Product Report: SAP Business Objects GRC Access Control

Report Details

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP systems using real-time adapters from Greenlight. It covers a substantial subset of the overall GRC requirements – it provides a leading-edge solution for SAP environments, which are at the centre of many IT environments and is able to perform as a realtime cross-platform solution.

The core of the product suite - Risk Analysis and Remediation (RAR) - is the most valuable part and helps effectively to reduce risks in ABAP-based SAP systems - and correspondingly in the implemented business processes - mostly by the set of predefined risks delivered with the product. RAR also supports non-SAP systems in real time due to the risk definition at business process level and the mapping to technology-specific controls through a number of OEMed adapters from Greenlight. Mitigating controls need to be added per project, which is in general appropriate, but a few predefined elements would be of great help to customers. The existing guidelines and offerings from SAP such as the Customer Advisory Office can help implementing the mitigation, as there is no best practice available because of the massive customization of the role assignment processes in customer organizations.
 
An important aspect of AC is the possibility to automate access rights assignment with Compliant User Provisioning (CUP), since this enables real-time risk analysis of planned authorization assignments. A critical factor for success is an appropriate and intelligent definition of the workflows. There are templates and standard workflows - pre-filled with  e.g. HR master data - to start from.

Role creation is the objective of the Enterprise Role Management component. It benefits from the integration with RAR and CUP, from an enterprise-wide methodology making especially naming consistent and from a capability of role mass maintenance. Detailed role creation is not the focus of ERM, experts prefer the standard transactions - which are actually supported from within ERM - or specialized non-SAP tools.

Integration with Identity Management systems is state-of-the-art, all major LDAP based directory service products are supported, as well as HR systems, including a user mapping functionality.

Finally, Superuser Privilege Management (SPM) allows to create specific IDs for short-term remediation firefighter activities requiring elevated privileges. The application is well conceived and simple to use, the emergency access through the SPM interface ensures fine-grained audit, which makes it a quick win. Yet, the privileged user concept should be developed and planned in advance. The integration with the other AC tools is limited, it does support non-SAP privileged account management through the Greenlight adapters.

You can get access to this document for free, if you register for KuppingerCole Select access now.

Date Title Price
Apr 15, 2010

Product Report: SAP Business Objects GRC Access Control

The SAP BusinessObjects GRC Access Control (in short AC) solution is a powerful set of tools that help to automate risk analysis and mitigation for user and authorization management in SAP and non-SAP systems. It is a strong product for the SAP ABAP world, and is able to cover non-SAP…

€95.00
excl. VAT
Get Access
Mastercard Visa American Express PayPal INVOICE

KuppingerCole PLUS

Get access to the whole body of KC PLUS research including Leadership Compass documents for only €800 a year

KuppingerCole Select

Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.

Blog

Blog

What Some Vendors Missed in MITRE ATT&CK Round Two and How to Fix the Gaps

What Some Vendors Missed in MITRE ATT&CK Round Two and How to Fix the Gaps

MITRE recently published the detailed results of their second round of tests. This test pitted APT29 malware and methods against 21 cybersecurity vendors. The MITRE testing is an excellent benchmark for comprehensively exercising Endpoint Protection (EPP) and Endpoint Detection & Response (EDR) tools in real-world scenarios where organizations find themselves under attack by Advanced Persistent Threats (APTs). MITRE describes the environments, methodology, and operation flow of their [...]

Latest Insights

Hot Topics

Spotlight

AI for the Future of Your Business Learn more

AI for the Future of Your Business

AI for the Future of your Business: Effective, Safe, Secure & Ethical Everything we admire, love, need to survive, and that brings us further in creating a better future with a human face is and will be a result of intelligence. Synthesizing and amplifying our human intelligence have therefore the potential of leading us into a new era of prosperity like we have not seen before, if we succeed keeping AI Safe, Secure and Ethical. Since the very beginning of industrialization, and even before, we have been striving at structuring our work in a way that it becomes accessible for [...]

Become a Client

Learn more about becoming a Client

Contact Us

Call Us

+49 211 2370770
Mo - Fr 8:00 - 17:00