SAP GRC PC 10.1 Policy Management
Hi Gurus,
I am performing a Policy Management Cycle in SAP GRC PC 10.1, and I find the following problem. The approver receives in the Workinbox the notification for perform the approval of the policy, and, if he decide Send to Rework, no one receives the rework, but if I activate a fallback user, he receives everything
I configured the following business events in the SPRO Actibity : "Maintain Custom Agent Determination Rules".
Business
Event
Role
Entity ID
Subtype
Business Event
Name
0FN_AHISSUE_DEFAULT_PRC
1
SAP_GRC_SPC_CRS_POLICY_OWNER
POLICY
Default processor for ad-hoc issue
0FN_AHISSUE_DEFAULT_PRC
1
SAP_GRC_SPC_GLOBAL_ORG_OWNER
ORGUNIT
Default processor for ad-hoc issue
0FN_POLICY_APPROVE
1
SAP_GRC_SPC_CRS_PLC_APPR
POLICY
Approve policy
0FN_POLICY_DEFAULT_APPR
1
SAP_GRC_SPC_GLOBAL_ORG_OWNER
ORGUNIT
Default apporver for policy
0FN_POLICY_DEFAULT_APPR
2
SAP_GRC_SPC_GLOBAL_ORG_ADMIN
ORGUNIT
Default apporver for policy
0FN_POLICY_REVIEW
1
SAP_GRC_SPC_CRS_PLC_REVIEW
POLICY
Review policy
0FN_ISSUE_NOTIFY
1
SAP_GRC_SPC_CRS_POLICY_OWNER
POLICY
Send notification to object owner
I am working with a copy of the standard roles, so I configure the table with the copy of these roles.
In the transaction SWIA an error appears which says in field Executed Action: "No Action". I am wondering if maybe it could happens because user WF_BATCH (user used for the workflow) doen't have enought authorizations.
I also test it in the sandbox and it works perfect (without fallback and with SAP_ALL in WF_BATCH user).
Some help will be appreciated.
Thanks!
Hello Giridhar,
What parameters are you referring to?
You meant the parameters in General Configuration in AC?
Best Regards,
Fernando
Similar Messages
-
SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode
Hi everyone,
In SAP GRC 10.0 Risk Management Support Package 7, we need to assess a corporate risk by performing an automatic analysis aggregation based on a scoring analysis profile.
The problem is that corporate risks must be created based on a forecasting horizon.
So, can we create forecasting horizons with scoring analysis mode? How? Must be enabled through customizing or applying a SAP note?
Best Regards,
Chema TravesoHi,
I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery. -
Enterprise Risk Management Approach in SAP GRC
Hi All,
Can you please let me know as to what is the approach followed for implementation of Enterprise Risk Management (ERM) in SAP GRC. Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
Regards
VivekDear Vivek,
While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
The process covered by GRC Risk management includes the following steps:
-Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
-Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
-Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
-Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
-A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
-Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
Step 1: You maintain the Risk structure
1. You set up the organizational hierarchy
2. You set up the Activity Hierarchy
3. You set up the Risk Hierarchy
Step 2: You perform the Risk Assessment
1. You identify the risks
2. You analyze the risks
3. You respond to risks
4. You document the Incidents
Step 3: You analyze risk reports
1. You generate risk reports
2. You report the incidents
Step 4: You analyze the dashboards
Refer SAP documentation on GRC for more information.
Regards,
Naveen. -
Solution Manager and a SAP GRC AC 5.3
Hello,
We have a Solution Manager and a SAP GRC AC 5.3
We ant to know if somebody knows how to connect or the architecture os infrastructure to connect the Solution MAnager with the GRC.
What we have to do is... If someone in the Solman does a user or role request, the SAP GRC gets this request and begins the necesary workflows.
I need help
Best regards.
Pablo Mortera.Hi,
As per your requirement, you want that the request should be automatically trigerred from Solman to GRC.
In GRC, CUP is used to provision the user and roles. The request can directly be created in CUP by a functionality known as HR triggers however this requires SAP_HR module which is not present in Solman.
So it is not possible to create request directly from solman. User can login to CUP and then can create the request for his login.
