on 02-03-2012 3:36 PM
Dear All,
We are considering to implement GRC AC 10/5.3 suite to one of our client's ERP system ..
My question is simple and is on the capability of Compliant User Provisioning or Access Enforcer
While requesting for new access or for an additional role in CUP/AE, a user will have to select his/her business process (ex: procure to pay) and sub-process (ex:process invoices) and then search for the roles which belong to this category
Is there any way in which a user can upload a list of roles directly instead of manually searching for them. I know there is an "Attachment" button in CUP/AE but I' am not sure on what this is for
Thanks in advance for your help & guidance ..
Uploading is not possible, but I'm also pretty sure this would require a lot more effort than selecting in CUP/AE ( btw: both names are analogous, old/new name for the same product).
You can also configure role mapping, as mentiones, where a user would select/enter a "virtual" role name and others would be added as defined in the mapping. Or you define defiault roles, i.e. once you ennter bus proc/sub proc roles get added automatically.
There are many many ways to do this, and I'm sure each one of them has advantages over not using CUP (approval workflow, audit trail, documentation, integrated risk analysis, mitigation assignment etc.)
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Unfortunately, There's no way to do it in GRC 5.3. It's sometimes boring to select the roles one by one, and I understand your point.
It's possible to copy a request, and this is good if you want to avoid filling the request form. But this is possible in the "admin view of AE" under http://server:<port>/AE/index_apr.jsp
The attach button is just to attach a document to the request.
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for the info Diego ..the role design has been done in such a way that we have separate roles for proving tcode and organizational unit access. Due to this reason, I feel there is no use in going for CUP
One more thing, is there a way in which we can do "What-If" analysis on roles which get requested by users. There is the option to simulate in RAR but can this be used for user provisioning. What I mean to say is, can RAR be accessed by end users who have no idea about SAP and then by the IT Teams which have very limited exposure to SAP Security/GRC
Best Regards.
Shashi Gowda
Hello Shashi,
Yes, simulation in RAR is possible and is one of the most important things... You can simulate assign a user an action, role or profile. The same to simulation against role changes. The problem is that you should have certain knodelge about the roles, and end users normally don't know this technical details.
Regarding you scenario, maybe the role mapping functionality might be helpful...
Cheers,
Diego.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.