With SAP GRC new product offering SAP Dynamic authorization management, Security administrators can SOLVE complex access control requirements with the help of attributes. Consider a requirement like below
Taking into consideration all the different components (N) and making an access control decision is complex. Roles alone cannot handle the above requirement, if you are choosing the route of customization, I would say good luck!.
With SAP Dynamic Authorization Management, we can take into consideration limitless conditions to make access control decisions. So next time if there is a complex security requirement, you know that there is a product out there that would be able to handle it.
How it works, Please refer to the link below for SAP DAM solution brief
-Anand Kotti