To activate the End User Logon screen, To maintain the logon information, do the following: -

 

  1. Execute transaction SICF.
  2. In the Service Name, enter the name of the service - GRAC_UIBB_END_USER_LOGIN
  3. Click the Execute button.
  4. Under the Virtual Hosts / Services column you will see the service selected service. Double click on this service name.
  5. Click on the Logon Data tab.
  6. Click on the Pencil icon to go to change mode.
  7. Enter the information for the client, shared user, language and password and the user should be select Internet type User.

 

Note: Create user with below roles and user type is service type


  • SAP_GRAC_SUPER_USER_MGMT_USER
  • SAP_GRAC_ACCESS_REQUESTER
  • SAP_GRAC_BASE
  • SAP_GRAC_END_USER
  • SAP_GRAC_NWBC
  • SAP_GRAC_SPM_FFID
  • SAP_GRC_FN_BASE
  • SAP_GRC_FN_BUSINESS_USER


8. Click on save.

 

Do the same procedure for all the services mentioned below. Maintain same user details in all the services and the user should be of type Internet user

 

1.      GRAC_OIF_MY_PROFILE_EU

2.      GRAC_GAF_NAME_CHANGE_SERV_EU

3.      GRAC_POWL_REQUEST_STATUS_EU

4.      GRAC_GAF_PWD_SELFSERVICE_EU

5.      GRAC_OIF_USER_REGISTER_EU

6.      GRAC_GAF_ACCREQ_WITH_REQREF_EU

7.      GRAC_OIF_REQUEST_SUBMISSION_EU

8.      GRAC_GAF_ACCREQ_WITH_TEMPL_EU

9.      GRAC_GAF_ACCREQ_WITH_USEREF_EU


 

  1. Save the entry and navigate back to the Maintain Service screen.
  2. Right-click GRAC_UIBB_END_USERLOGIN, and then choose Test Service.
  3. The End User Logon screen appears. The http URL displayed in the browser's address window is the End User Logon URL.
  4. To set the links the application displays on the End User Logonscreen, continue with the following steps:
  5. In the URL window of the browser (from step 4), append this to the end of the URL: &SAP-CONFIG-MODE=X&OBJECT_ID=ACCREQ/123 and press Enter. The Logonscreen appears.
  6. Enter your username and password, and log onto the system. TheEnd User screen appears.

If you getting any Login errors like user ID does not exist, then you need to maintain

 

“User Authentication Data Sources is SU01(If you have HR System then you select HR) and

set NO in End User Verification” in Maintain Data Sources Configuration.

8. To make a link invisible, right-click the link and select Settings for Current Configuration.

9. Select Invisible, Save the entry, and then close the browser.

 

Thanks,

Rajesh Srisailapu.

This blog is intended to outline future product direction, and is not a commitment by SAP to deliver any given code or functionality. Any statements contained in this blog that are not historical facts are forward-looking statements. SAP undertakes no obligation to publicly update or revise any forward-looking statements. All forward looking statements are subject to various risks and uncertainties that could cause actual results to differ materially from expectations. The timing or release of any product described in this document remains at the sole discretion of SAP. This blog is for informational purposes and may not be incorporated into a contract. Readers are cautioned not to place undue reliance on these forward-looking statements, and they should not be relied upon in making purchasing decisions.

         

  • SAP AC on HANA
  • Enhanced User Interface - Corbu Theme
  • Context-Based Side Panels
  • New Access Request and Approval Forms - Simplified & steamlined interface
  • Remediation View – unified remediation processes from one location
  • Custom User Groups
  • Reporting and Dashboard improvements
  • Dashboard Drill Through and Analysis
  • Decentralized Firefighting (SAP Access Control 10.0 and 10.1)
  • Role Search Personalization
  • Business Role Improvements

A common need for many companies is to customize access request and approval ABAP Web Dynpro screens of 10.0 and 10.1 based on the business requirements. Though the IMG customizing in SAP GRC access control provides some alternative to accomplish this, there is another Web Dynpro feature which can be utilized to do additional screen modifications without any additional coding effort for all the users.

