Discuss business intelligence, integration, compliance and a host of other SAP-related topics – implementation, best practices and resources to negotiate the world of SAP better!

« Navigate your Next with SAP on Cloud | Main | Smart Onboarding by New Hire Automation - SAP HCM Integration with Taleo Recruitment »

New enhancement in SAP GRC accelerates SAP Access Request approval at the click of a link using offline approval process


Managing user access control is important for any business and there are several readily-available applications that do this for enterprises. However, it is a highly complex task considering the number of users, diversity of roles assigned and the sheer volume of requests that need to be approved by managers/approvers. Some systems may even mandate purchasing other applications for added functionalities. This blog explains how new enhancements in the SAP GRC Access Control (AC) system simplify work for approvers, at the click of a link.


The access request management functionality in SAP GRC AC provides enterprises with a workflow engine to streamline how user roles are assigned within the SAP environment. Typically, a user initiates a request using the access request form, which initiates an automated approval workflow. Once the access request is submitted, another workflow gets triggered based on the selection/s in the request. The access request is then forwarded to the designated managers and approvers within a pre-defined workflow, which is usually customized to reflect your company's policies.

The standard option available in SAP GRC requires the approver to first log in to NWBC and then take the appropriate action (approve/reject). This can be quite tedious. In some cases, approvers have no knowledge about SAP, making it difficult for them to provide approvals. Thus, approvers need to be trained on how to use the standard approval process in NWBC. Conducting such training programs and preparing training materials can be challenging and time-consuming for large organizations that are spread across different geographies.


The good news is that SAP GRC AC now has an offline approval process with several user-friendly features that greatly simplify approval tasks. Approvers need no longer log in to the SAP GRC system. Instead, they can simply reply to an email even on their mobile devices! In this process, access request emails are embedded with approve/reject links that the approver can click on. Alternatively, they can also respond to the email with the appropriate text - 'approve' or 'reject'. Both these actions will ensure that the relevant SAP access request is run by the system.


SAP GRC AC enables this capability by configuring the inbound email functionality in the system. First, system user is created with their email ID, which is configured according to the subdomain of the system. An email outlook account is then created for the specific SAP user ID. Finally, a custom class is implemented in the SAP GRC system that reads inbound emails and processes SAP GRC requests based on the approver's actions.

The illustration below shows how the offline approval process works in SAP GRC Access Controls.

I believe this is handy solution for clients who are reluctant to adopt single sign-on solutions because of their high licensing costs. Another cost benefit is that you don't need to buy additional FIORI apps for the system. But the best part of offline approval process in SAP GRC is that it integrates seamlessly with mobile devices, making access control quicker, safer and easier-at your fingertips! 


Amazing stuff Sanjeev. This is something most customers would love to get in their GRC system.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

Please key in the two words you see in the box to validate your identity as an authentic user and reduce spam.

Subscribe to this blog's feed

Follow us on

Blogger Profiles

Infosys on Twitter