Hello GRC Mates,
Recently, new features are added into GRC AC 10.1 SP16 based on the customer feedback and also as part of continuous development. Please find some of the features here.
Firefighter logon Custom Validation
While login to the system for working on an emergency issue, the firefighter has to provide the reason code, description and actions that he is anticipating to perform. The Checks are designed in such a way that unless these data is entered, the user is not allowed to proceed further. But, there is no check on what kind of data that the user is entering as any data can be entered to proceed to the next step.
To prevent Firefighters from logging into the EAM dashboard with invalid actions, an enhancement is created. Now, after implementing the default implementation of the BADI, when a Firefighter logs onto the EAM dashboard, a check is made against the Actions field to accept only valid t-codes.
For further information on how to implement refer to SAP Note No: 2412360, 2404934
Authorization Check for Template Management
Currently, any user having access to the application link Template Management can edit, delete or create a template. There is no authorization check happening for Template Management.
With GRC AC 10.1 SP16, A new authorization object GRAC_RT is introduced to have a better control on Template Management. It contains the following fields.
GRAC_RQTYP which controls the Request Type,
GRAC_TN controls the Template Name and
ACTVT which supports activities 01, 02, 03 and 06
The Authorization object is assigned to the following delivered Roles with the following authorizations.
- SAP_GRAC_ALL (authorization: All)
- SAP_GRAC_DISPLAY_ALL (authorization: Display)
- SAP_GRAC_ACCESS_REQUEST_ADMIN (authorization: All)
For Further Information on How to use and implement this go to SAP Note: 2411199
Firefighter ID Review
Similar to UAR Review and SOD Review FF ID Review is introduced in SP16 which will handle similar review at FF ID level.
This functionality generates workflow for owners to validate the IDs owned by them. Based on the owner’s decision the workflow will move the request to controller for their confirmation. Once the FF controller confirms the FF ID removal from the user, GRC can automatically submit a FF ID removal request. A New Process Id is added into MSMP for Firefighter ID Review.
This functionality is part of GRC AC 10.1 SP16 and once it is updated to SP16, Refer SAP Note No: 2413723, 2414413
Invalid mitigations is a new feature introduced in SAP Access Control 10.1 SP 09. This features allows you to identify, deleted or extend the validity of expired Mitigation assignments.
It handles two types of invalid mitigations. They are:
- When the assignment of mitigation control is expired and
- When the user moved to a different position and the associated risk might no longer exist due to role removal.
With GRC AC 10.1 SP16, one more option is added to Invalid mitigation i.e., to change the mitigation monitor who is invalid.
For Further information and implementation of this feature refer to SAP Note: 2407256
Mass Import of Roles in Simulation
Earlier, the end user doesn’t have the ability to upload large number of roles for simulation. So, the end user has to add roles one by one for simulation.
Now Import Roles button has been added in the Roles tab of the User and Role level simulation modules, where the end-user can add large no roles all in a go by uploading through the excel sheet.
For Further information and implementation of this feature refer to SAP Note: 2392307
Archiving Action Usage Data
Action usage data adds lots of records to the table GRACACTUSAGE. This table grows large and hampers the performance of the GRC System.
To improve the performance for the GRC Processes a process has to been created to automatically archive action usage data.
For Further information and implementation of this feature refer to SAP Note: 2342544
For more features, enhancements refer to master note: 2369489
Rakesh Ram M