This document is a collection of the most useful SAP GRC Access Control documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Processes, Lifecycles and Responsibilities

GRC Systems Compatibility

/wp-content/uploads/2014/08/wiki_523916.png FAQ related to GRC Access Control 10.x Installation, Upgrade and Compatibility – Governance, Risk and Compliance – SCN W…

/wp-content/uploads/2014/08/wiki_523916.png Customer Influence – SAP Access Control 2015

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

A lot of help from my friends

If I had it to do all over: looking back on GRC 10 projects

Lessons learned from SAP GRC projects

Remediating Access Control SoD Risks

Internal Controls – a step towards strong controls

Defining Mitigating Controls / Compensating Controls

IT Control Testing – SOX Compliance

A #GRC tool is just part of the solution

It’s Just a Few GRC Ideas….Place

 

 

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

NWBC screen layout options for GRC

Customizing NWBC for New Menus with our own Transactions, Reports and Accessing SAP Backend Systems from NWBC

Configure LaunchPad for Menus

Customizing Access request and approval screens in GRC Access Control

Issues, Bugs in GRC SP13 – Related Fixes

/wp-content/uploads/2014/08/wiki_523916.png General tips to help in troubleshooting scenarios

/wp-content/uploads/2014/08/wiki_523916.png Access Control Debugging tips

SAP GRC AC 10.1 – Enhancements

How to delete roles, mitigation controls, users, and other informations from one connector

 

 

Product Support

GRC Product Support Monthly Newsletter

/wp-content/uploads/2014/08/wiki_523916.pngGRC Weekly News – Governance, Risk and Compliance – SCN Wiki

/wp-content/uploads/2014/08/wiki_523916.pngTop Ten – 2015 – Governance, Risk and Compliance – SCN Wiki

 

HR Triggers

/wp-content/uploads/2014/08/wiki_523916.png Understanding HR Triggers in Access Control 10.0 – Governance, Risk and Compliance – SCN Wiki

/wp-content/uploads/2014/08/wiki_523916.png GRC 10.0 – HR Trigger configuration – Governance, Risk and Compliance – SCN Wiki

Example of decision table for GRC 10 HR Trigger rule, using BRF+ tool

GRC Access Control – Compliant User Provisioning: HR Triggers

/wp-content/uploads/2014/08/wiki_523916.png Debugging HR Trigger – GRAC_HR_TRIGGER_EVENT_RECIEVER

/wp-content/uploads/2014/08/wiki_523916.png Debugging HR Trigger – Simulation

/wp-content/uploads/2014/08/wiki_523916.png Debugging HR Trigger – PA40 changes to infotypes

 

 

MSMP Workflows

AC 10.0 – Customizing Workflows for Access Management

MSMP – Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility

Escalation only on workdays in the MSMP workflow

 

 

BRF+ Configuration

Determining the Logic behind Decision Tables

 

 

LDAP

Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control

LDAP Group parameter mapping.. what does it mean?

Connecting SAP GRC AC 10.X to Microsoft Active Directory

GRC 10.x and LDAP management

GRC 10.x and LDAP management 2.

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Access Control with Identity Management (IdM)

SAP BusinessObjects GRC 10.0 Integration Guide – Access Control 10.0 and NetWeaver Identity Management

SAP Access Control 10.0 Interface for Identity Management

 

 

SAP GRC with SAP BPC

How to Assign SAP Business Planning and Consolidation Authorizations via the SAP Governance, Risk, and Compliance (GRC) Access Control Compliance User Provisioning Product

 

 

Access Risk Analysis (ARA)

ARA – For the new kid on the block

Rule set – Rules & Rule Types

Business Risks / Rule Set

Download, Modify and Upload the Access Risk Analysis Rule Set in SAP Access Control 10.x.

How to set up a Configurable Business Rule

Online vs. Offline Risk Analysis

Creation of Mitigation Controls in GRC 10.0

Organizational Rules in GRC Access Control

Mass change of Mitigation Assignments

SAP GRC AC 10.0 Alerting

/wp-content/uploads/2014/08/wiki_523916.png The Action Usage Sync job in technical details – GRC Access Control 10.0

/wp-content/uploads/2014/08/wiki_523916.png The Repository – GRC Access Control 10.0 

 

 

Access Request Management (ARM)

ARM – For the new kid on the block

AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls

Approve/Reject Own Requests

How to Change Subject Line in SAP GRC Email notification

Recommendations for using Business roles provisioning in access request

Configure Manager Look-Up in ARM for GRC 10

Role Search Screen Enhancement – GRC 10

Terminate Account – Request Process – GRC 10

Creating Access Request: Template Based Requests and Configuring End User Personalization forms for use with Access Requ…

GRC Request with both System and Role Line Items

Access Control 10 (ARM) – Risk Analysis Report Type is editable in Access Request.

