Quantcast
Channel: SCN : All Content - Governance, Risk and Compliance (SAP GRC)
Viewing all 5097 articles
Browse latest View live

SAP GRC Access Control - Useful Documents, Blogs, Resources, etc.

August 19, 2014, 7:35 am
$
0
0

This document is a collection of the most useful SAP GRC Access Control documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Processes, Lifecycles and Responsibilities

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

A lot of help from my friends

If I had it to do all over: looking back on GRC 10 projects

Lessons learned from SAP GRC projects

Remediating Access Control SoD Risks

Internal Controls - a step towards strong controls

Defining Mitigating Controls / Compensating Controls

IT Control Testing - SOX Compliance

A #GRC tool is just part of the solution

 

 

GRC General

NWBC screen layout options for GRC

Customizing NWBC for New Menus with our own Transactions, Reports and Accessing SAP Backend Systems from NWBC

Configure LaunchPad for Menus

Customizing Access request and approval screens in GRC Access Control

Issues, Bugs in GRC SP13 - Related Fixes

wiki.pngGeneral tips to help in troubleshooting scenarios

wiki.pngAccess Control Debugging tips

 

 

HR Triggers

wiki.png Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki

wiki.png GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki

Example of decision table for GRC 10 HR Trigger rule, using BRF+ tool

GRC Access Control - Compliant User Provisioning: HR Triggers

wiki.png Debugging HR Trigger - GRAC_HR_TRIGGER_EVENT_RECIEVER

wiki.png Debugging HR Trigger - Simulation

wiki.png Debugging HR Trigger - PA40 changes to infotypes

 

 

MSMP Workflows

AC 10.0 - Customizing Workflows for Access Management

MSMP - Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility

 

 

LDAP

Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control

LDAP Group parameter mapping.. what does it mean?

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Access Risk Analysis (ARA)

Rule set - Rules & Rule Types

Business Risks / Rule Set

How to set up a Configurable Business Rule

Online vs. Offline Risk Analysis

Creation of Mitigation Controls in GRC 10.0

Organizational Rules in GRC Access Control

Mass change of Mitigation Assignments

SAP GRC AC 10.0 Alerting

wiki.png The Action Usage Sync job in technical details - GRC Access Control 10.0

wiki.png The Repository - GRC Access Control 10.0 

 

 

Access Request Management (ARM)

AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls

Approve/Reject Own Requests

How to Change Subject Line in SAP GRC Email notification

Recommendations for using Business roles provisioning in access request

Configure Manager Look-Up in ARM for GRC 10

Role Search Screen Enhancement – GRC 10

Terminate Account - Request Process - GRC 10

Creating Access Request: Template Based Requests and Configuring End User Personalization forms for use with Access Requ…

GRC Request with both System and Role Line Items

Access Control 10 (ARM) – Risk Analysis Report Type is editable in Access Request.

Access Control: - Create Access Request Using Web Service in GRC10

wiki.png User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki

 

 

Business Role Management (BRM)

Maintain Default Roles in BRM GRC AC 10.1

Role Import - GRC 10

Import Role from ECC to GRC system

wiki.png Business Roles concept and usability in GRC AC10 

 

 

Emergency Access Management (EAM)

EAM - Provisioning Strategies

ID-Based Firefighting vs. Role-Based Firefighting

AC 10.0 - Centralized Emergency Access

Configure Emergency Access (EAM) in GRC 10

De-centralized EAM GRC 10.0

EAM - Approve through Wrokflow

Emergency Access Management Reporting

 

 

See also

SAP GRC Process Control - Useful Documents, Blogs, Resources, etc.

 

 

Legend

 

document.pngSAP SCN Documents
blog.pngSAP SCN Blogs
wiki.pngSAP Wiki

 

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro

Search

Access Request Email

September 5, 2014, 10:00 am
$
0
0

Hello Everyone,

 

I am configuring the EAM system in GRC 10.0. I have followed all the steps in the Post Implementation guide, and the email system is working, but the Access Requests won't go through when submitted on the NWBC. All users emails are in the system, and I have checked under SU01, and they can email to each other and external addresses, but the ARs will not send to the approver. Please let me know if you have any insight or additional information.


