Sapdup Blogging about SAP

14Nov/080

SAP GRC vs IdM

The other day I attended a SAP GRC (Governance, Risk and Compliance) presentation and demo by SAP and Deloitte.  I was pretty impressed by the functionality and particularly interested in some of the functionality around provisioning of SAP access by the tool (automating work currently done manually by my team).  I also liked their implementation of 'super user' functionaility (basically allowing a group of users access to much more powerful roles in a tightly controlled and monitored environment).

Then a few days later I attended a presentation and demo of SAP IdM (Identity Management).  This was also quite cool functionality, but I ended up qutie confused, as we had been shown the same functionality in both sessions, despite the modules being completely seperate.

After a few calls to SAP I managed to get the story.  GRC only provisions user access for SAP, while IdM can handle this for all systems.  Interestingly, one of the big selling points for GRC is it's ability to analyse security roles in different systems, so it seems a little odd that provisioning is left out.  I suppose it wouldn't be a wild suggestion to propose they did this on purpose to leave space in the portfolio for IdM (call me a cynic).

Filed under: General SAP No Comments