 

Below steps would explain it for access request submission and approval screen:-

 

Access Request Submission

1. Go to Transaction SE80 and Open package GRAC_ACCESS_REQUEST.

step1.PNG

2.  Drill down to Web Dynpro->Web Dynpro Application

step2.PNG

3. Select the application GRAC_OIF_REQUEST_SUBMISSION and double click

step3.PNG

4. From the menu choose Web Dynpro Application-> Test -> In Browser - Admin Mode

step4.png

5. Hiding Field/Tab

 

       i. Place the cursor at the field or the tab that needs to be customized and right click and choose 'Settings for Current Configuration'.

step5.png

ii. Change the Visibility property to 'Invisible'. Save and Close.

    step6.PNG

step7.PNG

6. Customizing ALV

    

i. Place the cursor at the ALV to be customized e.g. ALV under User Access tab and right click and choose 'Settings for Current Configuration'.

step8.png

ii. Add/Remove columns, change sequence etc. Save and Close

step9.PNG

8. Above steps can also be done for other UI elements present on pop ups that open through access request submission screen like: Existing Assignments etc.


7. Launch the access request submission through NWBC to see the effects

step10.PNG

 

Access Request Approval

Modifying access request approval screen is little tricky as it requires as GUID to be passed externally in the URL, apart from that the other steps are similar to access request submission explained above.

 

1. Go to Transaction SE16 and Enter table name as GRACREQ, enter any request number in REQNO field.

step11.PNG

2. Click execute button and copy the value of field REQ_ID


step12.PNG

3. Select the application GRAC_OIF_REQUEST_APPROVAL and double click

STEp13.PNG

4. From the menu choose Web Dynpro Application-> Test -> In Browser - Admin Mode

 

STEP14.png

5. Below dump screen will be launched initially.

STEp15.PNG

6. Append the string &OBJECT_ID=ACCREQ/<REQ_ID copied in step 2> e.g. &OBJECT_ID=ACCREQ/4CC001105B2A42DCE10000000A421B2B in the URL displayed in Step 5. Approval screen should be launched correctly after that.

step16.PNG


7. Customize the UI similar to how it was done for access request submission screen.

 

The above process can be done for any Web Dynpro application. To find the Web Dynpro application name, right click on any ABAP Web Dynpro screen and choose option More Field Help.

 

step17.PNG

Note: This Blog does not give details about the creation of Business Roles or realted initial activities. It deals only with the functionality that is enhanced, and the new behaviour of Business roles.

 

 

The functionality related to Business Role is enhanced in SP13 to support the removal of single roles that are part of business role, based on the validity. Also, the roles which are specific to the business role will be removed from user, when a business role is selected for removal.

 

Below are more details of the scenarios.

1)  Assign two Business roles to user having two Technical roles each, one of the technical role is common to both business roles (Say BR1 having T1 and T2 and BR2 having T2 and T3).

Till SP12: When trying to remove one Business Role (say BR1), the common technical role (T2) is also getting removed from the backend system which actually was assigned through other Business role (BR2).

2)  Assign one Business Role having two technical roles (say B1 having T1 and T2) to a user, also assign one of the technical roles directly to user (say T1).

Till SP12: When trying to remove the single technical role (T1), the technical role (T1) assigned through business role is also removed from the backend system, irrespective of the validity with which business role and single technical role is assigned.

 

 

From SP 13 Onwards:

Validity dates are considered for role removal, below is description of scenarios about how role removal will work.

1) Assign wo Business roles to user having two Technical roles each, one of the technical role is common to both business roles (Say BR1 having T1 and T2 and BR2 having T2 and T3).

SP13 Onwards: When trying to remove one Business Role (say BR1), it will be completely removed without affecting the assignments through Other Business role (BR2), i.e. assignment of T2 and T3 through BR2 will remain unaffected.

 

2) Assign one Business Role having two technical roles to a user (say B1 having T1 and T2) with validity Period say 01.01.2012 to 31.12.2013. Also assign one of the technical roles (say T1) of business role, directly to user with same validity as of Business role (i.e. 01.01.2012 to 31.12.2013).

SP13 Onwards: When trying to remove the single technical role that is directly assigned.

a)  If parameter 4011 is set to NO only the single technical role (T1) will be removed and assignment of T1 and T2 through Business Role remains unaffected.

 

b)        If parameter 4011 is set to YES then single role (T1) assigned to user directly as well as the single role (T1) assigned through business role is removed. Since now the business role assignment is now partial, so the other technical role (T2) that was assigned as a part of business role is reflected in existing assignment as if it is directly assigned to user and is no longer a part of business role. Apart from this, at the time of request generation as well as all the approval stages a warning message appears "Role <Role_name> (T1 Here) is a part of Business role of user".

