Access Control 10.0 is an application from SAP's Governance Risk and Compliance (GRC) 10.0 suite that enables organizations to control access and prevent fraud across the enterprise. The key capabilities of Access Control 10.0 include access risk analysis, business role management, access request management, superuser maintenance, and periodic compliance certifications. Access Control 10.0 delivers improved visualization, streamlined navigation, and enhanced reporting compared to previous versions. It also provides increased harmonization with other GRC 10.0 applications like Process Control and Risk Management through shared processes, data, and user interfaces.
SAP GRC online Training on Access Control , which includes all the four components Access Risk Analysis( ARA), Emergency Access Management ( EAM), Access Request Management(ARM), Business Role Management( BRM).
GRC 12 online training
SAP GRC 10 Online Training
Software AG was top ranked in current offering and received among the highest scores in the strategy category in the Forrester Wave. webMethods Hybrid Integration Platform combines traditional on-premise integration with cloud integration capabilities to support a wide range of integration patterns for the modern digital enterprise.
Kellton Tech’s Digital Connected Enterprise (DCE) is a leader in enterprise-level integration, API management and multi-speed IT strategy, leveraging Software AG’s Digital Business Platform Kellton Tech empowers world’s best-known brands to effectively use Software AG’s Digital Business Platform to innovate, differentiate and win in the digital world.
In this session, we will discuss
- Details about webMethods 9.12 release
- Significant features and enhancements in webMethods 9.12
- Kellton Tech’s upgrade methodology and modernization offering
Learn how to reduce financial fraud and improve risks management. What are the most common risks for activities and business processes? How a SoD repository is commonly set up? Learn the top 3 SoD conflict types and how to implement a methodology in order to leverage your SAP governance.
Main points covered:
• How to reduce financial fraud and improve risks management
• What are the most common risks for activities and business processes?
• How a SoD repository is commonly set up?
• Learn the top 3 SoD conflict types
Presenter:
The webinar was presented by M. Roseau, director of business development for In Fidem, a Canadian company based in Montreal, Quebec.
Link of the recorded session published on YouTube: https://youtu.be/bRsiWx2NodA
SAP GRC online Training on Access Control , which includes all the four components Access Risk Analysis( ARA), Emergency Access Management ( EAM), Access Request Management(ARM), Business Role Management( BRM).
GRC 12 online training
SAP GRC 10 Online Training
Software AG was top ranked in current offering and received among the highest scores in the strategy category in the Forrester Wave. webMethods Hybrid Integration Platform combines traditional on-premise integration with cloud integration capabilities to support a wide range of integration patterns for the modern digital enterprise.
Kellton Tech’s Digital Connected Enterprise (DCE) is a leader in enterprise-level integration, API management and multi-speed IT strategy, leveraging Software AG’s Digital Business Platform Kellton Tech empowers world’s best-known brands to effectively use Software AG’s Digital Business Platform to innovate, differentiate and win in the digital world.
In this session, we will discuss
- Details about webMethods 9.12 release
- Significant features and enhancements in webMethods 9.12
- Kellton Tech’s upgrade methodology and modernization offering
Learn how to reduce financial fraud and improve risks management. What are the most common risks for activities and business processes? How a SoD repository is commonly set up? Learn the top 3 SoD conflict types and how to implement a methodology in order to leverage your SAP governance.
Main points covered:
• How to reduce financial fraud and improve risks management
• What are the most common risks for activities and business processes?
• How a SoD repository is commonly set up?
• Learn the top 3 SoD conflict types
Presenter:
The webinar was presented by M. Roseau, director of business development for In Fidem, a Canadian company based in Montreal, Quebec.
Link of the recorded session published on YouTube: https://youtu.be/bRsiWx2NodA
Sap security interview question & answersNancy Nelida
We are Providing SAP Security Online Training with real time project based training and interview question & Answers by 12+ professional trainers to the people in US, UK and Worldwide.
The presentation describes 5 steps you should take to secure your SAP. There are:
1. Pentesting and Audit
2. Compliance
3. Internal security and SOD
4. ABAP Source code review
5. Forensics
Sap security interview question & answersNancy Nelida
We are Providing SAP Security Online Training with real time project based training and interview question & Answers by 12+ professional trainers to the people in US, UK and Worldwide.