Thanks,

 

 

Buck

Role Analysis Report

September 5, 2014, 7:17 am
$
0
0

I'm a user of the GRC 10.0 module, and have a question around the role analysis report.  I’ve run a risk analysis violations report, and noted SoD/violations for 1169 roles, out of 35214 total roles (see attached screenshot).  That said, my understanding is that some of these ‘violations’, by risk category, could in fact be false positives? Is this correct? If correct, how do we know for certain that there are role violations for the 1169 roles? Is there another maneuver, report or analysis we can do to assure us that we’re looking at 1169 roles with real violations? Any help would be greatly appreciated. 

ARM Related Question

September 5, 2014, 6:36 am
$
0
0

Hi Experts,

 

I have one important question for you all,  suggest related to ARM

1 End user created  and submitted a request which is pending for approval

2 Approver open his inbox to take the action (approve / reject)  when he open the request, he see only the header of the request

he is unable to see the content of the request / bottom page is blank, why is not showing the content, can anyone advise me where I could resolve the issue.

 

It's highly appreciated



Shaik,

Error in RFC: Name of password is incorrect

September 5, 2014, 2:00 pm
$
0
0

Hi All,

 

I am using GRC AC 10.1 with SP06 and came across with one issue and so need your help to rectify it.

I have created one cross system groups for all deveopement clients (SAP_DEV_CG) and put all the D-clients for all the landscapes.

 

While running the risk violations reports on user level, i get to see the violations along with an error: "Risk analysis finished with error. Check log for details". SLG1 reports indicates that there is some issue with the RFC: Name or password is incorrect.

 

The error is quite clear and self explanatory that there is some issue with the RFC; but my concern is that, as I  have put multiple development clients to this group so how would i know for sure that SLG1 indicates the RFC (password/name) issue to exactly what system. It will not be feasible to go and see all the systems one-by-one. I checked the logs in detail, navigated through all the technical information but not really able to see the particular system name where the real issue is there.

SLG1.png

 

Looking forward to your quick and positive response.

 

 

Thanks,

Ameet

Log notification issue

August 20, 2014, 12:56 pm
$
0
0

Once I go to OTHER ACTIONS and click on additional information and request more information to the controller and submit the request I am not getting the log notification to my email.How to get the log notification?

Error in RFC; 'Function module "/GRCPI/GRIA_USR_GET_DETAILS" not'

September 5, 2014, 8:29 am
$
0
0

Background:  I have setup my sandbox to do the End User Logon so that guest users can come in and create access requests.  This was configured and tested and it was working.

 

Then, we connected the Active Directory system, and that is also working so that when I go in as an authenticated user (NOT END USER LOGON), and create an access request, the user data is pulled from Active Directory.

 

NOTE: First, we finished the EUL, then weeks later, we connected LDAP.  Now I am reviewing and this happens.

 

So today, I start seeing this error that's in the subject line.  I'm attaching a screenshot.

 

As the sandbox was configured and working, I haven't gone and changed anything except for the user data sources, which is pointing to LDAP.

 

I went and changed the user data sources back to what it was before, and I'm still seeing this error.

 

Not sure where to look because what info I have found appears to suggest a plug in version discrepancy.

 

We don't have the GRC plug in installed on the GRC system.  (separate question - should we have it installed on the GRC system?)

 

So ... I need some help please - this one is eluding me.

 

Thank you.

Santosh

Changing Business Process Text

September 6, 2014, 4:01 am
$
0
0

Hi All,

I need to change the Business Process Text. I have to change "Control Design Assessment" to Some thing. Is there any tcode which takes care of the business process?

 

Please help if you can.

 

Thanks.

Gourab

Search

Can Versa 4.1 and GRC 10.0 both coexist

September 5, 2014, 3:34 pm
$
0
0

Can GRC 10.0 and Versa 4.1 ( compliance calibrator and Firefighter ) pulgin on the same ECC system? Will there be any performance or compatibility issues ? Please share any SAP Notes or documentation if it can be used or not.

