Administering access requests and running reports for Access Request Management process

Objectives

After completing this lesson, you will be able to:

  • Manage access requests from an administrator perspective and run reports and dashboards for the Access Request Management component

Administering access requests and running reports

Recall our initial example at the beginning of the unit. Imagine the request is not relevant anymore or the approver goes on sick leave and is unable to approve the requests. To ensure that the request doesn't remain in the pending status, administrators have certain powers.

As an administrator, you can view audit logs and the status of an access request.

To open the Search Requests app, select the tile.
To view the audit log, select a request and choose Audit Log.

Once an access request is submitted, the system begins to collect audit information related to each workflow stage and approval. SAP Access Control provides you with a detailed audit log for all access requests in the Search Request app. Also, approvers can review the audit logs of an access request while approving it in the Work Inbox app. In the Request Status app, requesters can review audit logs of an access request that they have created.

The Search Request feature also contains an Instance Status view for access requests. You can access the view by selecting a request and choosing Instance Status. This view provides detailed information about the approval status, current workflow path, stage, list of all current approvers for each request, and audit logs.

Select a request and view the path status.
In the Search Requests app, you can administer on cancel requests.

By using the Search Request app, you can administer access requests.

Administrators can:

  • Change user details and add new assignments.
  • Approve or reject access requests and assignments.
  • Forward the request and assignments to another approver.
  • Reroute the request to a different stage of the approval workflow.
  • Stop the workflow for a request by canceling it.
To open the Admin Delegation app, select the tile.
in the Admin Delegation app, use the approver delegation functionality to reassign approval tasks.

SAP Access Control administrators can reassign the approval tasks from one user to another using approver delegation functionality in the Admin Delegation app.

To delegate approval tasks, several details must be specified. First, you must specify who currently owns the approval tasks (referred to as "approver details" in the preceding screenshot). Second, you identify the person to whom you want to assign these tasks (described as "delegated approver details" on the preceding screenshot).

Furthermore, you must set the validity dates for the delegation and determine its status as either active or inactive. Finally, you have to define the type of delegation to specify which solution the current delegation is relevant for: SAP Access Control (AC), SAP Process Control (PC), or both.

Approval delegation can be performed on an approver side too. In the Approver Delegation app, the approver can delegate their own approval tasks to another approver.

As you learned in the previous section, an administrator, you can approve, reject, forward, cancel an access request, delegate approval rights, view audit logs and the status of an access request. Additionally, you can use various reports and dashboards with information about all access requests to monitor access requests from different perspectives.

To open the Access Requests Dashboard app, select the tile.
View reports and dashboards in SAP Access Control.

SAP Access Control provides the following reports and dashboards for the Access Request Management process:

  • Approver Delegation Report

    This report enables you to search for specific delegations filtered by Delegated for User ID and Delegated to User ID among other criteria.

  • Requests by PD/Structural Profiles

    This report allows you to search for requests by specifying PD profiles.

  • Requests by Roles and Role Assignment Approvers Report

    This report lists requests by roles and role approvers.

  • Requests with Conflicts and Mitigations Report

    This report lists requests with mitigated and unmitigated conflicts.

  • Service Level for Requests Report

    This report lists requests by service level.

  • SOD Review History Report

    This report provides the history of actions performed on SOD review requests. Additional details about the SoD Review are provided later in the course.

  • User Review Status Report

    This report lists request status for SOD review and UAR requests.

  • Access Provisioning Dashboard

    The Access Provisioning Dashboard displays two views:

    • Assignment Assigned or Removed

      This dashboard displays the number of roles assigned to or removed from individual requests, grouped by role action.

    • Users Processed

      This dashboard displays the total number of processed users grouped by user action.

  • Access Requests Dashboard

    The Access Requests Dashboard displays access requests by status and type. This dashboard is shown on the preceding screenshot.

  • Risk Violation in Access Request Dashboard

    The Risk Violation in Access Request Dashboard displays two views:

    • Access risk violations grouped by violations and mitigation.
    • Access risk violation details.

Perform Access Request Management

Business Scenario

In this unit, you've learned how to manage access requests. Now, it's your turn. Run the following exercise and try out access management activities yourself. Put yourself in the position of a user and create an access request, which you then approve in the role of an approver and then check the status.

Exercise Options

To start the exercise, choose Start Exercise in the figure below.

A pop-up opens. Now, you have the following options:

  • Choose Start: the simulation starts. Follow the simulation to learn how to create a process project.
  • Choose Open PDF Document: a pdf opens. Based on the steps described in this document, you can perform the exercise in your own system landscape.

Log in to track your progress & complete quizzes