02-05-2009 9:40 AM
Hi all,
I want to find the critical roles,critical transactions ,critical profiles in GRC.
Could you please give me any sample examples in a real time scenario for each case.
Thanks,
Joseph.
02-05-2009 11:24 AM
Hello Joseph,
1. I want to find the critical roles,critical transactions ,critical profiles in GRC.
A) You can find the critical roles and profiles in the Rule architect TAB under "Critical Roles" & "Critical Profiles"
B) For Critical Transactions you can search the "Risks" in the Rule architect TAB by having Risk type as "Critical Action", and then for each of Critical Action Risks you can drill down to find the transactions contained in them.
2. Could you please give me any sample examples in a real time scenario for each case.
For this you can refer to the above post from Yudit which explains it nicely. Also, you can discuss this with functional people for each module.
Regards,
Hersh.
http://www.linkedin.com/in/hersh13
Edited by: HERSH GUPTA on Feb 5, 2009 4:54 PM
02-05-2009 10:12 AM
Hi Joseph,
Critical Profile could be SAP_ALL , SAP_NEW and etc...
Critical Action in finance could be :
Allow Posting to Previous Period(MMRV)
Delete Documents(OBR1)
Close Periods(MMPV)
Change Bank(FI02)
you could check the basic content that comes with the system for the critical action rules
BR
Yudit
02-05-2009 11:24 AM
Hello Joseph,
1. I want to find the critical roles,critical transactions ,critical profiles in GRC.
A) You can find the critical roles and profiles in the Rule architect TAB under "Critical Roles" & "Critical Profiles"
B) For Critical Transactions you can search the "Risks" in the Rule architect TAB by having Risk type as "Critical Action", and then for each of Critical Action Risks you can drill down to find the transactions contained in them.
2. Could you please give me any sample examples in a real time scenario for each case.
For this you can refer to the above post from Yudit which explains it nicely. Also, you can discuss this with functional people for each module.
Regards,
Hersh.
http://www.linkedin.com/in/hersh13
Edited by: HERSH GUPTA on Feb 5, 2009 4:54 PM
02-05-2009 5:53 PM
Hi Joseph
Here is the details of critical profiles available on SAP and below is the text I copied from a note.
BEST PRACTICE RECOMMENDATION: Add "SAP_ALL" type security roles and the
SAP profiles, see list below for profiles, to the Critical Roles and
Critical Profiles table. Then in Configuration > Additional Options >
Ingnore Critical Roles & Profiles change this to setting to YES. This will
prevent long runtimes on roles or profiles that violate every rule. Please
plan to eventually remove these roles and profiles from production access.
SAP_ALL All Authorizations For The SAP System
SAP_NEW All Authorizations For Newly Created Objects
S_A.ADMIN Basis Operator
S_A.CUSTOMIZ All Customizing Access - Complete IMG Access
S_A.DEVELOP Developer Profile - Unrestricted Development Access
S_A.SYSTEM System Administrator (Superuser) Access
S_A.USER All Application Authorizations
You have to talk with your security/basis/functional to find about critical roles.
02-06-2009 3:02 PM
Hello Sahad,
can you please provide the number of the note which contains the best practice you posted?
I am very much interested in the full text of the note.
Thank you.
Best regards,
Jürgen Holtz
02-06-2009 3:27 PM
HI Jürgen,
Note 1034117 - Management Reports run too long, not updating, or
inaccurate