SAP Access Control (GRC) Risk Owner and Mitigating Control Owner Mass Maintenance

by

SAP has released the long-awaited Mass Maintenance of Risk Owners, and Mitigation Control Owners feature with Support Package 18 (see SAP Note 2491450). This enhancement is a result of Customer Connect (issue D7638).

Risk Owners Mass Maintenance

The Risk Owners mass maintenance feature provides flexibility in maintaining multiple risk Owners at the same time. You can do this by uploading an XML file using a template, or you can directly edit the table where the risk owners are displayed. You can change the risk owners’ assignments as well as add new risk owners.

Mitigating Control Owners Mass Maintenance

The Mitigation Control Owners mass maintenance feature works similar to the Risk Owners mass maintenance feature except that you cannot change the mitigating control owners’ assignments or add new mitigation control owners.

Prerequisites

  • Upgrade to Support Package 18
  • Activate Services
  • Add new functions to your launchpads

Activate Services in SICF

If you get a 403 Forbidden error, go to transaction SICF and activate the following services:

– grac_ui_risk_owner_maint

– grac_risk_owners_reassign

– grac_mitigation_owners

Launchpad Customizing

In case you are missing the navigation in your NWBC launchpad, go to transaction LPD_CUST and add the new applications. Then, open the desired launchpad (e.g., GRACSETUP) in edit mode and add a new application to a folder. I recommend adding the application to the “Access Rule Maintenance” folder below the “Access Risk” application. In that way, both access risk maintenance applications are located together. 

Set the following parameters for the Risk Owners Mass Maintenance:

  • Link Text: Access Risk Owners Mass Maintenance
  • Application Type: Web Dynpro ABAP
  • Namespace: SAP
  • Application: GRAC_UI_RISK_OWNER_MAINT
  • System Alias: SAP-GRC-AC

Set the following parameters for the Mitigating Control Owners Mass Maintenance:

  • Link Text: Mass Maintenance of Mitigation Control Owners
  • Application Type: Web Dynpro ABAP
  • Namespace: SAP
  • Application: GRAC_MITIGATION_OWNERS
  • System Alias: SAP-GRC-AC

The newly created application will then be available in your NWBC work center.

How to use the mass maintenance functions

How to use the two applications is well documented in SAP note 2491450. The PDF document that is attached to the SAP Note shows a step by step guide how to use and perform mass maintenance.

Conclusion

The long-awaited mass maintenance feature is finally available and brings back some of the functionality that was already present in SAP Access Control 5.3. Companies that have large numbers of mitigating controls and decentralized risk owners will be very thankful for these improvements. One of Xiting’s clients has 6,800 mitigating controls and maintaining these has been a big headache. Therefore, I strongly recommend upgrading to the latest support package to make this new functionality, along with many others, available to your business users.

I hope this article helps you with implementing the new features in your SAP Access Control environment.

Alessandro Banzer

Alessandro has worked in the field of IT since 2004, specializing in SAP in 2009 and working on global SAP projects in various roles since that date. Alessandro is an active contributor and moderator in the Governance, Risk and Compliance space on SAP SCN. Alessandro is in charge of Xiting's operations in the United States and a subject matter expert in SAP Access Control and SAP Security.