SAP released the Access Control v12.0 in March this year and the product is soon (current estimate Q3 2018) coming out from the ramp up phase to global availability.
SAP continues to invest in the GRC onsite platform, even though they in parallel drive the strategic focus within cloud applications. This current new release has a high focus on usability via the extended launch of the Fiori user interface. The other focus point has been to improve the integration towards S/4 HANA. In general, one can equally well state that the integration towards other platforms has been the focus point as SAP releases features towards cloud, S/4, Success Factor and Identity Management within the new release. One customer rarely uses all these other tools, so it remains to be evaluated by each customer respectively how this benefits them in their specific scenario. In addition, there is a whole bunch of detailed process related improvements.
From an architecture point of view, we don’t see massive changes. You can still use and install the application as you did before, and you can choose to install the system as S/4 or not. Access Control is well compatible with the S/4 systems, as it was already in the previous release. If you are using Fioris, then this is the timepoint to move to a Fiori based user interface. We even see administrator related Fiori-screens in Access Control, however, if your company lacks a Fiori / mobile strategy then you can still decide to choose to stay on the traditional UI. We firmly believe though that certain tasks for example the approvals of access requests, is easy to introduce via Fioris and subsequently if the mobile infrastructure is in place then business greatly values the introduction of simplified interfaces.
What comes to the process and integration related improvements we are most excited about the decision to introduce Emergency Access Management and compatibility towards HANA database. This is in our opinion an important strategic step that we are happy to see SAP has taken. It is always cumbersome to leave some systems out from a defined EAM process and have another way of working there. This greatly helps to avoid that type of situation. However, customers still need to focus and build proper roles on the HANA database to ensure enough segregation of access.
From a timeline point of view, the current release of Access Control is 10.1 and both its non-S/4 as well as S/4 version goes out of maintenance end of 2020. Most customers do have roadmap plans that far – what is your plan on when and how to move to the new version?