cancel
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10/5.3 - Question on Compliant User Provisioning OR Access Enforcer

Former Member
0 Kudos

Dear All,

We are considering to implement GRC AC 10/5.3 suite to one of our client's ERP system ..

My question is simple and is on the capability of Compliant User Provisioning or Access Enforcer

While requesting for new access or for an additional role in CUP/AE, a user will have to select his/her business process (ex: procure to pay) and sub-process (ex:process invoices) and then search for the roles which belong to this category

Is there any way in which a user can upload a list of roles directly instead of manually searching for them. I know there is an "Attachment" button in CUP/AE but I' am not sure on what this is for

Thanks in advance for your help & guidance ..

Accepted Solutions (0)

Answers (2)

Answers (2)

koehntopp
Product and Topic Expert
Product and Topic Expert
0 Kudos

Uploading is not possible, but I'm also pretty sure this would require a lot more effort than selecting in CUP/AE ( btw: both names are analogous, old/new name for the same product).

You can also configure role mapping, as mentiones, where a user would select/enter a "virtual" role name and others would be added as defined in the mapping. Or you define defiault roles, i.e. once you ennter bus proc/sub proc roles get added automatically.

There are many many ways to do this, and I'm sure each one of them has advantages over not using CUP (approval workflow, audit trail, documentation, integrated risk analysis, mitigation assignment etc.)

Frank.

Former Member
0 Kudos

Hello,

Unfortunately, There's no way to do it in GRC 5.3. It's sometimes boring to select the roles one by one, and I understand your point.

It's possible to copy a request, and this is good if you want to avoid filling the request form. But this is possible in the "admin view of AE" under http://server:<port>/AE/index_apr.jsp

The attach button is just to attach a document to the request.

Cheers,

Diego.

Former Member
0 Kudos

Thank you for the info Diego ..the role design has been done in such a way that we have separate roles for proving tcode and organizational unit access. Due to this reason, I feel there is no use in going for CUP

One more thing, is there a way in which we can do "What-If" analysis on roles which get requested by users. There is the option to simulate in RAR but can this be used for user provisioning. What I mean to say is, can RAR be accessed by end users who have no idea about SAP and then by the IT Teams which have very limited exposure to SAP Security/GRC

Best Regards.

Shashi Gowda

Former Member
0 Kudos

Hello Shashi,

Yes, simulation in RAR is possible and is one of the most important things... You can simulate assign a user an action, role or profile. The same to simulation against role changes. The problem is that you should have certain knodelge about the roles, and end users normally don't know this technical details.

Regarding you scenario, maybe the role mapping functionality might be helpful...

Cheers,

Diego.