Access Control: – Create Access Request Using Web Service in GRC10

Design Considerations to reduce Password Self Service (PSS) Intruder Risk

/wp-content/uploads/2014/08/wiki_523916.png User Access Review(UAR) Workflow Configuration and Description – Governance, Risk and Compliance – SCN Wiki

Direct vs. Indirect Role Assignment

EUP – Common Issues and Solutions, Important tables and takeaways

PSS – Common Issues and Solutions, Important Take Aways

SNC Name in Access Request

 

 

Business Role Management (BRM)

BRM – For the new kid on the block

Maintain Default Roles in BRM GRC AC 10.1

Role Import – GRC 10

Import Role from ECC to GRC system

/wp-content/uploads/2014/08/wiki_523916.png Business Roles concept and usability in GRC AC10

Enabling Business Role updates to existing assigned users

BRM Default Approvers via Condition Groups

BRM Role Methodology via Condition Groups

 

 

Emergency Access Management (EAM)

EAM – For the new kid on the block

Usage of EAM

EAM – Provisioning Strategies

EAM Utilisation and Log Review Process 

ID-Based Firefighting vs. Role-Based Firefighting

AC 10.0 – Centralized Emergency Access

Configure Emergency Access (EAM) in GRC 10

De-centralized EAM GRC 10.0

EAM – Approve through Wrokflow

Emergency Access Management Reporting

Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20)

EAM: Requesting emergency access via access request workflow in SAP GRC – step by step.

 

 

See also

SAP Process Control – Useful Documents, Blogs, Resources, etc.

SAP Risk Management – Useful Documents, Blogs, Resources, etc.

SAP Fraud Management – Useful Documents, Blogs, Resources, etc.

 

 

Legend

 

/wp-content/uploads/2014/08/document_523869.png SAP SCN Documents
/wp-content/uploads/2014/08/blog_523870.png SAP SCN Blogs
/wp-content/uploads/2014/08/wiki_523916.png SAP Wiki
Newly added document (Contributors: please select from Emoticons )

 

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro

To report this post you need to login first.

68 Comments

You must be Logged on to comment or reply to a post.

    1. Alessandro Banzer Post author

      Hi Colleen,

      personally I would say yes that make sense. I’ve just started yesterday as I missed such a document and had to search in SCN for some information and had a tough time. So I thought it make sense to have a collection also for newbies.

      Regards

      Alessandro

      (0) 
      1. Prasant Kumar Paichha

        Hello Can you add I document in BRM.

        Concept is when you have 3 systems landscape how you create role in development and how you move to qua and prd.

        basically the use of logical group and mapping of  action to connector.

        Regards,

        Prasant

        (0) 
  1. Prasant Kumar Paichha

    Hey Alessandro,

    Nice.. would you please add HR trigger as well.

    and There might be some other like integration to JAVA system for provisioning.

    Like Portal, BPC, LSO .Pleas einclude or else lets create.

    I have integrated to BPC,LSO,SPM(spend performance Mangement) and EP.

    And Integration with LDAP and how you map different field.

    Can we have Derived role in BRM.

    And i real time scenario how we connect so system when we have BRM in place . 

    Regards,

    Prasant K Paichha

    (0) 
    1. Alessandro Banzer Post author

      Hi Prasant,

      thanks for your feedback. I have added HR Triggers as a section. We can also add more sections for specific topics. Can you provide some links or even better update the document?

      Regards,

      Alessandro

      (0) 
  2. S A

    G’Day Alessandro,

    I just stumbled upon your documents and seriously you are a legend mate!!

    The sheer wealth of information you’ve got here is just unbelievable. I would like to sincerely thank you for taking the time to gather all this information and putting out here for the benefit of people like myself.

    I so wish there are more people like you out there who would share their knowledge rather than keeping it to them self. As Colleen pointed out in one of your blogs, the way you explain, esp using real life examples helps you stand out from others and makes it so much more easier for us to understand.

    Once again I truly appreciate what you are doing mate and Thank you.