 

 

3)  Assign one Business Role having two technical roles to a user (say BR1 having T1 and T2) with a validity period say 01.01.2012 to 31.12.2013. Also assign one of the technical roles of business role (T1), directly to user with different validity as of Business role say 02.02.2012 to 30.11.2015.

SP13 Onwards: Now on removing the single technical role (T1), only the single role assigned directly (T1 with validity dates 02.02.2013 to 30.11.2015) will be removed irrespective of parameter 4011 as the validity for the assignment through business role is different.

 

4)  Assign one Business role having any number of technical role to a user (say B1 having T1, T2, T3, T4). On trying to remove (say T2) directly via access request:

SP13 Onwards:

a) If parameter 4011 is set to NO then the end user will not be able to create a request and an error message "Role <Role_name> cannot be deleted as it is part of business role of user" will be generated.

 

b) If parameter 4011 is set to YES then request will be created with a warning message "Role <Role_name> (T2 here) is a part of Business role of user", which will also appear at the time of approving the request.

What is influence?  Do I have influence? How can one customer make a difference?  Is SAP really listening to my requirements? 

 

These are all questions that you may have.  Speaking from experience, you do have influence.  You could be the one person needed to take an idea from an enhancement request to a functional requirement.  SAP does listen. But to ensure that accepted functional requirements are a collaborative solution, SAP looks for ideas that are supported by a minimum of five installed customers.  And we need your ideas and support – now.

 

Currently GRC Access Control 10.1 is in ramp up for several SAP customers.  In this period between ramp up and general availability, SAP is requesting feedback on the latest functionality, and has engaged with us to do so.  Although SAP has great ideas, there are always usability improvements that increase the acceptance of an applications design.

 

If you currently have GRC Access Control 10 installed or you are part of the GRC Access Control 10.1 ramp up process, now is the time for you to provide your ideas to SAP.  If you would like to participate you until have until September 20, 2013 to submit your ideas.  The longer you wait, the less likely you will have four other customers to review and support your enhancement request.

 

Why does my voice matter?

 

It’s worth getting your feedback in and your voice heard.  I have found that SAP is moving past just getting the application to work without defects, and instead, is now working on improving its usability.  And now that GRC AC 10 has been in productive use for a couple of years, customers have great ideas for improving the usability of the application.

 

When I think of usability I pretend to be the user and validate that the application is intuitive.  Can an untrained user launch an application without any training or knowledge transfer?  Is a user required to enter the same data in more than one field?  If one application has performed an update such as deleting a user’s access, are other related master data elements deleted or made inactive?  Does the application have the proper security or change management controls available?  If two different users test an application, are they both happy with the functionality?

 

One huge way a customer can influence the usability of the application is to participate in user group influence opportunites and customer connection programs.  As my company participated in the GRC 10 ramp up process, I used the influence options to increase usability, reduce complexity, and add missing functionality.

 

How do I get involved?

 

Access to the GRC Access Control 2013 Customer Connection process is restricted.  If you would like to participate, send an e-mail to katrin.pietsch@sap.com requesting to participate in the GRC Customer Connection for 2013.  Once you have access to the site you can use this link to go directly to the site: https://cw.sdn.sap.com/cw/community/influence/.  Then you will scroll down and select the “GRC Access Control 2013” link. 

I hope to see you there soon as we can influence change with your help.

In MSMP, Access Controls 10.0 and 10.1 provides extremely flexible and powerful tool to configure Access Control workflows. In this blog we will try to understand some basic concepts about MSMP and BRF+.

Before we can start creating any BRF+ rule for MSMP, we need to understand the difference between MSMP BRF+ rule and BRF+ flat rule ( lineitem by lineitem ). The logic executed in both the rules is same but the difference is in the input, output and the way it is processed.

