SAP Labs, LLCOctober 2009Copyright 2009 SAP AG
SAP BUSINESSOBJECTSACCESS CONTROL 5.3 SP09DATA MART – SAMPLE REPORTSSUPPLEMENTAL DOCUMENTATION
2
Reporting Specification Supplemental Documentation© 2009 SAP AG
The following table provides an overview of the most important changes in the latest versions.
This guide is regularly updated on SAP Service Marketplace at http://service.sap.com/instguides- > SAP BusinessObjects -> SAP BusinessObjects Governance, Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3
Name Date Reason For Changes VersionGovernance, Risk, and ComplianceSAP BusinessObjects Division October 2009 This is the initial release of Reporting
Specification Supplemental Documentation 1.0
September 2010 Text changed in section 4.5 1.1
REVISION HISTORY
3
Reporting Specification Supplemental Documentation© 2009 SAP AG
Typographic Conventions
Type Style Description
Example Text Words or characters quoted fromthe screen. These include fieldnames, screen titles, pushbuttonslabels, menu names, menu paths,and menu options.
Cross-references to otherdocumentation
Example text Emphasized words or phrases inbody text, graphic titles, and tabletitles
Example text File and directory names and theirpaths, messages, names ofvariables and parameters, sourcetext, and names of installation,upgrade and database tools.
Example text User entry texts. These are wordsor characters that you enter in thesystem exactly as they appear inthe documentation.
<Example text> Variable user entry. Anglebrackets indicate that you replacethese words and characters withappropriate entries to makeentries in the system.
EXAMPLE TEXT Keys on the keyboard, forexample, F2 or ENTER.
Icons
Icon Description
Caution
Note or Important
i Example
Recommendation or Tip
4
Reporting Specification Supplemental Documentation© 2009 SAP AG
Table of Contents1 INTRODUCTION .............................................................................................................................................. 5
1.1 PURPOSE .......................................................................................................................................... 51.2 FUNCTIONALITY .................................................................................................................................. 61.3 ASSUMPTIONS .................................................................................................................................... 61.4 REQUIREMENTS .................................................................................................................................. 61.5 IMPORTANT SAP NOTES ..................................................................................................................... 71.6 RELATED DOCUMENTATION ................................................................................................................. 8
2 REPORT OVERVIEW ....................................................................................................................................... 92.1 DATABASE CONNECTIVITY ................................................................................................................... 92.2 CREATING A NEW DATA SOURCE LOCATION ........................................................................................ 132.3 UPDATING CURRENT DATA SOURCE LOCATION .................................................................................... 15
3 CUP SAMPLE REPORT SUMMARY .............................................................................................................. 163.1 APPROVER DELEGATION ................................................................................................................... 16
Main Report ....................................................................................................................................... 163.2 LISTS REQUEST WITH THE SAME REQUESTOR AND APPROVER .............................................................. 17
Main Report ....................................................................................................................................... 173.3 SEARCH APPROVERS ........................................................................................................................ 18
Main Report ....................................................................................................................................... 18Sub-Report - Custom Approver Determinator Details ........................................................................... 18
3.4 SEARCH REQUEST ............................................................................................................................ 20Main Report ....................................................................................................................................... 20Sub-Report - Approver Status ............................................................................................................. 21
3.5 SOD REVIEW HISTORY ..................................................................................................................... 22Main Report ....................................................................................................................................... 22Sub-Report - Risk and Function Details ............................................................................................... 23
3.6 USER ACCESS REVIEW RECONCILIATION............................................................................................. 24Main Report ....................................................................................................................................... 24Sub-Report - Role Details ................................................................................................................... 25
3.7 USER ACCESS REVIEW HISTORY ........................................................................................................ 26Main Report ....................................................................................................................................... 26Sub-Report - Role Details ................................................................................................................... 27
3.8 USER REVIEW STATUS ...................................................................................................................... 28Main Report ....................................................................................................................................... 28
4 RAR SAMPLE REPORT SUMMARY .............................................................................................................. 304.1 ACCESS RULE DETAILS ..................................................................................................................... 30
Main Report ....................................................................................................................................... 30Sub-Report - Mitigated Risk Details ..................................................................................................... 31
4.2 ACCESS RULE SUMMARY................................................................................................................... 33Main Report ....................................................................................................................................... 33Sub-Report - Function Details ............................................................................................................. 34
4.3 MITIGATING CONTROL ....................................................................................................................... 35Main Report ....................................................................................................................................... 35Sub-Report - Mitigated Control Details ................................................................................................ 36Sub-Report - Mitigated Risk Details ..................................................................................................... 36
4.4 MITIGATED USER .............................................................................................................................. 38Main Report ....................................................................................................................................... 38Sub-Report - Mitigated Control Details ................................................................................................ 39Sub-Report - Mitigated Risk Details ..................................................................................................... 40
4.5 USER RISK VIOLATION DETAILS .......................................................................................................... 41Main Report ....................................................................................................................................... 41Sub-Report – Risk Details ................................................................................................................... 42Sub-Report – Function Details ............................................................................................................ 43Sub-Report – Control Details .............................................................................................................. 43
5
Reporting Specification Supplemental Documentation© 2009 SAP AG
1.1 PurposeIn addition to standard reports, SAP BusinessObjects Access Control 5.3 SP9 provides two additional reporting options:SAP BI Integration and Custom Report Enablement through the data mart.
Customers can choose their reporting option based on their requirements.
BI Integration (Introduced in 5.3) Custom Report Enablement (5.3 SP9)
Best used for analytical reporting:
Trending information over time
Data analysis and data mining
Best used for operational reporting:
Provides snapshot of latest information
For quick custom reports
Integrates with SAP BI Enables integration with any reporting tool
Entities available for reporting:
Risk violations
Mitigating controls
Rule Architect
CUP Request information
Alerts
Entities available for reporting:
Risk violations
Mitigating controls
Rule Architect
CUP Request information
Approver and approver delegation
The purpose of this document is to provide an overview of the sample Crystal reports and how to connect data mart withyour Crystal Reports for custom reporting.
It provides detailed documentation on how to setup the database connections for the crystal reports and goes into thedetails regarding the reporting fields, elements and formulas used in each of the sample report.
Customers who have Crystal Reports can take these sample reports as the starting point and modify for your ownrequirements.
These sample reports are examples only; the sample reports are guidelines for creating your own reports within AccessControl Data Mart.
1 INTRODUCTION
6
Reporting Specification Supplemental Documentation© 2009 SAP AG
1.2 FunctionalityA new reporting data mart has been introduced by GRC Access Control 5.3 SP9, which enables custom reporting on RiskAnalysis and Remediation and Compliant User Provisioning data.
