GRC in WebPortal of SRM
When we added SRM to our environment - security added the new envirnments to the SAP GRC Suite tools Access Enforcer and Compliance Calibrator without issue. The Cross Enterprise SOD checking is working.
My issue is when setting up testusers in SRM for the web only transactions, I noticed that Menu in mySAP SRM shows the GRC tools, but they are not configured inside of the tool at this point. Does anyone know where there is documentation on how to use and setup/configure the GRC tools that show up in the SRP Portal menu? Or should it have picked up the configuration that was done directly in the Java stack of the tools?
Thanks
Helen Umberger
PacifiCorp
Hi Helen, there is a GRC specific forum on SDN, you may get a quicker answer on there.
Similar Messages
-
Scope and Proposal preparation for SAP GRC AC Implementation.
Hi ,
I would like to know procedure how the RFP (Request for proposals) are prepared for SAP GRC AC Module implementation. and also how the scope and effort estimation are calculated.
are there any guidelines and checklist are available to be followed.
is there any generic approach followed during SAP GRC AC implementation for proposal as well as for effort estimation.
Pelase clarify my doubts
Regards,
RKHi,
Use RTA on SAP BASIS 7.00 System for any system other than ECC which has ABAP and Basis Level 7.00 with Kernel 7.00
I don't see any option for 7.20, may be it will be available later on.
We have SRM connected to GRC so I can cofirm, yes it is possible to connect SRM to GRC and work with SRM rulebook. RTA and Post-RTA activites and JCO and RAR connectors are a must to get it work properly. In fact all configurations are required as it is in ECC system.
No HR RTA is required ,as there is no HR module in SRM.
Regards,
Sabita -
HI guys,
we have introduced GRC AC RAR 5.3 and rolling now out SRM using more or less the standard SRM roles.
Our problem is to ensure SoD compliance before rolling out SRM worldwide and need to change roles right after.
Is there a GRC / SoD Ruleset for SRM available as it is provided in the GRC SoD ruleset for ERP?
Thanks!
ChrisHi..
Yes it supports
Regards
Gangadhar -
GRC BO AC 10.0 Risk Analisys & Role management from SRM
Hi Gurus,
Anyone know if GRC AC 10.0 can analyze and manage (create/modify) the SAP SRM (Portal Based) Role and User?
Thank you,
LuigiHi Vishal,
The parameters will be invoked in different scenarios. 1085 is specific to when roles are generated in the SAP Backend system using risk terminator and therefore this will have no impact if you are using BRM to generate the roles.
3011 & 3014 are specific to BRM and govern different behaviours. 3011 will facilitate the risk analysis prior to triggering the generation steps in the methodology and 3014 will allow the roles to be generated despite any permission risks that are returned.
They are not exclusive and actually work together. For instance, you may want to have a block on generation of roles when there are open conflicts identified and therefore you should have 3011 set to YES and 3014 set to NO. If both are set to YES, then you could propagate conflicts in the roles.
You can use Risk Terminator if you wish to continue to develop roles within the SAP system itself rather than to rely on the GRC BRM system wholly.
There are still wide discussions and differing opinions about which represents the best approach for this and so it depends on your organisation as to which process you follow.
The parameter descriptions in question are:
1085 - Stop Role Generation if violations exist
3011 - Conduct Risk Analysis before Role Generation
3014 - Allow role generation with Permission Level violations
Regards, Simon -
Hi!
Has SAP released RAR Rule sets for BI, GTS, SRM, XI, GRC-AC, or Solution Manager?
Let me know if anyone else has found them.
Thanks,
-johnHi John,
SRM rules have always been available. I have not seen rules for BI, GTS, XI, AC or SolMan. Would definitely want to see rules for XI, BI and SolMan.
Alpesh -
AC 5.3 Risk Analysis to SRM 7.0
Hi SAP experts.
I would like to know if its posible to execute a Risk Analysis through a SRM 7.0 module, and instead of transacctions if it is posible to use the webdynpro links like actions or tcodes.
My doubt is based on the fact that in SRM 7.0 the proper tcodes like BPP* are not use in this release, and these are changed by webdynpro links. Is it possible to use that links as tcodes for the SoD Matrix?
Thanks in advance.
Regards.Hi Kunal.
Firstly, thanks a lot for your support.
In addition, I know that with the previous release of SRM, is posible to conect SAP GRC AC with SRM. But if I create a conector like to a SAP system from GRC to SRM, do you think that is imposible to associate that kind of webdynpro links as an AC action?
On the other hand, instead of create a conector SAP, I create a conector, like a NON SAP system from GRC to SRM, could be this a possible way to match Access control actions with SRM webdynpro links?.
And finally, is possible to execute a RAR analysis to a posible Cross-System between ECC and ERM (configured as NON SAP system)?
