SAP Fiori Solution for SAP Access Control

SAP Fiori provides a user-friendly and intuitive interface to access some capabilities of the SAP GRC products — SAP Access Control, SAP Process Control and SAP Risk Management.

Earlier the scope of accessing GRC workflows through SAP GUI was restricted to desktops, so as to bridge the gap between the growing digital needs and traditional SAP GUI system, SAP introduced Fiori, thus making the GRC workflows available on any digital platform (Phones, Tablet etc.) as well.

The blog post will help you understand as to which SAP Access Control Fiori solution will work best for your Business requirement.

ABAP ADD- ON COMPONENT FOR FIORI:

The SAP Fiori functionality for SAP Access Control is delivered via the ABAP Add-On i.e.

• UIGRAC01 for SAP Access Control 12.0 (Minimum SAP UI 7.52 SP02)
  [Customers using Process control and Risk Management can deploy Component UIGRRMPC for 12.0 (Refer to Note 2624151) ]

• UIGRC001 for SAP Access Control 10.1
  [Customers using Process Control and Risk management can deploy UIGRPC01 and UIGRRM01 respectively for GRC 10.1.(Refer to Note 2624151)

DEPLOYMENT:

There are two ways of deployment, either we can do a Central Hub Deployment (GRC and SAP Fiori both on separate system) or do an Embedded Deployment (GRC and SAP Fiori installed on the same system)

Depending on your GRC release you can avail the features available via the ADD ON.

FIORI APPLICATION:

• The SAP Access Control Fiori Application was introduced in 10.1 and is available for both 10.1 and 12.0 via UIGRC001 and UIGRAC01 respectively.
• There are total 5 Fiori Apps available in SAP Access Control.
• You can activate and maintain the O-data service and add the given systems in “System Alias” via Transaction “/IWFND/MAINT_SERVICE” or follow the below path.
   SPRO->SAP NetWeaver-> SAP Gateway->OData Channel->Administration->General Settings->Activate and Maintain services.
• There are 5 default PFCG roles that are delivered as part of UIGRC001 and UIGRAC01 which are –
  

Important Links:

• https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/
• https://help.sap.com/doc/e2ccae7ee6354b169cf845cd665e07fe/1.0%202016-07/en-US/frameset.htm?frameset.htm

FIORI OVERVIEW PAGES:

• The SAP GRC Fiori Overview Pages (OVP) are based on SAP Fiori elements technology and are currently available for GRC 12.0 and you need to have UIGRAC01 ADD-ON component installed.
• The SAP Overview pages provide greater insights on all the GRC related information on a single page which allows the user to focus on the most important tasks, and view, filter, and react to the information quickly.
• There are 3 Overview pages(OVP) available in GRC and each OVP displays multiple card and each card shows data related to the associated “Dashboard reports” in NWBC.
  
  
• You need to activate and maintain the O-data service and add the GRC system in “System Alias” via Transaction “/IWFND/MAINT_SERVICE”.
• Besides this,you need to add the backend PFCG Role “SAP_GRAC_BCR_SCRTYMGR_T”  in order to access these Overview Pages (OVP).
• Currently the SAP Access control Overview Pages (OVP) show data for last 4 months.
• As mentioned, each topic in the GRC Overview Pages is represented by a card and each card is mapped to the Associated Dashboard report in NWBC, so when you click on the card the report gets opened.

For more information on which card is mapped to which associated report in NWBC please refer to the below Charts.

FIORI LAUNCHPAD:

The SAP GRC Fiori launchpad was introduced in 12.0 and you need to have ADD-ON UIGRAC01 installed in your system.

NOTE: The  Add -On UIGRAC01 includes both Fiori apps and Fiori launchpad(12.0) and UIGRC001 only has only Fiori apps (10.1)

• With Fiori launchpad, all the NWBC links can be replaced to Fiori like Apps.
• For this feature, you don’t need to activate any O-data service, you just need to Install Add-On Component UIGRAC01 and the SAP UI must be on 7.52 SP02.
• SAP Access Control 12.0 delivers a set of SAP Fiori business catalogs that enable you to open the WebDynpro Access Control applications in the launchpad.
• Each NWBC link of GRC box has different a Semantic Object (which points to the same Webdynpro link) associated with it and is further used within Tiles in Technical catalog

Important Links:

• https://help.sap.com/doc/a877d9f274d3471c9ef107e7b9fa1eef/12.0.02/en-US/loio9e08a4211c104a9696cdffccdc9bb3c8.pdf
• https://blogs.sap.com/2019/05/03/grc-12-fiori-launchpad-configurations/

Based on the your landscape and business requirement you can implement the respective SAP Access control Fiori solutions as mentioned above.

List of Important Notes:

• 2628011 – Where to find documentation on GRC Integration with SAP Fiori
• 2634112 – Fiori Access Control – Recommendations / Supportability guidelines / Best Practices
• 2654895 – FAQ: GRC Access Control 12.0 Installation Questions and Recommendations
• 2912555 – Does it require separate licence to integrate FIORI with my GRC 12.0 install?
• 1929930 – Release Information Note for UI for GRC 10.1
• 2909690 – Fiori tiles are not visible in the launchpad.
• 2584730 – FIORI error “The request URI contains an invalid key predicate”

• Source: https://blogs.sap.com/2020/06/30/sap-fiori-solution-for-sap-access-control/