Quantcast
Channel: SCN : Popular Discussions - Governance, Risk and Compliance (SAP GRC)
Viewing all 1383 articles
Browse latest View live

GRC 10.0 Firefighter Data tables and their Auth Groups

January 8, 2015, 10:16 am
$
0
0

Hi All,

 

We are currently trying to secure the firefighter tables in our system for Audit and SOX purposes, for this we need the details of all the table in which the firefighter data resides(Owners, Controllers, Users, FF Assignment History).

 

Based on my GRAC*FF* search I found the below listed tables, would this be all where the firefighter data gets saved when you update the relevant screen in NWBC or am I missing any of the tables?

 

Table NamesTable Description
GRACCFFCTRLTText table for GRACFFCTRL table
GRACFFCTRLLock Object for Controller table
GRACFFCTRLGRPMaintain Controller Group and FF ID/Role Assignment
GRACFFCTRLGRPTText Table for GRACFFCTRLGRP table
GRACFFIDROLEFire Fighter ID Connector Role Relation
GRACFFLOGLock object for GRACFFLOG table
GRACFFOBJECTLock Object for GRACFFOBJECT table
GRACFFOBJECTTText table for Firefighter ID and Role details
GRACFFOWNERLock Object for table GRACFFOWNER table
GRACFFOWNERTFire fighter Owners
GRACFFREPMAPPLock object for gracffrepmapp table
GRACFFUSERMaintain SPM Firefighter Assignment to FF ID/Roles
GRACFFUSERTDetails related to FF ID or role assignment to Firefighter
GRACROLEFFLOGDetails related to Firefighter ID Log On Information
GRACV_FFIDROLEFire Fighter ID Connector Role Relation

 

It would be really helpful if any one can provide some documentation on these firefighter tables, listing out their what they are used for and what processes update these tables and what are the default SAP provided Auth groups restricting the access to them.

 

Thanks

Narsimha

Search

GRC 10 Documentation

September 15, 2012, 9:18 am
$
0
0

Hi Experts

 

I want to start studying for GRC 10 but I don't have any documents on this subject, and there is not much out there in regards this tool so can anyone help me out with this. I am starting from the beginning so would like details please, my reason for this is I want to peruse the accreditation for GRC 10

 

I know there is a course on GRC 10 but at £2600 a pop I am in no position to spend this until I have something to go on first.

 

I look forward to your reply's

 

Thanks

 

Mark

SAP GRC Access Control 10.x Cross System Risk Analysis

February 21, 2016, 11:36 pm
$
0
0

Hi,

 

I was hoping someone out there in SAP land could help us. We have read through all the notes and SCN discussions and are getting mixed messages on the answer to these questions.

 

1. Can a single connector be put into more than one connector group? For example, can an ECC PRD connector be put into a logicial group by itself and a cross-system group with another PRD connector?

2. If we designate a function as cross system will the risks associated with it only report conflicts between more than one system? For example, Risk ID F001 is comprised of AP01 and AR01.

 

AP01 contains action VA01.

AR01 contains action FB02.

 

VA01 exists in ECC and MDM.

AR01 exists in ECC.

 

If function AP01 is marked for cross system analysis will risk analysis ONLY shows cross-system risks that pertain to the function or will it also include a risk that occurs within ECC only (as in the above example)?

 

Also, if risk analysis automatically runs for ARM will it take cross-system into account?

 

Any help would be greatly appreciated!

Thanks,

Tracy

Review massive t-code whether has Org Level Restriction

February 19, 2016, 1:42 am
$
0
0

I was tasked to review all t-codes ( SAP standard and my company's custom Z t-code, total 1000+ ) whether the appropriate Org Level Authorization Check is in place.  i.e. if a user has access to a t-code, he could only run that t-code for his company code / organization.

 

I link the t-code with SU24 data, then check SU24 contains any authorization objects with Org Level field. However, the outcome is not accurate.

 

Is there any efficient way to scan those t-codes’ program to make sure Org Level restriction is in place?

Process Control - Sign Off

February 28, 2016, 9:05 am
$
0
0

Hello All,

 

I'm setup Sign Off workflow in GRC PC 10.0 SP13.

 

Post installation activities (overall event linkage configuration) seems OK. Also the role assignment to the organizations. Also the Sign Off flag into the organizations.

 

Once scheduled the Sign Off workflow everything is OK and the workflow in planner is completed without any errors

 

However no workflow is generated, no workitem is sended to the owner.

 

Any ideas?

 

Thanks.

 

Massimo

Restrict PSS questions to admin only in GRC 10.1

February 29, 2016, 9:36 am
$
0
0

Hello,

 

Can you advise of the way to restrict the PSS question to admin only.

 

 

As per the Snote 1600374 we can restrict PSS question to admin only in GRC 10, I am looking for a solution for GRC 10.1 SP 10.

 

 

 

Thanks,

Lakshmi

Firefighter Log - Posting Period Change Log for OB52

February 29, 2016, 7:06 am
$
0
0

Hello All,

 

I'd like to receive Firefighter change log info for Posting Period configuration changes that take place within OB52.  The change log for the corresponding table is active in ECC, but I am only receiving the Tcode history in the FF log, and I am not receiving which records were changed.  Can you help me get this configured properly?

 

GRC 10.0 SP13

 

Thanks,

Ken

Table related to Role & Role Owner in GRC AC 10

February 20, 2013, 1:42 am
$
0
0

Hi Expert,

 

I am looking for your advice.

 

In GRC AC 10 which table contain role & role owner name.

