KBA Number	KBA Title
1804950	GRC RM 10.0- From Risk & Opportunity OIF submission of Issue
1705870	RABAX_STATE dump while creating a response in "Response and Enhancement Plans"
1803876	Maintain Analysis Profile dumps as "DYNP_TOO_MANY_RADIOBUTTONS_ON"
1784868	GRC 10.0 Email notification is not sent for Incident workflow
1722449	KRI alert email notification is sent without logo
1800920	How to set work inbox default query
1744953	Text message not translated.
1731254	POWL does not refresh automatically
1841359	Loss Event Approval task is not generated
1843598	KRI Implementation based on table KNB4 is throwing error "Data buffer exceeded; Table "KNB4" contains too many fields"

Please note, in order to view the contents of the Knowledgebase Articles (KBA), you will need to be logged into Service Marketplace.

See Also

Top 10 most viewed SAP KBAs for GRC

↧

2015

February 4, 2015, 10:58 am

Latest and popular articles on SAP ERP

≫ Next: GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

≪ Previous: Top 10 most viewed SAP KBA's for GRC Risk Management in January 2015

RELEASED NOTES AND KBAs

GRC-SAC-ARA

1986732 GRC 10.0: Risk Violations - Number of Analyzed Users

2099999 Remediation View screen shows blank while Risk Analysis

2113597 Tuning Organization Rules for better performance

2116171 Rule Set is not considered for Critical Role/Profile Risk Analysis

2117916 Incorrect status in Access rule detail report

GRC-SAC-ARQ

1791296 Note for SAP GRC AC PORTAL PI GRCPIEP in AC10 for NW 730/731

1806141 GRC 10.0: EUP not supported for Multiple Users requests

1973753 UAM: Incorrect default roles added into request

1982339 UAM: End user is able to submit request for business role with retain provision

2058184 Request with conflict and mitigation report not working

2069094 Fix related to User details, Default role, system description and unlock action type

2115282 UAM: Portal role name incomplete in audit log after provisioning

2116145 Fiori Check Request Status - Cancelled requests displays as "Pending"

2116262 UAM: Request approval possible with risks

2116829 Mass load of Business role assignments to users

2116843 GRC 10.0: Maintain Guided Procedures Gateway

GRC-SAC-BRM

2083724 Program GRAC_CHECK_BROLE_ASSIGNMENT does not exist

2117294 AC10.1 - Poor performance of Repository Sync

2117340 Default role import not working

2058957 Enable manual editing in EAM maintenance screens

2113707 Remove non working print button

2116307 Background job status does not change on RFC time out error

GRC-SPC

1899028 Notification goes to Owner if there is no deficiency in Sap Query Scenario in Automated Monitoring

1954054 Can’t Cancel Event Trigger Automated Monitoring Job

1988286 Currency amount issue error in ad-hoc query

2096980 Unreserve the work item for process control work items

1948002 PC task get reserved on Approver Delegation to a AC user

2117375 Navigate to Subprocess Tab into Organization details causes short dump

2117756 Risk template cut not reflected on sub process risks

2079702 PC10.1SP07: Dump in Evaluation Status Bar Chart

2104886 Reporting: Long running traverses of Process

1949265 GRC PC: How to enable multilingual test steps in test plan

1951090 Problem with period in a copy of recurring plan

2112383 Empty comments for assessments/surveys

GRC-RM

2114201 Risk OIF - create new risk with Influenced risks - error on save

2114360 Bow tie builder - entering big number causes dump

2116408 Risk OIF - Start risk validation in one click

2117409 WF monitor application for managers - activation/deactivation

2117687 RM reporting - performance improvement of KRI instance reports

