on 07-05-2016 3:47 AM
Hi Everyone:
I have 2 SAP systems A & B connecting to GRC 10.1. System A connects to GRC via connector A and system B connects to GRC via connector B. Each system A & B has its own ruleset. Two ruletsets of A & B are appended to each others (with separate connector) and are called with one unique name "Global" in GRC. So, I have only one ruleset ID, which is Global, in GRC.
If users want to run ARA SOD analysis on A, they select ruleset Global with connector A (field System). Similarly, to run SOD report on B users select ruleset Global with connector B.
Now, due to auditor's request, client wants to customize the level of risk ID in system B --- but not affecting A.
For example: risk ID M004 has default risk level as Medium. Client wants to keep level Medium for M004 in A but want to change risk level to High for same risk M004 in B.
At risk level set up (Low, Medium, High) it does not have the place specifying connector A or B.
What is the best approach to accomplish this requirement (since we have only one ruleset called Global) ? Thank you for your advices.
Best Regards,
Andy
Hi,
Could you let us know, why A and B had diff. rulesets, earlier. Are both A &B the same component? i think they are not. So, your existing 'Global' already has 2 sub rulesets, one for each component, which means Ruleset of A is not applicable for B, and vice-versa. So, Risk id M004 is not applicable for one of A and B. So, you can change the level of M004.
If A and B are same components, or if you are using Cross-Risk analysis, then changing of Risk level, will impact the other connector.
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Plaban,
Both A & B are ECC6 non HR system. Yes, A & B have different rulesets and ruleset of A can't be used for B (and vice-versa).
One ruleset called global, which has 2 sub-rulesets : one for A and one for B. Now, the requirement is change risk M004 to High level for B while keeping standard level Medium for A.
In other words, ruleset of A will have risk M004 as Medium and ruleset of B will have risk M004 as High.
In A we use ARA & EAM.
In B we use ARA only.
Regards,
Andy
Hi Andy,
Could you say, If M004, assigned to connector B or A? if it is assigned to both, then you certainly cannot have 2 Risk levels, for 1 Risk id. So, you would have to create a copy of M004, and assign it only, to A. Make this new Risk of level Medium, while retaining the old risk to level High, and assigning it, only to B.
Regards
Plaban
Hi Plaban,
M004 is assigned to both connectors A & B. I know your approach; with this client may need to create a customized risk, let's say, ZM004 (copy from M004) and change risk level to High.
Someone suggested to create 2 separate rulesets, for example: GLOBAL_A and GLOBAL_B.
Each ruleset is connected to separate connectors A & B. Then in GLOBAL_B clients can change M004 to High while retaining M004 as Medium in GLOBAL_A.
Is this feasible ?
Regards,
Andy
Not sure, you can do with same riskid. You may have to copy of same risk with different name.
Thanks
Prem
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Andy,
You can build multiple rulesets here say GLOBAL_A and GLOBAL_B and then build a BRF+ Rule and map it against the specific connector. Go through the following SAP Note which will give you a idea on what you need to do.
2066491 - How to Set up Multiple Rule Sets for Access Request
Regards,
Rakesh Ram M
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
15 | |
4 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.