Search

GRC 10.0 Firefighter Log Review "Other Action"

August 13, 2012, 2:55 pm
$
0
0

Has anyone seen any documentation or know how to exand the choices in GRC 10.0 (SP08) Firefighter Log review?   When controller reviews log, he can hit "submit" to approve.   Our audit team would like other options ("revoke security" or "inappropriate action; should be reversed", etc).  I do see "Other Action" but only offers "Hold".

FFlogReview.jpg

 

Thanks in advance..

security grc interview questions

May 19, 2011, 10:43 am
$
0
0

1. What are the components of GRC?

2. What are the upgrades happened in GRC 5.3 from GRC 5.2?

3. Is it possible to have a request type by which we can change the validity period of a user? If possible, then what are the actions?

4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one?

5. What are the issues faced by you in ERM & CUP after golive?

6. Can we change Single roles, objects & Profile description through mass maintenance of role? If yes, how?

7. What are the prerequisites for creating a workflow for user provisioning?

8. How will you control GRC system if you have multiple rulesets activated?

9. Can we view the changes of a role, happened in PFCG, through GRC?

10. How will you mitigate a user against an authorization object which is decided as sensitive by Business?

11. Give an example of SOD with object level control & also decide the Risk implication from the Technical standpoint.

12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how?

13. What's the use of Detour path? How Fork path differs from Detour path?

14. How can you enable self password reset facility in GRC?

15. Can we have customized actions for creating request types in CUP?

16. Which SOX rules got inherited in SAP GRC?

17. How many types of Background job you are familiar with? Why Role/Profile & User Sync. job is required?

18. Where from can we change the default expiration time for mitigating controls? What's the default value for the same?

19. How will you do the mass import of role in GRC?

20. Explain the total configuration & utility of SPM?

21. Can we create Logical systems in GRC? If yes, how & what can be the advantages & disadvantages of the same?

22. Can we have different set of number ranges activated for request generation?

23. Explain, how can we create derived roles in ERM? What will be the significant changes in methodology for creating composite roles?

SAP GRC FI Standard SOD Matrix..

July 22, 2012, 6:22 pm
$
0
0

Hi Gurus,

 

Can you one guide me to find a Standard FI SOD Conflitcs matrix...

 

JC

GRC 10 : EAM Logs are showing 'No Records'

May 3, 2012, 5:48 am
$
0
0

Hello  Experts,

 

I am working on GRC 10 EAM configuration at SP07.

 

The EAM Firefighting scenario is working on ie.Firefighter can login to backend R3 system and performed

 

FF activities but when i update the FF Logs GRC system doesnt show any logs in the system.

 

The logs are present in R3 system in STAD, CDPOS, SM20 etc.

 

The TIme Zones are same in both GRC and R3 system.

 

But Except Table GRACFFLOG.

 

NO other Log related table is getting updated after running log update Sync job successfully.

 

Please let me know if anybody has faced this issue or any advise on what is need to be checked.

 

Any help is much appreciated.

 

Regards,

Yatin Phad

Notifications based on brf+ rules

March 2, 2016, 12:19 pm
$
0
0

Hello experts

 

Is there a way to send out notifications based on request attributes? We would like to send out a different closing email if the request contains certain roles. Is this possible? I've tried searching for the notification variables rule which is a rule kind, but I can't find exactly what I want.

 

Regards

Maria Alejandra Piedra

What is the t-code for firefighter logon?

April 3, 2009, 2:45 pm
$
0
0

Sorry for the triviel question. Thanks!

User Access Request: System field added

March 2, 2016, 3:23 am
$
0
0

Dear all,

 

I have the following escenario:


GRC is connected with many plugins systems. In addition there are arround 5 or 6 different systems where the Data Source of the users are retrieved. So for example if a Search - in GRC - for the last name Smith I get the same user from different systems (and maybe the same employee have different users in different systems)

 

So I have the following requirement: To know in the user access request form the system where the user exists. Please see screenshot below where the column System appears:

UserAccess_System.JPG

The objective is that the requestors are aware to which system the user belongs to.

 

Do you know whether this is something which could be customized? Does it requires ABAP programming?

 

Many thanks in advance,

 

Sara.

Search

GRC AC: User Data not pulled out from LDAP

March 4, 2016, 12:49 am
$
0
0

Dear all,

 

I am facing the following error.

 

We have the following scenario: The data source of our GRC system is a LDAP system

 

error1.JPG

 

So when we created an Access Request normally we expect the user data pull out is from the LDAP system.

 

error2.JPG

  So I search for users with an specific last name and I found several users into the LDAP system. So I pick up the user Z70194032.

error3.JPG

As you can see the data user is not pulled out.

error4.JPG

Any advise?

 

Many thanks,

Sara.

Role of a Security Consultant in an SAP implementation Project

May 20, 2009, 3:06 am
$
0
0

Hi All,

 

What is the role of a Security Consultant in an SAP implementation Project and the stages in which he is involved?

How to check role and authorization

May 1, 2010, 9:11 pm
$
0
0

Hi,

 

I have following questions and really hope you can help me.

 

1.Whether there are transactions or reports in SAP which will display all changes that has been done in User roles and authorisations assignments. For example, from the beginning the user had a limited authorisation, when it was changed to greater one? The same issue for the roles, assuming there were changes in role.

 

2.How can I test, whether the user has got a proper authorisation and can execute only the transactions he is supposed to do?

 

Thank you in advance

SAP GRC FI Standard SOD Matrix..

July 22, 2012, 6:22 pm
$
0
0

Hi Gurus,

 

Can you one guide me to find a Standard FI SOD Conflitcs matrix...

 

JC

Table related to Role & Role Owner in GRC AC 10

February 20, 2013, 1:42 am
$
0
0

Hi Expert,

 

I am looking for your advice.

 

In GRC AC 10 which table contain role & role owner name.

Viewing all 1383 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>