This document is a collection of the most useful SAP GRC Access Control documents, blogs, resources, links, etc. here in SCN.
Overview
Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)
GRC Processes, Lifecycles and Responsibilities
Customer Influence – SAP Access Control 2015
General opinion and thought-leadership
Are you ready to implement GRC 10?
If I had it to do all over: looking back on GRC 10 projects
Lessons learned from SAP GRC projects
Remediating Access Control SoD Risks
Internal Controls – a step towards strong controls
Defining Mitigating Controls / Compensating Controls
IT Control Testing – SOX Compliance
A #GRC tool is just part of the solution
It’s Just a Few GRC Ideas….Place
GRC General
Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant
NWBC screen layout options for GRC
Customizing Access request and approval screens in GRC Access Control
Issues, Bugs in GRC SP13 – Related Fixes
General tips to help in troubleshooting scenarios
SAP GRC AC 10.1 – Enhancements
How to delete roles, mitigation controls, users, and other informations from one connector
Product Support
GRC Product Support Monthly Newsletter
GRC Weekly News – Governance, Risk and Compliance – SCN Wiki
Top Ten – 2015 – Governance, Risk and Compliance – SCN Wiki
HR Triggers
Understanding HR Triggers in Access Control 10.0 – Governance, Risk and Compliance – SCN Wiki
GRC 10.0 – HR Trigger configuration – Governance, Risk and Compliance – SCN Wiki
Example of decision table for GRC 10 HR Trigger rule, using BRF+ tool
GRC Access Control – Compliant User Provisioning: HR Triggers
Debugging HR Trigger – GRAC_HR_TRIGGER_EVENT_RECIEVER
Debugging HR Trigger – Simulation
Debugging HR Trigger – PA40 changes to infotypes
MSMP Workflows
AC 10.0 – Customizing Workflows for Access Management
MSMP – Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility
Escalation only on workdays in the MSMP workflow
BRF+ Configuration
Determining the Logic behind Decision Tables
LDAP
Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control
LDAP Group parameter mapping.. what does it mean?
Connecting SAP GRC AC 10.X to Microsoft Active Directory
GRC 10.x and LDAP management 2.
Mobile Apps in SAP GRC
Administrator guides for Access Approver, Policy Survey, etc.
Fiori apps in GRC – Install two applications in 5 easy steps
Access Control with Identity Management (IdM)
SAP Access Control 10.0 Interface for Identity Management
SAP GRC with SAP BPC
Access Risk Analysis (ARA)
ARA – For the new kid on the block
Download, Modify and Upload the Access Risk Analysis Rule Set in SAP Access Control 10.x.
How to set up a Configurable Business Rule
Online vs. Offline Risk Analysis
Creation of Mitigation Controls in GRC 10.0
Organizational Rules in GRC Access Control
Mass change of Mitigation Assignments
The Action Usage Sync job in technical details – GRC Access Control 10.0
The Repository – GRC Access Control 10.0
Access Request Management (ARM)
ARM – For the new kid on the block
AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls
How to Change Subject Line in SAP GRC Email notification
Recommendations for using Business roles provisioning in access request
Configure Manager Look-Up in ARM for GRC 10
Role Search Screen Enhancement – GRC 10
Terminate Account – Request Process – GRC 10
GRC Request with both System and Role Line Items
Access Control 10 (ARM) – Risk Analysis Report Type is editable in Access Request.
Access Control: – Create Access Request Using Web Service in GRC10
Design Considerations to reduce Password Self Service (PSS) Intruder Risk
Direct vs. Indirect Role Assignment
EUP – Common Issues and Solutions, Important tables and takeaways 
PSS – Common Issues and Solutions, Important Take Aways
Business Role Management (BRM)
BRM – For the new kid on the block
Maintain Default Roles in BRM GRC AC 10.1
Import Role from ECC to GRC system
Business Roles concept and usability in GRC AC10
Enabling Business Role updates to existing assigned users
BRM Default Approvers via Condition Groups
BRM Role Methodology via Condition Groups
Emergency Access Management (EAM)
EAM – For the new kid on the block
EAM Utilisation and Log Review Process
ID-Based Firefighting vs. Role-Based Firefighting
AC 10.0 – Centralized Emergency Access
Configure Emergency Access (EAM) in GRC 10
EAM – Approve through Wrokflow
Emergency Access Management Reporting
Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20)
EAM: Requesting emergency access via access request workflow in SAP GRC – step by step.
See also
SAP Process Control – Useful Documents, Blogs, Resources, etc.
SAP Risk Management – Useful Documents, Blogs, Resources, etc.
SAP Fraud Management – Useful Documents, Blogs, Resources, etc.
