Professional Documents
Culture Documents
Fiori Access Control - Recommendations
Fiori Access Control - Recommendations
Fiori Access Control - Recommendations
Symptom
What are the best practices & recommendations about using Fiori in GRC against NWBC?
Which areas of Access Request is supported in Fiori approach and/or which area is not supported?
Environment
SAP GRC Access Control
Fiori
Access Risk Analysis
Access Request Administration
Emergency Access Management
Cause
This knowledge article will help you to understand which areas of access control are supported and/or not supported in Fiori
Resolution
With Fiori release, Request creation is made more easier using mobile app/browser interactive UI. This app is designed
keeping the simplicity in mind for the creation of access request. Using this approach, users can raise and perform action on
request quickly from anywhere.
With this approach, there are couple of areas which users need to keep in mind while raising the request. Purpose of this
approach is to quickly create a request with very simple way from anywhere and any device. Hence, not all the normal Access
Request features are supported/recommended under fiori request creation.
Below are the overall list of features with their status and usage in Fiori app :
Risk Analysis on Request Submission
It can take time for risk analysis upon request submission as it depends on number of violation/role/user. Fiori request will
take some time for submission which may result in delay of request creation. Set parameter 1071 to NO and it will speed up
analysis.
Multiple-User Type Request : Not Supported
Multiple user type request concept is not supported in fiori access request creation.
Multiple Owners against Control ID : Not Supported
Multiple owners are not visible in fiori. It is designed in a way to show single owner against control ID.
Custom Fields : Supported
It can be achieved by maintaining custom fields in SPRO directly via the path mentioned in IMG under Access Control
Fields Available for Display
Apart from "Request For Reason" field and custom fields, no other fields can come on fiori screen.
Attachments Tab : Not Supported
Attachment Tab is not currently supported in fiori.
Reject Button on Approval App : Not Supported
Reject button on access request approval app is not currently supported in fiori.
One User per Request per System : Not Supported
More than one request can be created for particular user and same system.
Rejecting parent role does not automatically select mapped role
Only default roles will be removed automatically in Fiori
Rejecting complete request at once
Rejecting complete request at once is currently not supported. Instead, only those line items which are not checked will
be rejected.
Add roles at approval level : Not Supported
Approver can only select/de-select line items exist in access request at approval level but cannot add new role/line item.
Default roles part of role default attribute are not added in fiori app
Roles which are set as default needs to be added manually in fiori app.
Currently, only text can be added in welcome message of "Request Access for Others" app.
See Also
Keywords
Fiori support, fiori custom fields, fiori owner control ID, multiple user fiori, risk analysis fiori performance request submit
Attributes
Key Value
Other Components Governance, Risk and Compliance > SAP Access Control > Access Risk Analysis (GRC-SAC-ARA)
Other Components Governance, Risk and Compliance > SAP Access Control > Access Request (GRC-SAC-ARQ)
Products
Products