Hello,
I have tried doing the MSMP workflow configurations as per AC 10.0 Customizing Workflows for Access Management.pdf
But still i am not getting idea about what many things like, in 5.3 we configure stages, and we include multiple stages in one path.
Can any one explain in details how to configure stage and paths...
Regards,
Sumanth
Hi all,
I want to know the main difference between the service, dialog,communication users and also the procedure to create these users.Is there any difference in functinality wise.
Thanks,
Joseph.
Hi experts,
Looking for solution on how to implement PSS in GRC AC10 with the following option:
Steps are
1. User wants to reset his/her password.
2. Goes to NWBC Link
3. Put the user id
4. Clicks on < Forgot Password >
5. Security question is asked
6. User gets a mail in his/her mail box with a link to reset the password
Regards,
Sudha M
Hi experts!
I am working on GRC AC 10.1 SP 11 and we are facing an issue with access requests. When a request contains several roles for a user (a FireFighter user) and this request is approved, at the end, provisioning does not happen. In fact, if we search the request and we click on "Administration" button, we see this:
There is no dump (in GRC or ERP system) and no error message in SLG1 and in GRFNMW_DBGMONITOR_WD tcodes neither.
¿Any idea?
Thanks a lot!
Hi All,
We are currently trying to secure the firefighter tables in our system for Audit and SOX purposes, for this we need the details of all the table in which the firefighter data resides(Owners, Controllers, Users, FF Assignment History).
Based on my GRAC*FF* search I found the below listed tables, would this be all where the firefighter data gets saved when you update the relevant screen in NWBC or am I missing any of the tables?
| Table Names | Table Description |
| GRACCFFCTRLT | Text table for GRACFFCTRL table |
| GRACFFCTRL | Lock Object for Controller table |
| GRACFFCTRLGRP | Maintain Controller Group and FF ID/Role Assignment |
| GRACFFCTRLGRPT | Text Table for GRACFFCTRLGRP table |
| GRACFFIDROLE | Fire Fighter ID Connector Role Relation |
| GRACFFLOG | Lock object for GRACFFLOG table |
| GRACFFOBJECT | Lock Object for GRACFFOBJECT table |
| GRACFFOBJECTT | Text table for Firefighter ID and Role details |
| GRACFFOWNER | Lock Object for table GRACFFOWNER table |
| GRACFFOWNERT | Fire fighter Owners |
| GRACFFREPMAPP | Lock object for gracffrepmapp table |
| GRACFFUSER | Maintain SPM Firefighter Assignment to FF ID/Roles |
| GRACFFUSERT | Details related to FF ID or role assignment to Firefighter |
| GRACROLEFFLOG | Details related to Firefighter ID Log On Information |
| GRACV_FFIDROLE | Fire Fighter ID Connector Role Relation |
It would be really helpful if any one can provide some documentation on these firefighter tables, listing out their what they are used for and what processes update these tables and what are the default SAP provided Auth groups restricting the access to them.
Thanks
Narsimha
Hello,
Anyone saw a presentation of GRC 10.1? What about new functionalities? (in particular in AC)
It looks likes the ramp up will be available for customers from tomorrow...
Julien
Hi All,
What is the role of a Security Consultant in an SAP implementation Project and the stages in which he is involved?
Dear Experts,
I need you expert opinion on the Testing of Design for a control.
I am in midst of an GRC Process control 10 implementation. I have a question for having multiple test plan for a control (i.e. one for test of design and one of test of effectiveness)
For a SOX control, testing is performed in two parts as follows:
- TOD: Test of Design (In here we assess the design of the control)
- TOE: Test of Effectiveness (In here we assess the effectiveness of the control)
So based on the above underlying testing methodology for a control, we require to have two test plans for one controls, since the testing steps for TOD and TOE are different.
I am aware of the control design assessment testing in the planner. However, in scheduling a control design assessment a survey template is required.
I am not sure how it would take care of the TOD for a control, as in TOD we need to perform some testing based on the manual test attached to a control.
What I require is to schedule TOD for testing a control similarly to scheduling for testing effectiveness.
Please advice on how to perform test of design of a control.
Look forward to hear from you.
Regards,
Sahil.
Hi,
I have following questions and really hope you can help me.
1.Whether there are transactions or reports in SAP which will display all changes that has been done in User roles and authorisations assignments. For example, from the beginning the user had a limited authorisation, when it was changed to greater one? The same issue for the roles, assuming there were changes in role.
2.How can I test, whether the user has got a proper authorisation and can execute only the transactions he is supposed to do?
Thank you in advance
Hi Gurus,
Can you one guide me to find a Standard FI SOD Conflitcs matrix...
JC
Hello Experts,
Do we have any possibility of putting the validation in Access request in GRC 10.0?
Before submitting the access request, it should validate the data entered in certain fields for ex: If user selects the business process as Finance and sub process as Inventory control, user shouldn't be allowed to submit the request until user selects correct sub process under Finance.
Thanks in advance.
Hari
Hi all,
I want to know the main difference between the service, dialog,communication users and also the procedure to create these users.Is there any difference in functinality wise.
Thanks,
Joseph.
Hello All,
UAR generated data also contains the roles which are not assigned to users directly(roles are assigned to users thorough some composite roles also).
BG: We have some single roles that are assigned directly to users and same single role is assigned to a different users via composite role as well.
when we generate the data, UAR request has the complete list of users that the single role is assigned with(Direct and In-direct).
Ideally the UAR request should only contain the line items which are directly assigned right?
Could anyone please let me know if you ever had this issue and solved?
Please Suggest.
We are on GRC 10.1 and SP 8.
PS: i have tried to implement 1970118 - UAM : Expired and locked Users and indirect role assignment, and this cannot be implemented as well in our system.
Thanks
Rajeev Varma
Hi Gurus,
Can you one guide me to find a Standard FI SOD Conflitcs matrix...
JC
Hello,
Anyone saw a presentation of GRC 10.1? What about new functionalities? (in particular in AC)
It looks likes the ramp up will be available for customers from tomorrow...
Julien
Hi Experts
I want to start studying for GRC 10 but I don't have any documents on this subject, and there is not much out there in regards this tool so can anyone help me out with this. I am starting from the beginning so would like details please, my reason for this is I want to peruse the accreditation for GRC 10
I know there is a course on GRC 10 but at £2600 a pop I am in no position to spend this until I have something to go on first.
I look forward to your reply's
Thanks
Mark
Hi Expert,
I am looking for your advice.
In GRC AC 10 which table contain role & role owner name.
Hi GRC folks,
How can we increase the length of the fields mentioned below which are being auto-populated in the GRC request?
These fields are coming from the LDAP that is connected to GRC to retrieve user information.
The screenshot below shows incomplete information for the fields "Position" and "Business Area"
Thanks
Jasraj Ganeshan
Has anyone seen any documentation or know how to exand the choices in GRC 10.0 (SP08) Firefighter Log review? When controller reviews log, he can hit "submit" to approve. Our audit team would like other options ("revoke security" or "inappropriate action; should be reversed", etc). I do see "Other Action" but only offers "Hold".
Thanks in advance..
Hi All,
We need to remove the system option from ARM request.
In user access tab we have ADD button in that we have Role and System option.
Can any one guide me how to remove/disable this system option from ARM request.
I already tried below options.
1. Webdynpro personalization option but there is option to remove system from ARM request.
2. Removal of Create/Change actions from Request type is converting the request type as CHANGE REQUEST only.
I guess this can be possible only customization with ABAPer however this is my final option only.
System Info
GRC 10.0
Support Pack 19
With Regards
Trinadh Bokka