SlideShare a Scribd company logo

SAP GRC 10 Access Control

Nasir Gondal
Nasir Gondal

SAP GRC 10 Access Control - Overview & Components

EducationTechnologyBusiness
1 of 25
GRC 10 (Access Control) Components and Overview FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE
GRC 10 Landscape FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 1
AC Landscape FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 2
A Closer look: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 3
Installation: (Backend system) • The GRC 10.0 suite runs on AS ABAP 7.02 SP6 or higher • Add-on “GRCFND_A” • Add-on “SLL-LEG” • Add-on “SLL-NFE” • The Content Lifecycle Management (CLM) FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 4
Frontend: • The front-end needs a web browser or (optionally) a client installation of the NetWeaver Business Client 3.0 (NWBC) • The Adobe flash player 10 is used for displaying dashboards e.g. RM heat map • SAPGUI 7.10 PL 15 or higher • The Crystal Reports Adapter (CRA) FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 5
Access Control FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 6
Components of Access Control Access Risk Analysis Access Risk Management Emergency Access Management FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 7
Access Risk Analysis? The Access Risk Analysis (ARA) module is used for preventive and ongoing monitoring of SOD risks, critical transactions and mitigating controls. ARA life cycle:: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 8
Building Blocks: Action (s) Function (s) Risk (s) Rule Set (s) FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 9
Action (s) An activity which is performed in the system in order to fulfil a specific task, in the terminology of GRC is called action In easy worlds an activity is action and an action means tcode. For example, Create Purchase Order – ME22 User master record – SU01 RFC – SM59 FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 10
Function (s) A grouping of one or more related actions or permissions for a specific business area is called function: For Example: Function ID: AO01 Description: APO Supply and demand planning Business Process: APO FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 11
Risk (s) An opportunity for physical loss, fraud, process disruption, or productivity loss that occurs when individuals exploit a specific condition; functions are the main components of risks. A risk has at least two risk (access risk). Risk-IDs are system generated. FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 12
Continuation of Risk? FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 13
Rule set (s) A set of rule which identifies SoD is called rule-set. There are two types of rule set 1). Global – provided by SAP 2). user defined FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 14
How to Identification risk? When we assess uses, role or profile against given rule set, it identifies SoD. This process is called Access Risk Analysis (ARA). ARA can be run at: 1. 2. 3. 4. User level Role level Profile level HR Object FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 15
How to run ARA: 1.A user with appropriate access 2.Run “NWBC” in command area as illustrated 3.Click on “Access Management” 4.Move to “Access Risk Analysis” 5.Take your desired report FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 16
FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 17
Test Run: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 18
Out come: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 19
How to elimination the risk? There are two approaches: 1. Remediate 2. Mitigation What is Remediate? What is Mitigate? FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 20
Start Remediate flow: Run ARA Analyse SoD report SoD found Yes No Fix unavoidable SoD Yes Mitigation FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 21 No End
Mitigate? FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 22
FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 23
www.about.me/nasirgondal FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 24

Recommended

Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 

Recommended

Sap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online trainingSap GRC Basic Information | GRC 12 online training
Sap GRC Basic Information | GRC 12 online traininggrconlinetraining
 
SAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceSAP Governance,Risk and Compliance
SAP Governance,Risk and ComplianceTLI GrowthSession
 
Anil kumar sap security & GRC
Anil kumar sap security & GRCAnil kumar sap security & GRC
Anil kumar sap security & GRCAnil Kumar
 
SAP GRC
SAP GRC SAP GRC
SAP GRC Kellton Tech Solutions Ltd
 
081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grc081712 isaca-atl-auditing sap-grc
081712 isaca-atl-auditing sap-grchkodali
 
Sap grc-access-control-solution
Sap grc-access-control-solutionSap grc-access-control-solution
Sap grc-access-control-solutionAnywhere Gondodza SAP.GRC.FI.B.COM.ACC.HONS (MSU)
 
Grc 10 training
Grc 10 trainingGrc 10 training
Grc 10 trainingsuresh
 
Sap security interview question & answers
Sap security interview question & answersSap security interview question & answers
Sap security interview question & answersNancy Nelida
 
SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk ManagementAuditBot SAP Security Audit
 
What is sap security
What is sap securityWhat is sap security
What is sap securitygrconlinetraining
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis SecurityGuang Ying Yuan
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRCtechgurusuresh
 
SAP grc
SAP grc SAP grc
SAP grc smadhu29
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security Siva Pradeep Bolisetti
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
GRC access control access risk management guide
GRC access control access risk management guideGRC access control access risk management guide
GRC access control access risk management guideGulzar Ghosh
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questionsSiva Pradeep Bolisetti
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...akquinet enterprise solutions GmbH
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security conceptsSiva Pradeep Bolisetti
 
SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP Technology
 
Intelligent adware blocker symantec
Intelligent adware blocker symantecIntelligent adware blocker symantec
Intelligent adware blocker symantecPednekar Prajakta
 
FR 6 BETA Release Preview
FR 6 BETA Release Preview FR 6 BETA Release Preview
FR 6 BETA Release Preview FusionReactor
 

More Related Content

What's hot

SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsRohan Andrews
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC FrameworkHarish Sharma
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important QuestionsRagu M
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshoplarrymcc
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP SecurityNasir Gondal
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infosapdocs. info
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administrationnanda nanda
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0Latha Kamal
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation hkodali
 
GRC access control access risk management guide
GRC access control access risk management guideGRC access control access risk management guide
GRC access control access risk management guideGulzar Ghosh
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...akquinet enterprise solutions GmbH
 
SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP Technology
 

What's hot (20)

SAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM WorkflowsSAP GRC AC 10.1 - ARM Workflows
SAP GRC AC 10.1 - ARM Workflows
 
SAP Security & GRC Framework
SAP Security & GRC FrameworkSAP Security & GRC Framework
SAP Security & GRC Framework
 
SAP Security important Questions
SAP Security important QuestionsSAP Security important Questions
SAP Security important Questions
 
SAP Risk Management
SAP Risk ManagementSAP Risk Management
SAP Risk Management
 
What is sap security
What is sap securityWhat is sap security
What is sap security
 
Day5 R3 Basis Security
Day5 R3 Basis SecurityDay5 R3 Basis Security
Day5 R3 Basis Security
 
Sap Security Workshop
Sap Security WorkshopSap Security Workshop
Sap Security Workshop
 
SAP SECURITY GRC
SAP SECURITY GRCSAP SECURITY GRC
SAP SECURITY GRC
 
SAP grc
SAP grc SAP grc
SAP grc
 
Introduction to SAP Security
Introduction to SAP SecurityIntroduction to SAP Security
Introduction to SAP Security
 
Authorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.infoAuthorisation Concept In SAP | http://sapdocs.info
Authorisation Concept In SAP | http://sapdocs.info
 
Sap security-administration
Sap security-administrationSap security-administration
Sap security-administration
 
Sap grc process control 10.0
Sap grc process control 10.0Sap grc process control 10.0
Sap grc process control 10.0
 
Practical guide for sap security
Practical guide for sap security Practical guide for sap security
Practical guide for sap security
 
Iia los angeles sap security presentation
Iia los angeles sap security presentation Iia los angeles sap security presentation
Iia los angeles sap security presentation
 
GRC access control access risk management guide
GRC access control access risk management guideGRC access control access risk management guide
GRC access control access risk management guide
 
SAP Security interview questions
SAP Security interview questionsSAP Security interview questions
SAP Security interview questions
 
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
Fiori and S/4 authorizations: What are the biggest challenges, and where do t...
 
