Skip to Content
Technical Articles
Author's profile photo Khushboo Kapur

SAP Fiori Solution for SAP Access Control

SAP Fiori provides a user-friendly and intuitive interface to access some capabilities of the SAP GRC products — SAP Access Control, SAP Process Control and SAP Risk Management.

Earlier the scope of accessing GRC workflows through SAP GUI was restricted to desktops, so as to bridge the gap between the growing digital needs and traditional SAP GUI system, SAP introduced Fiori, thus making the GRC workflows available on any digital platform (Phones, Tablet etc.) as well.

The blog post will help you understand as to which SAP Access Control Fiori solution will work best for your Business requirement.

ABAP ADD- ON COMPONENT FOR FIORI:

The SAP Fiori functionality for SAP Access Control is delivered via the ABAP Add-On i.e.

  • UIGRAC01 for SAP Access Control 12.0 (Minimum SAP UI 7.52 SP02)
    [Customers using Process control and Risk Management can deploy Component UIGRRMPC for 12.0 (Refer to Note 2624151) ]

 

  • UIGRC001 for SAP Access Control 10.1
    [Customers using Process Control and Risk management can deploy UIGRPC01 and UIGRRM01 respectively for GRC 10.1.(Refer to Note 2624151)

DEPLOYMENT:

There are two ways of deployment, either we can do a Central Hub Deployment (GRC and SAP Fiori both on separate system) or do an Embedded Deployment (GRC and SAP Fiori installed on the same system)

Fiori%20Deployment

Depending on your GRC release you can avail the features available via the ADD ON.

FIORI APPLICATION:

  • The SAP Access Control Fiori Application was introduced in 10.1 and is available for both 10.1 and 12.0 via UIGRC001 and UIGRAC01 respectively.
  • There are total 5 Fiori Apps available in SAP Access Control.
  • You can activate and maintain the O-data service and add the given systems in “System Alias” via Transaction “/IWFND/MAINT_SERVICE” or follow the below path.
     SPRO->SAP NetWeaver-> SAP Gateway->OData Channel->Administration->General Settings->Activate and Maintain services.
  • There are 5 default PFCG roles that are delivered as part of UIGRC001 and UIGRAC01 which are –

Important Links:

FIORI OVERVIEW PAGES:

  • The SAP GRC Fiori Overview Pages (OVP) are based on SAP Fiori elements technology and are currently available for GRC 12.0 and you need to have UIGRAC01 ADD-ON component installed.
  • The SAP Overview pages provide greater insights on all the GRC related information on a single page which allows the user to focus on the most important tasks, and view, filter, and react to the information quickly.
  • There are 3 Overview pages(OVP) available in GRC and each OVP displays multiple card and each card shows data related to the associated “Dashboard reports” in NWBC.


  • You need to activate and maintain the O-data service and add the GRC system in “System Alias” via Transaction “/IWFND/MAINT_SERVICE”.
  • Besides this, you need to add the backend PFCG Role “SAP_GRAC_BCR_SCRTYMGR_T”  in order to access these Overview Pages (OVP).
  • Currently the SAP Access control Overview Pages (OVP) show data for last 4 months.
  • As mentioned, each topic in the GRC Overview Pages is represented by a card and each card is mapped to the Associated Dashboard report in NWBC, so when you click on the card the report gets opened.
  • A new OVP is added in GRCFND_A SP11-UIGRAC01 SP6, which is the “GRC Access Control Dashboard OVP” and this OVP displays data related to the NWBC dashboard reports.(Refer to Note 3004501 and 3004415)

For more information on which card is mapped to which associated report in NWBC please refer to the below Charts.



FIORI LAUNCHPAD:

 

The SAP GRC Fiori launchpad was introduced in 12.0 and you need to have ADD-ON UIGRAC01 installed in your system.

NOTE: The  Add -On UIGRAC01 includes both Fiori apps and Fiori launchpad(12.0) and UIGRC001 only has only Fiori apps (10.1)

  • With Fiori launchpad, all the NWBC links can be replaced to Fiori like Apps.
  • For this feature, you don’t need to activate any O-data service, you just need to Install Add-On Component UIGRAC01 and the SAP UI must be on 7.52 SP02.
  • SAP Access Control 12.0 delivers a set of SAP Fiori business catalogs that enable you to open the WebDynpro Access Control applications in the launchpad.
  • Each NWBC link of GRC box has different a Semantic Object (which points to the same Webdynpro link) associated with it and is further used within Tiles in Technical catalog

Important Links:

Based on the your landscape and business requirement you can implement the respective SAP Access control Fiori solutions as mentioned above.

