GRC Architecture

Similar Messages

• GRC AC Install

  The installation Guide says Enterprise Portal is an optional component of SAP NetWeaver 7.0 (2004s) SP 12. It is required if you
  install the file VIREPRTA00_0.sca.
  Based on this statement, my question is since GRC AC 5.3 is an addon on standalone Netweaver 7.0 Java stack, should I use Usage types AS JAVA with EP &; EP Core during install
  "or"
  I will use only AS JAVA during install of standalone stack  and install EP on a seperate system.
  Thanks,
  Haleem.

  Thanks Alpesh for helping me out. I have one more question for you.
  So, my understanding is that, after I will install (3) EP RTA on the standalone WAS system (with usage types AS JAVA, EP, EP Core), where I have already installed GRC AC 5.3 Add-On. next, I will install RTA on backend systems such as (ECC, HR, BI etc).
  My 2 queries are
  1. Can I install another EP RTA on a seperate EP System (considering this seperate stanalone EP System as another backend system just like ECC, HR, BI etc)?
  If my above statement holds right, then it would mean I will have EP RTA on front end ( containing AS JAVA, EP, EP Core with GRC AC 5.3 Add-on) as well EP RTA on backend system (locaton of standalone EP Server).
  2. Does SAP support the GRC Architecture having EP RTA on the front-end as well as EP RTA on the back-end?
  Pl. correct me if I am wrong.
  Thanks,
  Haleem.

• Information from Client for Configuration of EHS

  Hi All,
     Need to implement EHS for a Client - International. What are the pre general requesties information and the list of data / questions to be collected from the client before start of the project implementation.
  Kindly list the need in perspective of a consultant.
  Regards
  HP
  Edited by: hariprasathg on Dec 7, 2011 12:15 PM

  Hello HP
  a high number of similar requests/threads can be found in this FORUM together with corresponding answers.
  Please
  a.) Refer to Best practise of SAP installing EHS (once again they are mentioned several times in this FORUM)
  b.) Specify more precisely the term "EH&S". In most cases the customer must prepare a "roll out" project plan. Basic EH&S installation is based on core customizing. IN most cases the customer needs: (please refer to online help of SAP EH&S to get more details: http://help.sap.com/erp2005_ehp_06/helpdata/en/a5/3adda043be11d188fe0000e8322f96/frameset.htm):
  -  EHS& Basic Data and Tools
  - EHS Product Safety
  - EHS Dangerous goods management
  - EHS Hazardous substance management
  - in case of international customer: EH&S SVT
  - if the customer needs labels (it is assumed that he need): EHS GLM
  - and in some cases EH&S Waste is needed on the top.
  Preparation of blueprint as well as doing a set up of EH&S Products Safety and Dangerous Goods management can take one year (depending on the availability of ressource on client side). Using the best Practise approach (if customer starts from scratch) help  to reduce efforts; but this is really client specific.
  Further on installation (that means time to analyze and implement etc.) depends on the release which the user will use (ECC 6.0 is now best practise with or with EnhPacks). Further on if the customer is "really" an international one solutiones in the area of e.g.:
  - SAP product and REACH Compliance Suite
  - SAP GTS installations (generally the existing GRC architecture/strategy of SAP might be of interest to the customer/client)
  - SAP Components Extension
  Hope this helps.
  With best regards
  C.B.
  PS: PLease be informed that SAP (and other companies) is providing additional services which are needed in the EH&S environment (legal data)
  Edited by: Christoph Bergemann on Dec 11, 2011 9:06 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:08 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:09 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:09 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:11 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:12 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:12 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:13 AM
  Edited by: Christoph Bergemann on Dec 11, 2011 9:14 AM

• Need a Sample GRC 10.1 technical architecture Diagram

  Hi All,
  I need a sample GRC 10.1 technical architecture Diagram for a quick presentation. Let me know if you could help or provide a document where i could refer and use it. Time is very short to prepare a architecture now.
  Thanks for your replies in advance.
  Regards
  Mani.

