SAP GRC and the end of Adobe Flash Player

What does the end of Adobe Flash mean to your SAP GRC System? According to Adobe`s website, Adobe Flash Player`s end of life is 31 December 2020. There is an alternative solution – HTML5 can be used. SAP GRC uses Adobe Flash Player to run its dashboards and the retirement of Adobe Flash Player will have a significant impact on SAP Products but there are options. In this post, we will explain how it may affect your company and describe the alternatives to overcome this challenge.

What Will Happen

Embedded within SAP GRC, Adobe Flash technology is used to open and run the Dashboards. The retirement of Adobe Flash means that those dashboards will stop working after 31 December 2020.

What’s Happening Now

SAP has developed Fiori cards which are basically a one-stop-shop reporting capability to analyze, focus, and prioritize tasks. A set of Fiori cards has been developed specifically for GRC, with the intention of replacing the reports that were using Adobe Flash Player to run. From the Fiori Library, the new apps are:

Access Control

  • Access Request Overview
  • Role Management Overview
  • Emergency Access Management Overview

Risk Management

  • Risk Overview
  • Loss Overview
  • Loss Structure
  • Loss Event Overview
  • Loss Event Structure

What This Means For You

Companies using SAP GRC need to take action and replace the Dashboard tiles with the new overview Fiori cards provided by SAP.

The new Fiori cards look great. Here`s a sneak peek of the new overview tiles for GRC Access Control which also gives a hint of the Fiori cards strategy:

Access Request Overview

Role Management Overview

Emergency Access Management Overview

Risk Analysis and Remediation Overview

Risk Analysis Overview is still an open question. There is no evidence of a Fiori card specifically for Risk Analysis and Remediation and this is the module that comes with the most Flash player content (Dashboards) compared to the other three.

What You Can Do Now

For Access Control

An assessment needs to be done to analyze what is currently installed and configured. Depending on what is in place, one of the following approaches has to be followed:

1. If you are on GRC 10.1*, what do you need to do?

a. Fiori Overview pages are only available in GRC 12.0 therefore GRC needs to be upgraded;

2. If you are already on GRC 12.0, what do you need to do?

a. GRC Overview pages are available from SP 08 onwards so you will need to upgrade your GRC 12.0 to at least support package 08;

b. Front-end component UIGRAC01 needs to be on support package 04.

3. If you already are on GRC 12.0 but still use NWBC (Netweaver Business Client), what do you need to do?

a. The overview pages are OData services and therefore are only available in Fiori. To have access to the cards, Fiori must be deployed.

For Process Control and Risk Management

  • A correction note can be implemented to enable new reports.

*Companies on GRC 10.1 should also take note that mainstream maintenance ends on 31 December 2020, this provides another good reason to upgrade to GRC 12.0


If you are in one of the scenarios above we highly recommend that you take appropriate actions to mitigate the risks of having your system unsupported or your dashboards inoperative.

Want to discuss in more detail?

Fernando Bassuino is a Senior GRC consultant at CompliantERP whom specialises in SAP Security and Compliance. His GRC experience totals more than 8 years with specialisation in all modules (Access Control, Process Control and Risk Management). He has worked for SAP Labs Latin America helping GRC customers worldwide. His strong troubleshooting skills means he is capable of explaining complex functionality in a high level of detail and resolve complex application issues. Fernando’s deep technical understanding of GRC has allowed him to also provide GRC training and embedding of GRC processes for his customers.

Comments are closed.

Social media & sharing icons powered by UltimatelySocial