10 Replies Latest reply: May 2, 2012 6:28 PM by Mark Willoughby RSS

Configuration

Mark Willoughby
Currently Being Moderated

Hi Experts

 

Can you shed any light on the following please.

 

Can GRC be configured to pick up ABAP and SQL combination code and link through table USR02?

 

Thanks in advance

 

Regards

 

MW

  • Re: Configuration
    Ajesh Raju Pujari
    Currently Being Moderated

    Hi Mark,

     

    Can you give more details ? What is reason or requirement you are trying to connect.

     

    Regards,

    Ajesh.

    • Re: Configuration
      Mark Willoughby
      Currently Being Moderated

      Hi Ajesh

       

      I had a feeling that it would be you that answered.

       

      We have a requirement that needs GRC to be able to able to see an "exceptions table"

       

      The exceptions table has been created so that different people can report on different parts of the Org Stucture rather than just the nodes that are directly connected to  i.e. cross node functionality. I have never come accross this problem before (and I surgested building a role for each requirement) but the business has gone for an exceptions table instead.

       

      I hope this helps

       

      Regards

       

      MW

      • Re: Configuration
        Ajesh Raju Pujari
        Currently Being Moderated

        Hi Mark,

         

        AFAIK GRC can not read these exeptions and utilize them.

         

        Is this for RAR, even if GRC pulls the data, where are you going to use them ?

         

        Regards,

        Ajesh.

        • Re: Configuration
          Mark Willoughby
          Currently Being Moderated

          Hi Ajesh

           

          I am not sure what AFAIK is can you explain this please

           

          This exceptions table was for RAR yes.

           

          Can you explain why GRC will not see or report on this table, I would like to go back to the business with an explanation as to why they cannot use it rather than just say "no you cannot use this for GRC" they will want me to explain exactly why

           

          Kind Regards

           

          MW

          • Re: Configuration
            Ajesh Raju Pujari
            Currently Being Moderated

            Hi Mark,

             

            AFAIK - As Far As I Know

             

            As I understand, you want the table entries to be in GRC and based on these entries you want to identify them as risks. I still dont get the what are the risks here and how they are identified from table entries.

             

            In RAR if you want to identify risk, rule have to be built on and supplementary rules can be used to identify false positives. Based on these rules risk are identified, i dont see how you are going to utilize the table entries to define rules.

             

            Regards,

            Ajesh.

            • Re: Configuration
              Mark Willoughby
              Currently Being Moderated

              Hi Ajesh

               

              The tables will NOT be in GRC they will be in the SAP ERP system, and yes we want GRC to be able to see them and run risks on them to see if there are any risks highlighted, but as you say I do not see how GRC can see this never mind run RAR against them.

              The outsourcing company have said that they will link the exceptions table via ABAP code but I do still do not see how this can work.

               

              I totally agree with you there are no rules so RAR cannot report on them, but apart from that how on hell can GRC be linked to an exceptions table. I advised them that rather than EXCLUDE someone from seeing part of the Org Structure they should build roles so that the users can only see what they want them to see (INCLUDE)

               

              Regards

               

              MW

              • Re: Configuration
                Gabriel Perez
                Currently Being Moderated

                Mark,

                 

                Just a suggestion, for your customer.  I would recommend talking to Greenlight.  They are able to build connectors to non-sap systems without having to bring the data into ECC.  What they do is build an interface that will bring the data from your non-SAP system.  run the data throught the interface so that its in a format that GRC can read it (this being cross system rules to non-SAP systems) and then you have a webservice connection from GRC that syncs your data into GRC so you can run a risk analysis with that.  One draw back the data may not be real time like SAP ECC but it will get you close enough to meet their requirements.

                 

                I have worked with Greenlight before and they were able to build such an interface to a mainframe application and pull the data in so that RAR could analyse cross system risks.

                 

                Hope this helps.

                Gabriel Perez

              • Re: Configuration
                Ajesh Raju Pujari
                Currently Being Moderated

                Hi Mark,

                 

                They might be able to do that, by converting the entries in the table with an ABAP program and publishing them in a readable format for GRC. GRC may identify these pusblished results and mark them as risks. But as of with standard functionality, its not possible.

                 

                Definetely not recommended if you have alternative ways as you said.

                 

                Regards,

                Ajesh.

Actions