The presentation describes 5 steps you should take to secure your SAP. There are:
1. Pentesting and Audit
2. Compliance
3. Internal security and SOD
4. ABAP Source code review
5. Forensics
CSI Authorization Auditor® 2014 is the audit & monitoring application of authorization and role setup in SAP environments. It makes a snapshot of a SAP system to gain an insight into the past or current authorization setup of the SAP system.
Cosmos Online Training is the fastest transpire in SAP GRC Training, SAP GRC create efficiency, enable more effective information sharing and reporting.
Agenda:
What is BPM?
BPM Benefits and Usage Fields
Camunda BPM Engine
Business Process Model and Notation
BPMN 2.0 Elements
What is Camunda?
Technical Architecture
Why Camunda
Demo
SAP is always mission critical and at the heart of most enterprises. Ensuring a high quality, performance and scale for SAP is critical to any business. With Micro Focus Solutions, sold by SAP, they can ensure they are safe.
Placement of BPM runtime components in an SOA environmentKim Clark
The service oriented architecture (SOA) reference architecture is intentionally simplistic at a high level but it holds some surprises when you look closely at how components really interact. This is especially true in relation to the placement of business process management (BPM) componentry. We discuss the most common design questions including: Is BPM a consumer or provider of services? To what extent should a user interface, be decoupled from the BPM runtime? How do we retain agility in BPM while adhering to the architectural separation of SOA? These subtleties are critical when designing solutions to reap benefits of both SOA and BPM simultaneously.
Supply Chain Control Tower - Design & Deployment ConceptShaik Abdul Khadar
Supply chain control tower is the key enabler for managing supply chain effectively and efficiently. Supply chain managers need to have the visibility, collaboration, simulation, and predictive analytics capabilities on the go. Supply chain control tower do this all.
This document shows contains the key components of control tower design, approach for implementation, and key challenges in implementation and maintenance.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Macroeconomics- Movie Location
This will be used as part of your Personal Professional Portfolio once graded.
Objective:
Prepare a presentation or a paper using research, basic comparative analysis, data organization and application of economic information. You will make an informed assessment of an economic climate outside of the United States to accomplish an entertainment industry objective.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Biological screening of herbal drugs: Introduction and Need for
Phyto-Pharmacological Screening, New Strategies for evaluating
Natural Products, In vitro evaluation techniques for Antioxidants, Antimicrobial and Anticancer drugs. In vivo evaluation techniques
for Anti-inflammatory, Antiulcer, Anticancer, Wound healing, Antidiabetic, Hepatoprotective, Cardio protective, Diuretics and
Antifertility, Toxicity studies as per OECD guidelines
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
2. ACCESS CONTROL 10.0: INTRODUCTION
Access Control 10.0: Introduction
SAP BusinessObjects Access Control is an enterprise software application that enables
organizations to control access and prevent fraud across the enterprise, while
minimizing the time and cost of compliance.
The application streamlines compliance processes, including access risk analysis and
remediation, business role management, access request management, superuser
maintenance, and periodic compliance certifications. It delivers immediate visibility
of the current risk situation with real-time data.
Access Control 10.0 is part of newly released SAP Governance Risk & Compliance (GRC)
10.0 which also comprised of Process control 10.0, Risk Management 10.0 and
Global Trade Services.
The greatest value in GRC 10.0 is the Harmonization of Access Control, Process Control
and Risk
management which ultimately results in shared processes, data and user interface with
reduction in redundancy.
GRC 10
4. Front end:
The front-end needs a web browser or (optionally) a client
installation of the NetWeaver Business Client
The web browser can be used to access the embedded NWBC
or GRC via the NetWeaver Portal
The Adobe flash player 10 is used for displaying dashboards
e.g. RM heat mapOverview of SAP BusinessObjects Access
Control 10.0
SAPGUI 7.10 PL 15 or higher is required for administration or
customizing tasks –note that SAPGUI 7.20 is
recommended due to the end-of-maintenance of SAPGUI 7.10
The Crystal Reports Adapter (CRA) is required for viewing (GRC)
Crystal Reports.