The data mart extracts the relevant data from the RAR and CUP and converts the data for reporting purposes.
The data mart is non-historical.
Data mart schema is published, which enables customers to integrate with any reporting tools.
Sample reports based on Crystal Reports are provided on SDN for reference.
The sample reports provided in this document use Crystal Reports 2008 standalone; you can use Crystal Reports 2008standalone or with Business Objects Enterprise and Crystal Reports 2008. Please see the Crystal Reports 2008:Supported Platforms documentation located in the SAP Marketplace for the correct versions.
The available data in Data Mart allows for reporting on the following areas:
Risk violations
Mitigating controls
Rule Architect
CUP Request information
Approver and approver delegation
1.3 Assumptions
Your system is installed with Crystal Reports 2008 or higher.
1.4 RequirementsThe requirement for accessing and using these sample reports depends on your environment: standalone environment orEnterprise environment.
Standalone Environment – is only supported on Crystal Reports 2008 SP1 or higher.
Enterprise Environment – is supported using Crystal Reports 2008 SP1 or higher on BusinessObjects Edge BI 3.1,and on BusinessObjects Enterprise XI 3.1.
Crystal Reports 2008 supports standalone environments and supports workflows with BusinessObjects Enterprise XI 3.0,BusinessObjects Edge Series XI 3.0, and Crystal Reports Server 2008.
If you are running BusinessObjects Enterprise XI 3.1, download and install Crystal Reports 2008 Service Pack 1.
7
Reporting Specification Supplemental Documentation© 2009 SAP AG
1.5 Important SAP NotesThe ODBC connection is not the only data source connection used for these samples reports. For more informationabout other data source connections, see the latest Access Control 5.3 installation guide available at ServiceMarketplace at http://service.sap.com/instguides.
Crystal LicenseCustomers need to have or acquire their own Crystal license.
Managing report content
Obtain sample Crystal reports through SAP's Software Developer Network (SDN). Customers can begin withsamples and modify as needed or create their own Crystal reports.
Using Access Control, customers can develop and deploy Access Control report content (.rpt) files.
Customers are responsible for their own report management, including versioning and translation.
For information on pre-requisites and deployment of data mart features, please refer to SAP Note 1369045before you start the installation. These notes also contain updates and correction to the installationdocumentation; for more information about Data Mart see the latest Access Control 5.3 Data Mart DesignDescription guide available at Service Marketplace at http://service.sap.com/support -> Help & Support ->Search for SAP Notes.
For more information, see the SAP BusinessObjects GRC Access Control 5.3 Master Guide on ServiceMarketplace at http://service.sap.com/instguides -> SAP BusinessObjects -> SAP BusinessObjects Governance,Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3.
8
Reporting Specification Supplemental Documentation© 2009 SAP AG
1.6 Related DocumentationSAP Business Objects provides the following related documentation in PDF format. To access installation and productguides, go to http://help.sap.com . Select 'SAP Business Objects' in the top of the navigation bar, or go tohttp://help.sap.com/businessobjects/.
Crystal Reports 2008: Supported Platforms — this document lists the specific platforms and configuration for CrystalReports 2008.
BusinessObjects Enterprise Administrator's Guide — this help provides you with information and procedures fordeploying and configuring your BusinessObjects Enterprise system.
BusinessObjects Enterprise Installation and Configuration Guide for Windows — this documentation providesinformation, procedures, and options for installing, removing, and repairing BusinessObjects Enterprise, client tools,and language packs.
SAP GRC provides additional documentation on the Access Control in PDF format on SAP Service Marketplace athttp://service.sap.com and SAP Help Portal at http://help.sap.com.
Title LocationAccess Control Data mart 5.3 http://service.sap.com/instguidesConfiguration Guide http://service.sap.com/instguidesMaster Guide http://service.sap.com/instguidesInstallation Guide http://service.sap.com/instguidesUpgrade Guide http://service.sap.com/instguidesSecurity Guide http://service.sap.com/securityguideOperations Guide http://service.sap.com/instguidesRelease Notes http://service.sap.com/releasenotesApplication Help http://help.sap.com
9
Reporting Specification Supplemental Documentation© 2009 SAP AG
2.1 Database ConnectivityThe sample reports require an ODBC connection to the database. Use the generic ODBC name called QA shipped withthe product.
For more information on create ODBC connections please see Microsoft knowledge article 300595.
Create the ODBC data source before using the sample reports. Use the following example of how to create the QAODBC data source connection.
1. From the Start Menu, choose Control Panel then Administrative Tools Data Sources (ODBC).
2. Select Tab 2 System DSN and click Add.
3. Select SQL Server then click on Finish.
2 REPORT OVERVIEW
10
Reporting Specification Supplemental Documentation© 2009 SAP AG
This is an example of the data needed to create the ODBC. This data will depend on where your DatabaseAdministrator has created the database. Please see your DBA for the correct connection information.
Example:
Name: QADescription: Connection to Sample ReportsServer: 10.48.121.238
4. Click Next.
5. The authentication to the SQL Server will depend on how your DBA has set up the user accounts. The following isan example of using SQL Server authentication using a login and password.
Configure the login and password according to the information from your DBA. Recommendation is to have theDBA create the user account with read-only access.
6. Click Next.
11
Reporting Specification Supplemental Documentation© 2009 SAP AG
7. Change the default database to the correct database.
8. Click Next.
9. If you need to change the default language, then select the appropriate language.
10. Click Finish.
12
Reporting Specification Supplemental Documentation© 2009 SAP AG
11. The new ODBC screen will appear and at this point, you can test the connection by selecting Test Data Source.
12. If successful, then you will receive a “Test Completed Successfully”.
13
Reporting Specification Supplemental Documentation© 2009 SAP AG
2.2 Creating a New Data Source LocationThe sample reports ship with a generic ODBC name called QA. Use the name of the ODBC connection that your DBAspecifies. In this example, we will be changing the QA ODBC drive to a Crystal Sample ODBC.
1. Open Crystal Reports 2008
Start Menu All Programs Crystal Reports 2008 Crystal Reports 2008.
2. Select a Sample Report
From the Crystal Reports Toolbar – Select File Open then select a Sample Report.
Set Data Source Location
3. From the Crystal Reports Toolbar, select Database then select Set Datasource Location.
4. Current Data Source Location
From the Crystal Reports Toolbar – Select Database Set Datasource Location.
The Set Datasource Location tab contains the Current Data Source the report is pointing to; the sectionReplace with is where you specify the new connection.
5. Creating the New Data Source Location
In the Replace with section Click on the “+” sign beside the Create New Connection.
