SAP GRC ARQ: Modifying WF to fetch Organizational Owners (BRF+)

Similar Messages

• Cross Organization SOD Conflict in SAP GRC

  Hi,
  I have a quick question:
  Does SAP GRC allow you to capture cross Organization level value conflict. I just checked the Auth. Object for Org level Company code with $BUKRS under transaction codes in Functions, this shows disabled by default.
  Example: If I have access to  SU01 in Company Code 1 and access to PFCG in Company Code 2 will this be risk based on SAP standard SOD Rule set.
  Your quick response will be appreciated. Thaning you in advance.
  Thanks & Regards,
  Abhimanu Kumar Singh

  Hi
  As already stated by Martin, one of the option for handling adtional backup access to users could be through Superuser Privilage management(If GRC has been implemented with your client). This would allow detailed reporting at transaction level for audit purposes.
  If GRC is not implemented with your client then any additional access which is resulting in SoD, there has to a proper documentation of temporary access assignment to users(For Audit purpose). Mitigation control should be documented and submitted by the supervisor of the user to the SoD team to ensure proper compliance is in place for the additional access provided to the user.
  Thanks.
  Anjan

• Download SAP GRC for ECC 6.0

  How can I download SAP GRC for ECC 6.0?

  GRC applications comprise Access Control, Process Control, Global Trade Service, Environmental Compliance, Environment Health & Service, Risk Management, etc.
  The software license for these applications scales with the licensing organization's revenue or an equivalent metric.
  You'll obtain a quotation from your account manager.

• SAP GRC 5.3 CUP: Approver Determinator "Super Access Owner"

  Hi,
  when configuring a stage, a standard approver determinator called "Super Access Owner" could be selected.My question is where to specify the Super Access Owner in SAP GRC CUP? In the Config Guide of SAP GRC AC 5.3 a hint explains on page 145
  "If you select Superuser Access Owner as the approver determinator, the system
  fetches the configured owner from the SAP system where the Superuser Privilege
  Management is installed and assigns the request to that particular approver." 
  I do not really unterstand where to specifiy. Is it the former FireFighter in the backend.
  Did anybody user this Approver Determinator already?
  Thank you in advance.
  Marco

  Hi Marco,
  Yes this approver is defined in the backend Firefighter which is now Super User Privelege Management. The Firefighter ID owner will be taken as the approver if we select Super User Access Owner in the CUP request. This option is basically being provided for  Integration of Compliant User Provisioning and Super User Privelege Management for SAP GRC AC 5.3. You may now create a request to assign a Firefighter ID to a Firefighter in CUP and do not need to go to SPM for the same.
  In case you do not want to use this approver, please create a Custom Approver Determinator for the same.
  Hope this helps.
  Harleen

• SAP GRC 5.3 - Do I need to install all tools initially

  Hi,
  I am looking into installing SAP GRC 5.3. At the moment we only want to use Risk Analysis and Remediation (RAR), Superuser Privilege Manager (SPM) and Risk Terminator. However we may want to implement CUP and ERM at a later stage as part of a seperate project. I am looking for some advice on how we should approach the install. Should we install all components initially or can they be easily installed and configured at a later stage?
  Thanks,
  Gary

  Hi Gary,
  SAP GRC Access Control comes with all four components like RAR,CUP,ERM& SPM.According to your organization's need you may configure the components which you want initially. Later on you may plan to configure other components.
  I am looking for some advice on how we should approach the install. Should we install all components initially or can they be easily installed and configured at a later stage?
  It's recommended by SAP to deploy all four components.
  Regards,
  Mohit

• Enterprise Risk Management Approach in SAP GRC

  Hi All,
  Can you please let me know  as to what is the approach followed for implementation of  Enterprise Risk Management (ERM) in SAP GRC.  Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
  Regards
  Vivek

  Dear Vivek,
  While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
  The process covered by GRC Risk management includes the following steps:
  -Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
  -Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
  -Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
  -Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
  The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
  -A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
  -Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
  Step 1: You maintain the Risk structure
  1. You set up the organizational hierarchy
  2. You set up the Activity Hierarchy
  3. You set up the Risk Hierarchy
  Step 2: You perform the Risk Assessment
  1. You identify the risks
  2. You analyze the risks
  3. You respond to risks
  4. You document the Incidents
  Step 3: You analyze risk reports
  1. You generate risk reports
  2. You report the incidents
  Step 4: You analyze the dashboards
  Refer SAP documentation on GRC for more information.
  Regards,
  Naveen.

