hi

As per SOX act, all companies should have very strong internal controls in place in all aspects. SOD (Segregation of Duties) is will play the key role in order to implement SOX Act.

there are 4 SOD tools in the market (Mostly used tools).

1. Virsa

2. Approva 's Bizrights

3. Oversight systems

4. Big 4

almost all these tools will work based on the rules. few predefined rules will come along with tools, we have to customize/ create our own rules in order to find conflicting roles and critical transactions in the organization and we can track how these critical transactions are being executed in the SAP system.

in organization, some times we have to give conflicting authorization knowingly. firefighter is a tool in virsa which tracks those roles, then we have to mitigate them. Ovar all its used to reduce the risk of any fraud in the company.

Let me know if you want more details.

Thanks,

Praveen S.

Approva Certified Consultant.

Hi,

This is info page about Access control products

Access Control Products

SAP Governance, Risk, and Compliance (GRC) Access Control Products

This page provides an architectural overview and description for all SAP GRC Access Control products.

Product Architecture in Versions 5.1 and above

All SAP GRC Access Control products use the same architecture to provide you with a user interface that allows you to manipulate data on your SAP ERP server. Each Access Control product requires the following two components:

A common ABAP-based component that resides on your SAP ERP server. This component is called a “Real-Time Agent,” or RTA. The RTA accesses data from your SAP system and communicates with the front-end Java component, to allow you to see and make changes to that data.

A Java-based component that resides on your web application server. This component provides the user interface you use to make changes in your SAP database. The Java component sends data queries and revised data to the ABAP component, which connects directly to the SAP database.

While each Java-based component provides a unique user interface for each Access Control product, the ABAP-based RTA component is not unique for each Access Control product. So, though you need to install the appropriate Java component for each Access Control product you use, you can connect each of those components to a single RTA installation on your ERP server.

Product architecture in earlier Access Control products varies, depending on the version. See the installation SAP Notes and product documentation specific to those versions for more information.

Product Descriptions

Virsa Compliance Calibrator provides real-time compliance monitoring and controls, integrated within your SAP deployment. Compliance Calibrator uses its built-in analysis engine to identify risks associated with Segregation of Duty (SoD), critical actions, and critical permissions. Once identified, you use Compliance Calibrator controls to mitigate or eliminate compliance risks.

Virsa Access Enforcer provides tools for assigning, enforcing, and logging (cross-system) network resource access permissions, based on job-related database objects, such as users, groups, roles, and profiles. You can also create and use workflows that model your business approval process for access requests. If you use Compliance Calibrator, you can configure Access Enforcer to provide risk analysis and mitigation controls, to identify and resolve access control risks and violations in your workflows.

Virsa Role Expert provides tools to create, manage, and define access permissions, either individual access controls, or groups of access controls – based on job functions (roles). Creating role-based access controls enables you to assign a group of access permissions to user(s) who perform a specific job function, eliminating the need to manually reassign these permissions following a change of the user(s) who perform that job function. If you use Compliance Calibrator, you can configure Role Expert to use the Compliance Calibrator risk analysis engine when creating roles and assigning mitigation controls. If you use Access Enforcer, you can configure Role Expert to require approval for new and changed roles using Access Enforcer workflows.

Virsa Firefighter provides flexible controls that allow you to assign special permissions for emergency access to network resources that would otherwise be restricted from the user or users performing the emergency tasks. In addition to network emergencies, you can use Firefighter to provide temporary and/or time and date-restricted access permissions, for tasks that require those permissions only during certain times, such as auditing services. Firefighter allows you to designate these permissions and who must approve the assignment of these permissions. Once the access has been approved, Firefighter provides an audit trail log of every action performed using these enhanced access privileges. If you use Compliance Calibrator, you can configure Firefighter to use the risk analysis engine to identify and resolve Firefighter risks and violations.

Cheers

Soma

Hello ppl,

I have a doubt regarding Virsa Role Expert. The role creation process involves assigning profiles to the new role being created. Which should mean that i will have to create profiles in the backend system before assigning them to roles. If it is so, is it not negating the SAP recommendation of automatic profile generation?

Is there an opiton of assigning transaction codes to roles?. If so how will the authorization data be maintained in Role Expert?

Replies awaited..

Sachin