SAP GRC and the end of Adobe Flash Player

What does the end of Adobe Flash mean to your SAP GRC System? According to Adobe`s website, Adobe Flash Player`s end of life is 31 December 2020. There is an alternative solution – HTML5 can be used. SAP GRC uses Adobe Flash Player to run its dashboards and the retirement of Adobe Flash Player will have a significant impact on SAP Products but there are options. In this post, we will explain how it may affect your company and describe the alternatives to overcome this challenge.

What Will Happen

Embedded within SAP GRC, Adobe Flash technology is used to open and run the Dashboards. The retirement of Adobe Flash means that those dashboards will stop working after 31 December 2020.

Users trying to access the Dashboards via NWBC or Fiori will receive the following message:

Adobe Flash Player is no Longer Supported

What’s Happening Now

SAP has developed Fiori cards which are basically a one-stop-shop reporting capability to analyze, focus, and prioritize tasks. A set of Fiori cards has been developed specifically for GRC, with the intention of replacing the reports that were using Adobe Flash Player to run. From the Fiori Library, the new apps are:

Access Control

  • Access Request Overview
  • Role Management Overview
  • Emergency Access Management Overview

Risk Management

  • Risk Overview
  • Loss Overview
  • Loss Structure
  • Loss Event Overview
  • Loss Event Structure

What This Means For You

Companies using SAP GRC need to take action and replace the Dashboard tiles with the new overview Fiori cards provided by SAP.

The new Fiori cards look great. Here`s a sneak peak of the new overview tiles for GRC Access Control which also gives a hint of the Fiori cards strategy:

Access Request Overview

Role Management Overview

Emergency Access Management Overview

Risk Analysis and Remediation Overview

Risk Analysis Overview Pages were released at the beginning of this year. SAP released a KBA advising customers to upgrade to Support package 11 of GRC foundation.

The following dashboards were developed using Fiori cards:

  • Access Rule Library
  • Mitigation Control Library
  • Risk Violations
  • User Analysis
  • Role Analysis

Pre-requisites to implement the new Fiori cards for Risk Analysis and Remediation are:

  • GRCFND_A 12.0 Support Package 11
  • UIGRAC01 100 Support Package 06

Instructions on how to implement the new Risk Analysis Dashboards are available in the following SAP Note:

  • 3004415 – GRC AC12.0 Dashboard Overview Page with CDS Annotations.

What You Can Do Now

For Access Control

An assessment needs to be done to analyze what is currently installed and configured. Depending on what is in place, one of the following approaches has to be followed:

1. If you are on GRC 10.1*, what do you need to do?

a. Fiori Overview pages are only available in GRC 12.0 therefore GRC needs to be upgraded;

2. If you are already on GRC 12.0, what do you need to do?

a. GRC Overview pages are available from SP 08 onwards so you will need to upgrade your GRC 12.0 to at least support package 08;

b. Front-end component UIGRAC01 needs to be on support package 04.

c. If upgrading is a possibility, upgrade GRC to the latest support package available now (SP 11) to have access to all that has been developed so far in terms of Overview Pages.

3. If you already are on GRC 12.0 but still use NWBC (Netweaver Business Client), what do you need to do?

a. The overview pages are OData services and therefore are only available in Fiori. To have access to the cards, Fiori must be deployed.

For Process Control and Risk Management

  • There are some correction notes available for Risk Management and Process Control. Find below the note numbers and the reports they fix:
    • 2933196
      • Heatmap (Standalone)
      • Heatmap (CHIP Page)
    • 2953020
      • Policy Profile
    • 2937640
      • Risk Overview
      • Loss Overview
      • Loss Structure
      • Loss Event Overview
      • Loss Event Structure

Process Control Reports such as Evaluation Status Dashboard and Overall compliance Status Dashboard will be delivered via upgrade.  We strongly recommend customers to upgrade to Support Package 11 to receive the updates on reports that used to work with the retired Adobe Flash technology.

*Companies on GRC 10.1 should also take note that mainstream maintenance ends on 31 December 2020, this provides another good reason to upgrade to GRC 12.0

Closing

If you are in one of the scenarios above we highly recommend that you take appropriate actions to mitigate the risks of having your system unsupported or your dashboards inoperative.

Want to discuss in more detail?

Fernando Bassuino headshot

Fernando Bassuino is a Senior GRC consultant at CompliantERP whom specialises in SAP Security and Compliance. His GRC experience totals more than 8 years with specialisation in all modules (Access Control, Process Control and Risk Management). He has worked for SAP Labs Latin America helping GRC customers worldwide. His strong troubleshooting skills means he is capable of explaining complex functionality in a high level of detail and resolve complex application issues. Fernando’s deep technical understanding of GRC has allowed him to also provide GRC training and embedding of GRC processes for his customers.

Comments are closed.

Social media & sharing icons powered by UltimatelySocial