Access Controls is used as a tool for Mitigating Controls, rather than a implementing tool, i.e. you apply the control against the role/user, but the actual application of the control is performed outside of Access Control. This may be realized by running a custom SAP report to monitor the usage of the risky functions within the ECC system
In the below mentioned screen.
Action is for the Tcode of the SAP report.
This specifies that whoever is assigned this mitigation control will execute the reports using Tcode SM20 and PCP0 on a frequency basis as mentioned under Frequency column.
Regarding the functionality of "report" which is maintained in reports tab of mitigating control, the e-mail is sent to the approver if control monitor does not run that report at the frequency mentioned.
Regards,
Madhu.