    Regards,

    Leo..

    (0) 
    1. Alessandro Banzer Post author

      Dear Leo,

      wow.. many thanks for your great feedback. I am definitely not a legend I just believe that “sharing is caring” and what you give you will get back one day.

      Appreciate that you like my posts and hope you will enjoy reading my stuff also in the future 🙂

      Best regards,

      Alessandro

      (0) 
        1. Prasant Kumar Paichha

          hehe… now i learnt how to pay compliment in Australian way..Never been to that part may be coming vacation . i always dream to spend vacation at New Zealand.. may be this december Australia and New Zealand.

          I really liked the thought of AB( Alessandro Banzer) when i first worked on GRC 10.. i was not sure what i was going to do.. in fact first saw screen  at Switzerland at my client side. then posted few question and realized its not stable.. and SCN & Sap Support team helped me lot.. now learning new thing from reading peoples query.

          you may have done many implementation but every implementation may be different when it comes to client’s requirement.

          till today everyday is learning and SCN has everything in fact faster then SAP Support.

          AB: lets add more ..

          LDAP,

          Portal integration.

          Colleen: Do you have BRM stuff?

          Regards,

          Prasant

          (0) 
        2. S A

          Spot on Colleen! Its fair Dinkum Ozzie slang alright!

          Just finished reading your ‘NWBC screen layout options for GRC’ and I totally agree with you in regards to the layout. I like the 5.3 layout way better as everything is structured (All 4 modules are separate) and in a particular order, just the way I like things.

          However 10.x is all over the place. Having said that there are a few good things about the new layout too, so I was pondering how to get the best of both the worlds and thanks to your article and a couple of others I might just know how to go about it.

          Regards,

          Leo..

          (0) 
      1. S A

        Liking your ‘posts’ is an understatement Alessandro and yes I am enjoying reading your posts. In fact I’ve got the next week or so sorted thanks to all the documents you’ve got here.

        Cheers

        Leo.. 

        (0) 
  3. Frank Koehntopp

    Hi Alessandro,

    this is a great collection!

    Can I ask for some additions: I was researching access configuration to mobile apps last week, and this was really hard to find (it’s in a post somewhere). Maybe you can add links to those as well as the official product dosumentation, which seems to have moved around as well.

    Thanks,

    Frank.

    (0) 
  4. Fernando Bassuino

    Great job Alessandro!!

    Next step is creating a document for Process Control. 🙂 We have also a wiki page in GRC space just with debugging tips for technical people. It would be interesting to add it.

    Again, great work.

    Fernando

    (0) 
    1. Colleen Hebbert

      Fernando… you could add that to our project 😉

      As well as Risk Management and Fraud Management 🙂

      I forgot you had the debugging tips – that is definitely worth advertising!

      (0) 
  5. S A

    Hello Alessandro,

    I’ve got no idea why my previous message here went kaput but thought I’ll try again.

    Considering how often this document is getting updated and given its importance, I was wondering if it would help to put a time stamp and the change, at the end of the document every time something is changed/added.

    Most of the time it is glaringly obvious what has changed however there are times we have to go through the entire document a couple of times to figure out what was changed/added.

    The version comparison isn’t working either because of the sheer size of the document. Thought I’ll put it out there.

    Regards,

    Leo..

    (0) 
    1. Alessandro Banzer Post author

      Hi Leo,

      thanks for your feedback. It’s a pity that version comparison is not working as the document isn’t large either.

      I will come back to your query.

      Regards,

      Alessandro

      (0) 
        1. Colleen Hebbert

          Hi Mustafa

          I have just added the blog: SAP GRC AC 10.1 – Enhancements

          This one was written by Amit and goes through the differences between 10.0 and 10.1. Most of the other documents here are GRC 10.0 but for most parts capture 10.X.

          The list is a living document. If you discover new documents then please let us know. I think everyone has edit rights to this document. If not, add it to the comments and we can incorporate it.

          Regards

          Colleen

          (0) 
            1. Colleen Hebbert

              Hi Prasant

              I was under the impression that there were quite a few differences to 10.1 (such as simplified user access forms).

              BRF+ differences would be due to the change in Basis Stack (731 to 740) since BRF+ is not specific to GRC

              Regards

              Colleen

              (0) 
      1. S A

        Awesome Ale. It will definitely help scanning the document. Also looking forward to your document on Direct/Indirect role assignment. We’ve had quite a few problems with indirect roles being pulled into Model User, so I’ll send you the notes that fixed the issue. Maybe you can add it in your document so it could help others!!

