Financial Management Blogs by Members
Dive into a treasure trove of SAP financial management wisdom shared by a vibrant community of bloggers. Submit a blog post of your own to share knowledge.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC 10/10.1/12.0 - Risk Terminator

madhusap
Active Contributor
‎02-22-2016 1:40 PM


Introduction

Risk Terminator provides a framework where Risk analysis can be triggered during User and Role maintenance activities using SU01, SU10 and PFCG directly in the plug-in system.

 

Key Concept

The Risk Terminator is a service that runs in the SAP ABAP back-end system and triggers automated risk analysis check when defined segregation of duties (SoD) access risks are violated during User or Role maintenance directly in the plug-in system..

Below are the configuration details to configure Risk Terminator.

GRC Configuration

In GRC system maintain the below configuration settings in the path: SPRO -> IMG -> GRC -> Access Control -> Maintain Configuration Settings



Plug-In System Config

Make sure that below mentioned User Exits exist in the plug-in system in the path: SPRO -> IMG -> GRC (Plug-in) -> Maintain User Exits for Plug-in systems. If they don’t exist, create the entries and save them.



In Plug-In system maintain the below configuration settings in the path: SPRO -> IMG -> GRC (Plug-in) -> Maintain Plug-In Configuration Settings.

  1. Connector Name maintained in Configuration Parameter 1000 in Plug-In system must be same as the connector name maintained in Configuration Parameter 1080 in GRC system.

  2. GRC Connector name must be maintained in Configuration Parameter 1001 in Plug-In system as shown below.



The Risk Terminator functionality can be applied to different business cases around user maintenance (creation and modification) and role maintenance (creation and modification). To simulate how risk analysis works for role maintenance and user role provisioning, I used below business scenarios. They are based on the configuration settings defined in the GRC system and the Plug-in system.


Risk Terminator Scenarios

Scenario 1: Testing role creation with conflicting Tcodes using PFCG.

Role Name: RT_TEST_ROLE

Tcodes: Conflicting Tcodes have been added as defined in our Rule set



Since the user exit before profile generation is also maintained, you can see from the below screenshot that “Risk Terminator” is triggered as the message shows “Checking for Access Risk Violations”.



Risk Violations will be shown as below



Risk Terminator Triggers during role assignment using PFCG as well



Scenario 2: Testing SU01 conflicting role assignment to users.

Before you test scenario 2 make sure to implement the below SAP note in your Plug-In system if your Basis Release is 701 as Risk Terminator is not working for SU01 and SU10.

 





Followed few SCN links in preparing this blog post.

GRC 10 - Risk Terminator

4 Comments
Popular Blog Posts
Top kudoed authors
View all