  Hi Mani,
  you can search for Pre-installation guide for GRC 10. which has below link
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/0024bb74-4d4e-2e10-82ad-ff2ccb79ad63?overridelayout=t…
  Regards
  plaban

• GRC Process Control Architecture

  Hi.
  I need to find a good documentation about the architecture of the GRC Process Control.
  I'm new with this technology.
  Any helps to me, please? Thanks

  Hi.
  Your link brings to Document Builder???
  I have a look about SAP BO Process Control and I have downloaded some papers.
  I'm searching a document that talks how create the first (and also simple) application with this technology.
  My goal is to understand which objects I can use to create the first application, after installing the Process Control.
  Can I insert rules and controls and/or can I import these objects from an ERP source?
  Any suggests to me, please? Thanks

• SAP GRC for Enterprise Architecture - Synergies and Gaps

  Hi to all the Experts out there , I am a Freshie, Just Certified in TERP10 (Business Process Integration(, am doing Masters at Brunel University and the Dissertation topic I am working on is "SAP GRC for Enterprise Architecture - Synergies and Gaps ", and it involves unbiased exploration of SAP Solution for Governance Risk and Compliance for Enterprise Architecture, I request you all to contribute any related Information and or documentation for "SAP GRC" which can help me establish synergies for an Enterprise Architects perspective and gaps if any found.

  Hi
  You can find the basic documentation and whitepapers on GRC @
  http://www.sap.com/solutions/sapbusinessobjects/large/governance-risk-compliance/index.epx
  Which may help you in your study.
  Regards
  Swarna

• Need help in GRC Migration

  Hello Gurus,
  I am looking for an Expert who could assist me in GRC Migration.
  I have downloaded the Migration guide, which is available on Market Place.
  There is a Migration Tool available (Java Tool), howevre there is nothing mentioned about the migration tool in Migration Guide. This is confusing.
  Currently there 2 active modules in GRC 5.3 and those are RAR and SPM.
  ARM need to be configured once we migrate to GRC 10.
  I need help for migration planning or making a roadmap for Migration and also require help on requirement gathering / Business Blueprinting for ARM.
  Please revert back on the same thread.
  Thanks in advance.
  Regards,
  Atul Rajwade

  Hi Atul
  I need help for migration planning or making a roadmap for Migration and also require help on requirement gathering / Business Blueprinting for ARM.
  This type of help is architecture and strategy experience. Have you done design work before?
  If you are hoping for some assistance, you might get a better response if you provide what you are intending to do first and seek clarification on your thoughts rather then just say you need help without specify which parts your need assistance with.
  Asking someone to revert back to you this information to close to completing system design for you.
  If you do not know how to architect a solution, I recommend you seek a consultant to provide this service to you. The planning and roadmap will come back to the business process design, understanding what data needs to be migrated from 5.3 (e.g. rule set, mitigating controls, etc) as well as how GRC 10 is to be used.
  Regards
  Colleen

• GRC AC 10.0 - CUP User Authentication

  Hi All
  We have installed GRC AC 10.0 as a part of ramp up implementation. We will soon start with the configuration steps. For user interfacing we have 2 options (1) NWBC (2) Portal. Architecture of GRC AC 10.0 is based on webdynpro ABAP.
  Now we had a question wherein if we choose NWBC as a front end, then how do we integrate the LDAP for CUP user authentication.
  If we need to integrate LDAP as a authentication source for users in CUP, do we have the only option of going with Portal as a user interface.
  Please advise.
  Thank you.
  Anjan pandey

  > That feature in AC 10.0 is called End User Login and will have it's own URL to access via browser.
  Thanks Frank for your response. I did go through the RKT documents and seems that there is a link through which the end users will create request. we have also planned to setup a LDAP connectivity for user authentication.
  Thanks.
  Anjan Pandey

• About GRC portal

  Hi All,
  I am new to GRC and trying to understand the concept and process flow in GRC. I am basically a Portal Consultant, and was comparing the things between GRC portal and EP 7.0.
  In what way are this both related and how I can use, suppose say some reports that are generated in GRC can be shown in EP. Please correct me if my thinking is wrong.
  Also, would like to know, where exactly GRC fits in the Netweaver Architecture?
  Provide me with some inputs on this.
  Thanks,
  Aman.

  Hello Aman,
  GRC products are both JAVA as well as ABAP stack based.
  Front end for all product is in either J2E - JAVA or WEBDYNPRO-JAVA.
  So did you got idea how GRC fits in NW?
  And now in GRC 5.3, they had enabled its integration with Portal through web services.
  Kindly let me know if not clear.
  Regards,
  Surpreet

• GRC 10: Deleting the Ruleset.

