cancel
Showing results for 
Search instead for 
Did you mean: 

Access Control Landscape

Former Member
0 Kudos

Hi !

Do you know some document or post about configuration of landscape of the GRC Access Control 10.x?

I mean the landscape in context of DEV->QA->PRD.

I found only the "Access Control Diagram (Ver. 2.1)" with scheme, without legend and description of configuration.

Best regards,

Elvira Huzina

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Here you go

And the following on the SAP GRC WIKI

How to create different types of connectors in Access Control 10.0 - Governance, Risk and Compliance...

Configure the cross system SOD analysis in AC 10.0. - Governance, Risk and Compliance - SCN Wiki

Hope this helps you understand how to create the connectors and then add them to a logical group.

One word of advise would be to create a logical group per type of system, i.e. ECC_GROUP, CRM_GROUP, BI_GROUP etc.

Former Member
0 Kudos

Harinam, Thank you!

You provided useful documents and posts on configuration.

But I also need some information about specific settings and steps for transports in landscape. For example, the post

http://scn.sap.com/community/grc/blog/2014/10/23/transport-management-of-grc-configuration

I'm looking for any information about approaches to set the landscape DEV->QA->PRD and how to transport and test the GRC Access Control 10.x in DEV->QA->PRD landscape.

Could you please assist on this matter?

Former Member
0 Kudos

In summary

1) Ensure you have the same Logical groups across all the landscapes (this is transportable from Dev). The actual systems listed within the Logical groups will be unique per GRC landscape, i.e. ECC_GROUP in Dev will have ECCDEV, in QA ECCQA, etc. This is important for the rule set to be transportable, as you would ensure that he Function Actions and Permissions are grouped against a Logical group, as opposed to an actual system ID.

2) All/most configuration done in SPRO is transportable. Front end Master data i.e. FFID Owners/Controllers is not transportable. However, whilst role data imported into BRM is not transportable, it is exportable, hence can be imported into the other GRC front end systems.

Former Member
0 Kudos

Thank you, Harinam!

You gave valuable information for me.

Let's keep this discussion for collecting advices and documents about transports in GRC Access Control 10.x.

Colleagues, could you please share your knowledge and experience in transport landscape of GRC Access Control 10.x ?

Former Member
0 Kudos

Elvira,

You won't get much more documents for what you are after.

The SAP GRC transport mechanism is like any other SAP ABAP system. You will learn from experience as to what is transportable and what is not.

Refer to the following:

https://scn.sap.com/thread/2047837

You will find majority of your answers being shared among the practitioners in the form of advice or answers on this forum, as opposed to a official SAP document.

former_member197694
Active Contributor
0 Kudos

Hello Elvira,

With addition to Harinam

check the below link for BRF+ rule transport

Some Notes related to transports

1941439 - Transport of Business Units/Organizational Units & Mitigation Controls


2050802 - How to Transport Worfklow using MSMP Workflow Configuration (Expert)


1642420 - Transport of launchpad

hope it helps you

Regards

Baithi

Answers (0)