This will list all of the available types of Data Source Select the Data Source your DBA has configured. In thisexample, we are using Microsoft ODBC (RDO) connection.
14
Reporting Specification Supplemental Documentation© 2009 SAP AG
Double click on ODBC (RDO) A Data Source Selection screen will appear Select the Data Source Name– in this example we are using CrystalSample.
Select Next A Connection Information screen will appear the server name, User ID and Database will bepopulated Type in the Password Click Finish.
In the Replace with section, the new connection (CrystalSample) is now available for use in the reports.
15
Reporting Specification Supplemental Documentation© 2009 SAP AG
2.3 Updating Current Data Source LocationThe current sample reports have the Data source called QA; change this to CrystalSample. Under CurrentData Source, select QA then under Replace with select CrystalSample.
Select Update – This will take a few seconds to update. Once the update is complete, the Current Data Sourcewill show the new CrystalSample connection. If there are any sub-reports, repeat this step for each sub-report. Click Close.
After updating the Data Source connection, click the Refresh button or F5 to see your current data.
16
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.1 Approver Delegation
Report Description This report lists delegated approvers and historical delegation information.
Note This report has a main report only.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEDelegated For User ID GRC_DM_AE_DLEGAPRV.APPRVIDDelegated To User ID GRC_DM_AE_DLEGAPRV.DELEGAPPRVIDDelegation Creation Date GRC_DM_AE_DLEGAPRV.REQ_DTDate From GRC_DM_AE_DLEGAPRV.FRM_DTDate To GRC_DM_AE_DLEGAPRV.TO_DTStatus Status_Col
FORMULA NAME FORMULA
Status_Col if {GRC_DM_AE_DLEGAPRV.STATUS} = 0 then 'InActive' elseif {GRC_DM_AE_DLEGAPRV.STATUS}= 1 then 'Active'
DelegatedFor IF HASVALUE({?Delegated for UserID})THEN MINIMUM({?Delegated for UserID}) + " to " + MAXIMUM({?Delegated for UserID})
DelegatedTo IF HASVALUE({?Delegated To UserID})THEN MINIMUM({?Delegated To UserID}) + " to " + MAXIMUM({?Delegated To UserID})
Status
if HasValue({?Status}) then select {?Status} case 0: "Inactive" case 1: "Active" else 'All'
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESDateFrom YES N/A YESDateTo YES N/A YESDelegated for UserID YES YES N/ADelegated To UserID YES YES N/AStatus YES N/A YES
3 CUP SAMPLE REPORT SUMMARY
17
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.2 Lists Request with the Same Requestor and Approver
Report Description This report lists requests, which have requestor and approver as the same person. This reportsupports all request types except for SoD and User Access Review workflow types
Note This report has a main report only.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMERequest ID GRC_DM_AE_RQDHDR.REQNORequestor Id GRC_DM_AE_RQDHDR.REQUESTORIDRequestor Name GRC_DM_AE_RQDHDR.REQUESTORRequested for User ID GRC_DM_AE_RQDHDR.USERIDRequested for User Name GRC_DM_AE_RQDHDR.USERNAMEApprover ID GRC_DM_AE_RQDHDR.APPROVERIDRequest Status GRC_DM_AE_RQDHDR.STATUS
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESWorkflow Type YES YES N/ARequest ID YES N/A YESRequestor ID YES N/A YESRequested for User ID YES N/A YESRequested for User Name YES N/A YESApprover ID YES N/A YESRequest Status YES N/A YESApplication YES YES N/ADate From YES N/A YESDate To YES N/A YES
18
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.3 Search Approvers
Report Description This report lists approvers defined in Custom Approver Determinator (CAD) by search requestattributes and role attributes.This report is only for approvers defined in CADs using the Compliant User Provisioning (CUP)workflow type.
This report is only for approvers defined in CAD with CUP workflow type.
Note This report has a main report and a sub-report. The main report drills to the sub-report onclicking the field Custom Approver Determinator.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMECustom Approver Determinator GRC_DM_AE_C_CTMDTNM.CSTMAPVRIDApprover GRC_DM_AE_CDTVALAP.APPROVERIDApprover Name ApproverNameAlternate Approver GRC_DM_AE_CDTVALAP.ALTAPPROVERID
FORMULA NAME FORMULA
ApproverName {GRC_DM_AE_APPROVER.APPROVERFIRSTNAME} + ' ' +{GRC_DM_AE_APPROVER.APPROVERLASTNAME}
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESApprover ID YES YES N/AInclude Alternate Approver YES N/A YESApplication YES YES N/ABusiness Process YES YES N/ACompany YES YES N/AApplication Of Role YES YES N/ABusiness Process of Role YES YES N/ABusiness Sub-Process of Role YES YES N/AFunctional Area of Role YES YES N/A
Sub-Report - Custom Approver Determinator Details
FIELD NAME DATABASE FIELD FORMULAAttribute Name GRC_DM_AE_CDTVALAP.ATTRIBUTENAMECustom Approver Determinator GRC_DM_AE_CTMDTNM.CSTMAPVRIDApprover Approver
19
Reporting Specification Supplemental Documentation© 2009 SAP AG
FIELD NAME DATABASE FIELD FORMULAAlternate Approver GRC_DM_AE_CDTVALAP.ALTAPPROVERID
FORMULA NAME FORMULA
Approver{GRC_DM_AE_CDTVALAP.APPROVERID} + '-' +{GRC_DM_AE_APPROVER.APPROVERLASTNAME}+ ' '+{GRC_DM_AE_APPROVER.APPROVERFIRSTNAME}
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_AE_C_CTMDTNM.CSTMAPVRID
20
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.4 Search Request
Report Description This report is for searching requests with various criteria for CUP requests.This report is only for requests using the Compliant User Provisioning (CUP) workflow type.
Note The Main report contains 3 SQL statements and the sub-report contains 1 SQL commandstatement.This report has a main report and a sub-report. The main report drills to the sub-report onclicking the field Request Number.
