Hi,
GRC offers the approve by email option in stage of SAP_GRAC_ACCESS_REQUEST process, but it is not offered in some other stages, like in SAP_GRAC_FIREFIGHT_LOG_REPORT process.
Is there a workaround for this?
Kind regards,
Claudio
↧
Approve by email in any workflow process?
↧
Installation of GRC in ABAP Stack
Hi,
Is it Possible to Install GRC Component in ABAP Stack without ADS server?
Or
ADS server is primary preriqusite for this installetion.
Please suggest and guide me to install GRC component in System.
System is SAP Netweaver 740.
Regards.
Praveer.
↧
↧
Transporting MSMP configuration isn't 100%
I'm not sure if this is really an issue or not but I haven't found anything to say it's not. When I configure the development box and go into MSMP workflows to set it up, everything works fine and I create transports for the configuration. When this is transported to QA, I notice that the paths and stages have been transported, but my notification settings haven't.
I was wondering if this has been experienced by anyone else. I'm planning on having a new transport created for that configuration and moving that to see if everything gets moved. Please let me know if you've experienced otherwise.
Thanks,
Santosh
↧
GRC 10.0 BRM : Issue with Decision Table
Hello GRC mates,
I could successfully configure the following condition.
I built a condition where If I select a Composite role to be built in BRM it will go to approver 1 and if I select single Role to be built the request will go to Approver 2 for role approval based on condition group.
Now, My requirement is If I select Composite Role it has to go Approver 1 irrespective of any criticality of the role whereas for Single Role if the role criticality is HIGH it has to go to Approver 2 and If the role criticality is MEDIUM and LOW it has to go Approver 3.
Any screenshot on how to maintain the condition in a decision table please?
Thanks in advance.
Regards,
Deepak M
↧
GRC 10. BRM: Issue with settings in MSMP (SAP_GRAC_ROLE_APPR)
Hello GRC mates,
I am trying to configure BRF+ rules and integrate the same with MSMP for Role approver using the following document.
http://wiki.scn.sap.com/wiki/display/GRC/Implement+Condition+Groups+in+Role+Management
I defined two different methodologies and two approvers for single and composite roles in the decision table.
The methodologies are working fine.
When I am submitting the request for Composite Role for Approval, It is giving me a error in MSMP.
I didn't touch my MSMP Configuration part yet.
Please let me know what configuration do I need to maintain In rules, agents and paths tab in MSMP for role approval.
Did go through few threads but still many questions and confusion arising.
Looking for some help and explanation in this.
Thanks in advance.
Deepak M
↧
↧
Same ruleset is behaving differently in PRD & DEV - Why?
Hi Friends,
I am facing a strange problem. I customised ruleset, test them in DEV – working well.
I want to explain my problem with this example.
I ran user level risk analysis for risk-id “ZPTP_NEW1” in DEV and getting results. I replicate it to PRD system and repeated test but noting is coming up. Most of custom risk-id are working well in PRD but few of them are not returning anything, as I tried to explain.
I generated ruleset many times, ran sync jobs etc but no difference. Both systems are on SP16.
Note: To validate results I am using SUIM on source system.
Any idea/help please….. much appreciated. Thanks.
Regards,
Nasir
↧
GRC 10 ARM : Issue with MSMP request Submission
Hello GRC Mates,
I did configured ARM request for New Account.
After giving all the inputs, When I am clicking on SUBMIT button I am getting the following error
I don't want to assign any role. Please let me know what parameter should I maintain to overcome this.
