cancel
Showing results for 
Search instead for 
Did you mean: 

Configuration

Former Member
0 Kudos

Hi Experts

Can you shed any light on the following please.

Can GRC be configured to pick up ABAP and SQL combination code and link through table USR02?

Thanks in advance

Regards

MW

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Mark,

Can you give more details ? What is reason or requirement you are trying to connect.

Regards,

Ajesh.

Former Member
0 Kudos

Hi Ajesh

I had a feeling that it would be you that answered.

We have a requirement that needs GRC to be able to able to see an "exceptions table"

The exceptions table has been created so that different people can report on different parts of the Org Stucture rather than just the nodes that are directly connected to  i.e. cross node functionality. I have never come accross this problem before (and I surgested building a role for each requirement) but the business has gone for an exceptions table instead.

I hope this helps

Regards

MW

Former Member
0 Kudos

Hi Mark,

AFAIK GRC can not read these exeptions and utilize them.

Is this for RAR, even if GRC pulls the data, where are you going to use them ?

Regards,

Ajesh.

Former Member
0 Kudos

Hi Ajesh

I am not sure what AFAIK is can you explain this please

This exceptions table was for RAR yes.

Can you explain why GRC will not see or report on this table, I would like to go back to the business with an explanation as to why they cannot use it rather than just say "no you cannot use this for GRC" they will want me to explain exactly why

Kind Regards

MW

Former Member
0 Kudos

Hi Mark,

AFAIK - As Far As I Know

As I understand, you want the table entries to be in GRC and based on these entries you want to identify them as risks. I still dont get the what are the risks here and how they are identified from table entries.

In RAR if you want to identify risk, rule have to be built on and supplementary rules can be used to identify false positives. Based on these rules risk are identified, i dont see how you are going to utilize the table entries to define rules.

Regards,

Ajesh.

Former Member
0 Kudos

Hi Ajesh

The tables will NOT be in GRC they will be in the SAP ERP system, and yes we want GRC to be able to see them and run risks on them to see if there are any risks highlighted, but as you say I do not see how GRC can see this never mind run RAR against them.

The outsourcing company have said that they will link the exceptions table via ABAP code but I do still do not see how this can work.

I totally agree with you there are no rules so RAR cannot report on them, but apart from that how on hell can GRC be linked to an exceptions table. I advised them that rather than EXCLUDE someone from seeing part of the Org Structure they should build roles so that the users can only see what they want them to see (INCLUDE)

Regards

MW

Former Member
0 Kudos

Mark,

Just a suggestion, for your customer.  I would recommend talking to Greenlight.  They are able to build connectors to non-sap systems without having to bring the data into ECC.  What they do is build an interface that will bring the data from your non-SAP system.  run the data throught the interface so that its in a format that GRC can read it (this being cross system rules to non-SAP systems) and then you have a webservice connection from GRC that syncs your data into GRC so you can run a risk analysis with that.  One draw back the data may not be real time like SAP ECC but it will get you close enough to meet their requirements.

I have worked with Greenlight before and they were able to build such an interface to a mainframe application and pull the data in so that RAR could analyse cross system risks.

Hope this helps.

Gabriel Perez

Former Member
0 Kudos

Hi Mark,

They might be able to do that, by converting the entries in the table with an ABAP program and publishing them in a readable format for GRC. GRC may identify these pusblished results and mark them as risks. But as of with standard functionality, its not possible.

Definetely not recommended if you have alternative ways as you said.

Regards,

Ajesh.

Former Member
0 Kudos

Hi Gabriel

Thank you for your good answer.

We will be seeing a demo of how all this will work in the next coming days so we will see what happens with this. If it does not work I will sergest your solution to my client

Regards

Mark

Former Member
0 Kudos

Hi Ajesh

We have a demo soon with the external client so we will see from there.

Thank you for your advice

Regards

Mark

Answers (0)