Main Report
SQL Command StatementForGRC_DM_AE_C_HDRWPTRN
select DISTINCTA.REQNO,A.WFTYPE,A.PRIORITY,A.REQDATE,A.REQUESTOR,A.REQAPPDATE,A.USERNAME,A.STATUS,A.USERID,A.REQTYPE,A.REQUESTORID,A.ARCHIVED,B.APPROVERID,B.STAGE_NAMEfrom GRC_DM_AE_WFTYPET C,GRC_DM_AE_RQDHDR ALEFT OUTER JOIN GRC_DM_AE_RQDWPTRN B ON A.REQNO=B.REQNOWHERE A.WFTYPE=C.FWTYPE AND C.LOCALE=1 AND C.FWTYPE ='AE'
SQL Command StatementForGRC_DM_AE_C_REQDTYPE
SELECT REQTYPE,REQTYPEDESC FROM GRC_DM_AE_RQDTYPE WHEREWFTYPE='AE'
SQL Command StatementForGRC_DM_AE_C_WFTYPE
SELECT FWTYPE,SHORT_DESC FROM GRC_DM_AE_WFTYPET WHERELOCALE=1
FIELD NAME DATABASE FIELD FORMULA NAMERequest Number ToText({@RequestNumber},0,"")Workflow Type Static Text - CUPPriority GRC_DM_AE_C_HDRWPTRN.PRIORITYRequest Date GRC_DM_AE_C_HDRWPTRN.REQDATERequestor GRC_DM_AE_C_HDRWPTRN.REQUESTORDue Date GRC_DM_AE_C_HDRWPTRN.REQAPPDATEUser Name GRC_DM_AE_C_HDRWPTRN.USERNAMECurrent Stage GRC_DM_AE_C_HDRWPTRN.STAGE_NAMERequest Status GRC_DM_AE_C_HDRWPTRN.STATUS
FORMULA NAME FORMULA
ApproverID if HasValue({?ApproverID}) then Minimum({?ApproverID}) + " to " +Maximum({?ApproverID})
Archivedrequests
if HasValue({?Archivedrequests}) then select {?Archivedrequests} case 0: "Not Archived" case 1: "Archived"
Request Number TONUMBER({GRC_DM_AE_C_HDRWPTRN.REQNO})
21
Reporting Specification Supplemental Documentation© 2009 SAP AG
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest ID YES N/A YESUserID YES N/A YESRequestorID YES N/A YESRequestStatus YES N/A YESRequestType YES YES N/AApproverID YES YES N/AArchivedrequests YES N/A YES
Sub-Report - Approver Status
SQLCommandStatement
selectD.ROLEPROFDISPNAME,R.APPROVAL_STATUS,W.APPROVERID,W.STATUS,W.ALTAPPROVER,W.STATUS,G.APPRVID,G.STATUS,W.REQNO,W.REQPATHID,W.STAGE_NAME,R.RLPRL_PATH,R.ROLEPROFNAME FROM GRC_DM_AE_RQDWPTRN W LEFT OUTER JOIN GRC_DM_AE_DLEGAPRV G ONW.APPROVERID=G.APPRVID ,GRC_DM_AE_RQDRLPRL R,GRC_DM_AE_ROLDTLS Dwhere W.REQNO=R.REQNO AND W.REQPATHID=R.RLPRL_PATH ANDR.ROLEPROFNAME=D.ROLEPROFNAME
FIELD NAME DATABASE FIELD FORMULARole Name GRC_DM_AE_APPRVSTAT.ROLEPROFDISPNAMEOverall Role Status GRC_DM_AE_APPRVSTAT.APPROVAL_STATUSApprover GRC_DM_AE_APPRVSTAT.APPROVERIDStatus GRC_DM_AE_APPRVSTAT.STATUSAlternate Approver GRC_DM_AE_APPRVSTAT.ALTAPPROVERStatus GRC_DM_AE_APPRVSTAT.STATUS(1)Delegated Approver GRC_DM_AE_APPRVSTAT.APPRVIDStatus GRC_DM_AE_APPRVSTAT.STATUS(2)
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRWPTRN.REQNOPm-GRC_DM_AE_C_HDRWPTRN.STAGE_NAME
22
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.5 SOD Review History
Report Description This report provides the history of SoD review tasks.
Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Risk ID.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_AE_C_HDRSODRSK.USERIDUser Name UserNameReviewer ID GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDSystem GRC_DM_AE_C_HDRSODRSK.SHORT_DESCRisk ID GRC_DM_AE_C_HDRSODRSK.RISKIDAction GRC_DM_AE_C_HDRSODRSK.ACTIONSRequest Number GRC_DM_AE_C_HDRSODRSK.REQNOEscalated GRC_DM_AE_C_HDRSODRSK.ESC_STATUSLast Action Date GRC_DM_AE_C_HDRSODRSK.LASTUPDATE
FORMULA NAME FORMULA
UserName {GRC_DM_AE_C_HDRSODRSK.USER_FIRST_NAME} + ' ' +{GRC_DM_AE_C_HDRSODRSK.USER_LAST_NAME}
Archived
if HasValue({?Archived Request}) then select {?Archived Request} case 0.00: "Not Archived" case 1.00: "Archived"
Coordinator_ID if HasValue({?Coordinator ID}) then Minimum({?Coordinator ID}) + " to " +Maximum({?Coordinator ID})
Reviewer_ID if HasValue({?Reviewer ID}) then Minimum({?Reviewer ID}) + " to " +Maximum({?Reviewer ID})
User_ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESReviewer ID YES YES N/ACoordinator ID YES YES N/AUserID YES YES N/ARisk ID YES YES N/ARisk Level YES N/A YES
23
Reporting Specification Supplemental Documentation© 2009 SAP AG
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest Number YES N/A YESCreation From Date YES N/A YESCreation To Date YES N/A YESApplication YES YES N/AAction YES N/A YESArchived Request YES N/A YES
Sub-Report - Risk and Function Details
FIELD NAME DATABASE FIELD FORMULARisk Id GRC_DM_CC_C_RISK.RISKIDRisk Type Risk_TypeRisk Level Risk_LevelRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_C_RISK.DESCNBusiness Process GRC_DM_CC_C_BUSPRCT.DESCN
Relevant Functions GRC_DM_CC_C_FUNCT.FUNCTID -GRC_DM_CC_C_FUNCT.DESCN
FORMULA NAME FORMULA
Risk_Type
select {GRC_DM_CC_C_RISK.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""
Risk_Level
select {GRC_DM_CC_C_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRSODRSK.RISKID
24
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.6 User Access Review Reconciliation
Report Description Before sending requests to reviewers, use this report to obtain a list of users and roles includedin the User Access Review requests. Reconcile the report with the backend system data toensure the appropriate records have been extracted for inclusion in UAR requests.