Thanks in advance.
Regards. -
How to Change text of link in SRM
Hi All,
How to Change text of link in SRM . The Link is in leftside of the screen in webportal.
I needs to change the text of link ' Shop' , 'Check Status' and 'Confirm Goods / Services.
Kindly helpout me.Hi Rob,
Thanks a lot for reply.
You are right i am suppose to change in BBPGLOBAL.
But i am not getting where should i change.I am unable to find the parameter in BPGLOBAL.
Kindly advise me.
Regards,
Vasu -
GRC 10.1 Integration with PI 7.4 and BODS?
Hi Experts,
As per our system design we have to configure workflow for termination of users in SAP PI 7.4 and BODS system through GRC 10.1.
Can someone share the connection steup instruction for the above systems?
Thanks,
TrinetraCheck the Operation mapping,like what is anbound interface and outbound interface, these details should match with interface determination details(outbound interface details).if you have configured perfectly then it will show the operation mapping.
still if you have a problem then better to refresh the cache,it will solve the problem.even you can manually type the operation mapping name in Interface determination,and test end to end.
if it is also not working out,then create one interface copy objects from two name sapces http://sap.com/xi/EBP
, http://sap.com/xi/SRM-MDMCatalog . and finish ESR and and finish ID too..
Regards,
Raj -
SRM 7.0 with Document Builder
Hi Experts,
We have a SRM 7.0 with PPS. We want to use Document Builder function. We could find the Document Builder node in IMG (tcd spro).
According to the Business Scenario Configuration Guide of SAP Document Builder, it seems we need install PSDOCB 300 add-on. But I couldn't find the PSDOCB 300 add-on in SMP( no authorization?).
Should I install PSDOCB 300 or Document Builder is already build-in?
If I should install PSDOCB 300,where I can find it, pls show me the download path?
If Document Builder is already build-in, what should I do to show the node in IMG?
Thanks!
SRM 7.0
NW7.01
PPS is activedHi Jay,
I made a double check, there is no Document Builder node under IMG >>Cross-application Components in our SRM system.
Is there any components we didn't install?
BTW : we have Integration with SAP Document Builder node .
The following is installed sofeware components in our SRM system:
SAP_ABA 701 0007 SAPKA70107 Cross-Application Component
SAP_BASIS 701 0007 SAPKB70107 SAP Basis Component
PI_BASIS 701 0007 SAPK-70107INPIBASIS Basis Plug-In
ST-PI 2008_1_700 0000 - SAP Solution Tools Plug-In
SAP_BS_FND 701 0008 SAPK-70108INSAPBSFND SAP Business Suite Foundation
SAP_BW 701 0007 SAPKW70107 SAP Business Warehouse
SAP_AP 700 0021 SAPKNA7021 SAP Application Platform
SRM_PLUS 700 0009 SAPKIBK209 SRM_PLUS for mySAP SRM
SRM_SERVER 700 0009 SAPKIBKV09 SRM_SERVER
SRM_EXPL 700 0009 SAPK-70009INSRMEXPL SRM Extended Functionality for SRM_PLUS including PPS
SRM_EXT 700 0009 SAPK-70009INSRMEXT SRM Extended Functionality for SRM_SERVER including PPS
VIRSANH 530_700 0011 SAPK-53311INVIRSANH SAP GRC Access Controls 5.3 for 700 HR a -
GRC AC RAR rules not picked up
Hello All,
I am new to GRC AC and we have a sandbox set up. When looking at SRM a user that has SAP_ALL and is set up in the Java stack for open access. When we run the RAR for this user there are a number of the standard rules that are not showing up. I can explain away the ones that are cross system (ECC and SRM because we have not yet set up the Cross System to look at both) however there are a number of rules that are strictly SRM that are not being picked up can anyone explain why?
Thanks
MKHello All,
I am new to GRC AC and we have a sandbox set up. When looking at SRM a user that has SAP_ALL and is set up in the Java stack for open access. When we run the RAR for this user there are a number of the standard rules that are not showing up. I can explain away the ones that are cross system (ECC and SRM because we have not yet set up the Cross System to look at both) however there are a number of rules that are strictly SRM that are not being picked up can anyone explain why?
Thanks
MK -
GRC AC 10:How to generate Access Rule? No output from User or Risk Analysis
Hello Gurus,
We have done configuration of GRC AC 10, and uploaded files via
SoD rules -->Upload Rules
After that we generated SoD rules for Risk Id : B001 and B002
Now when we go to NWBC --> Reports & Analytics >Access Dashboards>Access Rule Library
The report shows (for Group Rule level : Action)
Number of Active rules : 0
Number of Disabled Rules : 0
Number of Functions : 151
Where as for Group Rule level : Action Risk
The report shows
Number of Active Risk : 42
Disabled risk : 161
Nmr. of functions : 151 .