• SAP GRC NF-e 10.0: Erro na interface NFB2B_procNFe_IB (contendo CDATA)

  Olá a todos.
  Poderiam por gentileza me ajudar com a questão abaixo?
  Estou com o seguinte problema na interface NFB2B_procNFe_IB do SAP GRC NF-e 10.0 (Support Package 15):
  Recebemos uma série de XML's de montadoras de automóveis que contém informações adicionais nas tags <infAdProd> e <infCpl>, como por exemplo:
    <infAdProd>VLR. PIS R$ 6,81 VLR. COFINS R$ 31,44<![CDATA[<ID ITEM=005115/><PED=4500159772/> <UM=PC/>]]></infAdProd>
  Porém ao inserir essa mensagem na interface NFB2B_procNFe_IB, a interface interpreta da seguinte forma:
      <infAdProd>VLR. PIS R$ 6,81 VLR. COFINS R$ 31,44
        <![CDATA[
          <ID ITEM=005115/>
          <PED=4500159772/>
          <UM=PC/>]]>
          </infAdProd>
  Sendo assim, ocorre o erro abaixo:
  <nm:ExchangeFaultDataExt xmlns:nm="http://sap.com/xi/NFE/common" xmlns:prx="urn:sap.com:proxy:NED:/1SAI/TAS8DFA2846CCAA9B6570C6:702">
    <faultText>Erro durante a transformação: Fim de elemento '{http://www.portalfiscal.inf.br/nfe}infAdProd' esperado programa: /1SAI/SAS6F90159886715E7C4560 caminho: nfeProc(1)NFe(1)infNFe(1)det(4)infAdProd(3)ID(1)</faultText>
    </nm:ExchangeFaultDataExt>
  Sei que temos algumas opções como:
  1. Alterar o XML no mapping do PI; (Funcionaria com mensagens processadas através do PI, mas não conseguiria inserir um XML manualmente via SE80)
  2. Alterar o XML no ABAP ao executar a classe /XNFE/CL_006NFB2B_PROC_NFE_IB; (Fazer algum replace nesses caracteres "<" e ">" por "&lt;" "&gt;"
  Mas como fazer isso sem danificar a assinatura do XML que já está assinado e autorizado na SEFAZ?
  Existe alguma nota SAP para corrigir esse problema?
  Agradeço desde já a atenção.
  Rodrigo Costa.

  Felipe,
  também tive o mesmo problema do lado do NTB2B_procNFe_OB. Tentei de várias formas transformar o XML para ficar aderente ao cliente, porém o PI sempre alterava o XML (possivelmente devido ao encoding).
  Vi muitos posts sobre o tema, mas ainda quando era o GRC NF-e 1.0, com a assinatura no Java. Para o GRC 10.0 não funciona, pois quando o xml chega no PI, o mesmo já está assinado, portanto não se pode alterar nada.
  A solução foi para nesses casos específicos enviar o xml através do ECC mesmo.
  Mas para o NFB2B_procNFe_IB ainda sem solução.
  Abs.
  Rodrigo.

• SAP GRC NFE não processa NFE's com itens que possuam diferentes alíquotas de IPI.

  SAP GRC NFE não processa NFE's com itens que possuam diferentes alíquotas de IPI.
  Alguém sabe se esse problema já foi resolvido ou conhece um contorno para essa situação ?
  Desde a implantação em junho de 2013 não conseguimos processar notas que possuem itens com diferentes aliquotas de IPI.

  Bom dia Fernando (que bom te encontrar aqui também :-)!
  Então, o Denny da SAP Alemanha me retornou dizendo que temos que instalar o XI Content SLL-NFE 10.0 e criar novamente os cenários da NF-e.
  Eu estou entrando em contato com o nosso Basis que fica em Lima para ver se é possível que ele instale este componente, para que eu crie novamente os cenários da NF-e (extensão _900).
  Após a recriação dos cenários, será que eu consigo reenviar as NF-e de teste novamente ou terei que estornar os documentos e fazer os processos novamente?
  Obrigado pela ajuda!
  Att.
  Daniel

• SAP SP necessária para suportar os componentes para o SAP GRC NFE 1.0 no XI

  oi,
  Como estamos atualizando as nossas caixas de XI de SAP XI SAP PI 3.0 para 7,11, verificando o SLD notamos que Nota Fiscal componente de software está disponível. Assim, a pergunta é o que é que os Service Packs do sistema fonte precisa ter, a fim de fornecer todos os componentes necessários para a NF-e?
  temos dois sistemas de fonte da qual enviamos os dados para XI, você pode sugerir o que é o pacote de serviços adequados para apoiar SAP GRC NFE 1.0 no XI
  1> 6,0 SAP ECC, SP, 14
  EHP 2, Nível 2
  PI_Basis = 2005_1_700, Level 14
  ST = PI 2008_1_700 Nível 2
  2> 6,0 SAP ECC, EHP 4
  Muito obrigado

