· .. Preface ... 19
· ... Target Audience ... 19
· ... How to Read This Book ... 20
· ... How This Book Is Organized ... 20
· ... Conclusion ... 22
· ... Acknowledgments ... 23
· 1 ... Introduction to Governance, Risk and Compliance ... 25
· 1.1 ... Why Use Governance, Risk and Compliance Solutions? ... 25
· 1.2 ... Introduction to SAP Access Control ... 29
· 1.3 ... Architecture and Landscape ... 31
· 1.4 ... Key Capabilities, Supported Systems, and Integration ... 34
· 1.5 ... Cloud Integration ... 37
· 1.6 ... Summary ... 39
· 2 ... Prerequisites ... 41
· 2.1 ... Checking License Agreements and Licensing Requirements ... 41
· 2.2 ... System Sizing ... 45
· 2.3 ... System Time Zone Check ... 47
· 2.4 ... Component and Plug-In Requirements ... 48
· 2.5 ... Summary ... 50
· 3 ... Post-Installation Steps ... 51
· 3.1 ... Quick Checks ... 51
· 3.2 ... Initial Configuration ... 52
· 3.3 ... Multistage Multipath Workflow Initial Configuration ... 70
· 3.4 ... Setting Up Common Parameters ... 85
· 3.5 ... Email Configuration ... 88
· 3.6 ... Summary ... 95
· 4 ... Common Configurations ... 97
· 4.1 ... Configuring Remote Function Call Destinations ... 97
· 4.2 ... Maintaining Connectors and Connection Types ... 116
· 4.3 ... Maintaining Connection Settings ... 119
· 4.4 ... Maintaining Connector Settings ... 123
· 4.5 ... Maintaining Configuration Settings ... 124
· 4.6 ... Maintaining Mapping for Actions and Connector Groups ... 127
· 4.7 ... Configuring Data Sources ... 129
· 4.8 ... Setting Up Background Synchronization Jobs ... 137
· 4.9 ... Distributing Jobs for Parallel Processing ... 145
· 4.10 ... Summary ... 147
· 5 ... Access Risk Analysis ... 149
· 5.1 ... Introduction to Access Risk Analysis ... 149
· 5.2 ... Setting Up Access Risk Analysis ... 157
· 5.3 ... Setting Up Workflows for Access Risk Analysis ... 196
· 5.4 ... Maintaining Custom User Groups ... 197
· 5.5 ... Maintaining Master User ID Mappings ... 199
· 5.6 ... Working with Access Risk Analysis ... 200
· 5.7 ... Working with Mitigation Controls ... 216
· 5.8 ... Setting Up Alerts ... 224
· 5.9 ... Configuring the Risk Terminator ... 228
· 5.10 ... Reports and Analytics ... 230
· 5.11 ... Summary ... 231
· 6 ... Emergency Access Management ... 233
· 6.1 ... Introduction to Emergency Access Management ... 233
· 6.2 ... Configuring Emergency Access Management ... 235
· 6.3 ... Maintaining Emergency Access Management Access Control Owners ... 250
· 6.4 ... Activating Multistage Multipath for Emergency Access Management ... 254
· 6.5 ... ID-Based and Role-Based Emergency Access Management ... 264
· 6.6 ... Setting Up Emergency Access Management Jobs ... 268
· 6.7 ... Emergency Access Management Log Synchronization ... 269
· 6.8 ... Working with Firefighter IDs ... 269
· 6.9 ... Firefighter ID Report Execution ... 271
· 6.10 ... Emergency Access Management Log Reviews ... 273
· 6.11 ... Emergency Access Management Log Types and Details ... 273
· 6.12 ... Summary ... 274
· 7 ... Access Request Management ... 275
· 7.1 ... Introduction to Access Request Management ... 275
· 7.2 ... Setting Up Access Request Management ... 280
· 7.3 ... Using Access Request Management ... 316
· 7.4 ... Summary ... 341
· 8 ... Business Role Management ... 343
· 8.1 ... Introduction to Business Role Management ... 343
· 8.2 ... Setting Up Business Role Management ... 346
· 8.3 ... Maintaining Multistage Multipath Workflows ... 382
· 8.4 ... Working with Roles ... 382
· 8.5 ... Role Mass Maintenance ... 389
· 8.6 ... Role Recertification ... 397
· 8.7 ... Role Management Reports ... 398
· 8.8 ... Summary ... 399
· 9 ... Periodic Reviews ... 401
· 9.1 ... User Access Review ... 402
· 9.2 ... Segregation of Duties Risk Review ... 428
· 9.3 ... Firefighter ID Review ... 440
· 9.4 ... Summary ... 443
· 10 ... End User Home Page ... 445
· 10.1 ... End User Home Page Services ... 445
· 10.2 ... Implementation ... 446
· 10.3 ... Advantages for End User Licenses ... 454
· 10.4 ... Password Self-Service, Access Request Creation, and Managing Access Control Information ... 454
· 10.5 ... Summary ... 466
· 11 ... Multistage Multipath Workflows ... 467
· 11.1 ... Introduction to Multistage Multipath Workflows ... 467
· 11.2 ... Process Global Settings ... 472
· 11.3 ... Maintaining Rules and Rule Results ... 477
· 11.4 ... Maintaining Agents ... 479
· 11.5 ... Setting Up Notification Variables and Templates ... 485
· 11.6 ... Maintaining Paths ... 492
· 11.7 ... Setting Up Notifications: Definition ... 502
· 11.8 ... Maintaining a Route Mapping ... 504
· 11.9 ... Generating Versions ... 506
· 11.10 ... Troubleshooting Multistage Multipath Issues ... 507
· 11.11 ... Summary ... 515
· 12 ... BRFplus: Business Rule Framework ... 517
· 12.1 ... Introduction and Activation ... 517
· 12.2 ... Generating Multistage Multipath Rules for Processes ... 521
· 12.3 ... Understanding BRFplus Scenarios ... 523
· 12.4 ... Creating a BRFplus Routing-Based Rule ... 537
· 12.5 ... Transporting a BRFplus Application ... 550
· 12.6 ... Summary ... 554
· 13 ... SAP Fiori for SAP Access Control ... 555
· 13.1 ... Introduction ... 555
· 13.2 ... SAP Fiori Configuration ... 564
· 13.3 ... Working with SAP Fiori Apps ... 581
· 13.4 ... Troubleshooting SAP Fiori App Issues ... 583
· 13.5 ... Summary ... 586
· 14 ... HR Triggers ... 587
· 14.1 ... Introduction to HR Triggers ... 587
· 14.2 ... Configuring HR Triggers ... 588
· 14.3 ... Troubleshooting HR Trigger Issues with Debugging ... 610
· 14.4 ... Summary ... 612
· 15 ... Enhancements and Developments ... 613
· 15.1 ... Enhancements ... 613
· 15.2 ... Custom Developments ... 637
· 15.3 ... Summary ... 680
· ... The Author ... 681
· ... Index ... 683
