SAP GRC 12 described in a nutshell

The new GRC 12 release is out since a couple of months. So we took the time to figure out what new features SAP came up with in the release as well as in the published support packs (right now SAP(c) published SP 3). Below you will find some of the most important GRC 12 features.

In general the new SAP GRC 12 features can be clustered into the three blocks INTEGRATION, PROCESS OPTIMIZATION and USABILITY.


GRC 12 fully integrates all cloud applications. For this, SAP introduced a new solution called “Cloud Identity Access Governance”. The solution itself is a cloud solution, connecting the GRC access control component (on premise) with cloud applications that might have been already in use by a couple of clients, but couldn’t connect to the Access Control component as they did not fully integrate yet. Cloud Identity Access Governance (IAG) acts as a bridge between GRC and cloud applications like SAP Concur, SAP Ariba, S/4 Hana, Employee Central Payroll system or SAP Success Factors. IAG is an interactive and intuitive solution that is based on the FIORI technology offering the following features:

Access Risk Analysis

  • Monitor, analyze and optimize user access in realtime (for both, on-premise and cloud applications)
  • Direct removal of critical roles based on usage data
  • Identification of SoDs, critical access risks with the option to directly mitigate them by assigning controls

Business Role Management

  • Revise business roles for improving role consistency across all connected landscapes

Access Request Management

  • Central access request creation for all connected cloud applications
  • Auditable access request processes
  • Faciliating of the access request process by providing intelligent filters and operating instructions

Emergency Access Management

  • SAP GRC 12 enables Firefighting for Hana systems, firefighting becomes usable for all web applications and UIs.

Although Cloud Identity Access Governance comes up with native GRC features, IAG is an add-on for the existing GRC solution and not a replacement. Furthermore, IAG works seamlessly with the Identity Provisioning Service (IPS), the IAS (Identity Authentication Service = SAML Provider) for the various SAP Clouds e.g. S/4 Hana Cloud, Analytics cloud and other.

Process optimization

Beside of integrating cloud applications, GRC 12 also offers other benefits like optimization within the area of BRM, EAM, ARA and synchronization jobs.

Synchronization jobs

  • Parallel job processing improves synchronization time and enables clients to schedule parallel jobs. This becomes especially interesting for the repository synchronization job between the GRC and backend systems as the performance of this job increases as well as the run time
  • New job parameters are introduced for LDAP repository sync jobs allowing clients to schedule jobs in a more flexible way

Business Role Management (BRM) & Emergency Access Management (EAM)

  • User Access Review job: Before the GRC 12 release, scheduling of the User Access Review (UAR) job could become a struggle when jobs lead to ABAP dumps on the system due to too much UAR data. GRC 12 solves this issue as SAP introduced batch processing, enabling the job to run smoothly.
  • BRM: Mass maintenance of business role methodology is introduced, allowing clients to update business role methodologies by using the role update tool.
  • EAM: The maintenance of firefighter owners and controllers is facilitated. Instead of maintaining owners and controllers within the AC owners list, it is now possible to directly assign owner and controllers to a firefighter ID.

Access Risk Analysis

  • Automatization of risk analysis: Imagine you have a multi path access request approval workflow. With GRC 10/10.1 each approver had to manually start the risk analysis once again before submitting the request. This manual activity is now automized improving the user experience.
  • The new SAP GRC 12 release also comes along with a new ruleset for SAP HANA and S/4 HANA (new BC sets are available as well).


  • Access Request notifications have all relevant approvers maintained within the CC field of the mail, creating more transparency for endusers.
  • As mentioned before GRC 12 fully supports the FIORI frontend, screens are designed simpler and navigation improved a lot by making use of SAP screen personas leading to a new “look and feel”.

In summary GRC 12 brings up a lot of beneficial process improvements, integration scenarios and usability features.

Contact us for more information concerning future GRC 12 capabilities for your hybrid clouds because you might know. The future is hybrid and REST APIs are the keys to that landscape.

how can we help you?

Contact us for more information or for requesting our consultancy services for SAP GRC.

Looking for sustainable GRC consultancy?