GRC 10
5. Portal:
The NetWeaver Portal 7.02 can be used optionally
The GRC Portal Content contains the GRC Portal UI elements to
access the GRC suite
The Portal’s AS Java can contain an Adobe Document Services
instance, in effect Portal and ADS may be
shared on one AS Java instance
ERP and Non SAP Business Applications:
The GRC solutions can communicate with SAP ERP and non-SAP
business applications via plug-ins
NW Function Modules hold the AC functions for ERP systems
without HR (former non-HR RTA)
PC relevant features are contained in the plug-in GRCPIERP, for
example, for running automated controls
and the HR relevant functions for AC (former HR RTA)
GTS functions are part of the SLL-PI plug-in, for example, for GTS
integration into the Logistics, HR, FI/CO
and/or HCM processes in SAP ERP
Non-SAP ERP systems can also be connected via adapters from an
SAP Partner company
6. BI Content:
NetWeaver BW can be used for reporting via the GRC BI Content
The GRC BI Content is part of BI Content 7.06
NetWeaver BW 7.02 is used for the GRC BI Content.
Identity Management:
AC can be integrated bi-directionally to IdM solutions for provisioning
and risk analysis
NetWeaver IdM7.2 is required for integrating with AC 10.0
Adobe Document Services:
An instance of Adobe Document Services (ADS) should be accessible
from the GRC AS ABAP for
generating offline forms .
Although it is technically optional, it is highly recommended for
generating PDF reports
These ADS can be an existing instance and can also be shared with
other applications
The Portal’s AS Java can contain an Adobe Document Services
instance, so Portal and ADS may be shared
on one AS Java instance.
7. NEW AND ENHANCED FEATURES:
1) Enhanced Visualization and Streamlined Navigation – This
enhancement provides a common look and feel with configurable
role-based user access for GRC functions from the SAP Portal or SAP
NetWeaver Business Client (NWBC). Streamlined user navigation with
shared work centers emphasizes function rather than component.
This significantly reduces duplication of menu items
(e.g., one inbox, not three) and makes possible sharing of data and
functions. Menu items seen by the individual user within each work
center is controlled by the user’s GRC role(s). This also enables
data shared across components to be viewed differently by different
users
GRC 10
8. NEW AND ENHANCED FEATURES:
Improved Reporting – GRC reporting leverages
the Business Suite ABAP List Viewer (ALV) –
Crystal integration framework to present and
personalize ABAP (WebDynpro) reports and
convert into Crystal reports. This lowers the TCO
and extends the benefits of Crystal without the
need for a separate BOE server. It also reduces the
time spent by business users on reporting needs.
Custom Crystal reports with embedded graphics
can also be created easily with Crystal Designer.
GRC 10
9. SEPARATION OF DUTIES
Separation of duties (SoD) is the concept of
having more than one person required to
complete a task. In business the separation by
sharing of more than one individual in one
single task shall prevent from fraud and error.
The concept is alternatively called segregation
of duties
GRC 10
10. SOD RISK MANAGEMENT PROCESS
OVERVIEW
SAP has developed a three-phase approach to risk
management. By applying this method, it is possible to
implement a process for segregation of duties (SoD)
risk management.The process begins by defining the
risks, and building and validating rules.
GRC 10
12. Segregation of Duties and Critical Actions:
In a Sarbanes Oxley Act regulated environment, business need to define
their access controls based on segregation of duties (SoD). In some
cases, it is challenging to define SoDs because in many cases, processes
are shared among business areas. Below are examples of risks in non-
segregated duties
GRC 10
13. Rule Building and Validation :
After risk recognition, the second step in Phase One of the SoD
Risk Management process is Rule Building and Validation.
GRC 10
15. Rule Building Process:
Rules include risks, functions, and business processes. The main components
of the rule building process are shown below. Access Control automatically
generates the rules as permutations of the different actions and permissions
derived from the combined functions.
GRC 10
16. Functions:
Functions include specific actions commonly used for a job role or set of
tasks, for example Maintain General Ledger Master Records or Post Journal
Entry. Authorization to perform certain combinations of functions results in a
risk.
GRC 10
17. Rule Structure:
Actions and permissions combine to form functions. Functions in certain
combinations result in a risk. Risks are associated with business processes and
all the components come together to form rules. Rules are collected in a rule
set.
GRC 10
18. PHASE TWO OVERVIEW
The purpose of this phase is to provide business process
analysts and business process owners with alternatives for
correcting or eliminating risk.