List of Important Notes:

  • 2628011 – Where to find documentation on GRC Integration with SAP Fiori
  • 2634112 – Fiori Access Control – Recommendations / Supportability guidelines / Best Practices
  • 2654895 – FAQ: GRC Access Control 12.0 Installation Questions and Recommendations
  • 2912555 – Does it require separate licence to integrate FIORI with my GRC 12.0 install?
  • 1929930 – Release Information Note for UI for GRC 10.1
  • 2909690 – Fiori tiles are not visible in the launchpad.
  • 2584730 – FIORI error “The request URI contains an invalid key predicate”

Assigned tags

      7 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Neeraj Manocha
      Neeraj Manocha

      Very Nice & Detailed blog, Khushboo. Really useful.

      Author's profile photo Pankaj Jha
      Pankaj Jha

      Is there a similar OVP pages for GRC Process Controls ? Also, I checked with SAP Role -'SAP_GRAC_BCR_SCRTYMGR_T' and it doesnt seem to have the tile for 'Access Request Overview' Page.

      Author's profile photo Khushboo Kapur
      Khushboo Kapur
      Blog Post Author

      Hi Pankaj,

      For your 1st Query, can you check the below Help.sap Link which has the required information related to SAP Fiori - Process Control

      https://help.sap.com/viewer/8aa837aefdca4f9f9456d4e5ac1004d3/2.0%202018-04/en-US/89f5fb4f0b984948aaf15a87e093fc34.html

      For your 2nd query, the "Access request Overview page" is delivered in UIGRAC01 SP04, so please make sure you are on the given SP level.

      Regards,
      Khushboo

      Author's profile photo Pankaj Jha
      Pankaj Jha

      https://help.sap.com/viewer/8aa837aefdca4f9f9456d4e5ac1004d3/2.0%202018-04/en-US/89f5fb4f0b984948aaf15a87e093fc34.html

      Above link has functional Fiori apps for PC and not the OVP (Overview) apps shown for AC.

      Author's profile photo Nitesh Kumar
      Nitesh Kumar

      Hi Khusboo

      Thanks for you blog.

      I have a query regarding FIORI apps for SAP GRC 12.0 (AC & PC)

      As advised by you, Add -On UIGRAC01 includes both Fiori apps and Fiori launchpad(12.0) & NWBC link get replaced by FIORI Like apps and it does not need ODATA service to be activated.

      My question is as below

      Is the apps given in fioriappslibrary for access control different from the one in your blog.

      https://fioriappslibrary.hana.ondemand.com/sap/fix/externalViewer/#/detail/Apps('F0221')/W19

      Also, is there any standard FIORI  apps delivered for GRC Process Control.

      Thanks

      Nitesh

       

      Author's profile photo Jawahar Bora
      Jawahar Bora

      Nice blog..

      Please apply below SAP note after configuration to resolve the "Access Request Overview" page not visible issue.

      https://launchpad.support.sap.com/#/notes/2936603

      Author's profile photo Vivek Nagal
      Vivek Nagal

      Very well Explained Blog...

      Thanks Khushboo for this informative Blog .It will really help us in getting to Fiori OVP Pages as we have recently done with out SP Upgrade to 11 for GRC 12.0 .

      My query to you is if i understand correctly once we have the SAP GRACUI01 Component installed on our GRC Box .

      Do we need to activate the Respective OData Services in one of our Gateway Fiori System which is also connected to GRC.

      And have the Services added both in Gateway side IWSG and Backend GRC IWSV and get these update in Front end and Backend Role for user to use these Services from Fiori Front end.

      May be I am wrong but that's how other services which are being accessed for Fiori we setup.

      If you clear this point it will be very helpful for getting it working in our enviorment.

       

      Where we have a Central GRC Box and all connected Backend Sytems ECC,FIORI, BI Connected to it.

      Regards

      Vivek Nagal