when you want to provision user access
compliantly you use SAP Access Control
now one of the features within Access
Control 10.1 is you can now use FIORI and
there's also enhancements to the
Segregation of Duty reports that come
out. I'm going to quickly show you how
you can go from reporting on how many
Segregation of Duty risks you have right
down to be able to fix them in one
single report here's how you do it.
You'll have just seen I've gone in
to a standard report which is the risk
violations report now this allows me to
identify where the risks are so I'm
going to select the ECC6.0 system and I'm
going to select the Accounts Payable
group that you can see here. Now when
I've done that I click the Go button, I can see the Finance's Procure-to-Pay
processes so to see the number of risks
relating to each process. Now I'm on the Procure
to Pay I'm looking for a very
classic example here being able to both
create a vendor and then initiate
payment to the vendor. Now I look at the
number of violations, which is showing me 14 and that's the number of users currently in
violation so I'll select a couple here. Now I'll select CNOVITSKY,
CSMITH and CTUMBER. Now when I run that I'm then going to get a report which is a lot more
detailed so I really drill down into the
detail behind why this is a violation
now as I see that I get to understand
the risk it's related the number of
violations the rules that potentially
are in violation as well as the actual
role assigned to an individual's cause
in the issue I can see all of the
transactions the permissions relating so
I'll get a full context by simply
clicking and I can see the individual
transactions that are causing the
problem so it's really simple I can
click anywhere on this report and I get
the full context of information
I can also kick off the de-provisioning
process and this can also be automated
you can also have it semi automated as a
check in place but I can remove that
role and make it all automated so that's
a great feature but perhaps in this case
for CTUMBER maybe we allow this individual
to have this access but we either make
sure that we've got recertification that
we're checking there's no violations or we
assign an individual mitigating control
to this where you can see the create
control button stay tuned for next week
when it's request management