        P.S: Just noticed you already added that document, so let me go through it and get back to you.

        Cheers

        Leo..

        (0) 
  6. Girish Almiya

    Hi Alessandro,

    Thanks you so much for accumulating all GRC documents in a single place.

    It’s really saving time in looking for GRC documnet in SCN and keep me more focus going through it.

    I’m also going through your firefighter blog which is awesome.I have actually became fan of yours in SCN.

    🙂

    Regards

    Girish Almiya

    (0) 
    1. Alessandro Banzer Post author

      Hi Girish,

      thanks for your feedback. Really appreciate. I’m trying to make it easier for everyone, also for me 🙂

      Looking forward to your contribution.

      Regards,

      Alessandro

      (0) 
        1. Alessandro Banzer Post author

          Hi Filip,

          have added your document to the collection. Thanks for your input. I will give feedback as soon as I find the time 🙂

          Thanks and regards,

          Alessandro

          (0) 
  7. Alessandro Banzer Post author

    Dear all,

    I have added a symbol ➕ to newly added documents (the symbol is selected from the smileys). For everyone contributing please attach the “plus” symbol to the new link so that it can easily be identified.

    Thanks for your contribution.

    Best regards,

    Alessandro

    (0) 
  8. Baithi Srinivas

    Dear Alessandro,

    It is always fresh look and inspiring more to learn with your collection and thoughts in your Blog

    really it is an wonderful idea.

    Regards

    Baithi

    (0) 
  9. Valentyn C

    Dear Alessandro,

    Can you also add here Howto guide “How to Assign SAP Business Planning & Consolidation Authorizations via the SAP GRC Access Control Compliance User Provisioning Product”? This is regarding BPC and GRC integration.

    Thanks,

    Valentyn

    (0) 
  10. GRC Admin

    Hi,

    The documents collaboration is very help full and use full for starters like me!

    Thank you very much

    Thanks

    GRC Admin

    (0) 
    1. Colleen Hebbert

      HI Pradeep

      Before its’ added to the list could you consider putting a bit of an introduction to the article and explain some of the steps. Right now this seems more of a Wiki step by step configuraiton guide.

      For example, in Step 11 are you able to explain where you got the field mappings from in case someone needs to map it differently or trying to solve an issue similar to what you are doing (just a guess there). This would add a lot more substance to your content

      Regards

      Colleen

      (0) 
        1. Prasant Kumar Paichha

          Hello Pradeep,

          i think you can also change initial screen as well, since thats not applicable anymore,

          like your WS navigator screen its different now in new versions.

          Regards,

          Prasant

          (0) 
  11. Sindhu Shet

    Thank you very much Allesandro for all the documents,

    Its really helpful and informative and as always SDN site is awesome with the experts like you, Colleen, Prashant , Madhu … in providing the expert guidance to resolve.

    I have resolved most of the issues just by browsing SDN site .

    Regards,

    Sindhu

    (0) 
  12. Basis Manilla

    Dear All,

    Is there recommended sizing in terms of memory, disk storage and CPU for GRC Access Control 10.1 based on an actual running system?

    We’re planning to integrate 10 ABAP systems plus 1 portal system.

    We have performed initial sizing analysis based on the GRC sizing guideline from SAP.

    Any inputs from your actual experience is most welcome.

    Thanks a lot,

    Jen

    (0) 
    1. Alessandro Banzer Post author

      Jen,

      thanks for reaching out. What was the outcome from the sizing? Why you don’t trust it? The memory, disk and CPU is calculated in regard to the numbers of users, roles, etc. and what you are going to use. Having 10 ABAP sytstems connected doesn’t increase the sizing much if you just use provisioning. If you analyze roles and users on all systems connected this will require additional resources. I recommend to check what you are going to use (ARA; EAM; BRM; ARM) and for how many users/roles per connected system.

      Regards,

      Alessandro

      (0) 
      1. Basis Manilla

        Thanks Alessandro for the feedback. It’s not that we don’t trust. 🙂

        We just wanted to validated with those who have actual experience with implementing and running a GRC AC 10.1 system if the guideline is really sufficient and if there’s no surprise in the long run in terms of storage and performance.

        Thank you.

        Best Regards,

        Jen

        (0) 

Leave a Reply