GRC in WebPortal of SRM

Similar Messages

• Scope and Proposal preparation for SAP GRC AC Implementation.

  Hi ,
  I would like to know procedure how the RFP (Request for proposals) are prepared for SAP GRC AC Module implementation. and also how the scope and effort estimation are calculated.
  are there any guidelines and checklist are available to be followed.
  is there any generic approach followed during SAP GRC AC implementation for proposal as well as for effort estimation.
  Pelase clarify my doubts
  Regards,
  RK

  Hi,
  Use RTA on SAP BASIS 7.00 System for any system other than ECC which has ABAP and Basis Level 7.00 with Kernel 7.00
  I don't see any option for 7.20, may be it will be available later on.
  We have SRM connected to GRC so I can cofirm, yes it is possible to connect SRM to GRC and work with SRM rulebook. RTA and Post-RTA activites and JCO and RAR connectors are a must to get it work properly. In fact all configurations are required as it is in ECC system.
  No HR RTA is required ,as there is no HR module in SRM.
  Regards,
  Sabita

• SoD Rules for SRM

  HI guys,
  we have introduced GRC AC RAR 5.3 and rolling now out SRM using more or less the standard SRM roles.
  Our problem is to ensure SoD compliance before rolling out SRM worldwide and need to change roles right after.
  Is there a GRC / SoD Ruleset for SRM available as it is provided in the GRC SoD ruleset for ERP?
  Thanks!
  Chris

  Hi..
  Yes it supports
  Regards
  Gangadhar

• GRC BO AC 10.0 Risk Analisys & Role management from SRM

  Hi Gurus,
  Anyone know if  GRC AC 10.0 can analyze and manage (create/modify) the SAP SRM (Portal Based) Role and User?
  Thank you,
  Luigi

  Hi Vishal,
  The parameters will be invoked in different scenarios. 1085 is specific to when roles are generated in the SAP Backend system using risk terminator and therefore this will have no impact if you are using BRM to generate the roles.
  3011 & 3014 are specific to BRM and govern different behaviours. 3011 will facilitate the risk analysis prior to triggering the generation steps in the methodology and 3014 will allow the roles to be generated despite any permission risks that are returned.
  They are not exclusive and actually work together. For instance, you may want to have a block on generation of roles when there are open conflicts identified and therefore you should have 3011 set to YES and 3014 set to NO. If both are set to YES, then you could propagate conflicts in the roles.
  You can use Risk Terminator if you wish to continue to develop roles within the SAP system itself rather than to rely on the GRC BRM system wholly.
  There are still wide discussions and differing opinions about which represents the best approach for this and so it depends on your organisation as to which process you follow.
  The parameter descriptions in question are:  
  1085 - Stop Role Generation if violations exist
  3011 - Conduct Risk Analysis before Role Generation
  3014 - Allow role generation with Permission Level violations
  Regards, Simon

• GRC-AC v5.3 SP11 -- RAR Rules for BI, GTS, SRM, XI, GRC-AC, SolMan

  Hi!
  Has SAP released RAR Rule sets for BI, GTS, SRM, XI, GRC-AC, or Solution Manager?
  Let me know if anyone else has found them.
  Thanks,
  -john

  Hi John,
     SRM rules have always been available. I have not seen rules for BI, GTS, XI, AC or SolMan. Would definitely want to see rules for XI, BI and SolMan.
  Alpesh

• AC 5.3 Risk Analysis to SRM 7.0

  Hi SAP experts.
  I would like to know if its posible to execute a Risk Analysis through a SRM 7.0 module, and instead of transacctions if it is posible to use the webdynpro links like actions or tcodes.
  My doubt is based on the fact that in SRM 7.0 the proper tcodes like BPP* are not use in this release, and these are changed by webdynpro links. Is it possible to use that links as tcodes for the SoD Matrix?
  Thanks in advance.
  Regards.

  Hi Kunal.
  Firstly, thanks a lot for your support.
  In addition, I know that with the previous release of SRM, is posible to conect SAP GRC AC with SRM. But if I create a conector like to a SAP system from GRC to SRM, do you think that is imposible to associate that kind of webdynpro links as an AC action?
  On the other hand, instead of create a conector SAP, I create a conector, like a NON SAP system from GRC to SRM, could be this a possible way to match Access control actions with SRM webdynpro links?.
  And finally, is possible to execute a RAR analysis to a posible Cross-System between ECC and ERM (configured as NON SAP system)?
  Thanks in advance.
  Regards.