2118235 Risk template cut - related local risks remains locked

2118325 Deleted loss events are shown in the "Loss Event Structure" dashboard

1847859 Reporting: More detail logging of errors in reporting engine

2117051 Reporting: Performance improvement when processing merged nodes

2117742 Number of losses and/or loss events in the dashboards are not correct

2118287 Response Upload: Wrong risk check

RELATED INFORMATION

2094723 Consolidated Note for SAP Access Control 10.0 Master Note

2096196 Consolidated Note for SAP Access Control 10.1 Master Note

2104086 Consolidated Note for Process Control 10.0 Master Data

2105791 Consolidated Note for Process Control 10.1 Master Data

↧

GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

February 9, 2015, 9:02 am

Latest and popular articles on SAP ERP

≫ Next: GRC Weekly News - 01/26/2015

≪ Previous: GRC Weekly News - 01/19/2015

GRC 10.1 How Reassign functionality works in Emergency Access Management in GRC Access Control

1. Reassignment of Owner Id’s to Firefighter Id’s
2. Reassignment of Controller Id’s to Firefighter Id’s
3. Reassignment of Firefighter Id’s to Firefighter User and vice versa

Reassign Functionality has been introduced due to the Organizational changes and replacement of one user by another in the organization.

Suppose due to some organizational changes in the company one user has been replaced by another user.

Or else some user left the organization and he was the Firefighter Owner/Controller of multiple firefighter Ids.

So to avoid the effort of making changes one by one , the Reassign functionality has been introduced in GRC Access Control 10.1 which replaces the old user by new one and thus save your effort in one shot.

CAUTION: The functionality is intended to use by the Admin user only because the admin user should have the authorization to make changes in the existing assignments.

Firefighter Owner, Controller ,Users and Id’s should not be given any such authorization to make changes in the existing data.

Example:
Owner A having Firefighter ID 1 and 2
Owner B having Firefighter ID 3
On Reassigning Owner A with Owner B, the Owner B should get Firefighter ID 1, 2 and 3 assigned
Owner A shouldn’t be available in the POWL but fresh assignments can be done on Owner A

The same functionality works for Controller , Firefighters and Firefighter ID links.

Note: On reassigning new Owner to any Firefighter ID, the same Onwer ID should gets updated automatically in the Owner Column of Firefighters link assignments.

Find the detailed step by step screenshots below:

The POWL screens of Owner, Controller, Firefighters and Firefighter ID’s links in GRC application are provided with Reassign button.

In Owner link, select the existing Owner-Firefighter ID assignment and click Reassign button.

Make sure you get confirmation popup with options Yes/No

In the Reassignment Screen, the Owner ID text field should be blank and all the already existing firefighter ID’s to that owner ID should be available in the table below.

Select the new Owner ID using F4 help and click on Save button.

Now in the POWL screen, there should be multiple entries/lineitems for that new replaced Owner ID corresponding to the number of assigned Firefighter ID’s.
The others line items are available on scrolling down (not included in screenshot)

On opening this Owner, it should have all the Firefighter ID assigned which includes his own old assignments and new assignments from the other user.

Related code fixes/notes on similar area:

2108258 - EAM 10.1, functionality of reassign button on FFID screen
24644 - Reassign should validate the current value at FFuser screen

