We would like to introduce to you a new GRC Suite that may be of interest to you:
The Security Compliance Suite is an SAP-centric application used to manage system compliance, provision temporary authorization for system support, and to manage permanent authorization change requests. The solution includes best practices SOD rule set. It can be initially configured in your system for evaluation purposes in less than 90 minutes.
SAP Job Market
SAP job market is currently in a state of flux just like any other IT job. Where there used to be 10 jobs there are 4 or may be 5. Post recession, the reasons are obvious – Lack of budgets, postponing new implementations, general market slump etc.
However, all is not lost yet. There are still jobs. And more are going to come up as the economy slowly takes roots again and boomtown comes along. continue reading…
We have been contacted by a number of our clients that had the following problem.
When executing the “Risk Analysis” reports in the “Informer” tab, randomly receive the following error message: “Cannot assign a blank-padded string to host variable 1.”
To solve this problem, please go to the rule architect tab in Compliance Calibrator. Search for function PR04 and modify it by clicking on the Permissions tab and open up the permissions for transaction ME45. For authorization object M_EINK_FRG, field FRGCO should be enabled and the field value set to be *. If there is a blank here, enter *. Field FRGGR for this auth object should be disabled. Once this change is made, save the function and then regenerate all rules for this function.
Keep it Simple: A simple workflow implementation for SAP GRC User Provisioning
Sample scenario: The Company has four organizational divisions. Each division has a Manager and SAP Security coordinator. The SAP security coordinator approves the SAP System / Roles and Manager approves the organization location of the user. There are Role owner and Training Coordinator. The Role owner approves sensitive roles and training coordinator verifies and approves the training.
WorkFlow Steps
Steps 1: Manager approves the User and SAP System Access
Step 2: The SAP Security Coordinator selects the roles and approves
Step 3: Role owner approves the sensitive roles if there are any
Step 4: Training coordinator verifies the training
Step 5: User is provisioned in the system
Process: The user will register with the organizational location. The organizational location will be initiator of the work flow. The Stages of the work flow will be Manager- SAP Coordinator-Role Owner-Training Coordinator. The path will follow the stages mentioned above. Define custom approver determinator based on the organization location in each stage. This will send the approvals to appropriate organizational manager
Assumption: One composite role per user and the role is mitigated or free of any SODs
OneAccess-UserManager also helps you manage the complex documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409
Selva Kumar
Vice President- SAP Practice
OneAccess-UserManager for SAP
SAP Certified-Powered by Netweaver
http://www.softsquare.biz/oneaccess/
selva@softsquare.biz
Phone: 1 877 717 5487
Automate and Meditate
This tool automates the user provisioning process and also checks for any risks associated with the user when the sap access in added or removed. The tool can be used to identify and mitigate SOD risks when the user is approved. Are there are any general guidelines on how long it should take to implement. From my experience it should not take more than 3 months to implement the GRC Compliant user provisioning system for client.
The implementation time also depends on the following
OneAccess-UserManager also helps you manage the complex documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409
Selva Kumar
Vice President- SAP Practice
OneAccess-UserManager for SAP
SAP Certified-Powered by Netweaver
http://www.softsquare.biz/oneaccess/
selva@softsquare.biz
Phone: 1 877 717 5487
Automate and Meditate
There are three types of user in SAP GRC Access Enforcer
• Requestor
Requestors is the typical end users who wants access to SAP system and he or she will create provisioning requests, asking that a specific user be assigned one or more SAP roles. This request triggers a workflow, a process requesting approval of the role assignment from designated approvers.
• Approver
Approvers who is a functional or Technical user in the company, who understands the SAP role and their contents who can either approve or deny provisioning requests. Virsa Access Enforcer interacts with approvers via email. At each stage of a workflow, one user is designated as the approver for that stage, and that user receives an approval email generated by Virsa Access Enforcer. The approver has options either approve or deny.
• Administrator: Administrators is responsible for creating, deploying, configuring and managing workflows. These workflows are designed to follow the organizational path for assigning roles to a user. The administrator is responsible for designing the approval process so all the approvals are captured
All the above users must be assigned access in GRC system and the access determines who has the authority to act in which capacity. Only users with the requestor access can create new requests and administrators can create and deploy workflows.
OneAccess-UserManager also helps you manage the complex documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409
Selva Kumar
Vice President- SAP Practice
OneAccess-UserManager for SAP
SAP Certified-Powered by Netweaver
http://www.softsquare.biz/oneaccess/
selva@softsquare.biz
Phone: 1 877 717 5487
Automate and Meditate
SAP systems have some custom transactions which are created by the companies to mask the sap transactions or create new transactions. These custom transactions will miss the Segregation duties matrix (SOD) since they have to be manually updated. When we run the SOD analysis it will miss the transaction and will not flag them a risk. These transactions should be part of SOD matrix. Since it not part of SAP defined SOD matrix. For example if you are copying transaction XK02 and create transaction ZXK02 to mask some of the fields in the screen. This transaction has same functionality as update vendor master but is hiding as custom transaction. You could do this with transaction variants or create a custom screens. The transaction can perform the same functionality. The SOD analysis will miss this transaction since the custom transaction is not in SOD matrix. The best way to update this transaction is find the similar transaction or transaction which has similar functionality. Then update the functional group with this custom transaction. In addition to updating the transaction also update the SU24 with the relevant objects and object values for the custom transaction.
OneAccess-UserManager also helps you manage the complex documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409
Selva Kumar
Vice President- SAP Practice
OneAccess-UserManager for SAP
SAP Certified-Powered by Netweaver
http://www.softsquare.biz/oneaccess/
selva@softsquare.biz
Phone: 1 877 717 5487
Automate and Meditate
Special offer for Home4SAP.com visitors only!
Order today and save up to 80%!
Hurry - Limited time offer! Click the business card below for details!
SAP Network Blog
Add
Add