Regards
deepak M
↧
HOW TO CONFIGURE MANAGER or APPROVER USER IN ACCESS REQUEST MANAGEMENT TO APPROVE OR REJECT REQUEST
hi sap gurus,
i configured grc 10 system successfully. I created one user: GR_AR_APP001 and assign following roles:
SAP_GRAC_ACCESS_APPROVER
SAP_GRAC_ACCESS_REQUEST_ADMIN
SAP_GRC_FN_BASE
SAP_GRC_FN_NUSINESS_USER
and I maintained GR_AR_APP001 in access control owners as "POINT OF CONTACT", "SECURITY LEAD" and "WORKFLOW ADMINISTRATOR"
but when i am creating access request for new user and defining MANAGER under user details tab as GR_AR_APP001.
the user GR_AR_APP001 is not receiving any request for APPROVE or REJECT in his WORK INBOX.
can u please guide me how to configure APPROVER or MANAGER to approve or reject request.
I will be very much thankful if you guide me successfully.
↧
SAP GRC AC 10 Workflow
Hi Experts,
I am new to GRC AC 10 and I need to configure workflow for various modules of AC.
How do I configure the same and are there any documents highlighting the various steps involved in the same.
Thanks,
Arjun
↧
↧
Integration of GRC AC 10 with SAP Netweaver Administrator
Hello All ,
I need to Integrate GRC 10 with SAP Netweaver Administrator. I need to configure workflows for New User / Change User / Delete User in GRC for Portal system ( SAP NWA ).
Can anyone help with some Documents which I need to follow for Integrating GRC with NWA .
Regards,
Rahul Muni
↧
security grc interview questions
1. What are the components of GRC?
2. What are the upgrades happened in GRC 5.3 from GRC 5.2?
3. Is it possible to have a request type by which we can change the validity period of a user? If possible, then what are the actions?
4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one?
5. What are the issues faced by you in ERM & CUP after golive?
6. Can we change Single roles, objects & Profile description through mass maintenance of role? If yes, how?
7. What are the prerequisites for creating a workflow for user provisioning?
8. How will you control GRC system if you have multiple rulesets activated?
9. Can we view the changes of a role, happened in PFCG, through GRC?
10. How will you mitigate a user against an authorization object which is decided as sensitive by Business?
11. Give an example of SOD with object level control & also decide the Risk implication from the Technical standpoint.
12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how?
13. What's the use of Detour path? How Fork path differs from Detour path?
14. How can you enable self password reset facility in GRC?
15. Can we have customized actions for creating request types in CUP?
16. Which SOX rules got inherited in SAP GRC?
17. How many types of Background job you are familiar with? Why Role/Profile & User Sync. job is required?
18. Where from can we change the default expiration time for mitigating controls? What's the default value for the same?
19. How will you do the mass import of role in GRC?
20. Explain the total configuration & utility of SPM?
21. Can we create Logical systems in GRC? If yes, how & what can be the advantages & disadvantages of the same?
22. Can we have different set of number ranges activated for request generation?
23. Explain, how can we create derived roles in ERM? What will be the significant changes in methodology for creating composite roles?
↧
Single Firefighter Workflow not completing
Hello SAP Community,
We have been working on an issue for 3 weeks on workflow's not being sent correctly. The strange thing is, we are getting most of our FFID workflow's to complete, but we are still missing a set that came from 4 Firefighter ID's. The user is able to request, get approved, and use the FFID. The Firefighter Logs are there, but when we search for them, the Controller logs are not appearing. Remember that this is only for some FFID's and not all.
We have tried running the Timebased Sync program, when we generate it says logs were found, workflow's generated. Again nothing in the controller logs. When we run it again, same number, and same result.
GRC Specs:
GRC 10.0 SP14
Notes implemented:
#2017105 - GRC EAM : EAM log review workflows should be sent for blank firefighter sessions as well
#2060165 - GRC EAM: Some of the firefighter log review workflows are not being generated
#2013288 - Firefighter log review Workflows is not getting generated sometime
↧
GRC 10.1 new functionalities
Hello,
Anyone saw a presentation of GRC 10.1? What about new functionalities? (in particular in AC)
It looks likes the ramp up will be available for customers from tomorrow...
Julien
↧
↧
Error when forwarding the request
Hi, After modifying the Access request by adding roles, and if I try to forward the request to a person (who isn't a approver in the workflow) I am getting this error in the front but in the backend the request is forwarded to the person. I have attached the screenshot.
