1 / 13

Authorization Policy in SAP IAG

An Authorization Policy is essentially a set of rules with predefined conditions. It is easy to Implement authorization restrictions in SAP GRC Access Control .<br>

udayaa
Download Presentation

Authorization Policy in SAP IAG

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authorization Policy in SAP IAG

  2. Introduction Ever thought about how to control access and permissions effectively in SAP Identity Access Governance (IAG)? Let’s break it down in simple terms.

  3. Imagine a scenario where a user, who has the power to manage risks, ends up mitigating risks unrelated to his/her function. Or what if a user can request sensitive roles, and the manager approves it without a thorough review? Think of a situation where a user changes his/her manager ID or email during the run-time. Also, consider to implement a requirement to restrict only full-time users from requesting PAM IDs.

  4. It’s easy to implement authorization restrictions in SAP GRC Access Control as it is a NetWeaver based system. But how to implement similar restrictions in SAP IAG? SAP IAG poses challenges as role collections have limitations, and applying restrictions at the data level isn’t possible. But here’s the good news – you can address these issues by implementing Authorization Policies.

  5. An Authorization Policy is essentially a set of rules with predefined conditions. Admins use the Authorization Policy app to define these policies. To keep things simple, let’s focus on one policy type – Access Risks. However, it’s important to note that SAP IAG supports setting up policies for various types, providing a comprehensive solution to your access control restriction needs.

  6. Access Risk Back-end User Mitigation Control Business Role Access Application Business Function Group and Access Request

  7. Refer to the figure 1.0 to know various options that you can select from the policy definition screen.

  8. 1. From SAP IAG, navigate to the Administration group Click “Authorization Policy” Click New Policy Set Enter name and select the Policy Type Click Save. Now navigate to the Policy Set from the list and click + sign in Policies 2. 3. 4. 5. 6.

  9. What else is required? 7. Enter the Policy ID, and description and click + sign to add the conditions. Since “Access Risk” is selected in Policy type, the Conditions will show the Risk ID, Business Process, Risk Level and Risk type

  10. 8. Select the condition with a value and create the policy.

  11. 9. Click Save. Definition can also be based on various conditions as shown below: NOTE: Multiple policies can be defined in a single Policy definition. Once defined, you may notice all the Policies along with Assigned Users (based on the condition)

  12. 10. Click Apply to apply the changes. Once activated, the Status will be changed to Active. Read more: Authorization Policy in SAP IAG

  13. Contact us Level 2-4, 49, Shakthi Nilayam, Silicon Valley Society, Madhapur, Hyderabad 500084, India

More Related