 

Following are some of key differences:

 

 

1.) MSMP BRF+ flat rule (lineitem by lineitem):

This rule is called flat rule or lineitem by line item rule because this rule is called by MSMP multiple times, once for each lineitem. So if in access request you have added 3 roles/systems, then this BRF rule will be called 3 times. As an input to this rule, MSMP sends detail of one lineitem at a time and this BRF rule provides result for that one lineitem only. BRF+ flat rule is easy to create as no loop is required and only one decision table (or other expression) is required for the logic. For example, consider an access request with 3 roles/system. In this case the BRF flat rule is called 3 times by MSMP with following input and output:

 

Input provided by MSMP to BRF+ flat rule in first call:

Item NameSystemRole TypeLINEITEM KEY...
ROLE1SYSTEM 1SIN0001

 

 

Output given by BRF+ to MSMP in first call:  

Lineitem KeyRule Result
0001RolePath

 

 

 

Input provided by MSMP to BRF+ flat rule in second call:

Item NameSystemRole TypeLINEITEM KEY...
ROLE2SYSTEM 2COM0002

 

 

Output given by BRF+ to MSMP in second call:  

Lineitem KeyRule Result
0002RolePath

 

 

 

Input provided by MSMP to BRF+ flat rule in third call:

Item NameSystemRole TypeLINEITEM KEY...
SYSTEM1SYSTEM10003

 

 

Output given by BRF+ to MSMP in third call:  

Lineitem KeyRule Result
0003SystemPath

 

 

So the flat rule is called once for each lineitem which makes its creation easier as no looping is required which is required in case of BRF+ rule.

 

 

 

2.) MSMP BRF+ rule:

In this case, all the lineitems (roles, systems and FFID...) present in the Access Request are sent to the BRF rule in form of a table. After processing, this rule has to return a table with lineitem key and result. For example, in case of initiator rule the input to BRF rule can be following table. The roles/system shown here are one that are added to access request.

 

 

INPUT sent by MSMP to BRF+

Item NameSystemRole TypeLINEITEM KEY...
ROLE1SYSTEM 1SIN0001
ROLE2SYSTEM 2COM0002
SYSTEM 1SYSTEM 10003

 

 

For the above input, the output of BRF rule will be something like following:

OUTPUT given by BRF+ to MSMP

Lineitem KeyRule Result
0001RolePath
0002RolePath
0003SystemPath

 

Please note that we have not shown the decision table which contains the logic to determine the path in case of initiator rule. Since complete request details are sent by MSMP to BRF+ rule for execution, so this rule is called only once by MSMP. Hence it is required that the logic to loop on all the lineitems has to be done within BRF+ rule. The decision table or other condition is called within the loop so that it is executed for all the lineitems one by one.

 

 

 

 

 

Key differences between BRF+ rule and BRF+ flat rule are again summarized below:

 

 

 

BRF+ Flat RuleBRF+ Rule
1.) Executed multiple times, Once for each lineitem1.) Executed only once
2.) Details of one lineitem at a time passed to BRF rule by MSMP2.) Complete request details passed to BRF rule by MSMP in form of a table
3.)Output of flat rule is result of one line item only3.) Output of BRF+ rule is complete table with all lineitems
4.) Easy to create as no loop is required4.) Complex as compared to flat rule as loop is required
5.) Some of business cases not possible in flat rule5.) Almost all business cases can be achieved by BRF+ rule

 

 

 

 

 

TIPS for Reviewing your SAP GRC Rule Set for Completeness and Relevance

 

SAP GRC provides rule is provided out of the box and relevant for most of the companies. The rule has to be reviewed regularly as your business need and functionality in the SAP system changes. Here some tips for reviewing your SAP GRC Rule Set

Industry Specific Rule Set:

SAP GRC Rule set does not cover all the specific industry niches. So you may have transactions which are specific to a specific industry and you may not be analyzing the risk based on your industry specific transactions. 

For example in the Federal Government area most of the risks are not based on Sales but by the funds management.  So some of the risks have to be turned off and new SAP GRC Risks have to be added to the Rule set.

 

Functionality Specific Rule Set: 

There are two schools of thought here. One option is to turn off the risks if you are not implementing a specific functionality. Other option is keep them ON,  so you can see why people are having the risk when the functionality is not being used.

It is better to keep the risks turned on so you can see if the risks are showing up within the SAP users or SAP Roles.  If you are not using HR Functionality and if 50 % of your users are showing SAP HR Risks then there is a bigger problem.

This indicates that your role design is out of sink and transaction belonging to the functionality which has not been implemented has been included in your roles.

 

Customer Specific Rule Set:

In this scenario you will have custom SAP transactions or Standard SAP transactions which have been configured to behave differently.  These transactions have to be added or removed based on the situation. 

 

One of key areas to focus on is the Custom SAP Transactions developed internally which is usually ignored.