Regards,
Shweta -
Integrate external identity management solution in SAP GRC Access Control
We need to integrate an external identity management solution into SAP GRC Access Enforcer. Some white paper mention extensibility is provided by web services. It seems that none of these web services are documented. Does anybody have infos about these services and documentation. Any hint is appreciated.
thanks
DetlefUnfortunately Access Enforcer doesn't implement a number of critical requirements and implementing it "as is" would be a lot of steps backwards in our process.
what do the published webservices do? Is there any documentation about them?
In a part of our process, we must manually pick the current roles(1), the pending roles(2) (roles that were approved but not given due to training prerequisites) and the requested new roles(3) and make the simulation in the VCC.
The information (1) and (2) and (3) we have in our internal system, the information (1) we have inside VCC and (2) and(3) must be manually inputted by the operator to run the simulations. Since this operation is repeated 6000+ times a month in my company, eliminating this manual input will cause a great gain in efficiency.
Other thing that we want to do is to create a job where it would automatically desassociate the mitigating controls if the user does not have the risks anymore (users can lose roles automatically in some events here, so it would be coherent that the user also loses the associated mitigating controls)
IMHO as a former programmer, these are classic cases where I would like to consume some webservices for this tasks to avoid a lot of ctrc ctrlv from the operators (inefficient and error prone)
VCC has any documentation that would help me to find how I would do this integrations?
Thanks in advance -
CAreer in SAP BASIS comaprision with SAP GRC/Security
Hi Everyone,
I am an SAP BASIS consultant with 2 years of experience working in a MNC company,
I want to change my career to SAP GRC/SAP Security, i have some basic knowledge on SAP Security,
COuld you please advice me, which one to choose,?
Does SAP GRC/Security has demand , and can we get oportunities to work abroad compared to SAP BASIS ?
which one has more scope SAP BASIS or SAP Security/GRC ?
Because in BASIS, i am not getting enough scope to work on some good things like Installation, upgrades, Migration,
i am doing a very basic kind of work like tranports, job scheduling, monitoring, and other small activities ?
So request you people to advice me ?
<removed_by_moderator>
Read the "Rules of Engagement"
regards
Rakesh Rao
Message was edited by: Juan ReyesHi Rakesh
I saw your post in GRC and was waiting of it to appear here
First up - 2 years is still junior. You may find batch jobs, transports, monitoring, etc all mundane but it is a foundation and learning ground work and foundations to being a good Basis Administration. And one things for sure, an awesome basic (I name my best-techy-friend) makes a huge difference on project timelines and deliverables for the rest of us.
Installation and Upgrades come with time. Whilst still performing junior tasks you could focus on reading up on approaches in case an opportunity in your job comes us and be prepared to prove to your management that you are ready for a bigger responsibility.
Switching to GRC/Security would be pointless unless you have a desire to learn GRC or Security. These are my background and they are undervalued until things go wrong (insurance policy in a way).
If you do switch you will reset your 2 years of domain experience back to 0 and you will start off with password resets and basic user administration
It takes time to work through the ranks. It was 3 years before I got to build my first role. I spent my first few years in security on email chasing approvals, password resets, user account creation, running reports for audit - sounds familiar to what you are doing now?
You have to master the basics before you are trusted and ready for the more complex activities. By knowing what you are doing now you will be more successful when the time comes to step up and do migrations, upgrades and installations. Support production by mastering you technical analysis skills is how you can break through being a fresher/junior
Regards
Colleen
Ps - if your motivation is more than "good things" happy to answer questions specific to security and GRC.
Also, boring doesn't mean it can't get interesting nor does it mean it's a worthless activity: SPAU transport imported before patching!!
Message was edited by: Colleen Lee
Added link for when transports go bad -
500 Internal Server Error in GRC 5.3 Enterprise Role Management
Hi All;
We've installed Sap GRC Access Control 5.2 on Sap Netweaver 7.0.
