Additional Blogs by SAP
Showing results for 
Search instead for 
Did you mean: 

With this application, you can use the data that you have replicated from your SAP GRC system to SAP HANA, and monitor, analyze, and, in some cases, act on role-centric reports. SAP Role Analytics is an example of how you can create analytical reports and add functionality that allows you to take action on the analytical data.

The application has these reports:

·         Unused Roles

You can take action to de-provision unused roles.

·         Actively Used Roles

·         Orphaned Roles

You can access the application using an HTML5 supported web browser .The application counts the actively used, unused, and orphaned roles on the GRC system, combines it with the business process information, and displays this data in pie chart format. The default date range for the count is the current year. You can adjust the data by changing the date range, or by selecting filters for role type, landscape, criticality level, and sensitivity.

The default report is Unused Roles. You can choose to display the information in different formats: pie chart, bar chart, table. You can drill down by choosing any of the selectable elements in the charts and tables.


From the available options, select “Orphaned Roles.”

From the Sensitivity filter, when selecting “Confidential,” “Restricted,” and “Classified, the filter shows the selected 3 of the possible 10 choices under Sensitivity. Then automatically result gests refreshed graphically based on the selection criteria (pie chart).

From the result set, we can switch the pie chart to bar chart.

By double-clicking on the specific bar say the business process Quality Management roles bar in the graph, it will drill down the list of roles.

          2) UNUSED ROLES

Double click on the “Basis” section of the chart, bringing up a table of the roles and user counts involved.

The filters can be applied to check the roles for the specific land scape say SAP R/3

From the list, we can go through each of the roles in the SAP R3 systems that aren’t being used. Even more convenient, we can select to de-provision the role from the affected users. The de-provisioning request is sent directly to the backend Access Control system and the appropriate workflow is used with just one click!

We can continue to use the SAP Access Control Role Analytics application to quickly and easily resolve the remaining unused role issue and addresses Internal Audit’s concerns.