on 12-05-2014 3:34 PM
Hello Experts,
I have the below scenario;
1) System "A" - ECC 6 with GRC 10.X
2) System "B" ECC 6
Can we make 2 separate policies in System "A" as GRC Policy "GRC-A" and GRC-B". Now used the Policy GRC-A with System A and connect GRC-B Policy with System B?
Is this possible?
Thanks,
Farooq
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
HI Colleen, Sure I can explain.
I have main system ECC 6 EHP 7 with all core modules including GRC 10.X, In this system I have 3 Rules ;
AC - Rule1 - This is serving the Main system
AC - Rule2 - This is serving another ECC 6 instance for Europe
AC - Rule3 - This is serving another ECC 6 instance for NA
Based on my understanding you already acknowledged this is possible? Just wanna double check.
Thanks,
Farooq
Hi Farooq
I thought that's what you meant. But I also took your diagram to mean a "shared common set of rules" and own systems.
At the end of the day you need 3 logical systems to cover your 3 scenarios in the integration framework.
Within the rule set definition it's the function data that references system. So you would need to maintain the functions to action/permission mapping for each of your 3 scenarios.
For example
North America
FUNC_A is for connector ECC_NA with Action ABC
FUNC_B is for connector ECC_NA with Action CDE
RISK A is then FUNC_A and FUNC_B
Rule generated would be ABC with CDE
Europe
FUNC_C is for connector ECC_EU with Action DEF
FUNC_D is for connector ECC_EU with Action GHI
RISK B is then FUNC_C and FUNC_D as a combination
Rule generated would be combination of DEF and GHI
Global
FUNC_E is for connector ECC_GBL with Action JKL
FUNC_F is for connector ECC_GBL with Action MNO
RISK B is then FUNC_E and FUNC_F as a combination
Rule generated would be combination of JKL and MNO
You can then build your 3 rule sets and map the appropriate risks to them
RULESET_NA - RISK_A
RULESET_EU - RISK_B
RULESET_GLB - RISK_C
Also, you could have a 4th scenario for 'GLOBAL' that applies to all of them. This could cover system admin access so you only need to map the functions to actions onece. Within the integration framework you would then assign your 3 ECC system to the GLOBAL system. In this situation, each connector would be mapped to 2 logical systems. I must admit, I have not tried this but visualise it occurring this way to prevent duplication.
If you didn't do the 4th logical system for shared you would then have to map each system to action for the same function. For example, SU01 would then be
FUNC_SU01 is for connector ECC_NA with Action SU01
FUNC_SU01 is for connector ECC_EU with Action SU01
FUNC_SU01 is for connector ECC_GBL with Action SU01
Let me know if this makes sense. I recommend you prototype with a small rule set and play around with the mappings to come up with your solution. It sounds like your system landscape is more complex than most due to regional systems.
Regards
Colleen
Hi Farooq,
what do you mean by policy? If you are talking about the rule set used in Acess Risk Analysis you can specify several rule sets dedicated to systems.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Alessandro,
Thank you for your response. Yes I am talking different rule sets used in AC. So I would assume that we can have multiple rule sets within one ECC that has a GRC 10.X?
What about multiple ECC environments question that I asked earlier? can we cater multiple ECC systems with different rule sets?
Thanks
Farooq
HI Farooq
AS you mentioned policy I thought you were asking about PC or RM
yes you can have multiple ECCS. Map them to a different logical system. In complex landscapes, a company might have dedicated systems for process areas, regions and/or companies.
for example you might have an ecc system for HR/Py and one for finance. your risks would be different for each system.
regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.