• How to Change text of link in SRM

  Hi All,
  How to Change text of link in SRM . The Link is in leftside of the screen in webportal.
  I needs to change the text of link ' Shop' , 'Check Status'  and 'Confirm Goods / Services.
  Kindly helpout me.

  Hi Rob,
  Thanks a lot for reply.
  You are right i am suppose to change in BBPGLOBAL.
  But i am not getting where should i change.I am unable to find the parameter in BPGLOBAL.
  Kindly advise me.
  Regards,
  Vasu

• GRC 10.1 Integration with PI 7.4 and BODS?

  Hi Experts,
  As per our system design we have to configure workflow for termination of users in SAP PI 7.4 and BODS system through GRC 10.1.
  Can someone share the connection steup instruction for the above systems?
  Thanks,
  Trinetra

  Check the Operation mapping,like what is anbound interface and outbound interface, these details should match with interface determination details(outbound interface details).if you have configured perfectly then it will show the operation mapping.
  still if you have a problem then better to refresh the cache,it will solve the problem.even you can manually type the operation mapping name in Interface determination,and test end to end.
  if it is also not working out,then create one interface copy objects from two name sapces  http://sap.com/xi/EBP
  , http://sap.com/xi/SRM-MDMCatalog . and finish ESR and and finish ID too..
  Regards,
  Raj

• SRM 7.0 with Document Builder

  Hi Experts,
  We have a SRM 7.0 with PPS. We want  to use Document Builder  function.  We could find the Document Builder  node in IMG (tcd spro).
  According to the Business Scenario Configuration Guide of SAP Document Builder, it seems we need install PSDOCB 300 add-on. But I couldn't find the PSDOCB 300 add-on in SMP( no authorization?).
  Should I install PSDOCB 300 or Document Builder is already  build-in?
  If I should install PSDOCB 300,where I can find it, pls show me the download path?
  If Document Builder is already  build-in, what should I do to show the node in IMG?
  Thanks!
  SRM 7.0
  NW7.01
  PPS is actived

  Hi Jay,
  I made a double check, there is no Document Builder node under IMG >>Cross-application Components in our SRM system.
  Is there any components we didn't install?
  BTW  : we have Integration with SAP Document Builder node .
  The following is installed sofeware components in our SRM system:
  SAP_ABA             701     0007     SAPKA70107     Cross-Application Component
  SAP_BASIS             701     0007     SAPKB70107     SAP Basis Component
  PI_BASIS             701     0007     SAPK-70107INPIBASIS     Basis Plug-In
  ST-PI         2008_1_700     0000     -     SAP Solution Tools Plug-In
  SAP_BS_FND       701     0008     SAPK-70108INSAPBSFND SAP Business Suite Foundation
  SAP_BW             701     0007     SAPKW70107     SAP Business Warehouse
  SAP_AP             700     0021     SAPKNA7021     SAP Application Platform
  SRM_PLUS             700     0009     SAPKIBK209                          SRM_PLUS for mySAP SRM
  SRM_SERVER      700     0009     SAPKIBKV09     SRM_SERVER
  SRM_EXPL             700     0009     SAPK-70009INSRMEXPL     SRM Extended Functionality for SRM_PLUS including PPS
  SRM_EXT             700     0009     SAPK-70009INSRMEXT     SRM Extended Functionality for SRM_SERVER including PPS
  VIRSANH          530_700     0011     SAPK-53311INVIRSANH     SAP GRC Access Controls 5.3 for 700 HR a

• GRC AC RAR rules not picked up

  Hello All,
  I am new to GRC AC and we have a sandbox set up.  When looking at SRM a user that has SAP_ALL and is set up in the Java stack for open access.  When we run the RAR for this user there are a number of the standard rules that are not showing up.  I can explain away the ones that are cross system (ECC and SRM because we have not yet set up the Cross System to look at both) however there are a number of rules that are strictly SRM that are not being picked up can anyone explain why?
  Thanks
  MK

  Hello All,
  I am new to GRC AC and we have a sandbox set up.  When looking at SRM a user that has SAP_ALL and is set up in the Java stack for open access.  When we run the RAR for this user there are a number of the standard rules that are not showing up.  I can explain away the ones that are cross system (ECC and SRM because we have not yet set up the Cross System to look at both) however there are a number of rules that are strictly SRM that are not being picked up can anyone explain why?
  Thanks
  MK