We installed SAP NetWeaver 7.0 (2004s)
SAP Internet Graphics Service (SAP IGS)
VIRCC00_0.SCA -SP15
VIRAE00_0.SCA -SP15
VIRRE00_0.SCA -SP15
VIRFF00_0.SCA -SP15
VIRSANH -SP15
VIRACCNTNT.SAR-SP15
Our sp levels are for abap side;
SAP_ABA 700 0014
SAP_BASIS 700 0014
PI_BASIS 2005_1_700 0014
SAP_BW 700 0016
VIRSANH 530_700 0015
When we started to configure the components according to the Configuration Guide,In Enterprise Role Management part,i want to do the Configuring Risk Analysis Integration with RAR but on the CONFIGURATION tab when i navigate to the Miscellaneous,the page gives me the error message :
"500 Internal Server Error
SAP J2EE Engine/7.00
Application error occurred during request processing.
Details: java.lang.NullPointerException: null
The logs are;
#1.5 #0050568C003D006800000011000026540004A12E73AF8A7C#1303120788268#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager#sap.com/irj#com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias#J2EE_GUEST#0##n/a##98478fc069a211e0cef50050568c003d#Thread[ConfigurationEventDispatcher,5,SAPEngine_Application_Thread[impl:3]_Group]##0#0#Error##Plain###
[BEGIN] Exception -
javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content [Root exception is javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content]
at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:407)
at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1248)
at com.sapportals.portal.pcd.gl.PcdProxyContext.basicContextLookup(PcdProxyContext.java:1254)
at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookupLink(PcdProxyContext.java:1353)
at com.sapportals.portal.pcd.gl.PcdProxyContext.proxyLookup(PcdProxyContext.java:1300)
at com.sapportals.portal.pcd.gl.PcdProxyContext.lookup(PcdProxyContext.java:1067)
at com.sapportals.portal.pcd.gl.PcdGlContext.lookup(PcdGlContext.java:68)
at com.sapportals.portal.pcd.gl.PcdURLContext.lookup(PcdURLContext.java:238)
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.addDefaultAlias(SCFSystemManager.java:239)
at com.sap.ip.collaboration.sync.impl.scf.usermanagement.SCFSystemManager.doAliasOperations(SCFSystemManager.java:111)
at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfiguration.refreshCache(ServiceRegistryConfiguration.java:203)
at com.sap.ip.collaboration.sync.impl.scf.config.ServiceRegistryConfigEventListener.refreshConfigCache(ServiceRegistryConfigEventListener.java:13)
at com.sap.ip.collaboration.sync.impl.scf.config.AbstractConfigEventListener.configEvent(AbstractConfigEventListener.java:28)
at com.sapportals.config.event.ConfigEventService.dispatchEvent(ConfigEventService.java:227)
at com.sapportals.config.event.ConfigEventService.configEvent(ConfigEventService.java:112)
at com.sapportals.config.event.ConfigEventDispatcher.callConfigListeners(ConfigEventDispatcher.java:308)
at com.sapportals.config.event.ConfigEventDispatcher.flushEvents(ConfigEventDispatcher.java:251)
at com.sapportals.config.event.ConfigEventDispatcher.run(ConfigEventDispatcher.java:110)
Caused by: javax.naming.NameNotFoundException: Child not found: Collaboration_Integration_WebEx at portal_content
at com.sapportals.portal.pcd.gl.xfs.XfsContext.getChildAtomicName(XfsContext.java:431)
at com.sapportals.portal.pcd.gl.xfs.XfsContext.lookupAtomicName(XfsContext.java:235)
at com.sapportals.portal.pcd.gl.xfs.BasicContext.lookup(BasicContext.java:919)
at com.sapportals.portal.pcd.gl.PcdPersContext.lookup(PcdPersContext.java:387)
at com.sapportals.portal.pcd.gl.PcdFilterContext.filterLookup(PcdFilterContext.java:403)
... 18 more
[END] Exception -
Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]"
#1.5 #0050568C003D006D000000A7000026540004A12E79B6901C#1303120889408#System.err#sap.com/tc~kw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Info: FrontController: app init failed ...