  Ola, vi o seu e-mail mas resolvi responder por aqui!
  Na realidade, se voce for realmente trabalhar com o GRC, dependendo da secretaria da fazenda que voce ira trabalhar aconselhor que voce aplique o sp15 no grc, consule SAP Note 1487119, nessa nota haverao todos os procedimentos necessarios.
  Como haviamos falado anteriormente por e-mail, seria necessario, caso vc realmente queira trabalhar com o GRC a aplicacao de algumas notas tecnicas no proprio GRC.
  1477834     XML Layout Version 2.00: Missing parameters in NF-e BAdI
  1487119     SAPK-10015INSLLNFE: Support Package 15 for SLL-NFE
  1496216     Rejection of NFe because of wrong data type of date fields
  1499921     Problem with validation after implementing SP15
  1498700     Problem on signing NF-e
  1497767     Fill field qTrib for new layout version 2.0
  1500046     Upgrade validation rule for field ID for version 2.0
  1500742     Adjust validation for field NADICAO and NSEQADIC layout 2.00
  1501545     Problems in trying to see a XML in the IE
  1502612     Select the NFe Status Check Service for Incoming B2B message
  1502217     Extend validation rules for <DI>/<adi>, layout 2.00
  Sem mais, precisando me mais ajuda avise

• SAP GRC NFE

  Hello,
  eu estou trabalhando no electronica fiscal de Nota. Nós temos seguintes sistemas: --
  SAP R/3 -
  SAP GRC NFE--JAVA (assinaturas digitais)-SAP NETWEAVER PI/XI -
  As AUTORIDADES (PARA A AUTORIZAÇÃO)
  como eu verificam a conexão entre estes sistemas. Como eu sei uma comunicação existe entre
  SAP GRC NFE--JAVA (assinaturas digitais)-SAP NETWEAVER PI/XI -
  A conexão das AUTORIDADES (PARA A AUTORIZAÇÃO)
  foi feita já com sucesso entre SAP R/3 E SAP GRC NFE através do RFC.
  Por favor ajuda.
  Agradecimentos adiantado,
  Honey

  Bom dia Honey,
  Além da comunicação entre os sistemas, você deve customizar as Sefaz-es e também os CNPJs na SPRO do GRC.
  Acompanhe as telas aqui:
  SAP GRC NFE 1.0 - New Solution Introduction & Implemention Best Practices
  Você pode testar o serviço assinador (java) diretamente pelo web service:
  Web Service Navigator
  Leonardo deu uma boa dica para testar o customizing dos serviços e comunicação com o sistema externo (Sefaz).
  Atenciosamente, Fernando Da Ró

• SAP GRC NF-e 10.0 - Problema durante Upgrade (mensagem /XNFE/APP 011)

  Boa tarde a todos!
  Realizamos o "Upgrade" do SAP GRC NF-e da versão 1.0 para a versão 10.0 (SLL-NFE 900, nível 0008) e estamos convivendo com um problema em uma mensagem XML do PI.
  Na transação SXMB_MONI, monitor de mensagens processadas, ao filtrar por mensagens com SELSTAT = 017 Application Error - Manual Restart Possible, encontramos problemas em mensagens do seguinte tipo:
  Sender: BATCH_BatchProcess_006
  Receiver: CLNT100TND (Mandante 100 do Sistema TND)
  Receiver Interface Namespace: http://sap.com/xi/NFE/006
  Receiver Interface: BATCH_nfeRecepcaoLoteResponse_IB
  Para estes, quando vou até o detalhe da mensagem e seleciono "Call Inbound Proxy" (com status vermelho), em "Payloads", vejo o erro "Não existe ID de lote  000000000000000".
  Pelo que vi na tabela T100, a mensagem se refere ao código /XNFE/APP, número 011.
  Por que será que está acontecendo este erro? Alguém já vivenciou esta situação antes?
  P.S.: Já abri chamado na SAP e eles encaminharam o problema para a SAP Alemanha...
  Obrigado,
  Daniel

  Bom dia Fernando (que bom te encontrar aqui também :-)!
  Então, o Denny da SAP Alemanha me retornou dizendo que temos que instalar o XI Content SLL-NFE 10.0 e criar novamente os cenários da NF-e.
  Eu estou entrando em contato com o nosso Basis que fica em Lima para ver se é possível que ele instale este componente, para que eu crie novamente os cenários da NF-e (extensão _900).
  Após a recriação dos cenários, será que eu consigo reenviar as NF-e de teste novamente ou terei que estornar os documentos e fazer os processos novamente?
  Obrigado pela ajuda!
  Att.
  Daniel

• List of Issues/ problems in SAP GRC AC 5.3 Implementation

  Hello,
  Can anyone provide me with the list of most commonly occurring problems related to
  1- SAP GRC Suite Installation
  2- RAR Module implementation
  3- CUP Module implementation
  4- ERM Module implementation
  5- SPM Module implementation
  6- SAP PC 2.5 implementation
  7- SAP RT Module implementation
  8- SAP GRC Suite Upgradation.
  Thanks in advance!!!

