» » How to use the new GRC Ruleset Manager (GRAC_RULE_SET_MANAGER Sample Excel File)

How to use the new GRC Ruleset Manager (GRAC_RULE_SET_MANAGER Sample Excel File)

 In this article, you will explore the new Ruleset Manager in SAP Governance, Risk, and Compliance (GRC) and learn how to effectively utilize the GRAC_RULE_SET_MANAGER sample Excel file. This comprehensive guide provides insights into configuring and managing rulesets. Whether you are an SAP administrator or a consultant, this article will equip you with the knowledge to enhance your GRC processes.


You can implement this program in sap with the links below:
3469294 Improvement note

3468630 Correction note

Thanks for your support for this process. Alican Atik (GRC Consultant)

  1. Download sample Excel Company_ARuleset.xml or create your own excel like this. (You can open with excel the xml file.)

    DOWNLOAD XML FILE (FROM GOOGLE DRIVE)
  2. Create sheets like included in sample excel file. (Or you can use for edit directly sample excel file.)

    1. Rule sets

      1. Insert Header/Headers RULE SET ID*
      2. Insert data below header whatever you want that named the rule.

    2. Rule set descriptions

      1. Insert Header/Headers RULE SET ID*, LANGUAGE*, DESCRIPTION*
      2. Insert data below header whatever you want.

    3. Risk-rule set relations

      1. Insert Header/Headers RISK ID*, RULESET ID*
      2. Insert data below header RISK ID* like XBS001 (Should start with X (It's optional but it's like common usage.)),
      3. Insert data below header RULESET ID* whatever you wanted Ruleset ID.

    4. Risks

      1. Insert Header/Headers RISK ID*, RISK LEVEL*, BUSINESS PROCESS ID*, RISK TYPE*, ACTIVE
      2. Insert data below header RISK ID*.
      3. Insert data below header RISK LEVEL* as GRACRISKLEVEL table. As you can see below customizing.
        MehmetSaidDemir_0-1735834326931.png
      4. Insert data below header BUSINESS PROCESS ID* as GRACBPROC table. As you can see below customizing.
        MehmetSaidDemir_1-1735834562550.png
      5. Insert data below header RISK TYPE*.
        You can use them as respectively:
        1- Segregation of Duties,
        2- Critical Action,
        3- Critical Permission.
        MehmetSaidDemir_2-1735835360856.png
      6. Insert data below header ACTIVE.
        1 is active. 0 is inactive.

    5. Risk descriptions

      1. Insert Header/Headers RISK ID*, LANGUAGE*, DESCRIPTION*, LONG DESCRIPTION, CONTROL OBJECTIVE
      2. I believe all data sections are clear for understandingOnly Control Objective side I do not know what about that. If you have any idea please write in the comment. Standart value is "-" without double quotations.

    6. Risk owners

      1. Insert Header/Headers RISK ID* RISK OWNER*
      2. I believe all data sections are clear for understanding.

    7. Risk-function relations

      1. Insert Header/Headers RISK ID* FUNCTION ID*
      2. Insert data below header RISK ID*.
      3. Insert data below header FUNCTION ID* like YBS001 (Should start with Y (It's optional but it's like common usage.))

    8. Functions

      1. Insert Header/Headers FUNCTION ID* BUSINESS PROCESS ID* SCOPE*
      2. FUNCTION ID* and BUSINESS PROCESS ID* is clear. SCOPE* side values is like:
        S- Single System
        C- Cross System

    9. Function descriptions

      1. Insert Header/Headers FUNCTION ID* LANGUAGE* DESCRIPTION*
      2. I believe all data sections are clear for understanding.

    10. Function actions

      1. Insert Header/Headers FUNCTION ID* CONNECTOR* ACTION* ACTIVE
      2. FUNCTION ID* is clear.
      3. CONNECTOR* As you can see below customizing.
        MehmetSaidDemir_3-1735837479981.pngMehmetSaidDemir_4-1735837538060.png
      4. ACTION* is tcode. You can check on TSTC.
      5. ACTIVE values is 0 and 1.
        1 is active.
        0 is inactive.

    11. Function permissions

      1. Insert Header/Headers FUNCTION ID* CONNECTOR* ACTION* RESOURCEID* RESOURCEEXTN* FROMVAL TOVAL SEARCHTYPE* ACTIVE
      2. FUNCTION ID* is clear.
      3. CONNECTOR* as I explained above.
      4. ACTION* as I explained above.
      5. RESOURCEID* is authorization objects. You can check on TOBJ.
      6. FROMVAL* and TOVAL* is clear. It's values. You can check function SUSR_AUTF_GET_F4_HELP. If you want to fill single value, you can fill only FROMVAL*.
      7. SEARCHTYPE* values is AND or OR.
      8. ACTIVE* values 1 Active and 0 Inactive.

    12. Business processes

      1. As I explained above.

    13. Business process descriptions

      1. It's clear as I mentioned.
  3. Execute SE38 and write program name GRAC_RULE_SET_MANAGER and execute.
    MehmetSaidDemir_0-1735839586529.png
  4. Choose File Mode and Upload. Choose whatever you want append or overwrite. (I suggest Data Inconsistency Check.)
    MehmetSaidDemir_1-1735839640946.png
  5. If you choose Data Inconsistency, Check, you may encounter pop-up like below.
    MehmetSaidDemir_2-1735839875788.png
    You can check application logs on SLG1. Example is below.
    MehmetSaidDemir_3-1735839967862.png
  6. After everything you can click the Execute button and choose xml file.
  7. The program has no loading screen. If your file is large you need to wait. After finishing you encounter pop-up like below.
    MehmetSaidDemir_4-1735840095537.png
Source : How to use the new GRC Ruleset Manager (GRAC_RULE_... - SAP Community
Related Posts

Comments Comments