Overview of SAP GRC.
The goal of GRC is to help a company efficiently put policies and controls in place to address all its compliance obligations while at the same time gathering information that helps proactively run the business. Done properly, GRC creates a central nervous system that helps you manage your business more effectively. You also derive a competitive advantage from understanding risks and choosing opportunities wisely. In other words, GRC helps you make sure that you do things the right way: It keeps track of what you are doing and raises an alert when things start to go off track or when risks appear.
1. SAP GRC 10.0 Access control
SAP GRC access control focuses on what users can do. Access Control SAP is one of the products used to structure Security and Identity Management. It is an add-on for NetWeaver, which enables organizations to manage their governance rules and to verify that the conform is applied to the organization’s policy. SAP Access Control works together with SAP and non-SAP applications such as SAP Finance, SAP Sales & Distribution and Oracle
Access Control 10.0: Introduction
Access Control 10.0: Landscape
Segregation of duties
SOD Risk Management Process Overview
Risk Remediation Overview
The GRC Architecture
GRC 10.0 PostInstallation
2. ARA (Access Risk Analysis) 10.0 PostIng
ARA allows for the implementing of policies regarding the segregation of duties so that people don’t have conflicting activities or rights. There is an easy way to see how violations are caused, so that they can be adjusted. This analysis allows for the monitoring on the infringement on policies.
Configuring and Maintaining the Rule Set
Analyze and Manage Risk
Maintain a Critical Access Rule
Role Level Simulation
User Level Simulation
Perform Ad Hoc Risk Analysis
3. EAM (Emergency Access Management)
EAM can be used to determine how access can be granted in case of an emergency. Users can personally submit an application to request access. Business process owners can monitor these applications and provide possible access. Periodic checks may be performed to see whether these applications are in line with company policies.
Emergency Access Management Configuration
Maintain Owners and Controllers in Central Owner Maintenance
Assign Owners to Firefighter IDs
Assign Controllers to Firefighter IDs
Assign Firefighter Users to Firefighter IDs
Maintain Reason Codes
Monitoring Emergency Access
Review a Log Report
4. ARM (Access Request Management)
SAP Solutions for Governance, Risk, and Compliance comprise GRC Access Control, an application that handles sustainable prevention of segration-of-duties violations. This paper outlines a proven approach to successfully manage an implementation of risk analysis and remediation.
Business Rules Framework
Maintaining MSMP Workflow
Settings Specific to Provisioning and Managing Users
End User Personalization Forms
Create an Access Request
5. BRM (Business Role Management)
In SAP landscapes authorizations of users are managed with the use of roles. Using BRM role managers and owners of roles can maintain and analyse whether the roles meet the organization’s policy.
Configuring Role Management
RolesSpecific Configuration Options
Configuring Role Methodology
Settings for Condition Groups
Maintain Owners for Role Management
Create a Single Role
Mass Managing Roles
6. Migration from GRC 5.3 to GRC 10.0
Explanation Of Migration