Submitting an Access Request

Objectives

After completing this lesson, you will be able to:

  • Specify access request data and create an access request

Access Request Submission

Access Request Management: Automate access administration for enterprise applications.

Access Request Management incorporates the functionality to request access and conduct a real time risk analysis. You can mitigate access risks before provisioning access for a user in target systems. Approval procedures and approval workflow are created and customized using a flexible multistage, multipath workflow (MSMP). MSMP workflow provides the backbone for the creation, submission, and approval of access requests. User master records can be created and access provisioned automatically in target systems following the approval of the request by relevant stakeholders. Autoprovisioning allows security team members to focus on security incidents and issues, rather than manually creating users and assigning roles and permissions.

SAP Access Control can provision access to:

  • ABAP solutions
  • SAP S/4HANA on-premise
  • SAP SuccessFactors
  • SAP HANA database
  • Non-SAP solutions such as Oracle, PeopleSoft, and JDEdwards.

Access is provisioned through access requests that users create for themselves or for other users. The following standard access request types for access provisioning are delivered with the solution:

  • New Account to create new users and assign roles to them in target systems.
  • Change Account to assign, remove roles from a user, change role assignment's validity dates, change validity dates or user details of a user in target systems.
  • Lock Account to lock a user in target systems.
  • Unlock Account to unlock a user in target systems.
  • Superuser Access to get access to firefighter ID to execute emergency access session. Additional details about the Emergency Access Management component are provided later in the course.
  • Delete Account to delete a user in target systems.

Dive into a Scenario

To illustrate how access management for company applications can be automated, let's consider the following situation:

Imagine an employee who previously only processed small orders. The employee has been promoted and is now also responsible for large orders. This promotion brings new areas of responsibility and requires access to certain systems. Some companies provide access manually. For example, when employees request access, they get approval by e-mail. Then, the SAP Basis team assigns roles to users in the target systems. SAP Access Control provides possibilities to automate the access management processes in the following aspects:

  • Data filling in an access request.
  • Approval of the request.
  • Access provisioning in the target system.

Automation in the creation of an access request, for example, means that users can:

  • Search for roles from a catalog.
  • Load user details from HR system or connected target systems.
  • Create a request more quickly and efficiently by using predefined data.

Once the user creates the request, the request is then automatically sent to the relevant approver. A different approval workflow can be configured depending on the company's requirements. Approvers receive all access requests for approval in one app and approve requests after necessary checks. After the request is approved on all stages of approval, access will be automatically provisioned to the user in the target systems according to the request, without manual efforts.

And what happens if the request is not relevant anymore or the approver goes on sick leave and is unable to approve the requests? To handle such unexpected situations, SAP Access Control administrators can use access request administering options. For example, they can manage access requests by delegating, forwarding, approving, or canceling them as needed. This management ensures that the application processes run smoothly, even if the original approver is unavailable, or any other change happened regarding the access management process.

The scenario forms the structure of the unit, as illustrated in the following image:

Unit structure: Creating Access Requests, Approving Access Request, Explaining Workflow Configuration Options, Creating Access Request Using Additional Options, Administering Access Requests and Running Requests.

Access Request Creation

Previously, we described the example of an employee who has received new areas of responsibility and as a result, needs access to more systems. How must users proceed now? Put yourself in the role of a user and watch the following video that describes the process of how access requests can be created.

Summary

To gain access to target systems, a user initiates an access request in the SAP Access Control's Access Request app, including all necessary information for proper evaluation. The user outlines the request details such as:

  • The type of request.
  • Priority level.
  • Associated business processes.
  • Functional area.
  • The reason for the request.

You can create access requests for yourself, another user, or multiple users. Information can be taken from synchronized user data sources or input manually. In the User Access tab, the requestor specifies the required roles to be assigned. The Risk Violation tab allows users to assess potential access risks associated with the access request. Additional information necessary for the request creation is organized across several categories including Parameters, User Groups and User System Details, and Custom Data.

To finalize the access request, choose Submit.

After all necessary information is filled in the access request creation form, you can finalize the access request by choosing Submit. A message displays the generated request number. After you submit the request, it's sent to the approval workflow.

Log in to track your progress & complete quizzes