Post on 30-Nov-2015
description
SAP GRC – The Solutions
Access Control 5.3 & 10.0
• Compliant User Provisioning/ Access Request Manag: User Access Management • Enterprise Role Management/ Business Role Manag: Business Role Governance • Super user Privilege Management/ Emergency Access Manag : Super user• Risk Analysis and Remediation/ Access Risk Analysis : Risk Analysis
GRC – Process Control
GRC – Risk Management
GRC – Global Trade Services
GRC – Sustainability
GRC – Environmental Health & Safety Compliance
What is difference..
From a technical perspective, SAP has moved from Java programming language to the Advance Business Application Programming (ABAP) platform, which enable consistent security and standardize configuration settings between GRC 10.0 products. This standardization allows centralized support across all components, and the solution`s new platform improves changes management processes by leveraging SAP`s standard transport system and background job scheduling and archiving features.
SAP ECC/ R/3
Netweaver ABAP/JAVA
GRC 5.3 GRC 10
SAP ECC/ R/3
Netweaver ABAP/Java
Access Request Management
• Automates provisioning• Tests for segregation of duties issues• Streamlines approvals to unburden IT staff
GRC
CRMECC BI
Few Imp features of GRC ARM:
AC product includes some pre-delivered workflows for user access management:
One significant enhancement is the ability to incorporate MSMP workflow configuration into user access approval routing
MSMP : Multi Stage Multi Paths
One initiator rule ID
Agents/Approver : Role, Custom Group, Agent ID & User group
Mass user Creation.
Risk Analysis and Remediation , which supports real-time compliance to detect, remove and prevent access and authorization risks by preventing security and control violations before they occur.
Real-time compliance to detect, remove, and prevent access and authorization risk by controlling violations before they occur
The ability to perform mass mitigation of SoD risks at the user or risk level will allow business users and control owners to experience increased productivity by reducing time spent on the mitigating access risks
Build Rules
Risk Analysisat Action / permission
levels
Reports
Remove access
Or Mitigate
Free from violations
Why ARA
Ability to filter, Save reports and run multiple and custom risk analyses simultaneously
custom risk analyses simultaneously : transaction code and permission level
User can save risk reports in PDF file.
Crystal Reports is not integrated in GRC 10.0 solution, enabling report customization and the user of charts and graphs to represent risk analysis
GRC 10 give mass mitigation of SoD risk at the user or risk level will allow business users and control owners to experience increased productivity by reducing time spent on mitigation access risks.
In previous versions of the GRC suite, mitigation only could be applied to one user across all systems (instead of a subset of system)
Centralized Emergency Access
.
MM Module
FICO Module
PP Module
SD Module
No SAP_ALL
SD FF ID Log MM FF ID Log FICO
FF ID Log PP FF ID Log
• Preassigned firefighter IDs• Access restrictions• Validity dates• Field-level changes tracked in audit log• Easy Monitoring
Super-user monitoring capabilities have been moved to a centralized environment in GRC 10.0
Previously Firefighter had to be installed and configured for each target system.
This will allows monitoring of emergency access from one GRC system and streamlining of the administration process
GRC 10.0
ECC 6 BI system CRM system ECC 6
The Business Role Management component of the GRC solution automates role definition and management of roles
Provides SAP Security Administrators, Role Designers, and Role Owners with a simplified means of documenting and maintaining important role information
Access Control can be the central repository for all SAP systems connected in the landscape
Business Role Management
Ensure consistency in naming conventions
Track the status of the role during maintenance
Be the central repository for role management
Identify duplicate or nearly duplicate roles
Identify roles that may no longer be needed
Business Role Management is tightly integrated with the Access Request Management engine,
Roles are maintained in BRM, these same roles are updated immediately for use in access requests