Skip to Content

Introduction

Multiple Rule set functionality in GRC can be used to determine the rule set to be considered while running risk analysis for the access request. “Request Header” and “Request Line Item” fields can be utilized for customizing the conditions in BRF+ multiple rule set application which will determine the rule set for the access request.


SAP delivers a predefined BRF+ Application and BRF+ rule mapping that can be utilized for customizing in GRC. You can use this BRF mapping as per your requirement to enforce the determination of different rule sets based on request parameters.


Requirement


Usually customers will have requirement to use multiple rule sets depending on different scenarios.


I was working for one of the client “A” and they merged with another client “B” and both wanted to use their own set of rules without combining them in the same rule set. Also they wanted to use their own “Request Types” for access request creation.


Client A – Rule set 1

Client B – Rule set 2


Solution


The MSMP Workflow Settings are integrated with BRF+ application Configurations


The configuration is available through the below mentioned path.
SPRO =>Governance, Risk and Compliance =>Access Control =>Maintain AC Applications and BRFPlus Function Mapping and check the mapping for application “Request Multiple Rule set”.


Under the Application Mapping, there is the Application ID: ‘Request Multiple Rule set’. The BRF+ Function for this App ID is maintained by default. The BRF+ rule is created to determine the Rule set based on request parameters.


We have customized Request Multiple Rule set rule according to our requirement. Following are the steps:


Configuration Setting 1


Parameter 1025 – Default Rule Set for Risk Analysis



Configuration Setting 2


SPRO =>Governance, Risk and Compliance =>Access Control =>Maintain AC Applications and BRFPlus Function Mapping and check the mapping for application “Request Multiple Rule set”.


Request Multiple Rule set is maintained and associated with MSMP Process ID “SAP_GRAC_ACCESS_REQUEST”



Configuration of BRF+ Application


Open BRF+ in “Expert Mode” and if you are not in Expert mode use “Personalize” button as shown below:



BRF+ Multiple Rule set application provided by SAP is “GRAC_BRFP_MULTIPLE_RULESET”



Open the Function of the Multiple Rule set BRF+ application and create a top expression as “Decision Table”. This decision table is the place where you define your Multiple Rule set rules.



We have used Multiple Rule set functionality based on “Request Type” as our requirement is based on Request Type rule set should be selected.


You can customize your requirements using both Request Header or Request Line Item fields  for rule set selection.


Save and activate your Decision Table, Function and Application and once completed use Function Simulation to verify the results.



Multiple Rule set Test Scenario


In order to validate the behavior I have created two GRC requests with Request Type 001 (New Account) and Request Type 002 (Change Account).

Audit Log of these requests shows which rule set has been considered while running risk analysis.


Request Number: 20

Request Type: New Account

Rule set: GLOBAL_N


Request Number: 21

Request Type: Change Account

Rule set: GLOBAL


Multiple Rule set functionality can be customized as per your requirements by creating different rules in the Multiple Rule set BRF+ application.

Thanks for reading

Looking forward for your valuable inputs in updating/improving the blog with all relevant details.

Best Regards,

Madhu Babu Sai

To report this post you need to login first.

8 Comments

You must be Logged on to comment or reply to a post.

  1. Rakesh Ram

    Hello Madhu,

    As always ,another excellent article from your side. Thanks a lot for sharing.

    I am not able to find the standard application

    GRAC_BRFP_MULTIPLE_RULESET

    can you help me with this?

    Regards,

    Rakesh ram

    (0) 
    1. Madhu Babu Sai #MJ Post author

      Hi Rakesh,

      Please try searching using the BRF+ function ID available in SPRO =>Governance, Risk and Compliance =>Access Control =>Maintain AC Applications and BRFPlus Function Mapping.

      Regards,

      Madhu

      (0) 

Leave a Reply