New Features in GRC AC 10.1

Hello GRC Mates,

Recently, new features are added into GRC AC 10.1 SP16 based on the customer feedback and also as part of continuous development. Please find some of the features here.

Firefighter logon Custom Validation

While login to the system for working on an emergency issue, the firefighter has to provide the reason code, description and actions that he is anticipating to perform. The Checks are designed in such a way that unless these data is entered, the user is not allowed to proceed further. But, there is no check on what kind of data that the user is entering as any data can be entered to proceed to the next step.

To prevent Firefighters from logging into the EAM dashboard with invalid actions, an enhancement is created. Now, after implementing the default implementation of the BADI, when a Firefighter logs onto the EAM dashboard, a check is made against the Actions field to accept only valid t-codes.

For further information on how to implement refer to SAP Note No: 2412360, 2404934

Authorization Check for Template Management

Currently, any user having access to the application link Template Management can edit, delete or create a template. There is no authorization check happening for Template Management.

With GRC AC 10.1 SP16, A new authorization object GRAC_RT is introduced to have a better control on Template Management. It contains the following fields.

GRAC_RQTYP    which controls the Request Type,

GRAC_TN            controls the Template Name and

ACTVT                   which supports activities 01, 02, 03 and 06

The Authorization object is assigned to the following delivered Roles with the following authorizations.

• SAP_GRAC_ALL (authorization: All)
• SAP_GRAC_DISPLAY_ALL (authorization: Display)
• SAP_GRAC_ACCESS_REQUEST_ADMIN (authorization: All)

For Further Information on How to use and implement this go to SAP Note: 2411199

Firefighter ID Review

Similar to UAR Review and SOD Review FF ID Review is introduced in SP16 which will handle similar review at FF ID level.

This functionality generates workflow for owners to validate the IDs owned by them. Based on the owner’s decision the workflow will move the request to controller for their confirmation. Once the FF controller confirms the FF ID removal from the user, GRC can automatically submit a FF ID removal request. A New Process Id is added into MSMP for Firefighter ID Review.

This functionality is part of GRC AC 10.1 SP16 and once it is updated to SP16, Refer SAP Note No: 2413723, 2414413

Invalid Mitigations

Invalid mitigations is a new feature introduced in SAP Access Control 10.1 SP 09. This features allows you to identify, deleted or extend the validity of expired Mitigation assignments.

It handles two types of invalid mitigations. They are:

1. When the assignment of mitigation control is expired and
2. When the user moved to a different position and the associated risk might no longer exist due to role removal.

With GRC AC 10.1 SP16, one more option is added to Invalid mitigation i.e., to change the mitigation monitor who is invalid.

For Further information and implementation of this feature refer to SAP Note: 2407256

Mass Import of Roles in Simulation

Earlier, the end user doesn’t have the ability to upload large number of roles for simulation. So, the end user has to add roles one by one for simulation.

Now Import Roles button has been added in the Roles tab of the User and Role level simulation modules, where the end-user can add large no roles all in a go by uploading through the excel sheet.

For Further information and implementation of this feature refer to SAP Note: 2392307

Archiving Action Usage Data

Action usage data adds lots of records to the table GRACACTUSAGE. This table grows large and hampers the performance of the GRC System.

To improve the performance for the GRC Processes a process has to been created to automatically archive action usage data.

For Further information and implementation of this feature refer to SAP Note: 2342544

For more features, enhancements refer to master note: 2369489

Regards,

Rakesh Ram M