- SAP Community
- Products and Technology
- Additional Q&A
- GRC RAR 5.3 - Best approach for implementation
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC RAR 5.3 - Best approach for implementation
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 09-28-2010 7:00 AM
Dear Experts ,
I would like to understand what is the best approach for implementing RAR ,specially in a case where more than 15000 roles already exist in SAP system .
From my point of view we should start with role clean up activity after mapping to respective business process .And then while deleting or modifing any role we should use RAR for risk analysis .
It woukld be really great ,if you can share your views on the same topic .
Thanks & Regards
Asheesh
Accepted Solutions (0)
Answers (2)
Answers (2)
koehntopp
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
15000 roles seems like a lot. So, first of all, I would start by questioning the authorization concept. Is your company so big and diverse that this many roles are required, or is this just what it has grown to over the last xx ears?
Then I suggest identifying roles or transactions in roles that have not even been used for a year or more, and weed them out. If you don't do that you'll spent months resolving conflicts that originate in transactions that nobody needs to use anyway.
Then start by defining/activating your most critical risks and try to deal with them (take away access or mitigate). This will help you identify a mitigation or remediation process that actually works.
In an authorization workflow, your goal needs to be to make mitigating risks the exception. If it's the rule it becomes an excercise that nobody takes serious, and you might just as well not do it at all.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Thank you Sahad and Frank ,
Dont you think it would be nice to collect first Business Process master list and then map existing (standard/single roles) to respective Process .
After then we can collect Expired role , Duplicate role ,Unassigned roles and redundant t codes and with approval from respective Business owner we can deleter them.
For rest of the roles we can use RAR for risk analysis and can then follwo normal process of Risk mitigation etc .
Your views are most welcome .
Thanks & Regards
Asheesh
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Ashish
Below are the best practice
1) Identify the risks in the business process
2) upload the identified risks/rules in RAR
3) Clean all single roles so that each single role should not have any risk/violation according to RAR reports
4) later you can go for user remediation
All cleaning activity should be based on RAR reports.
Thank you
Sahad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Release annoucement of our improved SAP Service Cloud learning journey in CRM and CX Blogs by SAP
- Understand Upgrading and Patching Processes of SAP S/4HANA Cloud Public Edition in Enterprise Resource Planning Blogs by SAP
- Tracking HANA Machine Learning experiments with MLflow: A conceptual guide for MLOps in Technology Blogs by SAP
- SAP Cloud ALM: Requirements Management on Steroids in Technology Blogs by SAP
- How to pass multiple messages from ABAP (Exit/BADI) to the UserInterfaces in S/4HANA-Assetmanagement in Technology Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.