Risk Analysis
During Risk Analysis, perform a security analysis to identify
risks for:
Simple roles
Composite roles
Users
Review the roles to determine how certain personnel might be
restricted from performing undesired activities by checking:
Objects
Fields
Values
GRC 10
20. RISK REMEDIATION OVERVIEW
The purpose of the remediation phase is to determine alternatives for eliminating issues in
roles.
The recommended approach is to resolve issues in the following order:
Single roles
This is the simplest place to start
Prevents SoD violations from being reintroduced
Composite roles
Users
Risk Remediation
Use a simulation to perform a "what if" analysis on the assignment or removal of user actions
Use the Management view or Risk Analysis reports for analysis
Security Administrators should document the plan
Business Process Owners should be involved and approve the plan
Simulation
Simulation allows you to preview the result of changes to roles and user actions to see if your
changes create new risk situations before implementing them Decide whether to add or
remove a value
GRC 10
22. EXAMPLES OF MITIGATION CONTROLS
Examples of Mitigation Controls
Review of strategies and authorization limits
Review of user logs
Review of exception reports
Detailed variance analysis
Establish insurance to cover impact of a security incident
Types of Mitigation Controls
Preventative Controls: minimize the likelihood or impact of a risk before it actually
occurs
Detective Controls: alert when a risk takes place and enable the responsible
person to initiate corrective measures
Best Practices
Segregate creation and approval from assignment
Use mitigation as a last resort for exceptions left over from remediation efforts that
have legitimate business reasons to not use SoD controls
GRC 10
24. THE GRC ARCHITECTURE
GRC solutions share a common technology platform and can be installed on a
single NetWeaver ABAP system.
GRC 10
25. GRC COMPONENTS
ComponentsGRC 10.0 runs on AS ABAP 7.02 SP6 or
higher. The installation components are broken out
as follows:
Access Control, Process Control, and Risk
Management are contained in one ABAP add-on
GRCFND_A
Global Trade Services resides in a separate add-on
SLL-LEG
Nota Fiscal Eletronica has its own add-on SLL-NFE
Content Lifecycle Management (CLM) contains
functions for transporting GRC business data, for
example, Access Control rules or Process Control
controls. CLM has the same version requirements as
the GRC 10.0 solution and is installed during the GRC
installation. CLM can be disabled if not required.
GRC customizing is transported using the standard
ABAP transport system. GRC 10
26. ACCESS CONTROL 10.0 ARCHITECTURE
NetWeaver ABAP is the underlying platform
Harmonized with the other GRC 10.0 applications
Leverages existing NWABAP investments:
Role comparison at Action or Permission level
Comparison between roles within Access Control
Harmonization with Process Control and Risk Management allows users to
leverage master data
GRC 10
27. ACCESS CONTROL ARCHITECTURE
COMPONENTS
Access Control constitutes a set of core components:
Access Risk Analysis and Management
Compliance Certification Review
Role Management
Role Mining
Superuser Access Management
Access Control Repository
GRC 10
28. GRC COMMON COMPONENTS
Access Control uses a set of GRC common components as part of the
harmonization of the GRC suite. These components are also available to
Process Control and Risk Management:
GRC Master Data
Workflow
Reports and Dashboards
GRC 10
29. NETWEAVER COMPONENTS
Access Control uses ABAP Web Dynpro as the user interface or UI technology.
The GRC solution can be presented to end users by using either NWBC
(NetWeaver Business Client) or through the use of SAP Portal.
Configuration for Access Control is executed using the SAP IMG via the SAP
GUI, which is common across the GRC suite.
Access Control connects to SAP and non-SAP systems with adapter or IdM
systems using the integration framework.
The ABAP database is the common repository for all Access Control data.
GRC 10
31. SECURITY AND AUTHORIZATIONS
You are planning a solution and must be able to explain object-level security,
authorization requirements, and identify delivered roles and security objects.
Object-Level Security
Object-Level Security gives you the ability to limit access for end users to what they
need to see at a granular level. you can limit access by function, risk, user, or anyother
authorization objects available within role maintenance.
