Notes 2011

NOTE SEPTEMBER 2011

Organization Rules in GRC AC 10

Organizational rules allow you to filter „false positives” from the risk analysis.

What does that mean?
You have a role concept with master derived roles, where e.g.
the leading organizational level is the company code with
a corresponding organizational value set.

Role_A_0001 for Company Code 0001 – (FB60)

NOTE AUGUST 2011

How to customize an AC10 access request form

The Access Request (AR) form can be called via the NWBC -->
Access Management --> Access Request


 

The individual fields in this form can be customized.

To do this - go to the IMG (transaction SPRO)-->Governance, Risk
NOTE JULY 2011

How to create an UME Role

In User Administration call the Identity Management.
Select Role and then Create Role.
Enter a unique name according to your agreed naming
convention and a description.

 
NOTE JUNE 2011

How to create a Portal Role

There are of course different approaches on how to create a portal role –
this section just provides a general introduction.
As a rule you should never maintain the SAP® standard roles.

In a first step you may want to consider creating your own folder with
permissions accordingly restricted to the role developers only.
 A solid approach would be to assign the Owner permissions to
NOTE APRIL 2011

Role naming conventions

There are so many different ways defining a role naming convention
that it is hard to determine the ultimately best approach.

It is important for maintenance, consistency and transparency to have
at least a clear concept.

In the following little note I will introduce you to one of my favourite
solution approaches based on the fact that the role naming
is limited to 30 characters.

General considerations:
NOTE MARCH 2011

Security upgrade

SAP® systems are upgraded on a frequent basis, and as part of such
an upgrade the security requires special attention as well.

While new authorization objects are introduced - even in purely technical
upgrade scenarios - additional relations between authorization objects
and transactions are also updated in the corresponding SAP® standard
tables amongst a lot of other things.
To benefit from these new implementations, and to make sure that
NOTE JANUARY 2011

Enhancement for table access control: S_TABU_NAM

Given the high criticality and increasing complexity related to table access –
SAP® has introduced a new authorization object for a more refined
table access control.
The authorization object S_TABU_NAM was introduced last year.
This authorization object consists of two fields ACTVT (Activity)
and TABNAME (name of table or view).
RSS feed