cancel
Showing results for 
Search instead for 
Did you mean: 

GRC 10 work can cater multiple ECCs?

Former Member
0 Kudos

Hello Experts,

I have the below scenario;

1) System "A" - ECC 6 with GRC 10.X

2) System "B" ECC 6

Can we make 2  separate policies in System "A" as GRC Policy "GRC-A" and GRC-B". Now used the Policy GRC-A with System A and connect GRC-B Policy with System B?

Is this possible?

Thanks,

Farooq

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Thank you Colleen, I think I know the answer based on your feedback but I just wanted to confirm base on the below diagram, Is the below requirement in the picture achievable?

Thanks in advance.

Farooq

Colleen
Advisor
Advisor
0 Kudos

Hi Farooq

You diagram is a little confusing for me (probably because it's conceptual and I see systems). Could you please explain it with a few examples of what you mean by this solution?

Regards

Colleen

Former Member
0 Kudos

HI Colleen, Sure I can explain.

I have main system ECC 6 EHP 7 with all core modules including GRC 10.X, In this system I have 3 Rules ;

AC - Rule1 - This is serving the Main system

AC - Rule2 - This is serving another ECC 6 instance for Europe

AC - Rule3 - This is serving another ECC 6 instance for NA

Based on my understanding you already acknowledged this is possible? Just wanna double check.

Thanks,

Farooq

Colleen
Advisor
Advisor
0 Kudos

Hi Farooq

I thought that's what you meant. But I also took your diagram to mean a "shared common set of rules" and own systems.

At the end of the day you need 3 logical systems to cover your 3 scenarios in the integration framework.

Within the rule set definition it's the function data that references system. So you would need to maintain the functions to action/permission mapping for each of your 3 scenarios.

For example

North America

FUNC_A is for connector ECC_NA with Action ABC

FUNC_B is for connector ECC_NA with Action CDE

RISK A is then FUNC_A and FUNC_B

Rule generated would be ABC with CDE

Europe

FUNC_C is for connector ECC_EU with Action DEF

FUNC_D is for connector ECC_EU with Action GHI

RISK B is then FUNC_C and FUNC_D as a combination

Rule generated would be combination of DEF and GHI

Global

FUNC_E is for connector ECC_GBL with Action JKL

FUNC_F is for connector ECC_GBL with Action MNO

RISK B is then FUNC_E and FUNC_F as a combination

Rule generated would be combination of JKL and MNO

You can then build your 3 rule sets and map the appropriate risks to them

RULESET_NA - RISK_A

RULESET_EU - RISK_B

RULESET_GLB - RISK_C

Also, you could have a 4th scenario for 'GLOBAL' that applies to all of them. This could cover system admin access so you only need to map the functions to actions onece. Within the integration framework you would then assign your 3 ECC system to the GLOBAL system. In this situation, each connector would be mapped to 2 logical systems. I must admit, I have not tried this but visualise it occurring this way to prevent duplication.

If you didn't do the 4th logical system for shared you would then have to map each system to action for the same function. For example, SU01 would then be

FUNC_SU01 is for connector ECC_NA with Action SU01

FUNC_SU01 is for connector ECC_EU with Action SU01

FUNC_SU01 is for connector ECC_GBL with Action SU01

Let me know if this makes sense. I recommend you prototype with a small rule set and play around with the mappings to come up with your solution. It sounds like your system landscape is more complex than most due to regional systems.

Regards

Colleen

alessandr0
Active Contributor
0 Kudos

Hi Farooq,

what do you mean by policy? If you are talking about the rule set used in Acess Risk Analysis you can specify several rule sets dedicated to systems.

Regards,

Alessandro

Former Member
0 Kudos

Hello Alessandro,

Thank you for your response. Yes I am talking different rule sets used in AC. So I would assume that we can have multiple rule sets within one ECC that has a GRC 10.X?

What about multiple ECC environments question that I asked earlier? can we cater multiple ECC systems with different rule sets?

Thanks

Farooq

Colleen
Advisor
Advisor
0 Kudos

HI Farooq

AS you mentioned policy I thought you were asking about PC or RM

yes you can have multiple ECCS. Map them to a different logical system. In complex landscapes, a company might have dedicated systems for process areas, regions and/or companies.

for example you might have an ecc system for HR/Py and one for finance. your risks would be different for each system.

regards

Colleen