- SAP Community
- Products and Technology
- Additional Q&A
- SAP GRC ERM set up
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SAP GRC ERM set up
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 06-28-2010 10:21 AM
Hi everyone,
We have two tier architecture
with XXD as GRC development/test server
and XXP as GRC Production server
XXD is connected to our ECC Dev and Test system
XXD is connected with ECC prodcution system
we are currently implementing ERM and I have grouped
ECC dev+ECC Test to be under ECC landscape but when I had to assign actions
I have chosen ECC Dev for role generation and ECC Test for Risk analysis
So what would I have on XXP server?( as I will only have ECC prodction system there)
how does the ERM work with our setup ? will approver be approving roles on test system ?
should the whole set up be on one server ( meaning DEV.TEST and Prodcution system?)
can anyone share their experience ?
Regards
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Olivier,
I usually treat CUP and ERM the same way.
Production CUP should be used to provision users to: SAP DEV, QA, PROD instances. CUP on this server has all the correct workflows, approvers, runs the UAR, everything production related. Provisioning a user to a SAP dev system is still a "production request" even though it may only have one approver workflow.
Development CUP should be used for all your workflow testing before changes are implemented to making workflow changes in the Production CUP. I only connect the Development CUP to development and qa SAP instances. NEVER connect "Development CUP" to a production SAP instance.
Production ERM should be the central role management application for your roles. This is where you generate your roles to SAP DEV and run your risk analysis to SAP DEV, QA and PROD. NEVER generate your roles on SAP PROD. Instead, generate your roles on SAP DEV and transport them to QA and PROD.
Development ERM should be used to test mass role imports, workflow changes and any other new configuration stuff. NEVER generate roles from Development ERM to SAP (except under careful testing!). In fact, it is best if you connect the Development ERM to a sandbox SAP instance. Otherwise you might generate a non-current old role from Development ERM to SAP. You can connect Development ERM to SAP DEV, QA and PROD, but only for risk analysis purposes.
Plus, your dev GRC servers can be used for SP testing...
-Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Event report | Global SAP Financials Forum 2024, April 22-24 (WENFIT) in Financial Management Blogs by SAP
- Mileage Rate- UK in Spend Management Q&A
- ABAP RAP - Service Binding is not getting refreshed automatically after change in CDS Entities in Technology Q&A
- Sac Dimension Comment in Technology Q&A
- Peppol Integration Scenario Generates Inconsistencies in Enterprise Resource Planning Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.