cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Rule Set for BI and GTS

Go to solution
Former Member

on ‎07-26-2013 6:21 PM

0 Kudos

HI Gurus,

One of the client requirment.....

We are implementing all the modules of GRC AC 10.0....

There is no Rule Set provided for BI and GTS.... so is it possible to create custom risks, functions for these?

Will the GRC box recognise the actions present in the BI and GTS?

Are there any list of SOD, critical Actions risks defined for these systems?

So please suggest

Thanks,

Sriram

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
‎07-29-2013 2:56 AM
0 Kudos

HI Sriram

The is a BW ruleset that might meet some requirements. For BI, do you mean the SAP BI ABAP stack or are you referring more to Business Objects functionality?

If you are referring to the authorisations to do with S_RS* (e.g. S_RS_COMP) you can define your own rule set. Be mindful that a lot of SAP BW/BI is not transaction driven and you may need to define the permission only functions.

Show replies
Show replies
Former Member
‎09-19-2013 5:15 AM
0 Kudos

HI Collene,

Please consider below scenario

Finance User related to 100 Company code oshould not view the reports related to 200 Company code.

So for the above scenario...As per my understanding, we are doing all SoD checks and authorization in ECC.. so there will be no risks in BI

If not..can we define custom risk for BI in GRC?

if so, will GRC recognize the All the auth. object related to BI

Thanks,

Sriram

As per my understanding the

Colleen
Advisor
Advisor
‎09-20-2013 12:56 AM
0 Kudos

Hi Sriram

Your challenge with BI is Analysis Authorisations for the restricted characteristics as 0COMP_CODE would be one of those values. The AA is then entered in the S_RS_AUTH authorisation for BIAUTH field. Therefore, it would be difficult to configure conflicting risk/actions for these values

I haven't attempted to build SoD rules for BW data but I'd try and think outside the box ...

If you have CUP in place you might want to capture the multiple company code requests via your configuration (e.g. user can only request roles for area they belong to or put some BRFplus logic in place to validate a request)

Alternatively, you could look at building a dummy auth object that you add the BW/BI PFCG role and put value in it. However, for this one it might be hard to build functions/risk to capture all company code values (or sales org, purchasing orgs/etc). It would also rely on security role build to include this in the role.

Possibly you achieve checking BI SoD via a custom report. If you have the roles in BRM and assigned to a company you could look at seeing which users have BI roles that belong to different companies. This could flag those situations

sorry... just random ideas. I get the impression SoD was originally designed around conflicting actions in the system (more so to do with Modifications) as opposed to chinese wall style separation of data. How your security teams designs and build BW/BI security will be the big decider in how you can go about capturing this risk.

Good luck and share your solution with the community as a few people are starting to have this requirement!

Regards

Colleen

Answers (0)

Ask a Question