. Your compass for finding the right path in the market.

Executive View

Executive View: SAP Fraud Management - 71182

SAP Fraud Management leverages the power and speed of the SAP HANA platform to detect fraud earlier, improve the accuracy of detection and uses predictive analytics to adapt to changes in fraud patterns.

Leadership Compass

Leadership Compass: Identity as a Service: Cloud-based Provisioning, Access Governance and Federation (IDaaS B2E) - 70319

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting full Identity and Access Management and Governance capabilities for employees in hybrid environments, but also delivering Single Sign-On to the Cloud and providing support for other…

Leadership Compass

Leadership Compass: Identity as a Service: Single Sign-On to the Cloud (IDaaS SSO) - 71141

Leaders in innovation, product features, and market reach for Identity as a Service offerings targeting Single Sign-On to the Cloud for all types of users, with primary focus on cloud services but some support for on-premise web applications. Your compass for finding the right path in the…

Executive View

Executive View: SAP HANA Enterprise Cloud – Security and Compliance - 71117

An overview of the SAP HANA Enterprise Cloud together with an assessment of the security and assurance provided in respect of five critical risks faced by a cloud customer. 

Executive View

Executive View: SAP Enterprise Threat Detection - 71181

In these days of ever-increasing cyber-attacks, organizations have to move beyond preventative actions towards detection and response. This no longer applies to the network and operating system level only, but involves business systems such as SAP. Identifying, analyzing, and responding to…

Executive View

Executive View: akquinet SAST GRC Suite - 70979

Today’s SAP security requirements go far beyond traditional Access Governance needs regarding users, their access and roles. akquinet offers a full-featured product suite for GRC and security for SAP environments. The provided modules cover a wide range of aspects in this sensitive…

Leadership Brief

Leadership Brief: Prioritäten in der SAP-Sicherheit - 72017

Die Sicherheit aller wichtigen geschäftsunterstützenden Systeme und Prozesse wird durch den Wandel der Unternehmensinfrastrukturen und den grundlegend steigenden Bedrohungsgrad beeinflusst. Prioritäten beim Absichern der SAP-Infrastruktur zu identifizieren und ein…

Leadership Compass

Leadership Compass: Access Control/Governance für SAP-Umgebungen - 71104

Dieser Report bietet einen Überblick und eine Analyse des Markts für Access Control & Access Governance-Lösungen für SAP-Umgebungen. Unternehmen können ihr Risikomanagement und ihre Corporate Compliance bezüglich geltender Gesetze und Verordnungen…

Executive View

Executive View: Onapsis Security Platform - 71290

Onapsis Security Platform es una solución de seguridad para aplicaciones críticas de negocio en SAP. Una plataforma con conocimiento del contexto, segura y lista para la nube, que integra controles de vulnerabilidad y cumplimiento normativo, detección y respuesta a…

Discover KuppingerCole

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

Not Just Another Buzzword: Cyber Risk Governance

Today, companies are increasingly operating on the basis of IT systems and are thus dependant on them. Cyber risks must therefore be understood as business risks. The detection and prevention of cyber security threats and appropriate responses to them are among the most important activities to [...]

Latest Insights

Hot Topics

Spotlight

Privacy & the European Data Protection Regulation Learn more

Privacy & the European Data Protection Regulation

The EU GDPR (General Data Protection Regulation), becoming effective May 25, 2018, will have a global impact not only on data privacy, but on the interaction between businesses and their customers and consumers. Organizations must not restrict their GDPR initiatives to technical changes in consent management or PII protection, but need to review how they onboard customers and consumers and how to convince these of giving consent, but also review the amount and purposes of PII they collect. The impact of GDPR on businesses will be far bigger than most currently expect. [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00