#1.5 #0050568C003D006D000000A8000026540004A12E79B6925E#1303120889408#System.err#sap.com/tckw_tc#System.err#J2EE_GUEST#0##n/a##9ea951f069a211e0c6f00050568c003d#SAPEngine_Application_Thread[impl:3]_39##0#0#Error##Plain###Apr 18, 2011 1:01:29 PM com.sap.kw.framework.FrontController [SAPEngine_Application_Thread[impl:3]_39] Path: Caught java.lang.NullPointerException: FATAL ERROR: Could not load E:
usr
sap
MGD
DVEBMGS00
j2ee
cluster
server0
apps
sap.com
tckw_tc
servlet_jsp
SAPIKS2
root
WEB-INF
ApplConfig.xml
at com.sap.kw.framework.XMLConfiguration.<init>(XMLConfiguration.java:53)
at com.sap.kw.actions.ApplConfig.init(ApplConfig.java:83)
at com.sap.kw.framework.FrontController.init(FrontController.java:222)
at com.sap.engine.services.servlets_jsp.server.runtime.context.WebComponents.addServlet(WebComponents.java:139)
at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.loadServlets(ApplicationThreadInitializer.java:386)
at com.sap.engine.services.servlets_jsp.server.container.ApplicationThreadInitializer.run(ApplicationThreadInitializer.java:110)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
#1.5 #0050568C003D007200000021000026540004A12E7AD53183#1303120908190#com.sap.slm.exec.message.SLMApplication#sap.com/tcslmslmapp#com.sap.slm.exec.message.SLMApplication#J2EE_GUEST#0##n/a##a061141069a211e0890c0050568c003d#SAPEngine_Application_Thread[impl:3]_32##0#0#Error##Java###"CfgObjectLoadVisitor" cannot load com.sap.slm.util.config.objects.CfgSDTServer from SLM configuration. Cannot read configuration in path ''SLM''##
#1.5 #0050568C003D001B00000002000026540004A12E7B3058F9#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Location :<com.sap.sl.ut> is initialized!#
#1.5 #0050568C003D001B00000004000026540004A12E7B3059B1#1303120914164#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain### Cotegory :</System/Server> is initialized and bound to Location: <com.sap.sl.ut>#
#1.5 #0050568C003D001B00000006000026540004A12E7B3076F4#1303120914172#com.sap.sl.ut##com.sap.sl.ut####n/a##e362b43069a211e0c20e0050568c003d#SAPEngine_System_Thread[impl:5]_29##0#0#Info#1#/System/Server#Plain###Establishing db connection...#
#1.5 #0050568C003D002400000297000026540004A12E7CC1E87F#1303120940477#com.sap.portal.prt.sapj2ee.error##com.sap.portal.prt.sapj2ee.error####n/a##39c1422069a211e08b030050568c003d#SAPEngine_System_Thread[impl:5]_86##0#0#Error#1#/System/Server#Java###Exception while starting: sap.com/ccxsysbgear
[EXCEPTION]
#1#com.sap.engine.services.deploy.container.DeploymentException: <Localization failed: ResourceBundle='com.sap.engine.services.deploy.DeployResourceBundle', ID='Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Exception while starting: SAPJ2EE::sap.com/grc~ccxsysejbear
at com.sap.portal.prt.sapj2ee.SAPJ2EEPortalRuntime.getAndStartSAPJ2EEApplicationItem(SAPJ2EEPortalRuntime.java:876)
at com.sap.portal.prt.sapj2ee.PortalRuntimeContainer.prepareStart(PortalRuntimeContainer.java:511)
at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4361)
at com.sap.engine.services.deploy.server.ReferenceResolver.processReferenceToApplication(ReferenceResolver.java:589)
at com.sap.engine.services.deploy.server.ReferenceResolver.processMakeReference(ReferenceResolver.java:399)
at com.sap.engine.services.deploy.server.ReferenceResolver.beforeStartingApplication(ReferenceResolver.java:328)
at com.sap.engine.services.deploy.server.application.StartTransaction.beginCommon(StartTransaction.java:162)
at com.sap.engine.services.deploy.server.application.StartTransaction.beginLocal(StartTransaction.java:141)
at com.sap.engine.services.deploy.server.application.ApplicationTransaction.makeAllPhasesLocal(ApplicationTransaction.java:356)
at com.sap.engine.services.deploy.server.application.ParallelAdapter.runInTheSameThread(ParallelAdapter.java:132)
at com.sap.engine.services.deploy.server.application.ParallelAdapter.makeAllPhasesLocalAndWait(ParallelAdapter.java:250)
at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationLocalAndWait(DeployServiceImpl.java:4450)
