- SAP Community
- Products and Technology
- Additional Q&A
- Add/Deleting T-Codes from Global Roles while GRC v...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Add/Deleting T-Codes from Global Roles while GRC v5.2 is implemented
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 11-06-2009 1:52 PM
I would like to find out how are companies which have set up Global Roles and then decided to add/delete t-codes from these Roles after GRC is already implemented deal with the SoD issue. T-codes are constantly being added because the organizational structure differs from country to country; in addition to statutory regulations. Therefore, our SoD analysis become obsolete each time adjustments are made to Global Role. The derived roles, localized for country, takes on the exact t-codes in the Global Roles.
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Sanders,
Once GRC is implemented, an SoD analysis will be run for all the Global roles. Based on the conflicts, mitigation or role-redesign exercise will be taken up as an one time activity for clean up of the SoD Conflicts.
Once this is complete whenever a new t-code is added or existing t-codes are deleted - use simulation for the risks and identify the mitigation or provide no access to the role
Hence in your case the SoD conflicts should not be an obsolete as Risk is always a risk even at various company levels.
If you want to avoid SoD conflicts for the various org levels you can develop the Org level risks to avoid false positives between the organizations.
I have a question for you If the risk is applicable for the Global role why can't it be applicable to the Derived roles?
Please let me know if you need any further information or clarifications
Thanks and Best regards,
Srihari.K
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello.,
Thanks for your reply. You are right that the change in Global Roles automatically affects the Derived Roles. One of the solutions that I was exploring was to use a Request-Based strategy i.e. instead of making changes to Global Roles, suggest creating new roles specifically to address the unqiue situation in that location. This way, the change will not the other countries that are already in full implementation and did not require those additional t-codes.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- For SAP Data Archiving, if I want to implement SAP ILM with SAP IQ, do I still need Archive Server? in Technology Q&A
- Explore the Enhanced New Hire Experience in SAP SuccessFactors Onboarding in Human Capital Management Blogs by SAP
- FAQ for C4C Certificate Renewal in Technology Blogs by SAP
- Why Financial Health Reviews are Crucial in Supplier Evaluation in Spend Management Blogs by SAP
- Working with SAFe Epics in the SAP Activate Discover phase in CRM and CX Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.