NOTE APRIL 2012
SAP ® GRC - Governance, Risk and Compliance and Audit Management:
The power of risk adjusted audit management
NOTE FEBRUARY 2012
How to customize WebDynpro configuration
An UIBB is an user-interface building block, meaning basically an interface view
– a WebDynpro ABAP window. A customization can be done with the help of the FPM (Floor Plan Manager) configuration editor. Corresponding elements can be adapted and customized according to individual requirements.
Step 1 –Call WebDynpro service in configuration mode:
The desired URL is to be entered into the browser:
http://<system>:<port>/sap/bc
sap-config-mode=x
NOTE JANUARY 2012
How to create a transportable BRF+flat initiator rule for MSMP in GRC 10.0
The BRF (Business Rule Framework)+ is a strong tool when it comes to the
definition of ABAP rules to reflect business scenarios.
In the GRC 10.0 MSMP (Multi-Stage Multi-Path) workflow a business rule
can be utilized for different purposes as in the following example where we want to create a transportable initiator rule.
Step 1 -Creation of a development package:
The transaction SE21 is to be called and a desired name for the new package
to be entered. The development package is to be associated with a transport layer.
The creation results in a workbench request.
The software component is GRCFND_A.
Organization Rules in GRC AC 10
Organizational rules allow you to filter „false positives” from the risk analysis.
What does that mean?
You have a role concept with master derived roles, where e.g.
the leading organizational level is the company code with
a corresponding organizational value set.
Role_A_0001 for Company Code 0001 – (FB60)
How to customize an AC10 access request form
The Access Request (AR) form can be called via the NWBC -->
Access Management --> Access Request
The individual fields in this form can be customized.
To do this - go to the IMG (transaction SPRO)-->Governance, Risk
How to create an UME Role
In User Administration call the Identity Management.
Select Role and then Create Role.
Enter a unique name according to your agreed naming
convention and a description.
.jpg)
How to create a Portal Role
There are of course different approaches on how to create a portal role –
this section just provides a general introduction.
As a rule you should never maintain the SAP® standard roles.
In a first step you may want to consider creating your own folder with
permissions accordingly restricted to the role developers only.
A solid approach would be to assign the Owner permissions to
Role naming conventions
There are so many different ways defining a role naming convention
that it is hard to determine the ultimately best approach.
It is important for maintenance, consistency and transparency to have
at least a clear concept.
In the following little note I will introduce you to one of my favourite
solution approaches based on the fact that the role naming
is limited to 30 characters.
General considerations:
Security upgrade
SAP® systems are upgraded on a frequent basis, and as part of such
an upgrade the security requires special attention as well.
While new authorization objects are introduced - even in purely technical
upgrade scenarios - additional relations between authorization objects
and transactions are also updated in the corresponding SAP® standard
tables amongst a lot of other things.
To benefit from these new implementations, and to make sure that
Enhancement for table access control: S_TABU_NAM
Given the high criticality and increasing complexity related to table access –
SAP® has introduced a new authorization object for a more refined
table access control.
The authorization object S_TABU_NAM was introduced last year.
This authorization object consists of two fields ACTVT (Activity)
and TABNAME (name of table or view).
