cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP Default Ruleset for GRC RAR

Go to solution
former_member275658
Contributor

on ‎06-19-2012 6:51 PM

0 Kudos

Hi Gurus,

We are using GRC CC 5.2. Currently, there are lot of High Sod's coming in terms of single roles due to the modification of risk id's. Also, we are in Redesign project for our ECC roles due to SOD issues.

Could you please advise if we can start from a clean ruleset by importing the SAP Default ruleset and design our roles ? We are thinking, that would reduce the high violation compared to now.

(We don't any custom t-codes present in CC.)

Also, can we now use the default ruleset provided by SAP and import in CC ?

Regards,

Salman

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

neerajmanocha
Product and Topic Expert
Product and Topic Expert
‎06-20-2012 7:24 AM

Hi Salman,

Default standard ruleset provided by SAP is based on Best Practices.

"986996 - GRC Access Control- Best Practice for Rules and Risks"

You can import that into your system and review the rules and decide whether that suits to your business and manupulate (make rules enabled/disabled) as per your requirements.

Refer to the note added into this SAP Note 986996.

"

We provide a set of rules that we have found hit the majority of global
requirements for the basic processes: Finance, Procure to Pay, Order to
Cash, etc. Special rules have been provided for other specialty areas by
working with partners and customers for CRM, HR, and ECC, etc. The whole
purpose is to provide our customers a solid starter set rather than
building rules from scratch.  The delivered ruleset is meant to cover
the major risk areas present in the majority of customers.  Not every
SAP application is included in the delivered ruleset and at this point,
there are no plans to further develop additional industry specific
component or add-on product rules.

The time the company spends is to make sure the risks are appropriate
for their implementation of SAP and adding custom related transactions,
rather than starting from scratch.

"

Thanks & Regards

Neeraj

Show replies
Show replies
former_member275658
Contributor
‎06-20-2012 3:32 PM
0 Kudos

Could you please help with the path to download this sap ruleset in Marketplace place. We are using CC 5.2.

neerajmanocha
Product and Topic Expert
Product and Topic Expert
‎06-20-2012 3:47 PM
0 Kudos

Hi Salman,

You can follow the below path to download the latest rules files from sap service market place.

go to SAP SMP using https://websmp101.sap-ag.de/support ==> Software Download ==> Software Download Center ==> Support Pack and Patches ==> Browse our Download Catalog ==> SAP Solutions for Governance, Risk, and Compliance ==> SAP GRC ACCESS CONTROL ==> SAP GRC ACCESS CONTROL ==> SAP GRC Access Control 5.3 ==> Entry by Component ==> Java Component ==> SAP GRC ACCESS CONTROL 5.3 TXT

Download the latest support pack file and unzip this. You will have the rules zip file.

Note:-1.  this location is for CC 5.3 package as 5.2 package is out of maintenance and not available on SAP Service Market Place.  However, rules files are common for both the releases.

2. Your company should have the licence/access of GRC to access the above link.

Thanks & Regards

Neeraj

former_member275658
Contributor
‎06-20-2012 3:49 PM
0 Kudos

Thanks Neeraj for your help

Answers (1)

Answers (1)

koehntopp
Product and Topic Expert
Product and Topic Expert
‎06-20-2012 5:16 PM
0 Kudos

Hi Salman,

I suggest you start by figuring out what you want to report as a business risk, the use the SAP standard functions to build rules for those. Some of the standard risks you may agree with, others may or may not apply.

In any case, the default rule set (latest version) is always a good start, as we put a lot of effort into keeping it up to date and integrating feedback from customers.

This is not an excercise about building the perfect rule set, the aim is to find auhtorization risk that is relevant for YOUR company's risk appetite.

Frank.

Show replies
Show replies
Ask a Question