at com.sap.engine.services.deploy.server.DeployServiceImpl.startApplicationsInitially(DeployServiceImpl.java:2610)
at com.sap.engine.services.deploy.server.DeployServiceImpl.clusterElementReady(DeployServiceImpl.java:2464)
at com.sap.engine.services.deploy.server.ClusterServicesAdapter.containerStarted(ClusterServicesAdapter.java:42)
at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.processEvent(ContainerEventListenerWrapper.java:144)
at com.sap.engine.core.service630.container.AdminContainerEventListenerWrapper.processEvent(AdminContainerEventListenerWrapper.java:19)
at com.sap.engine.core.service630.container.ContainerEventListenerWrapper.run(ContainerEventListenerWrapper.java:102)
at com.sap.engine.frame.core.thread.Task.run(Task.java:64)
at com.sap.engine.core.thread.impl5.SingleThread.execute(SingleThread.java:81)
at com.sap.engine.core.thread.impl5.SingleThread.run(SingleThread.java:152)
Caused by: com.sapportals.portal.prt.runtime.PortalRuntimeException: [ExternalApplicationItem.prepare]: SAPJ2EE::sap.com/grc~ccxsysejbear
at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:188)
at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.prepare(SAPJ2EEApplicationItem.java:232)
at com.sapportals.portal.prt.core.broker.SAPJ2EEApplicationItem.start(SAPJ2EEApplicationItem.java:192)
at com.sapportals.portal.prt.service.sapj2ee.Mediator.getAndStartExternalApplication(Mediator.java:132)
at com.sap.portal.prt.sapj2ee.StartPortalApplication.coreRun(StartPortalApplication.java:59)
at com.sap.portal.prt.sapj2ee.StartPortalApplication.run(StartPortalApplication.java:36)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.sapportals.portal.prt.core.broker.PortalApplicationNotFoundException: Could not find portal application ccxsysbgear
at com.sapportals.portal.prt.core.broker.PortalApplicationItem.prepare(PortalApplicationItem.java:415)
at com.sapportals.portal.prt.core.broker.ExternalApplicationItem.prepare(ExternalApplicationItem.java:180)
... 9 more
#1.5 #0050568C003D00750000003B000026540004A12E88C693CF#1303121142088#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#sap.com/grc~reear#com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl#J2EE_ADMIN#117##YDSAPGRC_MGD_2172750#J2EE_ADMIN#4bfa377069a311e0b9230050568c003d#SAPEngine_Application_Thread[impl:3]_1##0#0#Error#1#/System/Server/WebRequests#Plain###application [RE] Processing HTTP request to servlet [REController] finished with error.
The error is: java.lang.NullPointerException: null
Exception id: [0050568C003D007500000039000026540004A12E88C68DAE]#
waiting for your responses as soon as possible because the system has to be up and running till wednesday.
Tahnx in advanceHi Bilge,
did you put your text in a blender before sending it?
I understood everything works fine except the miscellaneous menu item in the configuration tab of ERM?
Have you already tried to clear all browser cache, close all browsers and try it again?
Best,
Frank -
Hi Guys,
We are planning on implementing SAP GRC 10.0. Our Basis guy has suggested that we can use ECC (EHP 6) box for installing the add on(GRCFND_A) component for it. The reason for this is to avoid adding another system to the landscape and to reduce the cost of implementation
Are there any known issues using this approach?
Thanks in advance,
SilverHi
the GRC project is totally IT driven.
I get why you are having to drive this - especially when you have to respond to audit requirements and your focus is on support processes.
However, GRC is all about business risk management - Governance, Risk and Compliance (well internal controls). The GRC System is just the tool to manage this. Without business buy in how is this going to be successful? Who will review business process to determine what a risk is? Who in a senior leadership position will determine what risks are acceptable? Who will determine appropriate controls, report on them, and more importantly enforce them? Who in a leadership position will champion the project and support why a user must work a certain why (including access removed from them)?
