SAP is making a commitment to provide mobile applications that help companies unwire key tasks so that they can be performed wherever their employees are. There are now 30 different applications available that help companies perform key tasks from their mobile devices. To see all of these solutions, go to the SAP Service Marketplace (registration is required) at https://service.sap.com/support and follow menu path Software Downloads > Installations and Upgrades > Browse our Download Catalog > SAP Mobile Solutions. Figure 1 lists all the various mobile applications available. For GRC, the first mobile solution offered is SAP GRC Access Approver.

Figure 1

SAP mobile solutions

Although SAP GRC Access Request Management has helped in automating and streamlining the approval process, it still relies on managers to be physically connected to the company’s network to review and approve the requests. SAP GRC Access Approver, however, allows managers to approve requests using their mobile devices, thus dramatically improving the speed at which employees can gain access to systems they need to complete their jobs.

At this time, SAP GRC Access Approver is only supported on iPhones 3Gs and 4, and third- and fourth-generation iPod touches that run iOS 4.2 or higher. Future plans include supporting Android devices (no specific date yet). In addition, the application only works with SAP BusinessObjects GRC 10.0 solutions.

To install and use this application, the user must have the following components installed:

• Add-on Software Component GRCFND_A release V1000 SP4
• Add-on Software Component IW-BEP release 200 SP0
• LWMGRC01 100 – Integration for Mobile Collections 100
• SAP NetWeaver Gateway 2.0 Support Package 02
• Sybase Unwired Platform 2.1

Installing this application requires six steps. You can find additional information on the release and installation in SAP Notes 1625919 and 1620784.

Here is a list of the installation steps (the detailed instructions can be found in the Administrator’s guide).

1. Install SAP Netweaver Gateway 2.0 SP02
2. Install Sybase Unwired Platform 2.1
3. Connect SAP NetWeaver Gateway 2.0 with the existing SAP BusinessObjects GRC system
4. Connect SAP NetWeaver Gateway 2.0 with Sybase Unwired Platform 2.1
5. Install the add-on software component on the existing SAP BusinessObjects GRC system
6. Install SAP GRC Access Approver 1.0.0 on the mobile device. The software can be found on the Apple App Store.

Figure 2 diagrams the installation and deployment of this application.

Figure 2

SAP GRC Access Approver 1.0.0 deployment architecture

Once installed on the mobile device, the application, called Approver, appears similar to all other downloaded applications (Figure 3).

Figure 3

The iPhone screen for the Approver application

After you select this application, the home screen comes up as shown in Figure 4. SAP GRC Access Approver offers two easy categorizations of the requests:

• Access requests: Requests with a combination of systems, roles, and associated risks
• Firefighter requests: Requests that are exclusively for emergency access (no risk analysis)

Figure 4

The SAP GRC Access Approver home screen

This categorization allows managers to act on the most important and time-sensitive requests. Clicking the Access Requests button brings up the Access Requests summary screen shown in Figure 5. This summary screen provides high-level details of the requests awaiting approval. Clicking the individual request brings up the Access Requests details (Figure 6).

Figure 5

The Access Requests summary screen

Figure 6

The Request Details screen

The Request Details screen includes the basic request information, such as request type, priority, stage, and request number. Integration with a company’s address book allows the manager to either call or email the requesting user if the manager has questions.

From this screen, the manager can drill in to the access and risks options in the request to see further details. Figure 7 shows the screen that is displayed when the manager clicks the Access option from the Request Details screen. On this screen, it shows the exact security roles and systems being selected, and the manager can approve each role. Based on SAP BusinessObjects Access Control configuration, the manager could also add roles to the request if desired.

Figure 7

The Access Request detail screen showing Roles

Figure 8 shows the screen that is displayed when you click the Risks area in the Request Details screen. On this screen, the manager can determine if the risks are mitigated. This information helps the manager determine if the request should be approved.

Figure 8

The Risks detail screen showing risks and mitigations

Once the managers make their determination, they press either the Approve or Reject buttons as shown in Figure 6. In addition, they could add comments to the request as well. If SAP BusinessObjects Access Control is configured to allow forwarding, they could also forward the request for additional approvals. Once they click Approve, Reject, or Forward, a confirmation screen appears (Figure 9). The confirmation screen is where managers confirm they want to proceed with approving, rejecting, or forwarding the request based on their entry on the prior screen. This confirmation screen provides a control in case the manager unintentionally touches Approve, Reject, or Forward and allows them to Cancel if they don’t wish to proceed.

Figure 9

The confirmation screen

Once confirmed, the request is approved in real time in the SAP BusinessObjects GRC system, and the requester is notified by SAP BusinessObjects Access Control. Figure 10 is an example of the approval screen.

Figure 10

The approval screen

Jayne Gibbon

Jayne Gibbon, CPA, has been implementing SAP applications since 1996 and is currently a director in the Chief Customer Office at SAP. Jayne’s focus is making customers successful with their SAP HANA deployments. She has helped more than 100 customers drive business value with SAP HANA. Prior to joining SAP in 2007, Jayne worked for two multinational manufacturing companies based in Wisconsin. While an SAP customer, Jayne led the very first implementation of Virsa’s Compliance Calibrator, which is now part of SAP Access Control. Jayne’s experience includes internal audit; computer security; governance, risk, and compliance; SAP HANA; and SAP analytics.

You may contact the author at jayne.gibbon@sap.com.

If you have comments about this article or publication, or would like to submit an article idea, please contact the editor.