Note This report has a main report and a sub-report. The main report drills to the sub-report onclicking the field Role Name.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_AE_C_HDRSODRSK.USERIDUser Name UserNameReviewer ID GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDRole Name GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAMEApplication GRC_DM_AE_C_HDRSODRSK.SYSTEMRequest Number GRC_DM_AE_C_HDRSODRSK.REQNO
FORMULA NAME FORMULA
UserName {GRC_DM_AE_C_HDRSODRSK.USER_FIRST_NAME} + ' ' +{GRC_DM_AE_C_HDRSODRSK.USER_LAST_NAME}
ArchivedRequests
if HasValue({?ArchivedRequests}) then select {?ArchivedRequests} case 0: "Not Archived" case 1: "Archived"
Coordinator_ID if HasValue({?Coordinator ID}) then Minimum({?Coordinator ID}) + " to " +Maximum({?Coordinator ID})
Reviewer_ID if HasValue({?Reviewer ID}) then Minimum({?Reviewer ID}) + " to " +Maximum({?Reviewer ID})
User_ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESReviewer ID YES YES N/ACoordinator ID YES YES N/AUserID YES YES N/ARoleName YES N/A YESRequestID YES YES N/ACreation From Date YES N/A YESCreation To Date YES N/A YES
25
Reporting Specification Supplemental Documentation© 2009 SAP AG
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESApplication YES YES N/AArchivedRequests YES N/A YES
Sub-Report - Role Details
FIELD NAME DATABASE FIELD FORMULARole Profile Name GRC_DM_AE_ROLDTLS.ROLEPROFNAMERole Profile Description GRC_DM_AE_ROLDTLS.ROLEPROFDESCBusiness Process GRC_DM_AE_ROLDTLS.BUSSPROCSub Process GRC_DM_AE_ROLDTLS.SUBPROCLast ReAffirm Date GRC_DM_AE_ROLDTLS.LST_REAFF_DTRole Profile Indicator GRC_DM_AE_ROLDTLS.ROLEPROFINDICATORDetail Description GRC_DM_AE_ROLDTLS.DETAIL_DESCRole Profile Type GRC_DM_AE_ROLDTLS.ROLEPROFTYPECritical Level GRC_DM_AE_ROLDTLS.CRITICAL_LEVELComments Mandatory GRC_DM_AE_ROLDTLS.COMMENTS_MANDATORYParent Role Owner GRC_DM_AE_ROLDTLS.PARENTROLE_OWNERRole Profile Display Name GRC_DM_AE_ROLDTLS.ROLEPROFDISPNAMERole Profname CS GRC_DM_AE_ROLDTLS.ROLEPROFNAME_CSContype GRC_DM_AE_ROLDTLS.CONTYPE
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAME
26
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.7 User Access Review History
Report Description This report provides the history of actions performed on User Access Review requests.
Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Role Name.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_AE_C_HDRSODRSK.USERIDUser Name UserNameReviewer ID GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDRole Name GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAMEAction GRC_DM_AE_C_HDRSODRSK.ACTIONSSystem GRC_DM_AE_C_CNTT.SHORT_DESCRequest No. GRC_DM_AE_C_HDRSODRSK.REQNOJob ID GRC_DM_AE_C_HDRSODRSK.RUN_IDEscalated GRC_DM_AE_C_HDRSODRSK.ESC_STATUSLast Action Date GRC_DM_AE_C_HDRSODRSK.LASTUPDATE
FORMULA NAME FORMULA
UserName {GRC_DM_AE_C_HDRSODRSK.USER_FIRST_NAME} + ' ' +{GRC_DM_AE_C_HDRSODRSK.USER_LAST_NAME}
Archived_Display
if HasValue({?Archived Request}) then select {?Archived Request} case 0.00: "Not Archived" case 1.00: "Archived"
Coordinator_ID if HasValue({?Coordinator ID}) then Minimum({?Coordinator ID}) + " to " +Maximum({?Coordinator ID})
Reviewer_ID if HasValue({?Reviewer ID}) then Minimum({?Reviewer ID}) + " to " +Maximum({?Reviewer ID})
User_ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESReviewer ID YES YES N/ACoordinator ID YES YES N/AUser ID YES YES N/ARole Name YES N/A YES
27
Reporting Specification Supplemental Documentation© 2009 SAP AG
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest ID YES YES N/ACreation From Date YES N/A YESCreation To Date YES N/A YESApplication YES YES N/AAction YES N/A YESArchived Request YES N/A YES
Sub-Report - Role Details
FIELD NAME DATABASE FIELD FORMULARole Profile Name GRC_DM_AE_ROLDTLS.ROLEPROFNAMERole Profile Description GRC_DM_AE_ROLDTLS.ROLEPROFDESCBusiness Process GRC_DM_AE_ROLDTLS.BUSSPROCSub Process GRC_DM_AE_ROLDTLS.SUBPROCLast ReAffirm Date GRC_DM_AE_ROLDTLS.LST_REAFF_DTRole Profile Indicator GRC_DM_AE_ROLDTLS.ROLEPROFINDICATORDetail Description GRC_DM_AE_ROLDTLS.DETAIL_DESCRole Profile Type GRC_DM_AE_ROLDTLS.ROLEPROFTYPECritical Level GRC_DM_AE_ROLDTLS.CRITICAL_LEVELComments Mandatory GRC_DM_AE_ROLDTLS.COMMENTS_MANDATORYParent Role Owner GRC_DM_AE_ROLDTLS.PARENTROLE_OWNERRole Profile Display Name GRC_DM_AE_ROLDTLS.ROLEPROFDISPNAMERole Profname CS GRC_DM_AE_ROLDTLS.ROLEPROFNAME_CSContype GRC_DM_AE_ROLDTLS.CONTYPE
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAME
28
Reporting Specification Supplemental Documentation© 2009 SAP AG
3.8 User Review Status
Report Description This report provides the request status for SoD Review and User Access Review requests.
Note This report has a main report only.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMERequest Number RequestNoRequest Date GRC_DM_AE_C_HDRSODRSK.REQDATEReviewer GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDDue Date GRC_DM_AE_C_HDRSODRSK.REQAPPDATEWorkflow Stage GRC_DM_AE_C_HDRSODRSK.STAGE_NAMERequest Status GRC_DM_AE_C_HDRSODRSK.STATUSEscalated GRC_DM_AE_C_HDRSODRSK.ESC_STATUSCompleted GRC_DM_AE_C_HDRSODRSK.COMPLETEDMissing GRC_DM_AE_C_HDRSODRSK.MISSINGRejected GRC_DM_AE_C_HDRSODRSK.REJECTED
FORMULA NAME FORMULA
Archived
if HasValue({?Archived Requests}) then select {?Archived Requests} case 0: "Not Archived" case 1: "Archived" case 0.00: "Not Archived" case 1.00: "Archived"
Coordinator_ID if HasValue({?Coordinator ID}) then Minimum({?Coordinator ID}) + " to " +Maximum({?Coordinator ID})
RequestNo TONUMBER({GRC_DM_AE_C_HDRSODRSK.REQNO})
Reviewer_ID if HasValue({?Reviewer ID}) then Minimum({?Reviewer ID}) + " to " +Maximum({?Reviewer ID})
User_ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUES
Workflow Type YES NO SOD_Review,UAR_Review
Reviewer ID YES YES N/ACoordinator ID YES YES N/AUser ID YES YES N/A
29
Reporting Specification Supplemental Documentation© 2009 SAP AG
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest ID YES YES N/ARequest Status YES N/A YESCreation From Date YES N/A YESCreation To Date YES N/A YESApplication YES YES N/AArchivedRequests YES N/A YES
30
Reporting Specification Supplemental Documentation© 2009 SAP AG
4.1 Access Rule Details
Report Description This report list Risks, Functions, Actions and associated Permission details for access rules.
Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Risk ID.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMERisk ID GRC_DM_CC_PRM.RISKIDRisk Description GRC_DM_CC_PRM.DESCNRisk Type Risk Type FieldRisk Level Risk Level FieldRisk Owner GRC_DM_CC_PRM.OWNUSERBusiness Process GRC_DM_CC_PRM.BUSPRC_DESCNFunctions GRC_DM_CC_PRM.FUNCT_DESCNPermission Rule ID GRC_DM_CC_PRM.RULESETIDSystem GRC_DM_CC_PRM.SYSTEMPermission Object GRC_DM_CC_PRM.PERMOBJField GRC_DM_CC_PRM.FIELDValue From GRC_DM_CC_PRM.FROMVALValue To GRC_DM_CC_PRM.TOVALCondition GRC_DM_CC_PRM.CONDITIONPermission Object Status Perm Status
FORMULA NAME FORMULA
Risk Type Field
select {GRC_DM_CC_PRM.RISKTYPE} case "1": "Segregation of Duty" case "2": "Critical Action" case "3": "Critical Permission" default: ""
Risk Level Field
select {GRC_DM_CC_PRM.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Perm Statusselect {GRC_DM_CC_PRM.PERMSTATUS} case 0: "Enabled" case 1: "Disabled"
Field if HasValue({?Field}) then Minimum({?Field}) + " to " + Maximum({?Field})
Function if HasValue({?Function}) then Minimum({?Function}) + " to " + Maximum({?Function})
4 RAR SAMPLE REPORT SUMMARY
31
Reporting Specification Supplemental Documentation© 2009 SAP AG
FORMULA NAME FORMULA
Permissionif Not HasValue({?Permission}) then 'ALL' elseif HasValue({?Permission})then totext(Minimum({?Permission})) + " to " + totext(Maximum({?Permission}))
Risk ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})
Risk Level Param
if HasValue({?Risk Level}) then select {?Risk Level} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"
Status
if Not HasValue({?Status}) then 'ALL' elseif HasValue({?Status}) then select {?Status} case 0: "Enabled" case 1: "Disabled"
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRule Set YES YES N/ARisk ID YES YES N/ARisk Type YES N/A YESRisk Level YES N/A YESBusiness Process YES N/A YESFunction YES N/A YESStatus YES N/A YESPermission YES YES N/AField YES YES N/A
Sub-Report - Mitigated Risk Details
FIELD NAME DATABASE FIELD FORMULARisk ID Risk_Details.RISKIDRisk Type Risk_TypeRisk Level Risk_LevelRisk Owner Risk_Details.OWNUSERRisk Description Risk_Details.RISK_DESNCBusiness Process Risk_Details.BUSPROC_DESCNRelevant Functions Relevant Functions
32
Reporting Specification Supplemental Documentation© 2009 SAP AG
FORMULA NAME FORMULARelevant Functions {Risk_Details.FUNCTID}+'-'+{Risk_Details.DESCN}
Risk_Level
select {Risk_Details.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Risk_Type
select {Risk_Details.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_PRM.RISKID
33
Reporting Specification Supplemental Documentation© 2009 SAP AG
4.2 Access Rule Summary
Report Description This report provides access rule summary-level information with Risks and associated Functions.
Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Function.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMERisk ID GRC_DM_CC_RISK.RISKIDRisk Description GRC_DM_CC_RISKT.DESCNRisk Level Risk Level FieldRule Set GRC_DM_CC_RULESETT.DESCNBusiness Process GRC_DM_CC_BUSPRCT.DESCNFunction GRC_DM_CC_PRM.FUNCT_DESCNRisk Owner GRC_DM_CC_RISKOWN.OWNUSER
FORMULA NAME FORMULA
Risk Level Field
select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Business Process if HasValue({?Business Process}) then {GRC_DM_CC_BUSPRCT.DESCN}
Function if HasValue({?Function}) then Minimum({?Function}) + " to " + Maximum({?Function})
Risk ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})
Risk Level
if HasValue({?Risk Level}) then select {?Risk Level} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"
Risk Level Field
select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Risk Type
if HasValue({?Risk Type}) then select {?Risk Type} case "1": "Segregation of Duty" case "2": "Critical Action" case "3": "Critical Permission"
Rule Set if HasValue({?Rule Set}) then {GRC_DM_CC_RULESETT.DESCN}
34
Reporting Specification Supplemental Documentation© 2009 SAP AG
FORMULA NAME FORMULA
Status
if HasValue({?Status}) then select {?Status} case 0: "Enabled" case 1: "Disabled"
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRule Set YES YES N/ARisk ID YES YES N/ARisk Description YES N/A YESRisk Type YES N/A YESRisk Level YES N/A YESBusiness Process YES YES N/AFunction YES YES N/AStatus YES N/A YES
Sub-Report - Function Details
FIELD NAME DATABASE FIELD FORMULASystem GRC_DM_CC_C_ACTRULE.SYSTEMAction GRC_DM_CC_C_ACTRULE.ACTIONSDescription GRC_DM_CC_C_ACTRULE.TTEXTAction Status Status
FORMULA NAME FORMULA
StatusSELECT {GRC_DM_CC_C_ACTRULE.ACTIONSTATUS} CASE 0: "Enabled" CASE 1: "Disabled"
Description {GRC_DM_CC_C_ACTRULE.FUNCTID} & ': ' & {GRC_DM_CC_C_ACTRULE.DESCN}
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_RISK.RISKIDPm-GRC_DM_CC_RISKFUNC.FUNCTID
35
Reporting Specification Supplemental Documentation© 2009 SAP AG
4.3 Mitigating Control
Report Description This report lists mitigating controls with descriptions and other control details.