When we perform Risk Analysis at User Level or Role Level, the output is empty !!!
Note: All the background jobs have run successfully.
Also the SoD files also have been uploaded successfully.
Will you please guide how can i activate the "rules" for the uploaded risk ??
regards,
VictorHello Victor/ Inder,
For Risk ID B001functions are BS02 and BS11 if you open any one of them you can see system maintained as SAP BASIS which is SAP_BAS_LG (logical connector group).
Post installation you can check in SPRO>Governance, Risk and Compliance-> common Component---> integration framework-> maintain connector and connector types->select SAP and click Define connector Group.
BUSINESS Business Roles SAP
SAP_BAS_LG SAP Basis SAP
SAP_CRM_LG SAP CRM SAP
SAP_ECC_LG SAP ECCS SAP
SAP_HR_LG SAP HR SAP
SAP_NHR_LG SAP R3 - NON HR Basis Logical Group SAP
SAP_R3_LG SAP R3 SAP
SAP_SRM_LG SAP SRM SAP
(If not present then manually you can create the same)
Select SAP_BAS_LG and put connector type as SAP, select SAP_BAS_LG and click Assign Connector group to group types as AM & LG, then click on Assign Connector to connector group and maintain you connector.
Post this activity re generate SOD for B001 and then check for user level and role level analysis.
Hope it will resolve your issue.
Regards,
Sudesh -
GRC PC 10 - Source Connector update impact to AC 10
Hello
We had an issue with one of our controls where we were utilizing an ABAP sub scenario. The job would not finish and remain "in progress" for any scenarios involving a GRC satellite system (e.g. ECC, SRM). SAP advised us to change the source connector in the "Maintain Connectors and Connection Types" in SPRO so that the source system is GRC instead of the satellite system. We tested the updated assignment and noted that the update worked.
Our concern is what, if any, impact these changes will have to our AC side. I have done a bit of research and noticed that the "source connector" field is not needed for AC so there may not be an impact. We are going to test provisioning to confirm but also wanted to query the SCN to see if anyone else had experience with this. I've included a screen shot below that displays the updates we made to the source connector.
Does anyone know if updating the source connector will have an impact on the GRC AC side?Hi Stacey,
Updating the source connector should not impact any AC functionality, you make a test and in case
it impacts then could be some other reason which we can check.
Regards,
Silky Sharma -
Hello community!
I´m working in a new GRC AC implementation, I never did it before and in a first momment I thought it should not be so hard,well... looks like I was wrong. In a first moment I should implement only BRM and ARM. Users should be able to manage roles from all plugged systems through GRC AC and also your the default workflows for access request and approval.
I´m following the guide http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/80063a8e-1da6-2e10-aaa5-fda1f0936c37?QuickLink=index&… for BRM but seems like some steps are not present.
I´m wondering if someone with implementation experiance can give me answers for the questions bellow:
1 - How long in average a project for ARM and BRM implemetation takes? Considering an almost "default" implementation.
2 - Can someone send me a schedule task for the AC implementation? So I can use it as a base for my schedule.
3 - I purchased the "Implementing SAP Governace, Risk, and Compliance" book from the SAP Press website. Basically the book and the guide aforementioned are my references. If someone can contribute commenting or sending new references I would really appreciate.
Thanks in advance,
PedroHi Podro,
See my answers embedded below.
Pedro Botega wrote:
1 - How long in average a project for ARM and BRM implemetation takes? Considering an almost "default" implementation.
It really depends on how many systems you are going to be connecting to the GRC system and of what types (i.e. ECC, SRM, BW, Portal, non-ABAP etc). Additionally it also depends on how complex your custom Access Approval workflow may be. In addition, if you are a big company, you may phase your Go-lives by regions, hence lengthening the effort not just technically, but in terms of finalising and agreeing the GRC business processes, test phases and training etc.....in short, there is a lot to think about and consider.
2 - Can someone send me a schedule task for the AC implementation? So I can use it as a base for my schedule.
Most companies retain this as their own IP, so probably not. However, from experience, a simple implementation of GRC AC with ARA/EAM from start to finish should not take more than 3 months (being very generous here!). A full on implementation involving all 4 modules (ARA, EAM, ARM, BRM) can be simple and last a generous 4/5 months if the approval flows are designed simple (or the SAP delivered workflows are used).
However, if the landscape gets technically complex (number of target systems and 3rd party systems etc) and the approval flows get complex, you could be looking at a 5-10 month project. Sometimes the customer could have multiple test phases and dry runs, making the project last longer(!). If you are implementing BRM to build your rules from start to end, expect some challenges, hence adding time. Needless to say, delays are easily caused by technical gremlins within the product itself. Start befriending SAP Support marketplace and digging for new SNOTES
Some companies offer a Rapid Deployment capability (both SAP and 3rd Party specialists). This would be worth researching into if you wish to save some money in terms of implementation costs.
