- SAP Community
- Products and Technology
- Additional Q&A
- SAP Access Control Project
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
SAP Access Control Project
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 01-15-2011 11:04 AM
Dear All,
I am preparing a proposal for SAP GRC Access Control.
At the moment, I am having some trouble with the cleansing part.
I want to know if role cleansing is a part of the project? If it is, then how one can estimate the time to do this activity?
I thought it would depend on the number of roles, number of users and the rulet set.
I am told by some that cleansing in not actually a part of the project. Maybe the effort analysis for cleansing can be assessed after roles and user's analysis.
Please help. Thanks in advance
Aj
Accepted Solutions (0)
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
I am new to SAP GRC AC, and would like to know about SAP GRC AC implementation proposal.
How do we prepare the proposal, scope for GRC AC, and procedure for effort estimation.
Do we have any standard guidelines or check list in preparing the same.
As you mentioned you are preparing proposal for GRC AC(By this time you could have prepared already) can you knidly share me the procedure you followed for your project.
I would like to know it for SAP GRC AC 5.3.
Regards,
Krishna R
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Aj, important to note that very first step to this project is to customize the out of the box rule set from RAR (we had over 1 million violations out of the box) when we customized the rule set to our company specifc needs/concerns, the # of sod violations dropped exponentially. During this process, we risk rated all tcodes used in the last 2 years to low, medium and high, and then concentrated only on high risk violations. IE: some tcodes may not be in use at your company or in scope. Then you could consider if there are any mitigating controls tied to sod risk violations that would help minimize the risk so that you could focus first on roles tied to risk violations where you don't have any manual mitigatation. This largely depends on how big the organization is and how many roles/users are on the system. Hope that helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
If you are refering to Project as 'Implementation of GRC AC 5.3'....... then cleaning roles is not part of it...
GRC AC 5.3 help organizations clean their roles.
regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Deployment of Seamless M4T v2 models on SAP AI Core in Technology Blogs by SAP
- Extract blob data (PDF) from CAPM using python library of Document information extraction service. in Technology Blogs by Members
- Advanced Returns Management for Supplier Returns in Spend Management Blogs by SAP
- Ticket Configuration in SAP C4C in CRM and CX Blogs by Members
- 5 Easy apps that can be created right away using Joule AI Assistant in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.