on 12-18-2010 7:52 PM
Currently we are having lot of roles with thousand of transactions which definitely creating a lot of SOD conflict. We are planning to implement GRC Access control.
I would like to know whether before we implement Access control, we should create new roles from scratch with only required transaction as this help us in performing risk analysis as less SOD conflict will exist. Or it will be better to first implement Access control and than upload the existing roles and perform risk analysis. Though I believe this will through a lot of conflicts and cleaning them would be a hectic task.
Please someone can suggest from his experience which is a better strategy. Also would like to know of any best practices you follow from security point of view before or during the Access control implementation.
Thanks,
Sanjay
Hi Sanjay,
Second approach is better.
Implement AC and then clean your roles. (that is one of the reason, you are implementing AC)
Regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Surpreet,
Thanks for the reply. Your answer seems logical to me, But i was concerned as currently some of the roles have thousand of transactions so performing risk analysis will be consuming a lot of resources. This might also cause RAR to hang up and might cause further performance issues.
Sanjay
Hi ,
GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.
Thanks & Regards
Umashankar Tekumudi
SAP GRC Consultant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi ,
GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.
Thanks & Regards
Umashankar Tekumudi
SAP GRC Consultant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.