3 - I purchased the "Implementing SAP Governace, Risk, and Compliance" book from the SAP Press website. Basically the book and the guide aforementioned are my references. If someone can contribute commenting or sending new references I would really appreciate.
Personally, I would start reading the documents on this page SAP Access Control 10.0 and obviously dig around this SCN forum, there are enough talented individuals sharing their experience on this thread and alot of your future questions are likely to have been already asked/discussed/answered on this forum also -
GRC-IDM initial load job not enriching one system's privs
Hi GRC Experts,
We have integrated IDM 7.1 and GRC 5.3 and tested provisioning to one target system in DEV; this worked perfectly; when testing a similar configuration in Quality, we were setting up the system, and had to run the IDM-GRC Initial Load job in order to enrich the imported privileges for use with GRC AC 5.3; in the Quality system, instead of just connecting to 1 target system, we have connected to 5 ABAP systemes, ECC, PI, POSDM, BW & SRM; for some strange reason when performing the GRC-IDM Initial load job 4 of the target system's privileges get enriched, while the ECC system's privileges aren't getting enriched; I would say through random sampling all ECC profiles are getting enriched but none of the ECC privileges are getting enriched; why could this be happening? we've tried running the ECC Initial Load job and then the GRC-IDM initial load job about 8-10 times but with no luck; the set of privileges we're investigating are still not enriched; we also ran the GRC CUP role load job, also selecting the option to over-write all existing roles in the system; via this method the CUP roles have been refreshed twice so far, but running the GRC-IDM initial load job even after refreshing the ECC system's privileges in CUP has had no effect whatsoever, all ECC privileges are still left to be enriched, but strangely enough the ECC Profiles have been enriched.
Any clues as to why this could be happening? We've checked and re-checked and there is no filtering or delta being applied to any of the passes, so it really makes no sense. Is there something we should be doing apart from what we've already done? Would greatly appreciate your help with this!
Thanks a lot in advance!
Best regards,
SandeepWhat you could do is simply add the attributes by a background job to the privileges. This works fine in most cases. You need to be sure that GRC knows the role and then it is fine. The load only adds those 2 privileges and does nothing of any deeper complexity.
MX_AC_ROLEID = <rolename>
MX_APPLICATION_ID = <system name> -
SRM - SUS, EBP,CCM,2007 Delta
Hi Gururs,
Could you please let me know what is meant by
SUS, EBP, CCM and 2007 Delta - all these are related to SRM
As i'm new and learning SRM i'd like to know the basic idea of the above
Regards
Bala
+91 98861 23202Hi,
All are related to SRM
1)SRM SUS :: I SUS-Supplier Self Service.: In this vendor are linked with SAP SRM server the data will be exchanged from SAP SRM server to the vendor WEB based service and vice versa
Each vendor will be given a User ID & Password.
The vendor can logon to the webportal to access the data related to him like
1. Purchase order details.
2.Goods receipt details (or) Confirmation in SRM
3.Invoice details etc.
2) EBP : Enterprise buyer professional, before SAP introduced SRM the e procurement is used to be done in SAP EBP.Currently we are in SAP EBP 5.0 Version
3) SAP CCM :: Catalog Content Management. SAP CCM is to maintain catalogs.
Catalogue is a defined set of data will be published in the Itnernet (or) intranet.
If a shopping cart is to be raised you can take data from the catalogue.
in the catalog for each material , vendor ,price is there .
Once shopping cart is ordered and it is approved. in the BACKEND (SAP R/3) or in SAP EBP
itself P.O is created .It is a Big area
G.Ganesh Kumar
Maybe you are looking for
-
So yeah . . . I got Photoshop for £70 odd and I can't find it on my computer . . . its also apparently redeemed and I can't find it in the system files. It also wont let me install it again as the one use code is already Redeemed. what should I do? a
-
When I copy and paste a path from window explorer into teststand as a constant, I need to add an extra "\" in front of all the "\" manually. Is there a quicker way? Thanks! Kudos and Accepted as Solution are welcome! Solved! Go to Solution.
-
B560 bluetooth file transfer problem?
hi I like when I upload a file with Bluetooth gives this error? where is the problem?
-
Converting Recovery Partition to logical - Is it logical?!
Hello everybody, My new dv6-6070se with win7 64bit has 4 primary partitions. As a result I can't create new partitions. But if I delete or convert one of them to logical, then It will be possible to create new partitions. I have already made a set of
-
Flash may not be downloading. The Downloads window comes up, but never shows a file. The file does appear in explorer. I don't know what the file size should be...? I even turned off my firewall; didn't help. When I try to run the file, Flash ini