Legend
 |
SAP SCN Documents |
 |
SAP SCN Blogs |
|
SAP Wiki |
| Newly added document (Contributors: please select from Emoticons ) | |
Please help in updating the collection so that new users can get a well structured overview for their information.
Best regards,
Alessandro
Hey Alessandro
Good idea - do you think it would be worth linking to the Wiki as well?
Hi Colleen,
personally I would say yes that make sense. I've just started yesterday as I missed such a document and had to search in SCN for some information and had a tough time. So I thought it make sense to have a collection also for newbies.
Regards
Alessandro
Hello Can you add I document in BRM.
Concept is when you have 3 systems landscape how you create role in development and how you move to qua and prd.
basically the use of logical group and mapping of action to connector.
Regards,
Prasant
Hey Prasant
Have you published the document in SCN?
Regards
Colleen
I will add it today.
Regards,
Prasant
Hi Prasant,
thanks for your input. I will update this document as soon as yours is available.
Regards,
Alessandro
Hello Alessandro,
Should we add AVM also here?
Regards,
Prasant
Hey Alessandro,
Nice.. would you please add HR trigger as well.
and There might be some other like integration to JAVA system for provisioning.
Like Portal, BPC, LSO .Pleas einclude or else lets create.
I have integrated to BPC,LSO,SPM(spend performance Mangement) and EP.
And Integration with LDAP and how you map different field.
Can we have Derived role in BRM.
And i real time scenario how we connect so system when we have BRM in place .
Regards,
Prasant K Paichha
Hi Prasant,
thanks for your feedback. I have added HR Triggers as a section. We can also add more sections for specific topics. Can you provide some links or even better update the document?
Regards,
Alessandro
Prasant,
can you bring in your ideas for new documents in the collaboration list: GRC Document Collaboration Topics
Thanks a lot!
Regards,
Alessandro
G'Day Alessandro,
I just stumbled upon your documents and seriously you are a legend mate!!
The sheer wealth of information you've got here is just unbelievable. I would like to sincerely thank you for taking the time to gather all this information and putting out here for the benefit of people like myself.
I so wish there are more people like you out there who would share their knowledge rather than keeping it to them self. As Colleen pointed out in one of your blogs, the way you explain, esp using real life examples helps you stand out from others and makes it so much more easier for us to understand.
Once again I truly appreciate what you are doing mate and Thank you.
Regards,
Leo..
Dear Leo,
wow.. many thanks for your great feedback. I am definitely not a legend I just believe that "sharing is caring" and what you give you will get back one day.
Appreciate that you like my posts and hope you will enjoy reading my stuff also in the future 🙂
Best regards,
Alessandro
G'day, legend and mate - sounds like someone from Australia paying a compliment!
hehe... now i learnt how to pay compliment in Australian way..Never been to that part may be coming vacation . i always dream to spend vacation at New Zealand.. may be this december Australia and New Zealand.
I really liked the thought of AB( Alessandro Banzer) when i first worked on GRC 10.. i was not sure what i was going to do.. in fact first saw screen at Switzerland at my client side. then posted few question and realized its not stable.. and SCN & Sap Support team helped me lot.. now learning new thing from reading peoples query.
you may have done many implementation but every implementation may be different when it comes to client's requirement.
till today everyday is learning and SCN has everything in fact faster then SAP Support.
AB: lets add more ..
LDAP,
Portal integration.
Colleen: Do you have BRM stuff?
Regards,
Prasant
Spot on Colleen! Its fair Dinkum Ozzie slang alright!
Just finished reading your 'NWBC screen layout options for GRC' and I totally agree with you in regards to the layout. I like the 5.3 layout way better as everything is structured (All 4 modules are separate) and in a particular order, just the way I like things.
However 10.x is all over the place. Having said that there are a few good things about the new layout too, so I was pondering how to get the best of both the worlds and thanks to your article and a couple of others I might just know how to go about it.
Regards,
Leo..
Liking your 'posts' is an understatement Alessandro and yes I am enjoying reading your posts. In fact I've got the next week or so sorted thanks to all the documents you've got here.
Cheers
Leo..
Hi Alessandro,
this is a great collection!
Can I ask for some additions: I was researching access configuration to mobile apps last week, and this was really hard to find (it's in a post somewhere). Maybe you can add links to those as well as the official product dosumentation, which seems to have moved around as well.
Thanks,
Frank.
Hi Frank
I think Alessandro opened it up for us all to edit
Regards
Colleen
Hi Frank,
thanks for your input. I will update accordingly (already following that thread).
Regards,
Alessandro
Great job Alessandro!!
Next step is creating a document for Process Control. 🙂 We have also a wiki page in GRC space just with debugging tips for technical people. It would be interesting to add it.
Again, great work.
Fernando
Fernando... you could add that to our project 😉
As well as Risk Management and Fraud Management 🙂
I forgot you had the debugging tips - that is definitely worth advertising!