The Governance, Risk & Compliance (GRC) space has generated worldwide interest after the enactment of specific corporate laws by the regulators. Many organisations focus mainly on the “C” part, through internal & external audits, to ensure that they comply with the laws & regulations of the land and policies & procedures. However, when laws specifically prescribe that a governance system must exist, risks identified and controls are tested for its effectiveness, the consequences can be far reaching.

Lo & behold!, SAP’s comprehensive GRC tool, (GRC 10) provides the functionalities to meet the requirements of these regulations and seamlessly integrates across modules. An enterprise GRC platform approach allows companies to manage all risks and controls from a single repository, which should give comfort to Directors, Auditors and other stakeholders.

 

In order to get the best out of GRC 10, it is important that consultants have a good understanding of:

  • the integration between Process Control (PC), Risk Management (RM) and Access Control (AC)
  • business processes, risks & controls
  • regulations
  • frameworks on GRC & controls
  • risk management standards
  • the holistic view of GRC and the benefits an organization can derive

 

Most organizations start with AC and then move on to implement PC and RM, which is more like a “bottom up” approach. The reason for this is that reporting on SOD violations gained importance worldwide, with the enactment of the Sarbanes Oxley Act and other equivalent regulations. Most consultants in this space come from a technical background, whereas PC & RM requires very good domain knowledge. There is a need for PC & RM consultants to “cross-pollinate” with AC consultants and vice versa. I do appreciate the fact that these modules are vast and finding consultants having an understanding of PC, RM & AC is going to be difficult. However the reality is that this is required for a successful implementation of GRC 10 and for starters, I believe, consultants should at least understand the main integration points.

 

Continuous Control Monitoring is a very powerful functionality in GRC 10 and can immensely benefit organizations in establishing whether the controls are working effectively and efficiently. This can also help auditors pass an opinion on the effectiveness of controls. In today’s world, the words “control effectiveness” have become buzzwords in the vocabulary of regulators and have been included as responsibilities of Directors and Auditors. Testing of controls should not be done on an “as at” basis, rather it should be done “for the year”, which boils down to continuous monitoring. Organizations need automated tools like GRC 10 to meet these objectives. An effective GRC Consultant must have a “Board View” of governance, enterprise risks and controls and not be restricted to specific modules.

As of Monday, August 12, 2013, SAP Fraud Management is released to customers in Release 1.1, Support Package 00. SAP Fraud Management, powered by SAP HANA, combines an intelligent and efficient infrastructure for performing fraud detection and supporting investigation with the speed and power of the SAP HANA database. With SAP Fraud Management, you can detect fraud in big data environments with unprecedented speed and responsiveness, and you can bind real-time online checks for fraud by SAP Fraud Management into your purchasing, claims management, and other business processes.

 

With this release, SAP Fraud Management is enhanced in the following ways:

 

  • Improved design for the Home screen
  • Improved work area for investigating alerts, providing an Investigator’s Task List
  • Improved searching: Free-text searching in uploaded documents is now available from every screen in SAP Fraud Management, and search hits are highlighted in texts
  • New platform:  SAP Fraud Management now runs on NetWeaver Release 7.4 Support Package Stack 03.

 

Release 1.1 SP00 of SAP Fraud Management also offers content for strengthening your compliance efforts with anti-corruption laws and regulations such as the US Foreign Corrupt Practices Act of 1977 or the United Kingdom’s Anti-Bribery Act of 2010.  This content is downloadable and installable from the wiki pages of SAP Fraud Management in the SAP Community Network: http://wiki.sdn.sap.com/wiki/display/GRC/Anti-Corruption+Content+for+SAP+Fraud+Management+Release+1.1+SP00

 

For help with installing or upgrading SAP Fraud Management to Release 1.1 SP00, see the SAP Service Marketplace at http://service.sap.com/instguides - SAP In-Memory Computing > SAP Fraud Management.

 

For access to the SAP Fraud Management documentation, including the links above, see the SAP Help Portal at http://help.sap.com/fra.



 



The webinar will discuss not only the drivers of costs related to compliance efforts such as Sarbanes-Oxley, but also , how using SAP GRC Process Control can help companies better mitigate risks and improve their business processes. The session will also cover:

  • How SAP GRC Process Control capabilities (such as a unified control framework, best practice workflows, automated control testing and monitoring, certification and disclosure…) can reduce compliance efforts and enhance performance
  • How these automated features, can be implemented across SAP and other legacy applications

How flexible reporting can improve management's insight into the company's control environment and ultimately increase confidence that key risks are mitigated and business processes are sound and efficient Hear how one of the leading multinational manufacturers of electronic products Sharp, was able to implement a scalable control environment, take advantage of best practice workflows and control automation capabilities to streamline their compliance effort, improve risk mitigation and provide their Management with confidence in the effectiveness of business processes.