  Hello Guys,
  Anyone has a clue how to go about deleting an existing Ruleset in the system? I tried in SPRO - Delete Ruleset but it is not working. At the same time, I see an option in the nwbc also, which is to Delete the ruleset.
  1. Any idea how we should go about deleting the existing Ruleset?
  2. What is the difference between deleting from NWBC and deleting from SPRO?
  We have 3 Physical systems A, B and C and the connector groups are:
  Logical Group 1 - Having A&B systems.
  Cross Group 2 - Having A&C systems.
  Any ideas appreciated.
  Regards.
  Edited by: sapgrc10 on Nov 7, 2011 8:14 PM

  Hello Asheesh,
  Thanks for your reply. Besides SAP_ALL and SAP_NEW, I also have allmost all the roles to myself as under:
  SAP_GRAC_ACCESS_APPROVER     Role for Access Request Approver
  SAP_GRAC_ACCESS_REQUEST_ADMIN     Role for Access Request Administrator
  SAP_GRAC_ACCESS_REQUESTER     Role for End user
  SAP_GRAC_ALERTS     Generate, clear and delete SOD Alerts
  SAP_GRAC_ALL     Super Admin for AC
  SAP_GRAC_BASE     Base Role for all Access Control Users
  SAP_GRAC_CONTROL_APPROVER     Create AC MIT control, approve, assign, Alerts and perform Risk Analysis
  SAP_GRAC_CONTROL_MONITOR     Ability to assign MIT control to a Risk and perform Risk Analysis
  SAP_GRAC_CONTROL_OWNER     Create AC MIT control.
  SAP_GRAC_DISPLAY_ALL     Display Access To All AC Objects.
  SAP_GRAC_FUNCTION_APPROVER     Approve Function for Workflow
  SAP_GRAC_NWBC     View Access Control Information Architecture.
  SAP_GRAC_REPORTS     Ability to run all AC reports.
  SAP_GRAC_RISK_ANALYSIS     Ability to Perform Risk Analysis
  SAP_GRAC_RISK_OWNER     Risk maint. And Risk Analysis
  SAP_GRAC_ROLE_MGMT_DESIGNER     Role Management Designer
  SAP_GRAC_ROLE_MGMT_ROLE_OWNER     Role Owner
  SAP_GRAC_ROLE_MGMT_USER     Role Management Business User
  SAP_GRAC_RULE_SETUP     Ability to define Access Rules
  SAP_GRAC_SETUP     Ability to setup Access Control
  SAP_GRAC_SUPER_USER_MGMT_ADMIN     Super User  Administrator Role
  SAP_GRAC_SUPER_USER_MGMT_CNTLR     Super User  Controller Role
  SAP_GRAC_SUPER_USER_MGMT_OWNER     Super User  Owner Role
  SAP_GRAC_SUPER_USER_MGMT_USER     Super User  Firefighter
  SAP_GRC_FN_ADISSUE_PROCESS     Ad-hoc Issue Processer
  SAP_GRC_FN_ALL     GRC - Power User
  SAP_GRC_FN_BASE     GRC - Base role to run GRC applications
  SAP_GRC_FN_BUSINESS_USER     GRC - Business User
  SAP_GRC_FN_DISPLAY     GRC - Display
  SAP_GRC_FN_POST     Role with Post Authority Only
  SAP_GRC_MSMP_WF_ADMIN_ALL     MSMP Overall Administrator
  SAP_GRC_MSMP_WF_CONFIG_ALL     MSMP Overall Configurator
  SAP_GRC_NWBC     Governance, Risk, & Compliance
  SAP_GRC_SPC_SCHEDULER     Authorization to schedule background jobs
  But still having the problem. When I press the execute botton to delete, the system does not do anything, neither does it give any message or error.
  Anything else, that I am missiing?
  Also, my second question was if there is any difference deleting the ruleset from NWBC or from the Frontend or are these both the same?
  Thanks in advance!
  Edited by: sapgrc10 on Nov 8, 2011 5:27 PM