Access Request "Model User" - Role Type "Role" disabled in "Select Model Access" screen.

September 6, 2014, 10:26 pm
$
0
0

Hi All,


I am implementing GRC AC 10.0 - ARM  for provisioning in SAP R/3 and Enterprise Portal systems.

 

While using "Model User" access request, I find that UME portal groups are coming as disabled and are not available for selection in tab 'Select Model Access'.

 

Also only Type "Single Roles" appear for assignment or selection in the "Model User" form. Type "Role" appears disabled.

 

Request help, thanks.

 

Regards,

Piyush.

Blank entry in adhoc query

September 3, 2014, 9:53 am
$
0
0

Hi All,

 

Im have created a data source with table joins T001W and T134M.

Filed MANDT has been maintained when the join condition has been established at Data source level.

Adhoc query in business rule identifies the deficiency. But some filed in the result has blank entry.

Attached the screen shot for your reference.

Can you please let me know, how to fix the blank entry issue.

 

Thanks

Ashok S

HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST

September 7, 2014, 6:57 am
$
0
0

hi sap gurus,

 

i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:

 

SAP_GRAC_ACCESS_APPROVER

SAP_GRAC_ACCESS_REQUEST_ADMIN

SAP_GRC_FN_BASE

SAP_GRC_FN_NUSINESS_USER

and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"

 

but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.

the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.

 

can u please guide me how to configure APPROVER or MANAGER to approve or reject request.

 

I will be very much thankful if you guide me successfully.

GRC 10 - SSO via Portal -> how to redirect url in notification variables

September 8, 2014, 4:26 am
$
0
0

Dears,

 

I am in the process of designing our GRC 10 machine to be accessed via SSO in the Enterprise Portal. Yet I cannot find any info on what will happen with the URLs that are placed by ARM MSMP workflow in the variables of notifications/approvals.

 

I typically would (as in 5.3) expect a redirect URL to be made available as an option.

 

As an example: the Firefighter Log notification standard holds a variable pointing the URL to :

 

http://GRC10server:GRC10port/sap/bc/webdynpro/sap/grac_ui_spm_log_email?sap-client=001&sap-language=EN&WF_ID=53FB8FEAC9E260D6E10000000AF90C44&APP_TYPE=1

 

Yet now with SSO via the portal we also want this URL to go via the portal instead of directly to the GRC machine. How can we achieve that?

Is there a configuration way to have GRC10server:GRC10port adjusted to the portal address..

 

(mind that the WF_ID segment in this url is dynamically generated, so directly sqeezing in a static portal url is not an option)

 

Cheers,

 

Jim

No provisioning logs available

September 8, 2014, 8:54 am
$
0
0

Hi,

 

I am on GRC 10.0 SP14, and configuring GRC with CUA setup. However, have run into an issue

 

We have the CUA on Solution Manager, so all the ARM requests are going through CUA, if the user has access to Solman, I mean if the user has a role assigned for SOLMAN system or has SOLMAN added in the systems tab of SU01 everything works fine.

 

However, if the user does not have access to the SOLMAN system or does not have SOLMAN added in the system tab, GRC does not update the user and gives a message "No provisioning logs available"

 

It is forcing us to create the user in SOLMAN which is totally useless for us.

 

Need your help in addressing it.

 

Best Regards,

Silver

User default not getting assigned

August 21, 2014, 2:37 am
$
0
0

Hi,

 

I am on GRC 10 SP14.

The user defaults maintained under End User Personization are not getting assigned to the users.

 

Here is what I have done so far

a) maintained the request types by adding user defaults in the action list

b)maintained user defaults for connectors

c)copied the BRF+ User defaults application from 000 to the customizing client and maintained decision table for it.

The simulation gives the correct values

d) maintained AC mappings with the BRF+ user default function mapping

d)Implemented SAP note#2020712

 

However, the user defaults are still not getting assigned to the users.

 

Your help will be greatly appreciated.

