Ensuring Continuous Compliance


After completing this lesson, you will be able to:

  • Ensure continuous compliance on access risk management using SAP Access Control features and reporting options

Continuous Compliance

Continuous compliance is the only step in phase three.

As discussed previously, to support a review of an organization's ongoing compliance activities and status, SAP Access Control provides various reports and dashboards. It also provides a collection of audit and security reports.

To check the risk situation in companies, employees working in compliance deal with various challenges:

  • How can we review information about last changes on objects such as roles, risks and profiles?
  • How can we display actions and permissions that are in roles but are not in the rule library? It is important to check this because there can be new actions and permissions that constitute a risk and are not accounted for in a rule set.
  • How can we determine action usage to prioritize remediation and mitigation of risks associated with the action?

To meet those challenges, SAP Access Control provides the following audit and security reports:

Audit Reports

Audit ReportAction
Change Log Report.

This report provides change information on SAP Access Control objects such as role, risk, and profile. The information includes who changed the object, the timestamps, new and old values, the entity name and type, attributes, and the type of change.

Embedded Action Calls in Programs of SAP System Report.

This report identifies embedded transaction calls in custom programs.

List Actions in Roles but not in Rules Report.This report lists all the actions that are in roles but are not part of the rule library.
List Permissions in Roles but not in Rules Report.This report lists all the permissions that are in roles but are not part of the rule library.

Security Reports

Security ReportsAction
Action Usage by User, Role, and Profile Report.This report lists actions by user, role, and profile.
Count Authorization for Users Report.This report counts user authorizations and highlights the ones outside the system limits.
Count Authorization for Roles Report.This report provides the authorization count for roles by role name.
List Expired and Expiring Roles for Users Report.This report lists roles that have expired or are about to expire based on the dates you specify.

In addition to reports, SAP Access Control integrates the risk analysis into the Access Request Management and the Business Role Management components to ensure continuous compliance during these processes:

  • Access Request Management

    A compliant Access Request process prevents the introduction of unmitigated risk into user assignments in productive environments. The risk analysis integration into the Access Request provides real time risk analysis and mitigation capability for all risk violations associated with the request. Both new requested access, and a users existing access, can be considered.

  • Business Role Management

    Incorporating a real time risk analysis into the role maintenance process ensures that you are aware of the current risk profile of each production role. Risk analysis can be incorporated into your role creation and maintenance methodology, requiring a risk analysis for all changes to role data. Combined with a Role Approval workflow, Business Role Management provides full transparency about your roles and their associated risks.

Manage Access Risk

Business Scenario

In this unit, you have learned that you can use various reports and dashboards to analyze access risks. But what was the process for using the dashboard to display the risks for a selected business process? Or what steps must you follow to run access risk analysis reports? To reinforce your knowledge, complete the following exercise.

Exercise Options

To start the exercise, choose Start Exercise in the figure below.

A pop-up opens. Now, you have the following options:

  • Choose Start: the simulation starts. Follow the simulation to learn how to create a process project.
  • Choose Open PDF Document: a pdf opens. Based on the steps described in this document, you can perform the exercise in your own system landscape.

Log in to track your progress & complete quizzes