• GRC v10 AC Owners

  Good day,
       OK, it seems that I am missing something with GRC 10.  We are upgrading from CC4.0 to GRC 10.  I believe I have everything configured through SPRO correctly.  I can run a risk analysis on end users and I get results.  I am now at the point where I put the mitigations into the system but I have seem to run into a snag.  When I go to master data > Mitigation, I start to fill in the information but when I try to add a AC Owner I get "No Results Found".
       I have tried adding a Owner to a risk and then going back, I have also added a user under "Access Management" tab with "Access Control Owners".  I have reviewed almost every node in SPRO and I can not seem to find where I am missing something.
  I am sure it is simple since I can not find any documentation on this almost anywhere.  We are currently running GRC v10 SP5.  We are only planning to use the RAR (5.3 term) portion of AC not the other part (Example: Risk Terminator).  Please let me know if there is a simple solution to get a user populated in the AC Owner tab.
  Kind Regards,
  Paul

  Some of the GRC Roles ..
  SAP_GRAC_ACCESS_APPROVER                   Role for Access Request Approver 
  SAP_GRAC_ACCESS_REQUESTER            Role for End user  
  SAP_GRAC_ACCESS_REQUEST_ADMIN     Role for Access Request Administrator 
  SAP_GRAC_ALERTS                                   Generate, clear and delete SOD Alerts
  SAP_GRAC_ALL                                           Super Admin for AC  
  SAP_GRAC_BASE                                        Base Role for all Access Control Users.
  SAP_GRAC_CONTROL_APPROVER          Create AC MIT control, approve, assign, alert and perform Risk analysis
  SAP_GRAC_CONTROL_MONITOR                 Ability to assign MIT control to Risk and perform risk analysis
  SAP_GRAC_CONTROL_OWNER                 Create AC MIT control.  
  SAP_GRAC_DISPLAY_ALL                         Display Access To All AC Objects.
  SAP_GRAC_END_USER                                     End User as a GRC Guest
  SAP_GRAC_FUNCTION_APPROVER            Approve Function for Workflow  
  SAP_GRAC_NWBC                                            View Access Control Information Architecture. 
  SAP_GRAC_REPORTS                                   Ability to run all AC reports.
  SAP_GRAC_RISK_ANALYSIS                 Ability to Perform Risk Analysis 
  SAP_GRAC_RISK_OWNER                       Risk maintainence And Risk Analysis 
  SAP_GRAC_ROLE_MGMT_ADMIN            Role Management Admin   
  SAP_GRAC_ROLE_MGMT_DESINGER         Role Management Designer   
  SAP_GRAC_ROLE_MGMT_ROLE_OWNER     Role Owner    
  SAP_GRAC_ROLE_MGMT_USER                      Role Management Business User  
  SAP_GRAC_SUPER_USER_MGMT_USER     Super User Firefighter   
  SAP_GRAC_SUPER_USER_MGMT_ADMIN     Super User Administrator Role  
  SAP_GRAC_SUPER_USER_MGMT_CNTLR     Super User Controller Role  
  SAP_GRC_MSMP_WF_ADMIN_ALL     MSMP Overall Administrator   
  SAP_GRC_MSMP_WF_CONFIG_ALL     MSMP Overall Configurator   
  SAP_GRAC_RULE_SETUP                       Ability to define Access Rules 
  SAP_GRAC_SETUP                                    Ability to setup Access Control 
  SAP_GRC_FN_BASE                            GRC - Base role to run applications
  Hope it helps ..
  Vikas

• Impliment GRC Access control in difffrent landscape

  Hi Friends,
  In our company we have different landscapes in SAP and now we are planning to implement Access control in all landscape.
  R/3 landscapes with out  any Java stack( both ECC6 and 4.7 EE)
  Solution manager landscape
  XI landscape.
  BW
  and EP.
  Our first target is R/3 Landscape. Can you please guide me. what will be the best approach to implement  AC in R/3 systems as they don't have any Java stack.
  I  will appreciate if you can guide me with other landscape also.
  Thanks,
  Satyabrat

  Satyabrat
  The GRC landscape is technically separate from the different SAP Application components you mention so technically, you can connect the GRC system to any of the other components but creating the appropriate JCOs and SLD entries.
  You will need to instal the RTAs in each of the required source systems (ERP, ECC, BW, XI, SM, CRM, SRM etc!) but they can all link to the sepearate GRC systems.
  The exact landscape setup is dependant on what you wish to use GRC for. For example, you may wish to only link production GRC to production backend systems for Risk analysis and SoD. However, if you wish to use ERM or use Role bases analysis, you may find it useful to connect your production GRC system to your development backend systems where the roles are actually defined!
  The architecture is deliverately flexible to allow you to do this.
  For the initial use cases, it may make sense to keep Production segregated away from Pre-production systems but in the future, you may find that you wish to re-assess this as your useage grows.
  Regards, Simon

• Why upgrade from Compliance Calibrator to GRC?