• GRC AC 10:How to generate Access Rule? No output from User or Risk Analysis

  Hello Gurus,
  We have done configuration of GRC AC 10, and uploaded files via
  SoD rules -->Upload Rules
  After that we generated SoD rules for Risk Id : B001 and B002
  Now when we go to NWBC --> Reports & Analytics >Access Dashboards>Access Rule Library
  The report shows (for Group Rule level : Action)
  Number of Active rules : 0
  Number of Disabled Rules : 0
  Number of Functions :  151
  Where as for Group Rule level : Action Risk
  The report shows
  Number of Active Risk : 42
  Disabled risk : 161
  Nmr. of functions : 151 .
  When we perform Risk Analysis at User Level or Role Level, the output is empty !!!
  Note: All the background jobs have run successfully.
  Also the SoD files also have been uploaded successfully.
  Will you please guide how can i activate the "rules" for the uploaded risk ??
  regards,
  Victor

  Hello Victor/ Inder,
  For Risk ID B001functions are BS02 and BS11 if you open any one of them you can see system maintained as SAP BASIS which is SAP_BAS_LG (logical connector group).
  Post installation you can check in SPRO>Governance, Risk and Compliance-> common Component---> integration framework-> maintain connector and connector types->select SAP and click Define connector Group.
  BUSINESS     Business Roles     SAP
  SAP_BAS_LG     SAP Basis     SAP
  SAP_CRM_LG     SAP CRM     SAP
  SAP_ECC_LG     SAP ECCS     SAP
  SAP_HR_LG     SAP HR     SAP
  SAP_NHR_LG     SAP R3 - NON HR Basis Logical Group     SAP
  SAP_R3_LG     SAP R3     SAP
  SAP_SRM_LG     SAP SRM     SAP
  (If not present then manually you can create the same)
  Select SAP_BAS_LG and put connector type as SAP,  select SAP_BAS_LG and click Assign Connector group to group types as AM & LG, then click on Assign Connector to connector group and maintain you connector.
  Post this activity re generate SOD for B001 and then check for user level and role level analysis.
  Hope it will resolve your issue.
  Regards,
  Sudesh

• GRC PC 10 - Source Connector update impact to AC 10

  Hello
  We had an issue with one of our controls where we were utilizing an ABAP sub scenario. The job would not finish and remain "in progress" for any scenarios involving a GRC satellite system (e.g. ECC, SRM). SAP advised us to change the source connector in the "Maintain Connectors and Connection Types" in SPRO so that the source system is GRC instead of the satellite system. We tested the updated assignment and noted that the update worked.
  Our concern is what, if any, impact these changes will have to our AC side. I have done a bit of research and noticed that the "source connector" field is not needed for AC so there may not be an impact. We are going to test provisioning to confirm but also wanted to query the SCN to see if anyone else had experience with this. I've included a screen shot below that displays the updates we made to the source connector.
  Does anyone know if updating the source connector will have an impact on the GRC AC side?

  Hi Stacey,
  Updating the source connector should not impact any AC functionality, you make a test and in case
  it impacts then could be some other reason which we can check.
  Regards,
  Silky Sharma

• GRC AC Help

  Hello community!
  I´m working in a new GRC AC implementation, I never did it before and in a first momment I thought it should not be so hard,well... looks like I was wrong. In a first moment I should implement only BRM and ARM. Users should be able to manage roles from all plugged systems through GRC AC and also your the default workflows for access request and approval.
  I´m following the guide http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80063a8e-1da6-2e10-aaa5-fda1f0936c37?QuickLink=index&… for BRM but seems like some steps are not present.
  I´m wondering if someone with implementation experiance can give me answers for the questions bellow:
  1 - How long in average a project for ARM and BRM implemetation takes? Considering an almost "default" implementation.
  2 - Can someone send me a schedule task for the AC implementation? So I can use it as a base for my schedule.
  3 - I purchased the "Implementing SAP Governace, Risk, and Compliance" book from the SAP Press website. Basically the book and the guide aforementioned are my references. If someone can contribute commenting or sending new references I would really appreciate.
  Thanks in advance,
  Pedro

