Key Insights Blog

Read the latest insights from our experts on GRC and risk management

25 January 2021

How SAP GRC users can utilise dashboards without Adobe Flaash

Adobe stopped distributing Flash Player at the end of 2020, a move which has had a major impact on SAP customers. Dashboards within several SAP products, including SAP Access Control, Process Control, and Risk Management, have all become unavailable.

All customers who want to launch dashboards in SAP NetWeaver Business Client (NWBC) or Fiori Launchpad (/UI2/FLP) will be affected by this, as the flash plugin will be removed from the browser upgrade.

Additionally, SAP themselves have said that they will not support any dashboard issues arising from the end of Flash, and so action needs to be taken by GRC users to ensure vital functionality is maintained.

If you’re using an older version of SAP GRC then your system is now out of support. However, even users on the newer 12.0 version of SAP GRC need to undertake a number of steps to retain the functionality of their dashboards. This blog explores the issue at hand, who is affected, and how you need to respond.

The issue

Flash has always been used to open and run the 16 dashboards available within SAP GRC. Without the overviews these dashboards provide, it becomes far more difficult for users to make informed decisions regarding access governance, risks, and controls, severely affecting the day-to-day operations of the business.

There are two potential solutions to this problem, and which one is best for you depends on how you use GRC. Firstly, SAP has developed new UI frameworks known as IGS, to replace the obsolete Flash dashboards. However, the best long-term solution is to upgrade to SAP GRC 12.0 SP11 (if this hasn’t been done already) and use Fiori Overview Pages (OVP).

CTA Clock Strikes 12-1

 

The OVP option

Fiori OVP can be enabled by installing the relevant UI component (UIGRAC01, UIGRPC01, and/or UIGRRM01) depending upon which solution(s) are being used. This provides KPI style dashboards which improve the visualisation of key data - allowing the user to view several important reports all in one place, without having to switch between different views.

SAP has deployed new OVP cards as a replacement for the impacted dashboard reports with CDS annotations. They are automatically available from GRCFND_A 12.0 SP11 onwards. However, customers on SP06 or above can manually configure and make use of the OVP functionality. Whilst these card types don’t completely replace all the impacted dashboards, they do replace a significant amount of the lost functionality.

Using SAP Access Control as an example, access rule library, mitigation control library, risk violations, user analysis and role analysis can all be displayed on a single SAP Access Control dashboard. This dashboard can be deployed by using SICF service grac_ac_db_ovp.

This solution not only replaces the ability to visualise key data that was available under Flash, but actually improves it by bringing together the data from multiple reports into one place.

Here is a snapshot of what the SAP Access Control dashboard Fiori OVP looks like:

GRC Dashboard

 

The IGS option

Customers below GRC 12.0 SP06 can utilise the IGS-based solution instead, especially if Fiori isn’t the interface of choice. Older versions of GRC systems (10.0 and 10.1) can still use the IGS solution to run dashboards, but if the customer faces any issues then SAP won’t support them. The existing dashboard set-up can be replaced by a UI, with different codes enabling the different dashboard functions you require. For example, the codes for SAP Access Controls are as follows:

2988521 - Access Rule Library

2991659 - Risk Violations

3005897 - Risk Violation in Access Request

3000433 - Mitigating Control Library

3001040 - User Analysis

3002635 - Role Analysis

3004912 - Violations Comparisons

3005728 - Alerts

3001951 - Role Library

3003762 - Access Requests 

3003192 - Access Provisioning

3003638 - Service Level for Access Request

 

In summary

Now is the perfect time for users who haven’t done so already to upgrade to GRC 12.0 SP11, as the loss of Flash has resulted in an alternative that actually provides an improvement to the dashboard functionality. Use of the IGS solution, meanwhile, should only really be considered by users who don’t utilise the Fiori interface.

It’s easy to want to stick with a legacy solution, on the basis of ”‘if it ain’t broke, don’t fix it”, but every so often an event like this acts as a necessary catalyst for change. If ever there was a time to ensure you’re running the latest, up-to-date version of SAP GRC 12.0… this is it.

CTA Clock Strikes 12-1

Turnkey’s expertise in SAP means we can help you upgrade your GRC systems with the right support packs for continued use of your business-critical dashboards. Get in touch today to explore how we can assist.