 

Join us for the webinar on: Wednesday, August 21, 2013 01:00 PM ET | 10:00 AM PT

Speakers:

Jerome Pugnet,GRC Solution Marketing, SAP\

Jan Gardiner, Senior Director in GRC Solutions, SAP Labs LLC

Mike Kosonog, Partner, Deloitte and Touche

Wyatt McNamus, Information Security, Sharp Electronics Corporation

 

To register:http://event.on24.com/r.htm?e=669768&s=1&k=536F03BC315606BCB0302B539E715353

Good Day All:
Multinational companies today have become the norm, while managing operations and keeping accurate books has become more complicated. With different parts of a single company often spread across the globe, a solid transfer pricing strategy is a necessity when looking to manage tax liability.

Join PwC & SAP
for an informative webcast entitled "Deliver True Value to the Transfer Pricing Process and Avoid the Pitfalls of Financial Risk."  Learn how you can deliver true value to the Transfer Pricing process by eliminating manual and intensive work each period.

In this webcast you will learn:

  • To leverage the best in class driver allocation capability to distribute cost/revenue from one legal entity to another to reflect fair consumption
  • Best Practices to perform what-if analysis to simulate the effect of: tax changes and changing consumption
  • The SAP Transfer Pricing solution in depth and see how the solution provides a multi-dimensional framework across geographies, legal entities, brand, products and services.
We hope you can join SAP & PwC for this webcast.  For additional information and to register, please click on the appropriate link below.
Warm Regards,
Michael Smith

Last month I had the pleasure of presenting at the SAP Inside Track in Toronto.  A well-attended event that drew nearly 200 partners and customers my session on enterprise risk management drew a much focused crowd.  “How do we plan for things we don’t know?” “How do we consider managing our processes given constant business changes?” These are compelling questions which have faced organization processes and supply chains with increasing impact over the past five years.  Automotive companies had to figure out how to resource black pearl paint when the Japanese Tsunami hit.  Disney left Bangladesh as a contract manufacturing base after a devastating building collapse and failure on the part of the government to see key safety issues transparently before disaster struck. Companies are giving more attention to SWIFT account financial audits to make sure global payments are using proper account numbers to avoid error and reduce fraud.  These and other factors add up to a growing attention and acknowledgement at the corporate board room and practitioner level that enterprise risk management (ERM) is a necessary business process in its own right.

 

My presentation on SlideShare is attached.  In the SAP landscape, the key five elements to any ERM program are:

 

  1. The SAP Business Suite or Line of Business Applications
  2. SAP Risk Management
  3. SAP Access Controls
  4. SAP Process Controls
  5. NetWeaver Audit Management

 

My overview article on Tech Target is now available here.

 

Babak.jpg

 

Before moving on to the third video in our SAPinsider series I wanted to highlight that you can find the previous two interviews we conducted with Mico Yuk here and Luke Marson here! They both got some great input on the bi2013 and HR2013 streams at the event.

 

This time around you’ll be watching Babak Hosseinian on the topic of GRC and hear what he took away from the Amsterdam sessions. Babak is a recognised GRC subject matter expert in the independent consulting market and have numerous times provided my company and our clients with high-quality consulting services. He was not one of the presenters at this year’s event, which means he’s providing the viewer with insight he gained purely as an attendee. Not everyone got early access to SAP technology and I believe his replies reflect what level of product exposure you would typically get by attending this type of event.

 

I didn’t find the coverage (pre and post) of grc2013 being that extensive, so this video with Babak is a great piece of content to capture where the market is heading and helps bring some light to a few of the current drivers in the GRC space.

 

Now enjoy:

 

 

That wraps up the 3rd video in our 6 part video series. The remaining two is Martin Gillet on HCM and Joshua Fletcher on BI and EIM. You will be seeing Martin later this week. I’m sure Babak will be keeping an eye on this post, so if you got any questions for him I’m sure he’ll get back to you.