Note This report has a main report and two (2) sub-reports. The main report drills to the sub-report onclicking the field Mitigation Control ID and Business Unit.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEMitigation Control ID {GRC_DM_CC_MITREF.MITREFNO}Control Description GRC_DM_CC_C_MITREFT.DESCNBusiness Unit GRC_DM_CC_BUSUNITT.DESCNManagement Approver GRC_DM_CC_MITREF.APPROVERIDRisk ID GRC_DM_CC_MITREF.RISKRisk Description GRC_DM_CC_C_RISKT.DESCNRisk Level Risk_LevelMonitor ID GRC_DM_CC_MITMON.MONITORID
FORMULA NAME FORMULA
Risk_Level
select {GRC_DM_CC_MITREF.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Control_ID if HasValue({?MitigationControlId}) then Minimum({?MitigationControlId}) + " to " +Maximum({?MitigationControlId})
Display_RiskLevel
if HasValue({?RiskLevel}) then select {?RiskLevel} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"
Risk_ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESMitigationControlId YES N/A YESDescription YES N/A YESRisk ID YES YES N/ARiskLevel YES N/A YESBusinessUnit YES N/A YESManagementApprover YES YES N/A
36
Reporting Specification Supplemental Documentation© 2009 SAP AG
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESMonitorId YES YES N/A
Sub-Report - Mitigated Control Details
FIELD NAME DATABASE FIELD FORMULAMitigation Control Id GRC_DM_CC_MITREF.MITREFNODescription GRC_DM_CC_C_MITREFT.DESCNBusiness Unit GRC_DM_CC_C_BUSUNITT.DESCNManagement Approver Name GRC_DM_CC_MITREF.APPROVERNAMEManagement Approver ID GRC_DM_CC_MITREF.APPROVERID
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_MITREF.MITREFNOPm-GRC_DM_CC_C_MITREFT.DESCNPm-GRC_DM_CC_MITREF.RISKID
Sub-Report - Mitigated Risk Details
FIELD NAME DATABASE FIELD FORMULARisk Id GRC_DM_CC_RISK.RISKIDRisk Type Risk_TypeRisk Level Risk_LevelRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_RISKTRPT.DESCNBusiness Process GRC_DM_CC_BUSPRCTRPT.DESCNRelevant Functions Relevant_Funct
FORMULA NAME FORMULA
Risk_Type
select {GRC_DM_CC_RISK.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""
Risk_Level
select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Relevant_Funct {GRC_DM_CC_C_FUNCT.FUNCTID}+ '-' +{GRC_DM_CC_C_FUNCT.DESCN}
37
Reporting Specification Supplemental Documentation© 2009 SAP AG
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_MITREF.RISKID
38
Reporting Specification Supplemental Documentation© 2009 SAP AG
4.4 Mitigated User
Report Description This report provides all mitigated users with Users, Risks and associated Mitigating controlinformation.
Note This report has a main report and two (2) sub-reports. The main report drills to the sub-report onclicking the field Risk ID and Control ID.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_CC_C_MITOBJ.GENOBJIDUser Name GRC_DM_CC_C_MITOBJ.OBJECTNAMEUser Group GRC_DM_CC_C_MITOBJ.USERGROUPRisk Id GRC_DM_CC_C_MITOBJ.RISKRisk Description GRC_DM_CC_C_MITOBJ.RDESCRisk Level Risk_LevelControl Id GRC_DM_CC_C_MITOBJ.MITREFNOControl Description GRC_DM_CC_C_MITOBJ.MITDESCBusiness Unit GRC_DM_CC_C_MITOBJ.BDESCManagement Approver GRC_DM_CC_C_MITOBJ.APPROVERIDMonitor ID GRC_DM_CC_C_MITOBJ.MONITORIDMonitor Name GRC_DM_CC_C_MITOBJ.MONITORNAMEValidity Period From GRC_DM_CC_C_MITOBJ.VALIDFROMValidity Period To GRC_DM_CC_C_MITOBJ.VALIDTOStatus Status
FORMULA NAME FORMULA
Risk_Level
select {GRC_DM_CC_C_MITOBJ.RISKLEVEL}case 0: "Medium"case 1: "High"case 2: "Low"case 3: "Critical"default: ""
Status if {GRC_DM_CC_C_MITOBJ.STATUS} = 0 then 'Enabled' elseif {GRC_DM_CC_C_MITOBJ.STATUS} = 1 then 'Disabled' else ''
ControlID if HasValue({?MitigationControlId}) then Minimum({?MitigationControlId}) + " to " +Maximum({?MitigationControlId})
Display_RiskLevel
if HasValue({?RiskLevel}) thenselect {?RiskLevel}case 0: "Medium"case 1: "High"case 2: "Low"case 3: "Critical"
Display_Status if HasValue({?Status}) thenselect {?Status}
39
Reporting Specification Supplemental Documentation© 2009 SAP AG
FORMULA NAME FORMULAcase 0: "Enabled"case 1: "Disabled"
Risk_ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})
User ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESMitigationControlId YES YES N/AUser ID YES YES N/ARisk ID YES YES N/ARiskLevel YES N/A YESBusiness Process YES N/A YESBusinessUnit YES N/A YESMonitorId YES YES N/AControl Valid From YES N/A YESControl Valid To YES N/A YESStatus YES N/A YES
Sub-Report - Mitigated Control Details
FIELD NAME DATABASE FIELD FORMULAMitigation Control Id GRC_DM_CC_MITREF.MITREFNODescription GRC_DM_CC_C_MITREFT.DESCNBusiness Unit GRC_DM_CC_C_MITREF.BUSIDDescription GRC_DM_CC_C_BUSUNITT.DESCNApprover ID GRC_DM_CC_MITREF.APPROVERIDApprover Name GRC_DM_CC_MITREF.APPROVERNAME
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_C_MITOBJ.MITREFNO
40
Reporting Specification Supplemental Documentation© 2009 SAP AG
Sub-Report - Mitigated Risk Details
FIELD NAME DATABASE FIELD FORMULARisk Id GRC_DM_CC_RISK.RISKIDRisk Type Risk_TypeRisk Level Ris_LvlRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_RISKTRPT.DESCNBusiness Process GRC_DM_CC_BUSPRCTRPT.DESCNRelevant Functions Relevant_Funct
FORMULA NAME FORMULA
Relevant_Funct {GRC_DM_CC_C_FUNCT.FUNCTID}+ '-' +{GRC_DM_CC_C_FUNCT.DESCN}
Risk_Lvl
select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""
Risk_Type
select {GRC_DM_CC_RISK.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_C_MITOBJ.RISKID
41
Reporting Specification Supplemental Documentation© 2009 SAP AG
4.5 User Risk Violation Details
Report Description This report provides detailed user risk analysis results at permission detail level with Users,Risks, Functions, Permissions, Associated Roles, and Mitigating Control ID.
Note This report has a main report and three (3) sub-reports. The main report drills to the sub-reporton clicking the field Risk ID, Function ID and Mitigation Control ID.