  Hi Podro,
  See my answers embedded below.
  Pedro Botega wrote:
  1 - How long in average a project for ARM and BRM implemetation takes? Considering an almost "default" implementation.
  It really depends on how many systems you are going to be connecting to the GRC system and of what types (i.e. ECC, SRM, BW, Portal, non-ABAP etc). Additionally it also depends on how complex your custom Access Approval workflow may be. In addition, if you are a big company, you may phase your Go-lives by regions, hence lengthening the effort not just technically, but in terms of finalising and agreeing the GRC business processes, test phases and training etc.....in short, there is a lot to think about and consider.
  2 - Can someone send me a schedule task for the AC implementation? So I can use it as a base for my schedule.
  Most companies retain this as their own IP, so probably not. However, from experience, a simple implementation of GRC AC with ARA/EAM from start to finish should not take more than 3 months (being very generous here!). A full on implementation involving all 4 modules (ARA, EAM, ARM, BRM) can be simple and last a generous 4/5 months if the approval flows are designed simple (or the SAP delivered workflows are used).
  However, if the landscape gets technically complex (number of target systems and 3rd party systems etc) and the approval flows get complex, you could be looking at a 5-10 month project. Sometimes the customer could have multiple test phases and dry runs, making the project last longer(!). If you are implementing BRM to build your rules from start to end, expect some challenges, hence adding time. Needless to say, delays are easily caused by technical gremlins within the product itself. Start befriending SAP Support marketplace and digging for new SNOTES
  Some companies offer a Rapid Deployment capability (both SAP and 3rd Party specialists). This would be worth researching into if you wish to save some money in terms of implementation costs.
  3 - I purchased the "Implementing SAP Governace, Risk, and Compliance" book from the SAP Press website. Basically the book and the guide aforementioned are my references. If someone can contribute commenting or sending new references I would really appreciate.
  Personally, I would start reading the documents on this page SAP Access Control 10.0 and obviously dig around this SCN forum, there are enough talented individuals sharing their experience on this thread and alot of your future questions are likely to have been already asked/discussed/answered on this forum also

• GRC-IDM initial load job not enriching one system's privs

  Hi GRC Experts,
  We have integrated IDM 7.1 and GRC 5.3 and tested provisioning to one target system in DEV; this worked perfectly; when testing a similar configuration in Quality, we were setting up the system, and had to run the IDM-GRC Initial Load job in order to enrich the imported privileges for use with GRC AC 5.3; in the Quality system, instead of just connecting to 1 target system, we have connected to 5 ABAP systemes, ECC, PI, POSDM, BW & SRM; for some strange reason when performing the GRC-IDM Initial load job 4 of the target system's privileges get enriched, while the ECC system's privileges aren't getting enriched; I would say through random sampling all ECC profiles are getting enriched but none of the ECC privileges are getting enriched; why could this be happening? we've tried running the ECC Initial Load job  and then the GRC-IDM initial load job about 8-10 times but with no luck; the set of privileges we're investigating are still not enriched; we also ran the GRC CUP role load job, also selecting the option to over-write all existing roles in the system; via this method the CUP roles have been refreshed twice so far, but running the GRC-IDM initial load job even after refreshing the ECC system's privileges in CUP has had no effect whatsoever, all ECC privileges are still left to be enriched, but strangely enough the ECC Profiles have been enriched.
  Any clues as to why this could be happening? We've checked and re-checked and there is no filtering or delta being applied to any of the passes, so it really makes no sense. Is there something we should be doing apart from what we've already done? Would greatly appreciate your help with this!
  Thanks a lot in advance!
  Best regards,
  Sandeep

  What you could do is simply add the attributes by a background job to the privileges. This works fine in most cases. You need to be sure that GRC knows the role and then it is fine. The load only adds those 2 privileges and does nothing of any deeper complexity.
  MX_AC_ROLEID = <rolename>
  MX_APPLICATION_ID = <system name>

• SRM - SUS, EBP,CCM,2007 Delta

  Hi Gururs,
  Could you please let me know what is meant by
  SUS, EBP, CCM and 2007 Delta - all these are related to SRM
  As i'm new and learning SRM i'd like to know the basic idea of the above
  Regards
  Bala
  +91 98861 23202

  Hi,
  All are related to SRM
  1)SRM SUS :: I SUS-Supplier Self Service.: In this vendor are linked with SAP SRM server the data will be exchanged from  SAP SRM server to the vendor WEB based service and vice versa
  Each vendor will be given a User ID & Password.
  The vendor can logon to the webportal to access the data related to him like
  1. Purchase order details.
  2.Goods receipt details (or) Confirmation in SRM
  3.Invoice details etc.
  2) EBP : Enterprise buyer professional, before SAP introduced SRM the e procurement is used to be done in SAP EBP.Currently we are in SAP EBP 5.0 Version
  3) SAP CCM :: Catalog Content Management. SAP CCM is to maintain catalogs.
  Catalogue is a defined set of data will be published in the Itnernet (or) intranet.
  If a shopping cart is to be raised you can take data from the catalogue.
  in the catalog for each material , vendor ,price is there .
  Once shopping cart is ordered and it is approved. in the BACKEND (SAP R/3) or  in SAP EBP
  itself P.O is created  .It is a Big area
  G.Ganesh Kumar