SAP released a new version of Access Control in March 2018. It became generally available in September 2018, and in January 2019, support pack 3 was issued. In this release, SAP added some new functionality and improved some of the existing functionality. These updates include integration with cloud platforms, enhanced emergency access management, a more robust UI, and more support for Identity Access Governance (IAG). Some of these changes are significant and will require some technical steps before you can upgrade. In this post, we’ll take a look at the increased functionality you’ll gain by moving to v12 and how you can prepare for this upgrade.

What are the Technical Requirements for Upgrading?

A new instance is not required to upgrade; however, SAP Netweaver 7.52 SPxx is needed. If you’re planning a direct move from GRC 10.1, you will need the following support packs:

For a complete list of technical requirements and steps, refer to the Upgrade Guide for SAP Access Control 10.0/10.1 to 12.0.


Is SAP Fiori a Requirement?

Fiori is the new standard interface in v12.0, replacing the traditional GUI and Netweaver Business Client (NWBC). While SAP has enriched the UI experience with Fiori, it is not a requirement to upgrade. NWBC and the SAP Portal are both still supported in v12.0. The primary benefit of Fiori is that it provides users with a central location for all their applications and activities. If you decide to move ahead with Fiori, you will need SAP UI 7.52 SP02.


What Enhancements Have Been Made to Existing Functionality?

Version 12.0 includes a number of significant enhancements to existing functionalities, including emergency access (Firefight access), synchronization jobs, and mass role updates. Let’s take a look:

  • Firefighting is now supported for SAP HANA database activities.
  • It is no longer necessary to setup firefight controllers and owners prior to assigning a Firefight ID.
  • Synchronization jobs have been optimized. These can now be scheduled in parallel or as dependent upon each other.  User access review jobs now include the ability to exclude specific data.
  • As clients move to S/4HANA, the ruleset will need to be updated. Additionally, webdynpro applications will need to be considered.  SAP has included a business configuration (BC) set for S/4HANA.
  • Role Mass Maintenance functionality now provides the ability to reapply role-defining methodology steps to multiple roles at a time.


What New Functionality Has Been Introduced?

The most significant new functionality in v12.0 is the integration of cloud solutions like SAP Ariba, SAP Concur, Success Factors and S/4HANA Cloud.  One requirement for cloud integration is the use of SAP IAG. For more information on SAP IAG, refer to the Integration with SAP Fiori Apps for SAP S/4HANA On-Premise guide. GRC v12.0 continues to integrate with SAP Identity Management (IdM) as well as SAP Employee Central Payroll. 


When Will Maintenance End for These Versions of Access Control?

The following table depicts the end of mainstream maintenance for the Access Control versions mentioned in this post.

Considering an Upgrade to v12.0?

Mainstream maintenance for v10.x will end in less than 24 months, and many are considering a move to v12.0 in the near future. If you have questions as you consider upgrading or need assistance with this transition, our team of SAP experts are here to help.

Talk to an Expert



Want more practical audit insights?

Subscribe to Focal Point's Risk Rundown below - a once-a-month newsletter with templates, webinars, interesting white papers, and news you may have missed. Thousands of your colleagues and competitors have signed up! You can unsubscribe at any time.