  Hi Abdul,
  As such there are no issues in implemeting the AC modules.
  Just make sure that you undeploy previously installed SP before deploying the new Support packages.
  1. You have to upload the initial file (xml files) again in CUP and ERM. These files should be corresponding to latest support pack.
  2. upload the CC 53_Messages.txt file in RAR with every upgrade.
  Also restart the server after deploying any following the above steps.
  For RT you can follow the note 1225960, 1060673 and make sure to restart the server after configuring the SAP Adapter.
  Regards,
  shweta

• Can SAP GRC AC 5.3 connect without any problem with SAP R/3 4.7 Enterprise?

  hello,
  I went to the PAM in the SAP Marketplace to see if SAP GRC AC 5.3 could connect to SAP R/3 4.7 Enterprise but I can't see all the "Add-On Product Version for...", it's cut off.
  Can SAP GRC AC 5.3 connect without any problem with SAP R/3 4.7 Enterprise?
  If I can't is there any proof about it? I have to show it to a client.
  Best Regards,
  Pablo Mortera,

  Pablo,
  GRC AC 5.3 works perfectly fine with SAP's R/3 4.6c, mySAP ERP 4.7 and ECC systems. In fact we have two 4.7 Enterprise systems connected to GRC AC 5.3 system.
  You can get the details of supported SAP ERP systems under prerequisite section of Info page of GRC AC 5.3 , it can be accessed on marketplace at -
  Downloads-->Installations and Upgrades - Entry by Application Group > SAP Solutions for Governance, Risk, and Compliance>SAP GRC Access Control>SAP GRC ACCESS CONTROL>SAP GRC ACCESS CONTROL 5.3
  Just ensure to have proper BASIS and ABAP support pack level as mentioned in prerequisites.
  Regards,
  Amol

• Nota fiscal send from R/3 to SAP GRC NFE

  Hello Everyone,
  We have send NFe from sap r/3 to sap grc nfe thru RFC . We cannot trace in GRC .
  What could be the possible error .
  please help.
  Honey

  Hi Honey,
  If configuration is correct on R/3 you can see the received data on tables /xnfe/nfehd (header), /xnfe/nfeit (item) and /xnfe/nfe_hist (history).
  A good approuch to you check what system is being called is put a break-point before R/3 call GRC on the end of function J_1B_NF_MAP_TO_XML or include LJ_1B_NFEF42.
  You can easily start debug on R/3 and follow inside GRC automatically when debugging, but the user of RFC need to be DIALOG and have debug rights. It's not possible do it with a service user.
  Check if the correct FM is being called /xnfe/nfe_create, for other messaging system the FM is J_1B_NFE_XML_OUT (if customizations is wrong you will check this error on ST22 on GRC).
  Kind regards, Fernando Da Ros

• SAP GRC 10.0 on ECC

  Hi Guys,
  We are planning on implementing SAP GRC 10.0. Our Basis guy has suggested that we can use ECC (EHP 6) box for installing the add on(GRCFND_A) component for it. The reason for this is to avoid adding another system to the landscape and to reduce the cost of implementation
  Are there any known issues using this approach?
  Thanks in advance,
  Silver

  Hi
  the GRC project is totally IT driven.
  I get why you are having to drive this - especially when you have to respond to audit requirements and your focus is on support processes.
  However, GRC is all about business risk management - Governance, Risk and Compliance (well internal controls). The GRC System is just the tool to manage this. Without business buy in how is this going to be successful? Who will review business process to determine what a risk is? Who in a senior leadership position will determine what risks are acceptable? Who will determine appropriate controls, report on them, and more importantly enforce them? Who in a leadership position will champion the project and support why a user must work a certain why (including access removed from them)?
  I get that you are focussing on a POC and trying to minimise cost but what happens post POC? I've given recommendations where I've said don't put in GRC until you sort your process and culture. I've done this as much as the innner techy in me knows I won't get to play with a new toy because without all the business buy-in you will have a system built and deployed that gives you a false sense of security when it comes to managing access controls.
  Another way to look at the SP issues - what happens if it's on ECC and the functional team (aka the business representatives) demand an SP increase for their functionality? They proceed to increase SP and now your functionality stops working.. which then impacts the business as you can't process their access requests and give them timely access to the system (assume this is your business case). Are your basis team going to tell the business that they can't have the SP stack increase because IT needs the system on a certain level and they need to wait until next time it's compatible?
  Good luck with your POC. I understand it will allow you to use the tool and check what will work for the business. If you are still undecided on system landscape post POC, take care in having that decision made for you. As you go down the POC path and time runs out the project may move from POC to design/build and now that it's working there will be reluctance to move it to a separate system.
  Regards
  Colleen