on 05-25-2010 11:02 AM
Hi,
I have a possible scenario where there are 2 GRC systems (for company 1 & company 2) connected to two seperate ECC6.0 systems.
Both companies are now looking to split out the HR element of their ECC6.0 systems and share a common HR system.
I am wondering what is the recommended approach to take for the GRC systems? I was thinking of creating a link from each GRC system to the new HR system.
However I am not sure how to deal with SPM- as this seems to have a one to one connection with the SAP system, meaning that only one GRC instance will be able to report against SPM usage.
Does anybody have any suggestions?
Thanks,
Niamh
Niamh,
As long as you configure the connectors from the SPM Java side, you can report on multiple SPM backend instances from a single GRC Java System.
However, if you want to integrate SPM with RAR for the critical transactions / SOD analysis, I believe that you can only specify one RAR source.
If you split out the HR elements to a single shared system, you can also have both GRC systems connected to that HR system You would need to consider the rulset defined in each RAR instance and the users who report on it to ensure that you are getting the "correct" rules in the correct place.
I would recommend not reporting from both grc systems as it doubles the administrative overheads and adds further complexity to the implementation. I would pick one of the GRC systems and adjust the functions in that one to look at the new HR system for the relevant authorisation definitions.
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Simon,
I will need to keep the 2 GRC systems as they both use different rulesets and will continue to do so. One company uses CUP, so would need to be able to analyse SoD conflicts using their ruleset. The other company plan to implement CUP. As you can only analyse against the default ruleset in CUP, I wont be able to use CUP against 2 different rulesets.
The main area that I am wondering about is SPM. When looking at critical actions/SoD conflicts, it can only analyse those against one GRC ruleset. I was wondering if there was any workaround for this.
Thanks,
Niamh
Naimh
Unfortunately you can only specify one value in the SPM configuration for parameter "Connector ID for Risk Analysis". This means that you will only be able to identify one source system for RAR.
GRC can connect to multiple systems but there can only be one ruleset source per SPM instance.
Simon
Hi,
You can connect multiple systems with SPM. You can create additional connector for your HR system. We have connected 2 systems in SPM and all are working fine.
Thanks
Sunny
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.