Main Report
FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_CC_C_GENPRM.GENOBJIDCross System ID GRC_DM_CC_C_GENPRM.CROSSSYSTEMUser Name GRC_DM_CC_C_GENPRM.OBJECTNAMEUser Group GRC_DM_CC_C_GENPRM.USERGROUPRisk ID GRC_DM_CC_C_GENPRM.RISKIDRisk Description GRC_DM_CC_C_GENPRM.DESCNRisk Level RiskLevelFunction ID GRC_DM_CC_C_GENPRM.FUNCIDSystem GRC_DM_CC_C_GENPRM.SYSTEMRole/Profile GRC_DM_CC_C_GENPRM.ROLESPermission Object GRC_DM_CC_C_GENPRM.PERMOBJECTField GRC_DM_CC_C_GENPRM.FIELDValue ValueMitigation Control ID GRC_DM_CC_C_GENPRM.MITREFNO
FORMULA NAME FORMULA
Mitigated
IF HASVALUE({?Exclude Mitigated}) THEN SELECT {?Exclude Mitigated} CASE "Y": "Yes" CASE "N": "No"
RiskID IF HASVALUE({?Risk ID}) THEN MINIMUM({?Risk ID}) + " to " + MAXIMUM({?Risk ID})
RiskLevel
SELECT {GRC_DM_CC_C_GENPRM.RISKLEVEL} CASE 0: "Medium" CASE 1: "High" CASE 2: "Low" CASE 3: "Critical"
RiskLevel_Display
if HasValue({?Risk Level}) thenSELECT {?Risk Level} CASE 0: "Medium" CASE 1: "High" CASE 2: "Low" CASE 3: "Critical"
Rule SetWhileReadingRecords;if HasValue({?Rule Set}) thenNumberVar NumRanges := ubound( {?Rule Set} );
42
Reporting Specification Supplemental Documentation© 2009 SAP AG
FORMULA NAME FORMULANumberVar i := 0;StringVar outStr := "";for i := 1 to NumRangesstep 1 do ( StringVar maxCN := Maximum( {?Rule Set} [i] ); StringVar minCN := Minimum( {?Rule Set} [i] ); outStr := outStr & iif ( outStr <> "" , ", " , "" ) & iif( len (minCN) > 0, minCN, "") & ' to ' & iif( len (maxCN) > 0, maxCN, "" ); ); outStr;
UserID IF HASVALUE({?User}) THEN {?User}Value {GRC_DM_CC_C_GENPRM.FROMVAL} & ' - ' & {GRC_DM_CC_C_GENPRM.TOVAL}
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESUser YES N/A YESCustom Group YES YES N/ARisk ID YES YES N/ARisk Level YES N/A YESSystem YES YES N/ARule Set YES YES N/AExclude Mitigated YES N/A YES
Sub-Report – Risk Details
FIELD NAME DATABASE FIELD FORMULARisk ID GRC_DM_CC_RISK.RISKIDRisk Type Risk TypeRisk Level Risk LevelRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_RISKT.DESCNBusiness Process GRC_DM_CC_BUSPRCT.DESCNRelevant Functions Relevant Functions
FORMULA NAME FORMULA
Risk Type
select {GRC_DM_CC_RISK.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""
Risk Level
select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"
43
Reporting Specification Supplemental Documentation© 2009 SAP AG
FORMULA NAME FORMULA default: ""
Relevant Functions {GRC_DM_CC_FUNCT.FUNCTID}+'-'+{GRC_DM_CC_FUNCT.DESCN}
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_C_GENPRM.RISKID
Sub-Report – Function Details
FIELD NAME DATABASE FIELD FORMULASystem PRM_ACT_JOIN.SYSTEMDescription GRC_DM_CC_OBJTEXT.TTEXT
FORMULA NAME FORMULADescription {PRM_ACT_JOIN.FUNCID} & ': ' & {GRC_DM_CC_FUNCT.DESCN}
If the parameter listed is “optional”, you do not have to select the prompt to run the report.
PARAMETER FIELD NAMEPm-GRC_DM_CC_C_GENPRM.RISKIDPm-GRC_DM_CC_C_GENPRM.FUNCID
Sub-Report – Control Details
FIELD NAME DATABASE FIELD FORMULAControl ID GRC_DM_CC_MITREF.MITREFNODescription GRC_DM_CC_MITREFT.DESCNBusiness Unit GRC_DM_CC_BUSUNITT.DESCNManagement Approver Name GRC_DM_CC_MITREF.APPROVERNAMEManagement Approver ID GRC_DM_CC_MITREF.APPROVERID
PARAMETER FIELD NAMEPm-GRC_DM_CC_C_GENPRM.MITREFNO
44
©SAP AG 2009
© Copyright 2009 SAP AG, All rights reserved.
No part of this publication may be reproduced or transmitted inany form or for any purpose without the express permission ofSAP AG.
The information contained herein may be changed without priornotice.
Some software products marketed by SAP AG and itsdistributors contain proprietary software components of othersoftware vendors.
Microsoft, Windows, Outlook, and PowerPoint are registeredtrademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex,MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries,pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner,WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER,POWER5, OpenPower and PowerPC are trademarks orregistered trademarks of IBM Corporation.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader areeither trademarks or registered trademarks of Adobe SystemsIncorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks ofthe Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame,VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registeredtrademarks of W3C®, World Wide Web Consortium,Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc.,used under license for technology invented and implementedby Netscape.
MaxDB is a trademark of MySQL AB, Sweden.
SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAPNetWeaver, and other SAP products and services mentionedherein as well as their respective logos are trademarks orregistered trademarks of SAP AG in Germany and in severalother countries all over the world. All other product and servicenames mentioned are the trademarks of their respectivecompanies. Data contained in this document servesinformational purposes only. National product specificationsmay vary.
These materials are subject to change without notice. Thesematerials are provided by SAP AG and its affiliated companies("SAP Group") for informational purposes only, withoutrepresentation or warranty of any kind, and SAP Group shallnot be liable for errors or omissions with respect to thematerials. The only warranties for SAP Group products andservices are those that are set forth in the express warrantystatements accompanying such products and services, if any.Nothing herein should be construed as constituting anadditional warranty.
DisclaimerSome components of this product are based on Java™. Anycode change in these components may cause unpredictableand severe malfunctions and is therefore expressivelyprohibited, as is any decompilation of these components.
Any Java™ Source Code delivered with this product is only tobe used by SAP’s Support Services and may not be modified oraltered in any way.
Documentation in the SAP Service MarketplaceYou can find this documentation at the following Internetaddress: service.sap.com/instguides
Top Related