 

I also believe it would be worthwhile reading this SCN post by Erin Hughes, which was written prior to the event, as it further highlights some of the key takeaways and focus areas at this year’s GRC2013 SAPinsider - Countdown to #GRC2013 – Getting the Most ‘Bang for Your Buck’

 

EDIT:

 

Part 1 of the series: Mico Yuk BI2013 - SAPinsider Video series part 1 of 6

Part 2 of the series: Luke Marson HR2013 - SAPinsider Video series part 2 of 6

Part 4 of the series: Martin Gillet HR2013 - SAPinsider Video series part 4 of 6

Part 5 of the series: Joshua Fletcher BI2013 - SAPinsider Video series part 5 of 6

Part 6 of the series: The Grand Finale - SAPinsider Video series part 6 of 6


SAP Sensitive transaction risk is created when the user or role has access to a particular transaction. For example user could have transaction
SCC4 which is to create a client or SU10 which is a mass change user. There are many SAP Sensitive Risk transactions in the SAP System. The majority of them will be basis, configuration or mass change. 

 

 

Example User Administration Transactions

GCE1     Maintain User

OOUS    Maintain User

OP15     Production User Profile

OPE9     Maintain User Profile

OPF0     Maintain User

OTZ1      C FI Users

OVZ6     C SD Maintain User Profile

OY21      User profiles-Customizing

OY27      Create super user Customizing

SCUG    Transfer Users

SCUM   Central User Administration

SU01      User Maintenance

SU05      Maintain Internet Users

SU10      User Mass Maintenance

SU12      Mass Changes to User Master Records

SU80      Archive user change documents

SU81      Archive user password change doc.

SUGR    Maintain User Groups

 

 

 

Key benefits of running SAP Sensitive Risk analysis report

 

 

  1. You can identify all the display roles having access to change or sensitive transactions.  Most of the time if the sensitive transaction
    is not part of the SAP SOD Rule set this risk may be hidden   

 

  1. Identify the functional roles having access to other functional area transactions. For example a Sales and distribution roles having
    access to human resources transactions or basis transactions.  

 

  1. When the SAP Sensitive risk analysis is performed at the user level it can identify the user getting access to other
    functional area transactions due cross pollinations of authorization.

 

Ongoing monitoring:

 

 

A monthly review of the SAP Sensitive risk at the role and user level has to be performed to monitor the risk constantly

More Data, More Vulnerabilities

Join us for a videoconference on addressing fraud management challenges at your local Deloitte office

Register today

To register click here:

http://bit.ly/12Gex8R

Rhttp://bit.ly/12Gex8R

 

Video simulcast event:

Date:
July 25, 2013

Locations:
Arlington, VA
Bentonville, AR
Calgary, AB
Charlotte, NC
Chicago
Cincinnati
Cleveland
Costa Mesa, CA
Dallas
Detroit
Houston
London
Los Angeles
Minneapolis
Montreal
New York
Ottawa / Kanata, ON
Philadelphia
Phoenix
Pittsburgh
Portland, OR
Seattle
Toronto
Vancouver, BC

Full location details ›

Register today

You’re invited to join SAP and Deloitte for a multi-city, interactive videoconference on fraud management on Thursday, July 25, 2013, at your local Deloitte office.

Based on recent studies by the Association of Certified Fraud Examiners (ACFE)*, the typical organization loses 5% of its revenue to fraud each year. Yet the increasing volume of data to analyze has made it exponentially more difficult to identify potential fraud.

Please join us for an interactive video session featuring a peer-to-peer discussion on addressing the business challenges of fraud management through automation. We’ll offer insights into:

  • Preventative analysis – looking at real-time analysis of transactions before they’re processed
  • Mass detection – assessing data after processing to identify potential fraud and create alerts
  • Investigative and explorative analysis – tracking of suspected fraud cases until a decision is reached
  • Fraud management case study – a customer case study on the business case for moving to automation
  • SAP Fraud Management – leveraging technology to automate fraud management processes

Register today to attend at a Deloitte office location near you. We look forward to seeing you at this informative and engaging event.


Session times:

EDT locations:
12:00 p.m. – 3:00 p.m. (Lunch will be served)
CDT locations:
11:00 a.m. – 2:00 p.m. (Lunch will be served)
PDT locations:
9:00 a.m. – 12:00 p.m. (Breakfast will be served)

 

*Association of Certified Fraud Examiners (ACFE) 2012 Report to the Nations

 


 

To register: http://bit.ly/12Gex8R

Actions

Filter Blog

By author:
By date:
By tag: