cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GRC Access Control 10.x Cross System Risk Analysis

Former Member
0 Kudos

Hi,

I was hoping someone out there in SAP land could help us. We have read through all the notes and SCN discussions and are getting mixed messages on the answer to these questions.

1. Can a single connector be put into more than one connector group? For example, can an ECC PRD connector be put into a logicial group by itself and a cross-system group with another PRD connector?

2. If we designate a function as cross system will the risks associated with it only report conflicts between more than one system? For example, Risk ID F001 is comprised of AP01 and AR01.

AP01 contains action VA01.

AR01 contains action FB02.

VA01 exists in ECC and MDM.

AR01 exists in ECC.

If function AP01 is marked for cross system analysis will risk analysis ONLY shows cross-system risks that pertain to the function or will it also include a risk that occurs within ECC only (as in the above example)?

Also, if risk analysis automatically runs for ARM will it take cross-system into account?

Any help would be greatly appreciated!

Thanks,

Tracy

Accepted Solutions (0)

Answers (1)

Answers (1)

0 Kudos

Hi Tracy,

you can include single connector in both connector group for example - logical and Cross system.

Cross connector group - It will display risk report for cross system as well as risk specific to only one system.

For cross system group we just mainatin the connector (systems) which are having cross system risks.

for example - ECC system and CRM system

While doing the risk analysis you will select the cross system group in system field then it will show risk report specific to system and cross system risk as well.

Regards,

Rakesh Kirve

0 Kudos

While doing risk analysis for Cross system we have to choose the System as Logical connector group then only system will check cross system risks.

Regards,

Rakesh Kirve

0 Kudos

Sorry we have to select Cross system group while doing risk analysis.

Regards,

Rakesh Kirve

Former Member
0 Kudos

Hi Rakesh,

Thank you so much for your response... I have a few follow up questions:

1. Within each function you need to identify whether or not it is relevant for cross-system risk analysis, if you choose this is it ONLY relevant for cross-systems and not risks within a single system? If one function is valid for cross-system and single-system risks do you essentially have to copy it?

2. When risk analysis runs automatically through ARM will it show cross system and single-system risks?

Thanks!
Tracy

0 Kudos

Hi Tracy,

When we upload the risk in function file you will find the scope of function is it cross or single.

Same Function will act as to show risk for same system also we can use the same function for cross system risk also.

For example - CRM and ECC system.

Risk - D004 belongs to ECC system and CR03 risk belongs to CRM system

Risk     Functions

D004 - CR04  and SD02

CR03 - CR04 and  CR01

Function -

CR01 - (belongs to CRM system)

CR04 (belongs to CRM system)

SD02 - (Belongs to ECC system)

In ECC Cross system Risk will be define as D004 - CR04 and SD02 but actual function file will have Function permission(authorization object)  and action for only SD02.

where as in CRM system CR03 risk will be shown in Risk analysis report for CRM system specific only.

CR03 - CR04 and  CR01 (having Function permission and action file for both functions CR04 and CR01)


When we run risk analysis report risk will be shown depend on the system we choose on initial analysis screen.


suppose if you choose ECC system in initial screen then it will display report for risk only for ECC systems.


suppose if we define cross system group having (ECC and CRM system)when we select Cross system group in system field it will display risk report for cross system risk also single risk belongs to ECC and CRM specific.


Regards,

Rakesh Kirve

0 Kudos

Yes when risk analysis runs automatically through ARM it will show cross system and single-system risks as by default system field will be blank so it will show cross system and single-system risks.

Former Member
0 Kudos

Hi Rakesh,

The shared information is very useful. I had one query in the above example. What would be the scope of function which we maintain in function CR04. I tried with the same you explained. I too had similar scenario and initiaaly i kept CR04 as cross and executed riskanalyis.. later changed to SINGLEand checked with the corresponding systems in the dropdown while performing the risk analyis.. but the results are inconsistent. So i created a copy of CR04 like ZCR04(cross scope) and performing risk analyis.now im getting cotrect results.

Regards

Ravi

0 Kudos

Hi Ravi,

I will recheck the scope of function, also its good idea to rename the function which are mapped to cross system risk so it will avoid the confusion.

Regards,
Rakesh kirve