SAP BI 7 security concepts
SAP BI 7 security conceptsSAP BI 7 security concepts
SAP BI 7 security concepts
 
SAP HANA SPS08 Security
SAP HANA SPS08 Security SAP HANA SPS08 Security
SAP HANA SPS08 Security
 

Similar to SAP GRC 10 Access Control

Intelligent adware blocker symantec
Intelligent adware blocker symantecIntelligent adware blocker symantec
Intelligent adware blocker symantecPednekar Prajakta
 
FR 6 BETA Release Preview
FR 6 BETA Release Preview FR 6 BETA Release Preview
FR 6 BETA Release Preview FusionReactor
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...IT Tech
 
Roberta Nelson Shea of Rockwell Automation
Roberta Nelson Shea of Rockwell AutomationRoberta Nelson Shea of Rockwell Automation
Roberta Nelson Shea of Rockwell Automationadassoc
 
Plug-and-Produce based on Standardized Industrie 4.0 Asset Admin Shells
Plug-and-Produce based on Standardized Industrie 4.0 Asset Admin ShellsPlug-and-Produce based on Standardized Industrie 4.0 Asset Admin Shells
Plug-and-Produce based on Standardized Industrie 4.0 Asset Admin ShellsHeiko Koziolek
 
Addressing the Top 10 IBM i Security Threats
Addressing the Top 10 IBM i Security ThreatsAddressing the Top 10 IBM i Security Threats
Addressing the Top 10 IBM i Security ThreatsPrecisely
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An IntroductionForgeRock
 
JavaFX and JEE 7
JavaFX and JEE 7JavaFX and JEE 7
JavaFX and JEE 7Vijay Nair
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...Salem Trabelsi
 
Oval Internetworking Devices
Oval Internetworking DevicesOval Internetworking Devices
Oval Internetworking Devicesc3i
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxHugoGamez7
 
Android 10 Internals Update
Android 10 Internals UpdateAndroid 10 Internals Update
Android 10 Internals UpdateOpersys inc.
 
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...Leighton Nelson
 
Shields up - improving web application security
Shields up - improving web application securityShields up - improving web application security
Shields up - improving web application securityKonstantin Mirin
 
SAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAININGSAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAININGSanthosh Sap
 
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Arie Vayner
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Luca Bongiorni
 
What is RUDDER and when should I use it?
What is RUDDER and when should I use it?What is RUDDER and when should I use it?
What is RUDDER and when should I use it?RUDDER
 

Similar to SAP GRC 10 Access Control (20)

Intelligent adware blocker symantec
Intelligent adware blocker symantecIntelligent adware blocker symantec
Intelligent adware blocker symantec
 
FR 6 BETA Release Preview
FR 6 BETA Release Preview FR 6 BETA Release Preview
FR 6 BETA Release Preview
 
Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...Licensing on Cisco 2960, 3560X and 3750X...
Licensing on Cisco 2960, 3560X and 3750X...
 
Roberta Nelson Shea of Rockwell Automation
Roberta Nelson Shea of Rockwell AutomationRoberta Nelson Shea of Rockwell Automation
Roberta Nelson Shea of Rockwell Automation
 
Plug-and-Produce based on Standardized Industrie 4.0 Asset Admin Shells
Plug-and-Produce based on Standardized Industrie 4.0 Asset Admin ShellsPlug-and-Produce based on Standardized Industrie 4.0 Asset Admin Shells
Plug-and-Produce based on Standardized Industrie 4.0 Asset Admin Shells
 
Addressing the Top 10 IBM i Security Threats
Addressing the Top 10 IBM i Security ThreatsAddressing the Top 10 IBM i Security Threats
Addressing the Top 10 IBM i Security Threats
 
OpenIDM - An Introduction
OpenIDM - An IntroductionOpenIDM - An Introduction
OpenIDM - An Introduction
 
JavaFX and JEE 7
JavaFX and JEE 7JavaFX and JEE 7
JavaFX and JEE 7
 
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
5.5.1.2 packet tracer configure ios intrusion prevention system (ips) using...
 
Oval Internetworking Devices
Oval Internetworking DevicesOval Internetworking Devices
Oval Internetworking Devices
 
CCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptxCCNA_RSE_Chp10.pptx
CCNA_RSE_Chp10.pptx
 
Android 10 Internals Update
Android 10 Internals UpdateAndroid 10 Internals Update
Android 10 Internals Update
 
Cuc pcd tac_toi
Cuc pcd tac_toiCuc pcd tac_toi
Cuc pcd tac_toi
 
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
UPGRADING FROM ORACLE ENTERPRISE MANAGER 10G TO CLOUD CONTROL 12C WITH ZERO D...
 
