Skip to Content
Author's profile photo Former Member

SAP GRC Access Control 10 with BRFplus – The sophisticated level of Access Management

SAP GRC Access Control 10 is the solution supporting prevention of security breaches, and fraud, whilst assisting organizations in managing risk and compliance across the entire business and IT landscape.

Access Control comes with a broad range of already preconfigured business scenarios in the system. In addition it provides a new flexibility in workflow design and complex configuration scenarios – an important step forward supporting complex organizational set-ups.

The Business Rule Framework (BRF+) – an integrated toolkit introduced with GRC 10 – is a core element in enhancing the existing functionalities.


  • BRF+ can determine the approval path for each individual role in an access request based on the role and request attributes (for example Business Process, Role Type, Criticality etc.). 
    Every customer can create the required routing logic in an easily adaptable decision table.
  • BRF+ can be utilized for additional or exceptional routing rules in a workflow triggered by custom defined parameters.             
    Think of a role with criticality level “High” needing additional security approval. With the help of a BRF+ routing rule reflecting the aforementioned condition it is possible to redirect a workitem to the security path, even after the standard approval path is finished.
  • BRF+ can support the approver determination. In case every business process has a different security responsible for critical roles, a decision table allows mapping of involved approvers to relevant business processes.
  • BRF+ can apply flexible risk mitigation policies.             
    Based on the available attributes it can be determined which risk levels are and which are not mandatory to be mitigated during the access request
  • BRF+ can identify default approvers based on available role attributes.              
    This one time implementation effort definitely decreases the maintenance work in the course of all succeeding role creation and update activities.

BRF+ offers a variety of supporting functionalities in addition, such as calls of function modules in the backend, definition of complex rules and calculations, or backend table lookups for necessary information not provided through standard variables. 

If you want to learn more – please check out our SAP Education Training WGB301: “Advanced Access Control – Learning and mastering enhanced SAP workflow customization”.

Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Edwin Geel
      Edwin Geel

      Thx, this helps in a fast understanding and positoining of the power of the BRF+ framework.

      Author's profile photo Gustavo Soares
      Gustavo Soares

      Would it be possible to add what it cannot do, please? In particular, I'm interested if BRF+ can change the content of the request (e.g. validity date of roles).