Hi Alessandro,
Really a great work.
It is more of a GRCyclopedia 🙂
You can add some inputs on BRF+ and IDM as well.
Thanks,
Ameet
Hello Alessandro,
I've got no idea why my previous message here went kaput but thought I'll try again.
Considering how often this document is getting updated and given its importance, I was wondering if it would help to put a time stamp and the change, at the end of the document every time something is changed/added.
Most of the time it is glaringly obvious what has changed however there are times we have to go through the entire document a couple of times to figure out what was changed/added.
The version comparison isn't working either because of the sheer size of the document. Thought I'll put it out there.
Regards,
Leo..
Hi Leo,
thanks for your feedback. It's a pity that version comparison is not working as the document isn't large either.
I will come back to your query.
Regards,
Alessandro
Great stuff Alessandro
Anything on GRC 10.1
Lessons learnt?
Regards
Mustafa
Hi Mustafa
I have just added the blog: SAP GRC AC 10.1 - Enhancements
This one was written by Amit and goes through the differences between 10.0 and 10.1. Most of the other documents here are GRC 10.0 but for most parts capture 10.X.
The list is a living document. If you discover new documents then please let us know. I think everyone has edit rights to this document. If not, add it to the comments and we can incorporate it.
Regards
Colleen
Apart from functionality, there are differences in screen but no major difference if you are good in 10.0 then 10.1 is ok.
BRF+ screen has differences.
REgards,
Prasant
Hi Prasant
I was under the impression that there were quite a few differences to 10.1 (such as simplified user access forms).
BRF+ differences would be due to the change in Basis Stack (731 to 740) since BRF+ is not specific to GRC
Regards
Colleen
Hi Leo,
I have added a symbol ( ➕ ) to new documents 😉 a bit late, but better later than never 🙂
Cheers,
Ale
Awesome Ale. It will definitely help scanning the document. Also looking forward to your document on Direct/Indirect role assignment. We've had quite a few problems with indirect roles being pulled into Model User, so I'll send you the notes that fixed the issue. Maybe you can add it in your document so it could help others!!
P.S: Just noticed you already added that document, so let me go through it and get back to you.
Cheers
Leo..
That would be great! I will implement the notes in the respective documents.
Thanks and cheers,
Ale
Hi Alessandro,
Thanks you so much for accumulating all GRC documents in a single place.
It's really saving time in looking for GRC documnet in SCN and keep me more focus going through it.
I'm also going through your firefighter blog which is awesome.I have actually became fan of yours in SCN.
🙂
Regards
Girish Almiya
Hi Girish,
thanks for your feedback. Really appreciate. I'm trying to make it easier for everyone, also for me 🙂
Looking forward to your contribution.
Regards,
Alessandro
Hi Alessandro,
I created a document, would it be possible to add it you your summary list.
Also your feedback about the article would be appreciated.
EAM: Requesting emergency access via access request workflow in SAP GRC - step by step.
Regards,
Filip
Hi Filip,
have added your document to the collection. Thanks for your input. I will give feedback as soon as I find the time 🙂
Thanks and regards,
Alessandro
Dear all,
I have added a symbol ➕ to newly added documents (the symbol is selected from the smileys). For everyone contributing please attach the "plus" symbol to the new link so that it can easily be identified.
Thanks for your contribution.
Best regards,
Alessandro
Dear Alessandro,
It is always fresh look and inspiring more to learn with your collection and thoughts in your Blog
really it is an wonderful idea.
Regards
Baithi
Dear Alessandro,
Can you also add here Howto guide "How to Assign SAP Business Planning & Consolidation Authorizations via the SAP GRC Access Control Compliance User Provisioning Product"? This is regarding BPC and GRC integration.
Thanks,
Valentyn
Hi Valentyn,
has been added. Thanks for your input.
Regards,
Alessandro
Dear Alessandro,
Can you add the below document in blog,which helps for portal integration with GRC10
Portal Integration with GRC10.0-Issues,Notes
Regards
Baithi
This looks good. Would you have anything on UWL integration for GRC work items, please?
Hi Alessandro,
Can you add the GRC Weekly News under the heading Product Support? It contains SAP Notes and KBAs published weekly by IMS and GRC Product support.
http://wiki.scn.sap.com/wiki/display/GRC/GRC+Weekly+News
Thanks,
Bernie
Hi Bernie
I've added the link under Product Support 🙂
Regards
Colleen
Hi Colleen,
Can you post a link to the "Top 10 Most Viewed KBAs for GRC" under the heading for Product Support?
Here is the wiki page link:
http://wiki.scn.sap.com/wiki/x/5wLFGQ
Thanks,
Bernie
done 🙂
Hi,
The documents collaboration is very help full and use full for starters like me!
