11/27/2019

Integration: Access Control with Fiori

Apps for S/4HANA On-Premise
Generated on: 2019-11-27

SAP Access Control | 12.0 SP04

PUBLIC

Original content: https://help.sap.com/viewer/0868c418230e43299792685fe230f2c7/12.0.04/en-US

Warning

This document has been generated from the SAP Help Portal and is an incomplete version of the official SAP product
documentation. The information included in custom documentation may not re ect the arrangement of topics in the SAP Help
Portal, and may be missing important aspects and/or correlations to other topics. For this reason, it is not for productive use.

For more information, please visit the https://help.sap.com/viewer/disclaimer.

https://help.sap.com/http.svc/dynamicpdfcontentpreview?deliverable_id=22198463&topics=6d98ef6de9e144a3802248a5ea60… 1/3
11/27/2019

Overview
This guide is for customers whose landscape includes SAP Fiori apps on SAP S/4HANA on-premise systems and SAP Access
Control. This integration provides BC Sets to enhance the access control SOD rule set to enable AC access risk analysis to include
and identify violations for SAP S/4HANA Fiori apps.

BC Sets and Scenarios

Depending on your landscape, you may have both SAP S/4HANA and SAP Fiori apps installed on the same system, or on separate
systems. The following BC Sets cover both scenarios.

Scenario 1: Both SAP S/4HANA on-premise and SAP Fiori apps are installed in the same system

Use this BC Set: GRAC_RA_RULESET_S4HANA_ALL.

Scenario 2: SAP S/4HANA on-premise is installed on one system, and Fiori apps are installed on another system

Use this BC Set for the SAP S/4HANA system connector: GRAC_RA_RULESET_S4HANA_CORE.

Use this BC Set for the SAP Fiori app system connector: GRAC_RA_RULESET_S4HANA_FIORI.

Availability
The BC Sets are available for the following access control versions:

SAP Access Control 10.1 SP20 (or GRCFND_A V8000 SP06) or higher

SAP Access Control 12.0 SP00 or higher

Procedure
Log onto the SAP Access Control system as administrator, create connectors to the respective systems, and then activate the
relevant BC Sets.

Scenario 1: Both SAP S/4HANA on-premise and SAP Fiori apps are installed on the
same system
1. Create a connector to the system that has SAP S/4HANA on-premise and the SAP Fiori apps installed.

Run transaction SPRO and go to Governance, Risk and Compliance Access Control Maintain Connector Settings .

2. Activate BC Set GRAC_RA_RULESET_S4HANA_ALL for this connector.

Run transaction SCPR20, enter the BC Set name, and click the Activate icon.

3. Generate rules via SPRO: Governance, Risk and Compliance Access Control Access Risk Analysis Generate SoD Rules .

Scenario 2: SAP S/4HANA and SAP Fiori Apps are installed on 2 different systems
1. Create 2 connectors - one connector for the SAP S/4HANA on-premise system and another for the SAP Fiori apps system.

Run transaction SPRO and go to Governance, Risk and Compliance Access Control Maintain Connector Settings .

2. For the connector to the SAP S/4HANA system, activate BC Set GRAC_RA_RULESET_S4HANA_CORE.

3. For the connector to the Fiori apps system, activate BC Set GRAC_RA_RULESET_S4HANA_FIORI.

4. Generate rules via SPRO: Governance, Risk and Compliance Access Control Access Risk Analysis Generate SOD
Rules .
https://help.sap.com/http.svc/dynamicpdfcontentpreview?deliverable_id=22198463&topics=6d98ef6de9e144a3802248a5ea60… 2/3
11/27/2019

https://help.sap.com/http.svc/dynamicpdfcontentpreview?deliverable_id=22198463&topics=6d98ef6de9e144a3802248a5ea60… 3/3