Top 10 Q/A: Access Control



Our Access Control tool has been around since 2014

Our Access Control tool has been around since 2014 and has served numerous international customers. Throughout the years we have been constantly developing it, and the feedback we have received from our many customers has been invaluable in order to build the most efficient and helping our customers to move from today’s manually handled control environment to an automated one. We have collected 10 of the most common and relevant questions regarding Access Control and crafted this blog post for you to learn about the more technical functions of AC.

1. Can Access Control be integrated with an Identity Management (IdM) process?

  • There are two ways AC can support the IdM process. It is possible to configure an integration to your IdM system supporting AC to be activated in case of risk being detected. As an alternative the AC preventive check can be deactivated leaving the approval of risks to be supported by Legacy Risk Management (LRM). In LRM Cockpit all risks will be listed and can be processed to risk approval either manual or automatic. This will support that your Risk Management process can run in parallel with the IdM process without having to set-up and maintain an integrated process.

2. Is AC supported by an approval workflow?

  • Yes, the risk defined is supported by different system reactions. One of the them is an Approval Workflow where Risk Approver and substitute can be appointed. The Risk Approver will receive an email notification and log-in to the personal AC Approval workplace. After approval AC automatic conduct the role assignment.

3. How long will it take to implement AC?

  • Answering this question, we need to discuss both a technical installation and a governance configuration. The technical implementation is fairly simple and will typically have a duration of 2-3 days effort including a verification from ComplianceNow. The Governance configuration will include upload of Risk Library, identification of risk approvers and preventive actions. This will enable you to run a preventive process, execute risk reports and follow the development in the AC Dashboard. Executing the governance configuration process can be anything from days to weeks influenced by the maturity level, the organization’s ability to take ownership and setting the relevant ambition level for short and long term.
Access Control blog image

4. To which level does AC support SoD – can you define risk down to objects and field values?

  • The short answer is yes. AC support defining both single and multiple sided risk on services, transactions codes, objects, fields and fields values.

5. Is AC preventive?

  • Yes, AC is an integrated and real-time preventive risk management solution. AC has defined the following preventive actions that can be selected for the individual risks: Approval Workflow, Documentation Required, Display Message, Full Stop and None.

6. What does the AC Risk Library cover?

  • The CN Access Control Risk Library contains approximately 120 predefined SoD risks and approximately 90 critical access risks, including all affected SAP transactions and associated SAP authorization objects and their values. Supporting the core business processes in SAP (Finance, Procure to Pay, Order to Cash, HR & Payroll, Basis & Security). The Risk Library is available in English, Danish and German.

7. Can AC support a Risk Library delivered by our auditor?

  • Yes, it is possible (and recommendable) to configure your own risk library. AC Risk Library Template can be downloaded for editing in Excel and re-uploaded to AC. We have experience with customers which migrated BIG Four and other risk libraries.

8. What kind of views does the Dashboard deliver?

  • As starting point the AC Dashboard deliver a group of Dashboard views for each risk types, e.g. critical role or functionalities. Examples of views: User Compliance, Risk Introduced, Roles not in compliance, Total risk for top 20 users, Critical tcodes suddenly used. The Dashboard aims at giving a status and a trend of the compliance situation supporting the need of daily operation and management reporting.

9. Does AC require a dedicated system string?

  • As goes for the Risk Risk Library it is possible to make e.g. the productive system as the master reference for the other systems in the system string. This means that only one master risk library needs to be maintained.

10. What would you say was the difference between SAP GRC and AC?

  • The overall answer is that CN Access Control is significant less complex in both in the installation, configuration and the user interface. Access Control has in general the same functionality but in some areas, SAP GRC will have more advanced options to offer. As an example, SAP GRC Workflow can offer options to support a more complex provisioning workflow. CN Access Control is designed to support the small to midsized companies in need for a fully integrated, reliable and preventive SoD engine possible for the local SAP Compliance Manager to operate. CN Access Control is priced significantly lower than its competitors.

Yes, we know that this was supposed to be a Top 10. Though, we chose to add two more bonus questions we also feel could be relevant information for you.


11. Does AC support multi sided risks?

  • Yes, it is possible to defined multi sided risk in AC.

12. Is it possible to make false-positive analysis?

  • Yes, AC includes transaction code usage statistic in the AC Reporting module enabling to run a false-positive analysis in the risk reporting.

Follow us on LinkedIn and get instant access to our latest articles and posts on SAP and compliance.

Segregation of Duties

Interested to learn more….?

We always look forward presenting Acces Control to present customers, possible new customers, partners and network. So, if you want to learn more, have questions or would like to see a live demo of CN Access Control please contact us.

Contact us!

    I hereby consent to my personal data being collected, processed, and used for the purpose of processing my inquiry. I may revoke my consent anytime without stating my reasons for doing so. More information can be found in our privacy policy.

    Rufen Sie uns an
    +49 6173 3363 000

    Schreiben Sie uns


    Find your way to our office in Denmark

    Google Maps

    Mit dem Laden der Karte akzeptieren Sie die Datenschutzerklärung von Google.
    Mehr erfahren

    Karte laden

    Meet the Team