GRC 10
32. Authorizations
To configure the IMG, you need:
PFCG role(s) relative to specific components to be
configured
PFCG role(s) sufficient to configure SAP workflow and other
non-GRC technologies
PFCG role(s) on GRC and non-GRC systems to set up
Continuous Monitoring
To access GRC 10.0 solutions, you must have at least the
following:
Portal authorization or NWBC authorization
Applicable PFCG base roles
GRC 10
33. PFCG role(s) relative to specific components (AC, PC, RM) to be used
Using Access Control with GRC Solutions
If you use Access Control with other GRC solutions, you can leverage this
functionality to:
Manage PFCG roles used with GRC
Create GRC users
Assign GRC PFCG roles to users
Perform SoD analysis for PFCG role authorizations
Assignment of entity-level authorization (via application role assignment)
and ticket-based authorization (via substitution or transfer) must be done
in the respective component.
GRC 10
34. INSTALLATION
Installation Prerequisites –Server
NetWeaver AS ABAP 7.02 SP6 or higher
Installation Prerequisites –Back-end
For ERP systems that will install Access Control Plug-In the following prerequisites
must be met:
For SAP ERP system 4.6C, the system must be at SAP_BASIS Support Pack 55
For SAP ERP 4.70 system, the system must be at SAP_BASIS Support Pack 63
For ERP 2004 system, the system must be at SAP BasisSupport Pack 18
For ERP 6.0 system, the system must be at SAP_BASIS Support Pack 13
For NetWeaver systems that will install Access Control Plug-In the following
prerequisites must be met:
For SAP Basis 4.6C, the system must be at SAP_BASIS Support Pack 55
For NW 6.20 system, the system must be at SAP_BASIS Support Pack 63
For NW 6.40 system, the system must be at SAP_BASIS Support Pack 18
For NW 7.00 system, the system must be at SAP_BASIS Support Pack 13
For NW 7.01, the system must be at SAP_BASIS Support Pack 02
For NW 7.02, the system must be at SAP_BASIS Support Pack 01
For SAP Basis 710 system, the system must be at SAP_BASIS Support Pack 04
GRC 10
35. WHERE TO OBTAIN THE GRC 10.0 SOFTWARE
http://service.sap.com/swdc
GRC 10
37. ACCESS CONTROL INSTALLATION NOTES
Installation Notes
SAP Note 1490996: Install SAP GRC Access Control 10.0 on SAP NW 7.02
SAP Note 1500168: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 46C
NW
SAP Note 1497971: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 620
NW
SAP Note 1501882: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 640
NW
SAP Note 1500689: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 700
NW
SAP Note 1503749:Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 710
NW
SAP Note 1500169: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 46C
ERP
SAP Note 1497972: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 620
ERP
SAP Note 1501880: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 640
ERP
SAP Note 1500690: Install SAP GRC Access Control 10.0 Plug-In on SAP BASIS 700
ERP
38. INSTALLATION OF MAIN COMPONENTS OFAC/PC/RM 10.0
General Steps:
1.Main installation components:
GRCFND_A
2.Download the installation
packages from Service Marketplace
3.Install with the transaction SAINT
4.Follow the detailed instructions
from the SAP Note 1490996
5.Apply the most recent Support
Packages
GRC 10
39. INSTALLATION OF PLUG-IN FOR AC/PC 10.0 ON ERP
General Steps:
1.Main installation components:
GRCPINW
GRCPIERP
2.Download the installation
packages from SMP
3.Install with the transaction SAINT
4.Follow the detailed instructions
from the SAP Notes 1500689 and
1500690
5.Apply the necessary Support
Packages if there is any
Note: Plug-Ins vary depending on
back end ERP system.
Attention:The AC 10.0 plug-ins will upgrade any existing RTA from previous AC
releases.
This means that any AC instance on running 5.X will stop working after the plug-ins
are installed.
GRC 10
40. GRC 10.0 POST-INSTALLATION
1.Client Copy
2.Activating Applications in Client
3.Check SAP ICF Services
4.Activating BC Sets
5.Creating the Initial User in the ABAP System
6.Activate Profile of Roles Delivered by SAP
7.Activate Common Workflow
GRC 10
41. CLIENT COPY
T-code which starts from SCC*
1. Choose Administration --> System administration --> Administration >Client
admin.>Client Copy-->Local Copy.
