- SAP Community
- Products and Technology
- Additional Q&A
- GRC Admin Passwords
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC Admin Passwords
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 12-28-2011 10:13 PM
I have a team of two GRC Administrators and am strugling with how to get them admin access to the JAVA side in our production environment without causing audit risk. Right now, I don't allow our GRC Admin team to have configuration change access in the GRC JAVA environment. When they run into an issue that requires a config change, they are required to open a ticket and request the GRC Admin account (ex. CC_ADMIN, AE_ADMIN) from me. After they are finished, I change the password again. The problem is that I don't work the same hours as both admins, so we have run into issues where a GRC Admin can't resolve an issue because they can't reach me for the admin account password. How are other companies managing Administrator (config change) access on the JAVA side of GRC production? Are you allowing your admin team to have access to the passwords on the default GRC JAVA accounts (CC_ADMIN, AE_ADMIN, PC30_ADMIN), are you adding administrative portal roles directly to their grc accounts in production, that provide admin access, or are you maintaining some type of check out / check in system?
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Michael,
This really depends on your audit requirements. Configuration changes are supposed to be logged, so an option could be grant them access but perform a basis control of the changes performed. If this option is nos suitable you can create customized roles!! you can grant permission to specific things. Check security guide under section 6.2Customizing the Front End Roles. You have a lot of different actions that you can allow or restrict.
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Global filter definition for Country Compliance WTPA forms in Human Capital Management Blogs by SAP
- SAP PaPM Cloud Universal Model: Deploy your environment via Manage Containers in Financial Management Blogs by SAP
- The 1H 2024 Release of SAP SuccessFactors Learning – Release Highlights in Human Capital Management Blogs by Members
- User password forgotten/reset in Enterprise Resource Planning Q&A
- 401 authorization error while calling the CPI service from POSTMAN and SOAP UI in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.