I get that you are focussing on a POC and trying to minimise cost but what happens post POC? I've given recommendations where I've said don't put in GRC until you sort your process and culture. I've done this as much as the innner techy in me knows I won't get to play with a new toy because without all the business buy-in you will have a system built and deployed that gives you a false sense of security when it comes to managing access controls.
Another way to look at the SP issues - what happens if it's on ECC and the functional team (aka the business representatives) demand an SP increase for their functionality? They proceed to increase SP and now your functionality stops working.. which then impacts the business as you can't process their access requests and give them timely access to the system (assume this is your business case). Are your basis team going to tell the business that they can't have the SP stack increase because IT needs the system on a certain level and they need to wait until next time it's compatible?
Good luck with your POC. I understand it will allow you to use the tool and check what will work for the business. If you are still undecided on system landscape post POC, take care in having that decision made for you. As you go down the POC path and time runs out the project may move from POC to design/build and now that it's working there will be reluctance to move it to a separate system.
Regards
Colleen -
SAP GRC 10.0 - Risk Analysis - Define global variant
Hi Experts,
We are implementing SAP GRC 10.0 and we have a question about variant management in Access Risk Analysis.
When we saved a variant, it seems that this variant is user specific.
Is it to possible to define this variant as default for all users?
Thanks.
Best regards,
Nicolas RICHARDHi,
I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery. -
Does SAP GRC 5.3 Ramp up have complete integration with NW IDM 7.0?
Note:
We have enaged with SAP for GRC 5.3 Ramp up program and also we have the plans of integrating NW IDM 7.0 & GRC 5.3.Well, my previous project we have integrated Siteminder with AE 5.2 using Apache as the web server and its production now.
Netweaver IDM can be integrated with AE and CC.
Check out for the document.,
SAP NetWeaver® Identity Management GRC Integration
Thanks.
Regards,
Muthu Kumaran KG -
Hi Experts,
Need ur valuable suggestion..
I am getting opportunity to work on GRC module.
How is the scope for GRC Consultant in near future?? Is it very specialized module.
awaiting ur reply..
JulieHi Julie,
SAP GRC as it name states is on Governance Risk and Compliance. It has very good scope and it has below submodules:
1) Access Control
2) Process Control
3) Risk Management
4) Employee Health Security
5) Global Trade Service
The GRC module has focus on Security and compliance, which is need of the hour.
It will take some time to get exposure to all sub-modules; however expertise in sub-modules like AC, PC and RM is also highly respected.
You will get added advantage if you also have funtional experince as well.
Hope you will be able decide based on the above inputs.
regards,
Jwalant -
Alternatives to SAP GRC Tool to monitor compliance & automatic provisioning
Hello Gurus,
Not sure if this would be the right forum to ask this but surely there exist tools in the market which are viable alternatives to the SAP GRC Tool. We are a large semiconductor firm and currently manage role assignments, user provisioning and auditing manually.It is a huge cost overhead and is labor intensive.
Looking at possible alternatives?
SAP GRC Tool is a strong contender but I am trying to weigh in other options with it and their comparisons.
To your minds, what would be the biggest advantage of implementing GRC versus any other third party tool? What is the distinctive edge it provides? This is also to help me build a strong business for pushing GRC to the management.
Appreciate any thougts/ideas/suggestions, at the earliest!! Much appreciated.
-Tan
Edited by: Tania Nijhawan on Jul 21, 2011 2:19 AMHi Tania,
GRC is a convenient grouping of solutions that have been developed and acquired over time. There are pros and cons in every application and no one can say that SAP GRC is 100% best and un comparable with any other compliance product in the market.
But, I can strongly say that GRC gels well with all the SAP flavours such as ECC and BI, and it is easy to implement, incorporate, and manage.
With the introduction of GRC 10, SAP is looking at more features and easy to manage compliance solutions. I bet you can't get A to B product comparision anywhere. I rather suggest you to look at the top ten features and advantages in different products in terms of deployment, adaptability, user friendlyness etc., and opt for the right one.
Regards,
Raghu -
Download SAP GRC for ECC 6.0
How can I download SAP GRC for ECC 6.0?
GRC applications comprise Access Control, Process Control, Global Trade Service, Environmental Compliance, Environment Health & Service, Risk Management, etc.
