on 03-18-2014 2:58 AM
I am working on making a baseline document for SEM-BCS and needs sensitive access risk data (including transaction and authorization values). It's similar to GRC ruleset. The client have inconsistent processes and they have not defined any risks for BCS and want us to define related risk exposure and near term remediation plan for it. Will highly appreciate if you some one can share any document related to it which we can leverage here. Many thanks in advance.
-Kapil
Hi Kapil,
Are you referring to the R_xxxxx authorization objects. Creating rules isn't that difficult in that case as they will be based on activities (01 create, 02 change, 02 display etc.). Set them up as critical permissions. I would ignore the transactions and focus on the authorization objects and values.
Good luck
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI T. de Jong,
I am working on making a baseline document which involves all R_XXX auth objects and all included in BCS. I appreciate your help but I don't think it will help me in formulating the sensitive risk data. Client has a security model defined but they don't have risk data which we need to define for them.
Thanks,
Kapil
User | Count |
---|---|
101 | |
13 | |
13 | |
11 | |
11 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.