SAP GRC( Governanace Risk Compliance)

GRC was introduced in 2006
1. SAP acquired VIRSA and renamed into GRC. 2.SAP GRC enables organizations to manage regulations and compliance and remove any risk in managing organizations key operations. 3. It consists of three main areas analyze, manage and monitor.

Modules in SAP GRC
- SAP GRC access control
- SAP GRC process control
- SAP GRC Risk management
- SAP GRC global trade services
- Nota fiscal electronica

VIRSA 4.0 ---------------> access enforcer(AE)
GRC AC 5.3 -------------> complaint user provisioning(CUP)
GRC AC 10,10.1---------> access request management(ARM)


1. SAP GRC access control -
- automate approvals through workflow
- auto provisioning - auto user maintenance
User administration - User creation, User modification and User deletion.

Process to be followed for user administration :

SAP access                 approved by                    approved by              security team will
form               -------> reporting mgr------------> role owner----------> create/delete the req

Automation & workflow design for the below :
- User administration
- Role approval
- Function maintenance
- Risk maintenance
- FF log report review
- Risk analysis - SOD review & user access review
- Mitigation control - maintenance & assignments

Process ID's (workflow types)

SAP_ GRAC_ACCESS_REQUEST            - access request approval workflow
SAP_GRAC_ACCESS_REQUEST_HR    - access request approval for HR OM objects workflow
SAP_GRAC_CONTROL_ASON     - control assignment approval workflow
SAP_GRAC_CONTROL_MAINT      - mitigation control maintenance workflow
SAP_GRAC_FIREFIGHT_LOG_REPORT - firefighter log report review workflow
SAP_GRAC_FUNC_APPR                      - function approval workflow
SAP_GRAC_RISK_APPR                  - risk approval workflow
SAP_GRAC_ROLE_APPR         - role approval workflow
SAP_GRAC_SOD_RISK_REVIEW - SOD risk review workflow
SAP_GRAC_USER_ACCESS_REVIEW    - user access review workflow

Maintaining settings for HR trigger            
 
                                                                     
Maintain SLA(Service level agreements)
- SLA can be defined based on process ID ( workflow type)
- It cant be defined based on request type)

Define request type correctly map the request type to the process ID or workflow type.

Comments Comments