on 01-18-2011 10:24 AM
Hello All,
One of our client using Approva applications now they are planning to move to SAP GRC Access Controls 5.3, so kindly help me or guide he how I proceed.
Key doubts u2013
1-How we upload rules in RAR, because we downloaded the rules from Approva.
2-Creation of mitigation controls etc.
It would be great if some share some documents related to above.
Thanks,
Jagat
Hi,
the GRC AC 5.3 Configuration Guide has descriptions for rule set import templates. You can also import the mitigating controls.
The main challenge will be to translate the rule set into the corresponding SAP terminology:
- Risks (description, control target, owner, level, type, functions)
- Functions (system specific tcodes & auth objects)
This should be done by someone who knows a bit about GRC to make sure it creates the same level of analysis, and ideally the same results.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jagat,
Once your GRC system is configured. You have to follow the following steps:
1. Create system connector
2. Define Master User Source
3. Upload text & authorization objects. (Follow the AC53 Configuration guide to download these files from backend)
4. Now as Frank has suggested you have to convert the downloaded Apporava files to .txt files. There are 9 .txt files you have to create:
1. Business Process
BusinessProcessId (CHAR 4) LANGUAGE (CHAR 2) DESCRIPTION LANGUAGE (CHAR 120)
*fileds are TAB seperated
2. Function
FUNCTION ID (CHAR 😎 LANGUAGE (CHAR 2) DESCRIPTION LANGUAGE (CHAR 120) FUNCTION SCOPE (CHAR 1 (S:Single System, C: Cross System))
3. Function-Business Process
FUNCTION ID (CHAR 😎 BusinessProcessId (CHAR 4)
4. Function-Action
FUNCTION ID (CHAR 😎 TRANSACTION(CHAR 20) STATUS (NUMC 1 (0 or 1))
5. Function-Permission
FUNCTION ID (CHAR 😎 T-CODE (CHAR 20) OBJECT(CHAR 10) FIELD(CHAR 10) FROM VALUE(CHAR 40) TO VALUE(CHAR 40) SEARCH TYPE(CHAR3 (AND,OR,NOT)) STATUS (NUMC 1 (0 or 1))
6. Rule Set
RuleSetId (CHAR 😎 LANGUAGE (CHAR 2) DESCRIPTION (CHAR 132)
7. Risk ID
RISKID (CHAR 4) FUNCTION_1_ID (CHAR 😎 FUNCTION_2_ID (CHAR 😎 FUNCTION_3_ID (CHAR 😎 FUNCTION_4_ID (CHAR 😎 FUNCTION_5_ID (CHAR 😎 BusinessProcessId (CHAR 4) PRIORITYDESCRIPTION (NUMC 1 (0=Medium
1=High 2=Low 3=Critical)) STATUS (NUMC 1 (0 or 1)) RISKTYPE (CHAR 1 (1=SoD 2=Critical Action 3=Critical Permission))
8. Risk Description
RISKID (CHAR 4) LANGUAGE (CHAR 2) RISKDESCRIPTION (CHAR 132) DETAILDESCRIPTION (CHAR 1000) CONTROLOBJECTIVE (CHAR 1000)
9. RISK_RULESET
RISKID (CHAR 4) RuleSetId (CHAR 😎
For more information on templates follow the configuration guide.
Upload these files and generate the rules.
Hope with this you will be able to continue.
Thanks & Regards,
Jitan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.