2. Select a copy profile.
3. Enter the source client.
click the tick mark it will take some time ....
you can refer the link below
http://help.sap.com/printdocu/core/print46c/en/data/pdf/bcctscco/bcctscc
o.pdf
GRC 10
42. ACTIVATING APPLICATIONS IN CLIENT
Call the customizing with
transaction SPRO
Choose SAP Reference
IMG
Expand the Governance,
Risk and Compliance >
General Settings node and
choose Activate
Applications in Client
Choose New Entries
43. ACTIVATING APPLICATIONS IN CLIENT
Click the first row and select the GRC solution(s) required for
your project
Then choose the Activecheckbox
Click Save
Note: you may have to create a transport request
EXAMPLE IS OF GRC –PC,YOU MAY NEED AC IF YOU NEED
ONLY ACCCESS CONTROL
GRC 10
44. CHECK SAP ICF SERVICES
Call transaction SICF
Click the Execute icon
GRC 10
45. CHECK SAP ICF SERVICES
Expand the node default_host-> sap -> public
Right click publicand choose Activate Service
Choose Activate Service for all sub-nodes
GRC 10
46. CHECK SAP ICF SERVICES
Proceed likewise with the node default_host-
> sap -> bc
Activate all sub-nodes too
GRC 10
47. CHECK SAP ICF SERVICES
Now activate the node default_host-> sap ->
grc
Also activate all sub-nodes
GRC 10
48. ACTIVATING BC SETS
Call transaction SPRO again
Click SAP Reference IMG
Click Existing BC Sets in the next screen
GRC 10
50. ACTIVATING BC SETS
From the menu choose Goto >Activation Transaction
These BC sets can also be activated via transaction code SCPR20
GRC 10
51. ACTIVATING BC SETS
Activate the corresponding BC sets.
Proceed likewise for all required PC, RM, and/or AC BC sets
For a complete list of BC Sets please refer to the PC/RM/AC install guide!
NOTE:BELOW EXAMPLE IS FOR ACTIVATION ON TIME FRQUENCY FOR
GRCPC:PROCESS CONTROL.
GRC 10
53. CREATING THE INITIAL USER IN THE ABAP SYSTEM
Call transaction SU01, create a user
Assign following role to access GRC applications, such as AC
•SAP_GRC_FN_BASE
Assign following power user role to the person doing the customization of
the product
•SAP_GRC_FN_ALL
Assign following role to the business users
•SAP_GRC_FN_BUSINESS_USER
Assign following role if you use NWBC as front end UI instead of Portal
•SAP_GRC_NWBC
GRC 10
54. ACTIVATE PROFILE OF ROLES DELIVERED BY SAP
•Activate profile of roles delivered by SAP via transaction
PFCG if you want to use them directly
•For the list of the roles, please refer to Security Guide -
here is an example of the SAP-GRC-NWBC role
•Please use transaction “SUPC” for mass profile
generation in case you want to generate profiles for
multiple roles
GRC 10
55. ACTIVATE COMMON WORKFLOW
Call transaction SPROagain
Click SAP Reference IMG
Access Workflow node under Governance, Risk and
Compliance > General Settings
Execute Perform Automatic Workflow Customizing
GRC 10
56. ACTIVATE COMMON WORKFLOW PERFORM
AUTOMATIC WORKFLOW CUSTOMIZING
Execute Perform Automatic
Workflow Customizing
Make sure that all tasks are
green after the generation as
show in the screenshot
Note: you may have to create a
transport request
During the activation procedure
you might receive an error
message, then check the created
system user „WF-BATCH“ in SU01
if the user has sufficient roles
assigned –see SAP Note
1251255and the GRC Security
Guide.
You may need to run program
RHSOBJCH to fix HR control
tables GRC 10
57. ACTIVATE COMMON WORKFLOW PERFORM
AUTOMATIC WORKFLOW CUSTOMIZING
Maintain the Prefix Numbers to your needs or like shown in
the screenshot
GRC 10
58. ACTIVATE COMMON WORKFLOWPERFORM TASK-
SPECIFIC CUSTOMIZING
Execute
PerformTask-
Specific
Customizing
Expand the
GRCnode.
Click the Assign
Agents link at the
right side of the
GRCnode.
Note: if no folders are visible below the “GRC“ folder please run report
“RS_APPL_REFRESH” in SE38
GRC 10
59. ACTIVATE COMMON WORKFLOWPERFORM TASK-
SPECIFIC CUSTOMIZING
Assign Task as General Task via
Task Attribute.