Thank you very much
Thanks
GRC Admin
Hi Alessandro,
Please add something with Integration with Enterprise Portal and LDAP. To start with I have posted this document can be used and can be modified accordingly.
Enterprise Portal Integration with SAP GRC 10.0
Regards
Pradeep
HI Pradeep
Before its' added to the list could you consider putting a bit of an introduction to the article and explain some of the steps. Right now this seems more of a Wiki step by step configuraiton guide.
For example, in Step 11 are you able to explain where you got the field mappings from in case someone needs to map it differently or trying to solve an issue similar to what you are doing (just a guess there). This would add a lot more substance to your content
Regards
Colleen
Hi Colleen,
Thanks for the feedback ,I will modify the document and will keep you posted once it's done.
Regards
Pradeep
Hello Pradeep,
i think you can also change initial screen as well, since thats not applicable anymore,
like your WS navigator screen its different now in new versions.
Regards,
Prasant
Thank you very much Allesandro for all the documents,
Its really helpful and informative and as always SDN site is awesome with the experts like you, Colleen, Prashant , Madhu ... in providing the expert guidance to resolve.
I have resolved most of the issues just by browsing SDN site .
Regards,
Sindhu
Thank you for the list of articles. This is a really helpful guide, and has enabled me to quickly find much needed information. I hope you can continue to add to this already expansive list.
Regards,
Raphael
http://wiki.scn.sap.com/wiki/x/1oD3GQ
Hello Moderator,
Please add this link under the section : GRC General with the Title:
FAQ for GRC Access Control 10.x Installation, Upgrades and Compatibility
Thanks
Mohammed
Hello Alessandro,
Very very useful documentation 🙂
Regards,
Vinaya
Thanks Vinaya 🙂 see you next week 🙂
Hi Alessandro,
Thank you for Preparing Such a Awesome Document. Very Helpful. 🙂
Thanks
,
Prateek
Hi Ale,
Can you share latest document of GRC 10.1 guide?
Regards,
Ram
Hi Ram,
you can find the latest documents provided from SAP under this path: SAP Access Control 10.1 – SAP Help Portal Page
Regards,
Dirk
Dear All,
Is there recommended sizing in terms of memory, disk storage and CPU for GRC Access Control 10.1 based on an actual running system?
We're planning to integrate 10 ABAP systems plus 1 portal system.
We have performed initial sizing analysis based on the GRC sizing guideline from SAP.
Any inputs from your actual experience is most welcome.
Thanks a lot,
Jen
Jen,
thanks for reaching out. What was the outcome from the sizing? Why you don't trust it? The memory, disk and CPU is calculated in regard to the numbers of users, roles, etc. and what you are going to use. Having 10 ABAP sytstems connected doesn't increase the sizing much if you just use provisioning. If you analyze roles and users on all systems connected this will require additional resources. I recommend to check what you are going to use (ARA; EAM; BRM; ARM) and for how many users/roles per connected system.
Regards,
Alessandro
Thanks Alessandro for the feedback. It's not that we don't trust. 🙂
We just wanted to validated with those who have actual experience with implementing and running a GRC AC 10.1 system if the guideline is really sufficient and if there's no surprise in the long run in terms of storage and performance.
Thank you.
Best Regards,
Jen
Hello Alessandro,
I have added my newdocument to the LDAP section. Your feedback about it would be really appreciated. Also I have added the two new documents of Artem Ivashkin.
Best Regards,
Zoltan
Hello Alesandro / Collen Hebber,
I have added a new document in a pictorial format on troubleshooting EAM Login issue, Can you please update the document in SCN so that, everyone can get benefited, thanks.
https://wiki.scn.sap.com/wiki/display/GRC/EAM+Login+Pictorial+Troubleshooting+Guide
Regards,
Vijay.
Hello Vijayakumar,
One of the best document on EAM troubleshooting guide.
Great work.
5 out of 5
Regards,
Rakesh M
thanks Rakesh will try to create more such documents in future too
Hi Vijay,
Excellent document on EAM troubleshooting.
Thanks a lot for sharing.
Regards,
Manju
Thanks Manju
Hi Alessandro,
I have one document created for EP Integration with GRC. Can this document be added to the above detailed list?
Enterprise Portal Integration with SAP GRC 10.0
Regards
Pradeep
Dear All,
I have added Escalation only on workdays in the MSMP workflow under the MSMP workflow section of the collection.
Best Regards,
Zoltan
Hi Experts.
Can any body tell what is procedure/ Steps should we follow to Decommission SAP GRC Access Control 10.0 System.
Any info is greatly appreciated.
Very informative. As i was new, thanks for the information on SAP S/4 HANA.
<a href="https://saponlinetrainings.com/sap-grc-online-training/
">sap grc online training</a>"