SAP GRC 12.0 – What’s next?

SAP has launched its new version of SAP GRC 12.0 in March 2018 and the SP02 is out this month (Oct 2018) for the users. GRC 12.0 brings a lot of new features and changed the look and feel of the application completely. In this new release, SAP added a few new functionalities and improved some of the existing ones. Integration to cloud platforms, enhanced emergency access management, rich UI, and more support for Identity Access Governance are some of the advancements in this version of GRC.

So, what are you waiting for? Implement/migrate to the latest version to see what it brings for you!

Wait! I Know You Have Some More Questions. Let Us Discuss In-Detail.

Does GRC 12.0 Address the New GDPR Compliance Based Requirements?

The world is moving towards a major digital transformation and there is a definite need for revisiting the regulations and compliance requirements to control the risks and organizational level fraud. The new GDPR compliance is one of the new regulations introduced that have changed the way companies do business today. Complying with GDPR regulations is very tough unless the controls are automated.

Even though it is quite important to have these controls, I don’t see any advancement in the GDPR based controls. GRC 12.0 doesn’t get anything new related to GDPR.

Tip: ToggleNow has partnered with some organizations that work to automate the GDPR control monitoring. We have 200+ readymade controls related to GDPR that can be implemented within 2-3 days.

Is Fiori Must?

For those who don’t know, Fiori is the new standard user interface (UI) introduced by SAP. Fiori Launch Pad (FLP) replaces the traditional look and feel of NetWeaver Business Client interface.

In GRC 12.0, SAP has separated the GRC 12.0 backend engine (which has the same 4 components – EAM, ARA, ARM, and BRM) from the GRC 12.0 frontend that uses SAP UI5. The advantage of using SAP UI5 is that the integrations are easy and quick.

The advantage of using Fiori is that it will enable users to access different SAP systems from a single interface without having to log in and log out of different SAP servers. In additional the new pre-defined Fiori tiles, it will reduce the implementation time and bring a few reporting tiles by default.

Don’t worry. SAP still supports NWBC in this release along with the Fiori Launch Pad (FLP) and SAP Enterprise Portal (EP).

What New Integrations And Connectors Are Available?

With GRC 12.0, integration to cloud platforms is made simpler as it has new dimensional SAP products such as SAP Ariba, SAP Concur, Success Factors and S/4HANA cloud. To connect to the cloud platforms, administrations can use the new component called IAG (SAP Cloud Identity Access Governance). This will act as a bridge for connecting with the cloud-based applications. GRC 12.0 also has rich integration with SAP IDM and huge improvement with the integration of SFEC (Employee Central Payroll system).

What Enhancements Are Delivered In The Optimized Emergency Access Management?

Emergency Access Management (EAM) in GRC 12.0 supports HANA DB. The EAM owner/controller maintenance is also simplified. Similar to GRC 10.1, you don’t have to assign Owners and Controllers to the AC Owners POWL and map it to the FFID in the AC Owners & Controllers POWL. This is completely optimized and provides more flexibility for assigning owners and controllers to FFIDs without maintaining them in the AC Owners POWL.

Synchronization Jobs Optimized

Repository Object Synch jobs can be scheduled in parallel so that the synchronization is faster. The synchronization can be parallel or dependent jobs. A new set of parameters are introduced for LDAP Repository Sync jobs which will allow the administrators to restrict the job to run between a date range. User Access Review jobs are optimized and new parameters are added to exclude specific data from synchronization. Batch Processing of data with a range is introduced to avoid ABAP dumps.

Are There Any Ruleset Enhancements In GRC 12.0?

SAP S/4 HANA is the game changer. With the introduction of Fiori Apps and the new authorization model, there is a need for a new Risk library that validates the Web Dynpro components for risks. For clients who have been migrating to S/4 HANA, it is must that the Risk library is also updated. A new BC set is delivered that gets the ruleset for S/4 HANA.

Do I Need To Freshly Implement GRC 12.0 Or Can I Upgrade It From GRC 10x?

Not required. Upgrading the system to GRC 12.0 is pretty easy and is normally referred to as same-box upgrade process. All you need is an SAP NetWeaver 7.52 SP00 system and SAP AC 10.1 SP21 to upgrade to SAP AC 12.0 SP02 (10.1 SP20 is sufficient for SAP AC 12.0 SP01). One may follow the upgrade guide (https://help.sap.com/doc/8e4687084c55465c85a653023b8ceab3/12.0.02/en-US/loiob418d62abab34473a573adf94bc3daf6_en.pdf) to upgrade the system. After the upgrade, all you need to do is perform additional configurations.

Does GRC 12.0 Supports Integration with Workday?

No. SAP hasn’t provided any new connectors for non-SAP/bespoke systems with GRC 12.0 as well. I’ve been recently reading some documents that speak about a new framework that SAP has introduced for easy integration. Using this framework, you don’t need to rely on costly third-party connectors anymore. You can use it through SAP delivered classes such as CL_GRAC_AD_ACCESS_MGMT_RFC (It contains all user-related activities such as Create, Change, Lock, Unlock, Assign methods for user maintenance in RFC systems) and CL_GRAC_AD_ACCESS_MGMT_WS (contains all user related Create, Change, Lock, Unlock, Assign methods for user maintenance in target systems via Web services).

My strong recommendation is to use the existing framework. However, ensure that your target system (for eg: Workday) authorizations are similar to SAP authorizations (at least at transaction level). This is applicable for risk analysis too.

For any further questions regarding GRC 12.0, upgrading your GRC system, developing new Fiori based apps, or further customizations, please do contact us.



Author: Raghu
Raghu is an author, blogger with rich experience in IT application Security. His extensive knowledge and pragmatic approach helped him to write extensively for various websites, and blog on the recent trends and technology advancements. His knowledge of SAP Security, GRC and direct contact with customers ensure that our applications are constantly moving towards the next innovation. His areas of expertise lies primarily in SAP Security Redesign (Business process re-engineering), Forensic Security and Tweaking GRC applications.

1 Comment

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.