Make sure all tasks that are not
using Background task have
been assigned as General Task.
GRC 10
61. ACTIVATE COMMON WORKFLOWPERFORM TASK-
SPECIFIC CUSTOMIZING
Click the Properties icon
Set the Linkage Status to No errors
Make sure Event linkage activated
is checked.
Set Error feedback to Do not
change linkage
Be sure to activate all WS.
GRC 10
62. ACTIVATE COMMON WORKFLOWPERFORM TASK-
SPECIFIC CUSTOMIZING
Repeat the first four steps to activate the
solutions you need (e.g. for Access Control
“GRC-AC”)
Note: task-specific
customizing for GRC-AC
is notavailable in case
you have the GRC plug-
ins installed in your
GRC system, check the
Appendix for
perfomingthe
customizing in this case
GRC 10
63. POST-INSTALLATION TO FIRST EMERGENCY ACCESS
•Requirements
oAdding connector to SUPMG scenario
oCreating users and assigning roles
oVerifying time zones
•Configuration
oMaintaining AC owners
oAssigning owners to firefighter IDs
oAssigning firefighter IDs and controllers to firefighters
oCreating reasons codes
•Starting an emergency access session
•Managing Logs
oRunning log collection
oViewing the firefighter reports
GRC 10
65. ADDING CONNECTOR TO SUPMG SCENARIO
To create access requests it is required to have the SUPMG scenario linked to
the connector, this is done via IMG:
GRC 10
66. CREATING USERS AND ASSIGNING ROLES
Please create users and roles as needed. Remember to synchronize
again the repository (program GRAC_REPOSITORY_OBJECT_SYNC ).
These roles are provided as examples and customer roles need to be
created based on their authorizations.
In the AC systemRole
Firefighter userSAP_GRAC_SUPER_USER_MGMT_USER
FirefightercontrollerSAP_GRAC_SUPER_USER_MGMT_CNTLR
FirefighterownerSAP_GRAC_SUPER_USER_MGMT_OWNER
In the target systemRole
Firefighter IDSAP_GRAC_SPM_FFID
In the AC system the Firefighter ID role is configured in ParamID 4010
(Firefighter ID role name)
Reminder: end users will require also the roles based on
SAP_GRC_FN_BASEand SAP_GRC_FN_BUSINESS_USER
GRC 10
67. VERIFYING TIME ZONES
For logs to be properly captured the time zones in the connected
ERP systems need to be configured to match the operating
system and also the AC server time zone. This is done in IMG
under SAP NetWeaver General Settings Time Zones
Maintain System Settings
GRC 10
69. MAINTAINING AC OWNERS
Go to NWBC Access Management GRC Role Assignments
Access Control Owners and maintain the controllers and owners as
shown below:
After this is done it is possible to assign those to FireFighterIDs.
GRC 10
70. ASSIGNING OWNERS TO FIREFIGHTER IDS
In Access Management go to SuperuserAssignment and click on
Owners. Here owners are assigned to firefighter IDs.
GRC 10
71. ASSIGNING FIREFIGHTER IDS AND
CONTROLLERS TO FIREFIGHTERS
Now you need to assign firefighter IDs and controllers to users.
This is done by going to SuperuserAssignment Firefighter IDs
Note: Multiple firefighter users and controllers can be assigned to a
multiple firefighter ID.
GRC 10
72. CREATING REASONS CODES
The reason codes available for firefighter users are maintained
under Superuser Maintenance Reason Codes
GRC 10
73. STARTING EMERGENCY ACCESS
Starting a firefighter session
Login to the AC system using the firefighter
user and launch transaction GRAC_SPM
You will be able to connect to the target
system using the firefighter IDs previously
assigned
GRC 10
74. MANAGING LOGS
Running Log Collection
Viewing the firefighter reports
Running log collectionForeground mode
The foreground job for log collection can be executed from the “Update Firefighter Log
Button” which can be found in the following path:
Reports And Analytics Super User Management Reports Consolidated Log Report
75. RUNNING LOG COLLECTIONBACKGROUND MODE
The Background Job for Log Collection can be
scheduled periodically from SM36 using program
GRAC_SPM_LOG_SYNC_UPDATE.
GRC 10