 

Best regards,

Silver

Search

GRC Document Collaboration Topics

August 22, 2014, 8:40 pm
$
0
0

Hi All

 

If you are wondering what this document is all about then please refer to: Community Collaboration for GRC Blogs and Documents - you will find an overview of what this community collaboration is about and the rules on how you can contribute. You are still encouraged to write your own blogs and documents without participating in this process (it would be nice if you could update this document to let the community know you are working on something).

 

You are also welcome to be both the person who suggests the topic and the author. This can advertise you are working on the topic and hold yourself accountable to a deadline that the community is aware of.

 

 

Remember: Add a row below the 3rd row of the table to included your suggestion. Please do not change the first three heading rows as these rows indicate the title and a short summary of the content below. When including your name, please include your SCN profile as a hyperlink (easiest way to open your Profile in a new browser tab and copy the URL)

 

 

Step 1: Requester to CompleteStep 2: Author to completeStep 3: Option (collaborator to complete)Step 4: Author to PublishModerator and Coordinator Override
DateSuggestedSuggested ByDocument TypeIdeaAuthorDate DueAssistance?NameLink to itemModerator and reason for rejection
DD/MM/YYYYYour SCN  Profile URLblog or documentTitle or topic ideaYour SCN  Profile URLDD/MM/YYYY

do you want any assistance?

If yes, summarise (input, review, etc)

Your SCN profile URLSCN document or blog linkModerators or Coordinators to advise if topic is not appropriate.
27/08/2014Alessandro Banzer / Colleen LeeDocumentAnalysis of the SAP delivered rule-set - do you accept as it is? Do you build your own or do you do something in between?Approved
08/09/2014S ADocumentSecurity Tools/Transactions one should have in their arsenal as a GRC Consultant?

GRC AC 10 Access Request

September 20, 2012, 3:10 am
$
0
0

Hi

 

I am new for GRC AC 10, We have installed all GRC 10 in my system after installed

 

I have completed all Post installations (GRC 10 Post installation and AC 10 Post installation) and activated all required BC sets also..

 

Now I am using same system (whihc is GRC AC 10 software installed ) as connector..means that GRC System and connector both are same system..

 

I have checked SM59 and maintained connector and connection test was ok...

 

Now When I try to raise Access Request, try to add system but it shows error message like no values found..

 

Please suggest what is teh issue..

User Details Data Source

September 8, 2014, 10:15 am
$
0
0

Hello all,

 

I´m working to configure the user search data source and also user details data source from our GRC AC environment. Bellow my doubt:

 

Can I configure GRC AC to automatically fill the Manager field in the access request screen? Obviously the User Details Data Source must be configured. Is it possible using SU01? HR? LDAP? All of them? Some examples would be really appreciated.

 

 

Manager.png

 

In other words:

 

When an Access Request is made, I want all User Details filled automatically, including the Manager.

 

Regards,

SAP Legend

User Details Data Source

September 8, 2014, 10:33 am
$
0
0

Hi community,

 

I´m trying to configure the "User Detail Data Sources" to automatically fill the User Details tab from Access Requests. I´ve tried using SU01 and also HR. Both of them work for the "User Search Data Sources" but for User Details not. The tab remains in blank.

 

Actually I´m using the configuration bellow:

 

user details.png

 

Someone knows possible causes for this issue? Additional configuration should be done?

BUSINESS RULES GIVING REFRESH ERROR

September 8, 2014, 11:40 am
$
0
0

Hello Gurus,

 

 

We are facing one issue in GRC 10

 

 

When we are trying to execute Business Rules we are getting below error. Could you please help me to resolve
this issue?

 

Last query refresh failed due to internal errors; contact your admin

 

 

 


Last query refresh failed due to internal errors; contact your admin.


Message no. POWL019


Diagnosis


Most possible cause is an exception triggered by the respective business
object type feeder class.


System Response


The system returned the following error message:


>>> invalid RFC handle <<<


Procedure


Contact your admin, providing him the system error message and your user
ID.


Procedure for System Administration


Check transction ST22 for the returned system message with the respective
user ID.

 

Regards,

Gaurav

Viewing all 5097 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>