Recall our initial example at the beginning of the unit. Imagine the request is not relevant anymore or the approver goes on sick leave and is unable to approve the requests. To ensure that the request doesn't remain in the pending status, administrators have certain powers.
As an administrator, you can view audit logs and the status of an access request.
Once an access request is submitted, the system begins to collect audit information related to each workflow stage and approval. SAP Access Control provides you with a detailed audit log for all access requests in the Search Request app. Also, approvers can review the audit logs of an access request while approving it in the Work Inbox app. In the Request Status app, requesters can review audit logs of an access request that they have created.
The Search Request feature also contains an Instance Status view for access requests. You can access the view by selecting a request and choosing Instance Status. This view provides detailed information about the approval status, current workflow path, stage, list of all current approvers for each request, and audit logs.
By using the Search Request app, you can administer access requests.
Administrators can:
- Change user details and add new assignments.
- Approve or reject access requests and assignments.
- Forward the request and assignments to another approver.
- Reroute the request to a different stage of the approval workflow.
- Stop the workflow for a request by canceling it.
SAP Access Control administrators can reassign the approval tasks from one user to another using approver delegation functionality in the Admin Delegation app.
To delegate approval tasks, several details must be specified. First, you must specify who currently owns the approval tasks (referred to as "approver details" in the preceding screenshot). Second, you identify the person to whom you want to assign these tasks (described as "delegated approver details" on the preceding screenshot).
Furthermore, you must set the validity dates for the delegation and determine its status as either active or inactive. Finally, you have to define the type of delegation to specify which solution the current delegation is relevant for: SAP Access Control (AC), SAP Process Control (PC), or both.
Approval delegation can be performed on an approver side too. In the Approver Delegation app, the approver can delegate their own approval tasks to another approver.
As you learned in the previous section, an administrator, you can approve, reject, forward, cancel an access request, delegate approval rights, view audit logs and the status of an access request. Additionally, you can use various reports and dashboards with information about all access requests to monitor access requests from different perspectives.
SAP Access Control provides the following reports and dashboards for the Access Request Management process:
- Approver Delegation Report
This report enables you to search for specific delegations filtered by Delegated for User ID and Delegated to User ID among other criteria.
- Requests by PD/Structural Profiles
This report allows you to search for requests by specifying PD profiles.
- Requests by Roles and Role Assignment Approvers Report
This report lists requests by roles and role approvers.
- Requests with Conflicts and Mitigations Report
This report lists requests with mitigated and unmitigated conflicts.
- Service Level for Requests Report
This report lists requests by service level.
- SOD Review History Report
This report provides the history of actions performed on SOD review requests. Additional details about the SoD Review are provided later in the course.
- User Review Status Report
This report lists request status for SOD review and UAR requests.
- Access Provisioning Dashboard
The Access Provisioning Dashboard displays two views:
- Assignment Assigned or Removed
This dashboard displays the number of roles assigned to or removed from individual requests, grouped by role action.
- Users Processed
This dashboard displays the total number of processed users grouped by user action.
- Assignment Assigned or Removed
- Access Requests Dashboard
The Access Requests Dashboard displays access requests by status and type. This dashboard is shown on the preceding screenshot.
- Risk Violation in Access Request Dashboard
The Risk Violation in Access Request Dashboard displays two views:
- Access risk violations grouped by violations and mitigation.
- Access risk violation details.