Shields up - improving web application security
Shields up - improving web application securityShields up - improving web application security
Shields up - improving web application security
 
SAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAININGSAP SECURITY ONLINE TRAINING
SAP SECURITY ONLINE TRAINING
 
LTRSEC-2017-LG
LTRSEC-2017-LGLTRSEC-2017-LG
LTRSEC-2017-LG
 
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
Embedded Event Manager (EEM) on IOS (CiscoLive 2015)
 
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
Introduction to Mobile Application Security - Techcity 2015 (Vilnius)
 
What is RUDDER and when should I use it?
What is RUDDER and when should I use it?What is RUDDER and when should I use it?
What is RUDDER and when should I use it?
 

Recently uploaded

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 

Recently uploaded (20)

Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 

SAP GRC 10 Access Control

  • 1. GRC 10 (Access Control) Components and Overview FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE
  • 2. GRC 10 Landscape FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 1
  • 3. AC Landscape FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 2
  • 4. A Closer look: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 3
  • 5. Installation: (Backend system) • The GRC 10.0 suite runs on AS ABAP 7.02 SP6 or higher • Add-on “GRCFND_A” • Add-on “SLL-LEG” • Add-on “SLL-NFE” • The Content Lifecycle Management (CLM) FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 4
  • 6. Frontend: • The front-end needs a web browser or (optionally) a client installation of the NetWeaver Business Client 3.0 (NWBC) • The Adobe flash player 10 is used for displaying dashboards e.g. RM heat map • SAPGUI 7.10 PL 15 or higher • The Crystal Reports Adapter (CRA) FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 5
  • 7. Access Control FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 6
  • 8. Components of Access Control Access Risk Analysis Access Risk Management Emergency Access Management FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 7
  • 9. Access Risk Analysis? The Access Risk Analysis (ARA) module is used for preventive and ongoing monitoring of SOD risks, critical transactions and mitigating controls. ARA life cycle:: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 8
  • 10. Building Blocks: Action (s) Function (s) Risk (s) Rule Set (s) FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 9
  • 11. Action (s) An activity which is performed in the system in order to fulfil a specific task, in the terminology of GRC is called action In easy worlds an activity is action and an action means tcode. For example, Create Purchase Order – ME22 User master record – SU01 RFC – SM59 FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 10
  • 12. Function (s) A grouping of one or more related actions or permissions for a specific business area is called function: For Example: Function ID: AO01 Description: APO Supply and demand planning Business Process: APO FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 11
  • 13. Risk (s) An opportunity for physical loss, fraud, process disruption, or productivity loss that occurs when individuals exploit a specific condition; functions are the main components of risks. A risk has at least two risk (access risk). Risk-IDs are system generated. FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 12
  • 14. Continuation of Risk? FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 13
  • 15. Rule set (s) A set of rule which identifies SoD is called rule-set. There are two types of rule set 1). Global – provided by SAP 2). user defined FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 14
  • 16. How to Identification risk? When we assess uses, role or profile against given rule set, it identifies SoD. This process is called Access Risk Analysis (ARA). ARA can be run at: 1. 2. 3. 4. User level Role level Profile level HR Object FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 15
  • 17. How to run ARA: 1.A user with appropriate access 2.Run “NWBC” in command area as illustrated 3.Click on “Access Management” 4.Move to “Access Risk Analysis” 5.Take your desired report FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 16
  • 18. FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 17
  • 19. Test Run: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 18
  • 20. Out come: FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 19
  • 21. How to elimination the risk? There are two approaches: 1. Remediate 2. Mitigation What is Remediate? What is Mitigate? FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 20
  • 22. Start Remediate flow: Run ARA Analyse SoD report SoD found Yes No Fix unavoidable SoD Yes Mitigation FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 21 No End
  • 23. Mitigate? FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 22
  • 24. FUJITSU CONFIDENTIAL UNLESS SPECIFIED OTHERWISE 23