  Hello Experts- My company has yet to implement GRC 5.3. We already utilize SAP Compliance Calibrator by Virsa Systems 4.0, which works fine, so what would be the benefit of upgrading to GRC? Is it really necessary? Is it just to stay current? Also, is it true that GRC will be moving from Java back to an ABAP stack? If so, when is the new ABAP version of GRC set to be available?
  Thanks for your advice and opinions.

  Regarding the upgrade from 4.0 to 5.3 I concur with Alpesh and Varun.
  Regarding the upgrade to 10.0, current plans are for Ramp-up to be available in December 2010 with general release scheduled for mid 2011.
  According to the latest material from SAP, they are only supporting a migration path as follows:
  4.0 -->5.3 --> 10.0
  There is no supported upgrade path from 4.0 directly to 10.0.
  It should be noted that it is a significant change in architecture and therefore not a simple migration path. SAP are recommending an upgrade to 5.3 followed by a migration to 10.0 for the technical side of things.
  5.3 does still have some significant advantages over 4.0 and therefore is still an option. owever, if you wish to register your interest, SAP are seeking ramp up customers so I would suggest you contact your Consultants or account management within SAP to discuss the options if you are considering it.
  Simon

• GRC Windows 2008 Support

  I am preparing a server for a consultant that is coming on site to help install GRC Access Control 5.3.  I want to have the OS installed and the server ready to go when the consultant arrives.  My question is about support for Windows 2008 (64 bit).  The install guide does not list it as a supported OS.  However, if I look at the Product Availability Matrix (pam), I only see supported Web Browsers, nothing is listed about servers.   This makes me think GRC will run on whatever Netweaver 7.0 supports (which does support Windows 2008).
  Does anyone know if GRC AC 5.3 is supported on Windows 2008 (64 bit)?   I did a search and found one thread where someone mentions IGS not working.
  Thanks for any help!
  Andy

  Hi,
  correct - AC does not have its own OS PAM since it relies on the underlying NetWeaver OS PAM.
  So since NetWeaver 7.0 is supported on Windows 2008 Server AC should also run on that - haven't tested it myself yet.
  Regarding Win 2008: just watch out for the exact architecture  (x86 etc.) and DB (MSSQL...) to make sure what combination is exactly supported!
  Cheers,
  Dominic

• IdM GRC integration

  Hi,
  I am searching options how to integrate SAP GRC with Microsoft ADAM through SAP IdM, Purpose is GRC will receive a User data and that will be provisioned into ADAM via SAP IdM. As IdM is a good tool used in Identity management will this serve the purpose of Integrator between SAP GRC and Microsoft ADAM. and how to do that
  I would like to know pros and cons in this case.
  Thanks,
  Regards,
  Swapnil Lakhe

  Hi Richard,
  As i said before, requirment at my architecture is Provision HR data from HR system to ADAM, but GRC will be used for sorting all SoD conflicts and other security porcess. So ADAM will be used as source of User master repository where all data will be stoared in tree format. For this purpose i am finding way to Integrate ADAM and GRC, I can read data from GRC after configuring connecter in GRC, but i am not able to write data into ADAM through GRC. This is my concern. I want to get this successful.
  I am looking SAP IdM as integrator, as i read it can talk with both GRC and ADAM. So architecture i am thinking is GRC <> IdM <> ADAM. I think i can integrate GRC and IdM through Web services mentioned in GRC conf guide, but not able to find how to integrate IdM-LDAP( Microsoft ADAM), i.e. Integration of Identity store to Ms ADAM. I just want to find how this option work with its pros and cons.
  Some facts i came accross this can be achived by running standard templates in IdM through job wizard. option for SUN ONE is available with SAP IdM, but my worries more about Microsoft ADAM.
  Thanks for your help.
  Regards,
  Swapnil Lakhe