The software license for these applications scales with the licensing organization's revenue or an equivalent metric.
You'll obtain a quotation from your account manager. -
Hello,
My name is Vijay and I am from Denver, CO. I will be graduating with a Master's degree in Information Systems next month from Colorado State University. I have got a job as a ITPA Associate with a big four firm. My job description reads
1. Assisting clients in matters of Data Assurance, ERP Controls, IT Risk and Security Assurance,Data Protection and Privacy, Project Assurance, and Advanced Risk and Compliance Analytics
2. Providing ERP controls services to help audit and non-audit clients address risk and control needs around ERP systems
3. Assessing, recommending, designing and configuring controls as they relate to businessprocesses, ERP application security, and Governance, Risk and Compliance (GRC)".
4.Designing and assessing control related services around major ERP systems; and
5.Translating business requirements to efficient and integrated ERP control frameworks.
I am very new to SAP GRC. Can you please guide me through how to form a career path in SAP GRC?
Thanks,
VijayHi Vijay,
SAP GRC is good career path however you start your career basically as a sap security junior associate and finally lands up in the jobs like:
SAP Security and Controls Consultant
Senior SAP Security and Controls Consultant
SAP Security and Controls Administrator
SAP Security & GRC Consultant
SAP GRC Manager
SAP Process Controls Experts
SAP Advisory Manager - IT Risk Transformation etc.
Thanks & Regards
Subhasish -
SAP GRC Access Control - Compliance Calibrator - License Cost
Dear all,
I have some questions on Compliance Calibrator implementation.
1. Do we have to pay additional cost for the license to implement Compliance Calibrator?
2. Since SAP GRC 5.3 is just released, which one do you recommend? SAP GRC 5.2 or 5.3?
3. What would be the major difference between Compliance Calibrator in GRC 5.2 and 5.3?
Best regards,
RolandoHi Rolando-
1. Yes, there lies some license cost and the amount should not as much as taking SAP R/3 license. I am not sure of exact amount but its nominal as compared to other SAP products.
2. SAP always recommend for the latest version available and why not one would go for latest version if you are paying something for that.
Also, it depends on your existing R/3 version and its compatibility. In short run, you can choose per your existing versions but in long run everyone has to move to latest version. Say for example whoever is using SAP R/3 technology with whatever version, they all need to upgrade to ECC6.0 by 2011 with extension upto 2013. I am not sure of any such information about GRC AC though.
3. Some enhancement have been done with CC 5.3. Those features include-
1. Risk analysis for SAP Enterprise Portal and UME
2. BI integration for custom reporting
3. Reporting enhancement features include additional auditor, business manager and IT reports
4. SOD management by exception. Can be integrated with workflow.
5. Import/Export of configuration data
6. Migration scripts
7. Download and print capability on every report.
Some performance improvements-
1. Concurrent risk analysis.
2. batch mode risk analysis
3. Improved memory mgmnt etc.
Hope it gives you now some more visibility.
Cheers!
Ashok
Maybe you are looking for
-
Hey guys can anyone provide me with step by step process for a Asynchronous File to Soap scenario,i m new to XI and would really appreciate if u explain the steps a bit in detail thanx ahmad
-
I'm trying my best to understand what is happening with the gamma shifts in Quicktime, and any help is appreciated. So far I've found: Exporting Quicktime content automatically assigns it the "HD" Color profile and does not use the gamma tag. The "HD
-
Unable to merge contacts in iOS 5
I recently upgraded to Lion and also purchased an iPhone 4s. I tried syncing my contats through itunes and via the cloud, but it would not merge only overwrite. Any suggestion to get my iPhone contacts to merge with my Lion address book??
-
To populate dynamically created int table with data from other table
Hi everybody, I have already created an internal table dynamically, but now want to populate it with data from another IT depending on the plant name. My dynamic int table contains fields with plant name like '8001' ,'8002' and so on. no I want to re
-
Hi Experts, I configured Asset Accounting and uploaded assets. The Depreciation keys were also uploaded along with each asset which is standard SAP 31 days calculation. (Depreciation to the Day). Now my client saying the depreciation should be monthl