Skip to Content

Hello GRC Mates,

Please find some of the New Enhancements in GRC AC 10.1 SP18 and SP19


Access Control Is integrated with Success Factors

With GRC AC 10.1 SP19, Customers can start using Access Control to manage access requests, analyze SoD and critical access risks, manage business roles, and provision users for SuccessFactors.

This enhancement includes: Addition of the Connector TypeSFEC Success Factor Employee Central

For more details on this enhancement, Refer SAP Note Number: 2538932


Enhanced Risk Analysis for S4HANA Fiori Apps 

With GRC AC 10.1 SP19, AC Risk Analysis is integrated with Fiori Apps on S/4 HANA On-Premise Systems.

This is an advance development for which upgrade to GRC AC 10.1 SP19 is mandatory.

For more details on this enhancement, Refer to the following SAP Note Numbers: 2539742, 2483611, 2481822, 2515567


Ruleset for S/4 HANA Risk Analysis

With GRC 10.1 SP19, Rulesets are delivered for S/4 HANA and HANA Database via BC Sets.


Some of the BC Sets that needs to be activated in SCPR20 Transaction are as follows:


For more details on this enhancement, Refer SAP Note Number: 2574731


Enhancement in SAP GRC SOD standard rules library for HANA Plugin

A new BC Set is introduced “GRAC_RA_RULESET_SAP_HANA” with SP20 support pack of GRC 10.1 release. New Connector Group “SAP_HANA_LG ” is also introduced with this BC Set. After activating this new BC Set, new Connector Group “SAP_HANA_LG ” will be part of the existing standard connector group list.

Note: It STRONGLY Recommended not to activate these BC Sets delivered in SP19. Upgrade to SP20 (once it is available) and then activate the BC Sets based upon your requirements.


For more details on this enhancement, Refer SAP Note Number: 2524840


Mitigation Controls not loaded back properly in Access Request

After Running Risk Analysis and applying the Mitigation Controls, the recently saved ones are not loading back properly.  To Resolve the issue, Refer to SAP Note Number: 2477750


Mass Maintenance of Risk Owners and Mitigation Control Owners

With GRC AC 10.1 SP18, editing multiple Risk Owners and Mitigation Control Owners at one time is possible now.  This can be performed by editing them directly or uploading an XML file.

For more details on this enhancement, Refer SAP Note Number: 2491450


Addressing Ineffective Mitigation Control Across AC and PC

With GRC AC 10.1 SP18, when an assessment in Process Control finds a control as ineffective, a mechanism is provided to delete the respective controls from Access Control also.


For more details on this enhancement, Refer SAP Note Numbers: 2445331, 2486955


Additions to this blog is most welcome.



Rakesh Ram M

To report this post you need to login first.


You must be Logged on to comment or reply to a post.

  1. Vanita Partharathy

    Hi Rakesh,

    Thank you for the useful document.

    We are on GRC10.1 SP20, even after all the mentioned BC sets are activated, we are not able to see rule set being updated for HANA. Any pointers? Are we missing something?

  2. Vanita Partharathy

    Hi Ramesh,

    Thanks for the Note, i have seen this already and have activated the relevant BC sets, but still rule sets are not showing HANA risks.

    We have not connected any HANA/FIORI systems, we are trying to analyse the standard HANA/FIORI rule set by downloading them from our test machine. Does this impact? BC set activation should independently be updating the rule sets right?



Leave a Reply