GR5 Access Request Process Diagram
Purpose, Benefits, and Key Process Steps Purpose This scenario uses business roles to show a new user access provisioning and also demo using simplified access request to request, remove or extend roles. Benefits Collaborations among business users and IT users. Streamline user provisioning process. Enables risk simulation during access request. Enables requesting roles, removing roles or extending roles by using a simple form. Key Process Steps Making access request for a new hire. An automated user provisioning workflow is trigged once the access request is submitted. Once all required approvals are obtained the new user account will be automatically created in the ERP system. Making simplified access request for additional, removal roles or extend roles. 2015 SAP SE or an SAP affiliate company. All rights reserved. 2
Required SAP Applications and Company Roles Required SAP Applications SAP Access Control 10.1 Company Roles End User Role Risk Point of Contact Mitigating Control Security Lead 2015 SAP SE or an SAP affiliate company. All rights reserved. 3
Detailed Process Description (1/1) GR5 Access Request Section 1: Requesting A New Account Requesting Access Approving Access Request Role Approving Access Request Risk Approving Access Request Section 2: Requesting Roles Requesting Access - Simplified Approving Access Request - Simplified Role Approving Access Request - Simplified 2015 SAP SE or an SAP affiliate company. All rights reserved. 4
GR5 Access Request (1/2) SAP Access Control SAP ERP End User Role Risk POC End User 1 Making access request for a new hire A Request Access Assigned No Assigned B Approves Access Request Role No Role Email 1 C Role Approves Access Request Email 2 No Risk Violation With Risk Violation Risk No Risk D Risk Approves Access Request Email 3 Email 5 F User Created & Role assigned Email 4 E POC check and reject no approver request Email 6 2015 SAP SE or an SAP affiliate company. All rights reserved. 5
GR5 Access Request (2/2) SAP Access Control SAP ERP End User Role Risk POC End User 2 Requesting Roles G Request Access - Simplified Assigned No Assigned H Approves Access Request - Simplified Role No Role Email 7 I Role Approves Access Request-Simplified Email 8 No Risk Violation With Risk Violation Risk No Risk J Risk Approves Access Request-Simplified Email 9 POC check and Email 11 reject no approver K request Email 10 L Requested Roles are updated for the Email 12 user 2015 SAP SE or an SAP affiliate company. All rights reserved. 6
GR5 Access Request (1/2) Icon Legend Icon A B C D E F G H I J K L 1 2 Name Making access request for a new hire Requesting Access SAP GRC AC NWBC: Access Management -> Access Request Creation -> Template Based Request Approving Access Request SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox Role Approving Access Request SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox Risk Approving Access Request SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox POC reject the request SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox User Created & Role assigned (Automatic Process Step) Requesting Roles Requesting Access Simplified SAP GRC AC NWBC: Access Management-> Access Request Creation -> Create Request - Simplified Approving Access Request - Simplified SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox - Simplified Role Approving Access Request - Simplified SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox - Simplified Risk Approving Access Request - Simplified SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox - Simplified POC reject the request SAP GRC AC NWBC: My Home -> Work Inbox -> Work Inbox - Simplified Requested Roles are updated for the user (Automatic Process Step) 2015 SAP SE or an SAP affiliate company. All rights reserved. 7
GR5 Access Request (2/2) Icon Legend Icon Email 1 Name receives an Email that there is an access request needs to be approved or rejected after review. Email 2 Email 3 Email 4 Email 5 Email 6 Email 7 Email 8 Email 9 Role receives an Email that that there is a request needs to be approved or rejected after review. Risk receives an Email that that there is a request needs to be approved or rejected after review. The End User receives an Email that request is approved and new account is created POC receives an Email that that there is a request needs to be approved or rejected after review The End User receives an Email that request is rejected receives an Email that there is an access request needs to be approved or rejected after review. Role receives an Email that that there is a request needs to be approved or rejected after review. Risk receives an Email that that there is a request needs to be approved or rejected after review. Email 10 Email 11 Email 12 The End User receives an Email that requested Roles are updated for the user POC receives an Email that that there is a request needs to be approved or rejected after review The End User receives an Email that request is rejected 2015 SAP SE or an SAP affiliate company. All rights reserved. 8
Thank you
2015 SAP SE or an SAP affiliate company. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP SE or an SAP affiliate company. SAP and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP SE (or an SAP affiliate company) in Germany and other countries. Please see http://global12.sap.com/corporate-en/legal/copyright/index.epx for additional trademark information and notices. Some software products marketed by SAP SE and its distributors contain proprietary software components of other software vendors. National product specifications may vary. These materials are provided by SAP SE or an SAP affiliate company for informational purposes only, without representation or warranty of any kind, and SAP SE or its affiliated companies shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP SE or SAP affiliate company products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. In particular, SAP SE or its affiliated companies have no obligation to pursue any course of business outlined in this document or any related presentation, or to develop or release any functionality mentioned therein. This document, or any related presentation, and SAP SE s or its affiliated companies strategy and possible future developments, products, and/or platform directions and functionality are all subject to change and may be changed by SAP SE or its affiliated companies at any time for any reason without notice. The information in this document is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. All forward-looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of their dates, and they should not be relied upon in making purchasing decisions. 2015 SAP SE or an SAP affiliate company. All rights reserved. 12