PS. If I don't modify the request and forward, then its working fine (I get the confirmation message " the request has been forwarded").
Can any one please help me out. its not a authorization issue. is there any patch or any configuration needed to be done?
↧
GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning
Hi Gurus,
I have installed GRC - AC 10.0 and I want to configure EAM to allow automatically provisioning of Firefighter with following steps:
1. -In Access Management, AC Owners, FF ids, Controlles, Reason Codes are setup in advance
2. - I can create a manual Access Request for a Firefighter assignment and is functional without any issue
3. - Common workflow has been activated
4. - Email server has been configured and checked that can send emails
5. - In IMG -> GRC -> Access Control -> Workflow for Access Control -> Maintain MSMP Workflow I have activated SAP Process Id-s :
SAP_GRAC_ACCESS_REQUEST
using the default settings .
6. At Pct #5 Maintain Paths- Stage Definition- I have checked boxes - Approve by Email & Approve and I have Activated it.
Then, I create a access request again and no email is send it out to Owner.
In MSMP, in Pct #5, I have all for Process Id SAP_GRAC_ACCESS_REQUEST , I have left all 3 paths:
GRAC_MANAGER
GRAC_ROLEOWNER
GRAC_SECURITY
7. I have tried to activate other processes id-s:
SAP_GRAC_FIREFIGHTER_LOG_REPORT
SAP_GRAC_ROLE_APPR
however with the same result.
All my SPM Owners and FF-ids have email adress, how should I maintain their email in MSMP, as the documentation is confusing for me.
8. Then, at Point #3 - Maintain Agents - I have created a Z Rule where I have mapped directly the Account ID-s and I have assigned it in Pct 5 (Maintain Paths) and activated- without any result.
Thank You,
Marc
↧
Role Mapping For Portal Role Assignment and ABAP Role Assignment - GRC 10
Hello All
Can any one please tell me how an SAP Enterprise role and SAP ABAP technical role can be clubbed /mapped together for role assignment via ARM?
We are not using the business role concept here .. , so I need answers to achieve this functionality using the ABAP Dummy role concept.
I know people have does this before, but i needed more clarity on this approach.
Thanks in advance,
Uma
↧
SAP GRC Ruleset Migration from 5.3 to 10.0
Currently we have requirement for GRC 5.3 migration to 10.0 , ruleset we are using is GLOBAL. It also consists the custom risks and functions.
When we do the migration , we just want to ensure the custom risks and functions are not overwritten .. and want to use the new GLOBAL ruleset in 10 as well .. Can anyone suggest how to do this using the migration tool..
We would like to ensure we have new ruleset in 10.1 , which is Global and in addition the custom risks and functions from 5.3 added
↧
↧
GRC 10.0 Firefighter Log Review "Other Action"
Has anyone seen any documentation or know how to exand the choices in GRC 10.0 (SP08) Firefighter Log review? When controller reviews log, he can hit "submit" to approve. Our audit team would like other options ("revoke security" or "inappropriate action; should be reversed", etc). I do see "Other Action" but only offers "Hold".
Thanks in advance..
↧
What is the t-code for firefighter logon?
Sorry for the triviel question. Thanks!
↧
GRC 10 : EAM Logs are showing 'No Records'
Hello Experts,
I am working on GRC 10 EAM configuration at SP07.
The EAM Firefighting scenario is working on ie.Firefighter can login to backend R3 system and performed
FF activities but when i update the FF Logs GRC system doesnt show any logs in the system.
The logs are present in R3 system in STAD, CDPOS, SM20 etc.
The TIme Zones are same in both GRC and R3 system.
But Except Table GRACFFLOG.
NO other Log related table is getting updated after running log update Sync job successfully.
Please let me know if anybody has faced this issue or any advise on what is need to be checked.
Any help is much appreciated.
Regards,
Yatin Phad
↧