What does the end of Adobe Flash mean to your SAP GRC System? According to Adobe`s website, Adobe Flash Player`s end of life is 31 December 2020. There is an alternative solution – HTML5 can be used. SAP GRC uses Adobe Flash Player to run its dashboards and the retirement of Adobe Flash Player will have a significant impact on SAP Products but there are options. In this post, we will explain how it may affect your company and describe the alternatives to overcome this challenge.
What Will Happen
Embedded within SAP GRC, Adobe Flash technology is used to open and run the Dashboards. The retirement of Adobe Flash means that those dashboards will stop working after 31 December 2020.
Users trying to access the Dashboards via NWBC or Fiori will receive the following message:
What’s Happening Now
SAP has developed Fiori cards which are basically a one-stop-shop reporting capability to analyze, focus, and prioritize tasks. A set of Fiori cards has been developed specifically for GRC, with the intention of replacing the reports that were using Adobe Flash Player to run. From the Fiori Library, the new apps are:
- Access Request Overview
- Role Management Overview
- Emergency Access Management Overview
- Risk Overview
- Loss Overview
- Loss Structure
- Loss Event Overview
- Loss Event Structure
What This Means For You
Companies using SAP GRC need to take action and replace the Dashboard tiles with the new overview Fiori cards provided by SAP.
The new Fiori cards look great. Here`s a sneak peak of the new overview tiles for GRC Access Control which also gives a hint of the Fiori cards strategy:
Access Request Overview
Role Management Overview
Emergency Access Management Overview
Risk Analysis and Remediation Overview
Risk Analysis Overview Pages were released at the beginning of this year. SAP released a KBA advising customers to upgrade to Support package 11 of GRC foundation.
The following dashboards were developed using Fiori cards:
- Access Rule Library
- Mitigation Control Library
- Risk Violations
- User Analysis
- Role Analysis
Pre-requisites to implement the new Fiori cards for Risk Analysis and Remediation are:
- GRCFND_A 12.0 Support Package 11
- UIGRAC01 100 Support Package 06
Instructions on how to implement the new Risk Analysis Dashboards are available in the following SAP Note:
- 3004415 – GRC AC12.0 Dashboard Overview Page with CDS Annotations.
What You Can Do Now
For Access Control
An assessment needs to be done to analyze what is currently installed and configured. Depending on what is in place, one of the following approaches has to be followed:
1. If you are on GRC 10.1*, what do you need to do?
a. Fiori Overview pages are only available in GRC 12.0 therefore GRC needs to be upgraded;
2. If you are already on GRC 12.0, what do you need to do?
a. GRC Overview pages are available from SP 08 onwards so you will need to upgrade your GRC 12.0 to at least support package 08;
b. Front-end component UIGRAC01 needs to be on support package 04.
c. If upgrading is a possibility, upgrade GRC to the latest support package available now (SP 11) to have access to all that has been developed so far in terms of Overview Pages.
3. If you already are on GRC 12.0 but still use NWBC (Netweaver Business Client), what do you need to do?
a. The overview pages are OData services and therefore are only available in Fiori. To have access to the cards, Fiori must be deployed.
For Process Control and Risk Management
- There are some correction notes available for Risk Management and Process Control. Find below the note numbers and the reports they fix:
Process Control Reports such as Evaluation Status Dashboard and Overall compliance Status Dashboard will be delivered via upgrade. We strongly recommend customers to upgrade to Support Package 11 to receive the updates on reports that used to work with the retired Adobe Flash technology.
*Companies on GRC 10.1 should also take note that mainstream maintenance ends on 31 December 2020, this provides another good reason to upgrade to GRC 12.0
If you are in one of the scenarios above we highly recommend that you take appropriate actions to mitigate the risks of having your system unsupported or your dashboards inoperative.