↧

GRC Weekly News - 01/26/2015

February 11, 2015, 11:24 am

Latest and popular articles on SAP ERP

≫ Next: Portal Integration with GRC10.0-Issues,Notes

≪ Previous: GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

RELEASED NOTES AND KBAs

GRC-SAC-ARA

2119685 Add multiple client support for data load for Role Search

2104079 While copying a role in role mitigation, the role name which contains ampers

2113066 Role level Risk Analysis not working for input with '*' in them

2116308 CX_SY_CONVERSION_OVERFLOW error while running role simulation with include user

2117916 Incorrect status in Access rule detail report

2120491 Text incorrect for a check box in the Risk Analysis simulation screen

2120686 T-Code search is slow while opening a function

2121438 GRAC_DELETE_REPORT_SPOOL doesn't delete all data

2121521 Mitigation on Business Role Level does not work

2122162 Analysis Criteria section does not collapse

GRC-SAC-ARQ

1168508 Compliant User Provisioning 5.3 Support Package (VIRAE)

1907636 UAM: Distribution list as role onwer was not supported in UAR jobs.

1976652 Repository sync job is deleting business role assignment data

2056973 UAM: Incorrect provisioning action is displayed when roles are selected from existing assignments

2068412 UAM: Approval action not working correctly for mapped role

2096567 UAM: UAR request are displaying indirectly assigned derived roles and incorrect

2108896 UAM: Role range in role import is not considered

2110815 Copy multiuser request not working correctly in case of multiuser request

2118201 UAM: Re-login required when clicking role name from existing assignments

2119463 UAM: 'Add comment' hyperlink not available during request approval

2119407 UAM: Incorrect validity dates when business role is added in the simplified access request

2120231 UAM: Submission notification variable not filled correctly for business role

2120438 UAM: Dump while adding business role to access request

2121176 UAM: User group not provisioned while creating/changing user in CUA

2122128 User Defaults error: "Entry ALL does not exist in GRFNCCICONNECTOR (check entry)"

2122132 HR Trigger error "Roles not present in request. No request can be created."

2122134 MSMP Notification Agent of type "PFCG User groups"

2122147 Approval error: "Line item comments are mandatory for rejection for assignment"

2122152 SAP Enterprise Portal SSO does not work for the GRC notification variable links

GRC-SAC-BRM

1897889 Job Status empty after deleting the role in background.

1971192 "Role Search” is not consistent with role search in “Roles by Owners and Approver" report

1987973 The “List of Approvers” check box is not enabled

2031203Option to add org value map name is not available in naming convention for derived roles
and Enhancement implementation is not called

2045102 Description for single role is empty when import is manually

2045597 Role Comparison is Incorrect on Actions for Roles with no transactions

2050347 Role Comparison - role and landscape link work incorrect

2100042 Critical Roles/Profiles create in ZH can't be display in EN

2103555 Useless spaces in authorization Error message in role search

2109444 Language not considered while fetching role description during role import.

2115671 AC10.1 SP04: GRAC_ROLED object check issues

2117294 AC10.1 - Poor performance of Repository Sync

2117340 Default role import not working

2118711 GRACUSERROLE table not getting updated

2120396 Unable to import Non PFCG role

GRC-SAC-EAM

1902228 Irrelevant GRC TCodes are showing in transaction logs

1962440GRC EAM - Change Log Collection Performance Enhancement

1988760 Remote login is happing with FFID without using Fire Fighter application

2015290 FFuser and controller canont be same person via Emergency access request

2026907 Invalid Super user report Inconsistency

2118517 Firefighter ID description is coming blank in access request

2119915 GRC 10.1 EAM: Add button on firefighter assignment screen in inactive

2118517 Firefighter ID description is coming blank in access request

2122027 How to identify the workflow generated for a given FFID session?

GRC-SAC-UAR

2090183 UAM: Incorrect request type action display in template based request

2103580 UAM: Multiple UAR request generate UAR role rejection for single request

GRC-SAC-UPG

1731987 GRCPINW V1000_731 Install/Delta Upg/SP on SAP_BASIS 731

GRC-SAC-WF

2009630 UAM: Company attribute is not available in BRF rule structure for Role Approval

GRC-FRA

2118928 Collective Note Error Corrections for DU SAPFRA_CM_FND Fraud Management 1.1 SP05

2119471 HANA Rules Framework Support Package 2 in Fraud Mangement SP5 verwenden

2118244 Performance Improvement for Claim Facette UI

2120209 Network Analysis Doesn't Show Navigation Targets

2121072 SAVE in Decision Fecett of the alert details is not working

GRC-SPC-AC

1869786 Currency Conversion not working for BRF+ in AMF

1902686 Conversion routine does not work in Programmed rules

1917806 Value for column comes blank for change log check scenario

1930781 Adhoc query on table TSTC do not return results in data source

1972490 Currency field value is not displayed correctly in Adhoc query

2048491 Exception List is not editable for Multiple Deficiency

2096980 Unreserve the work item for process control work items

GRC-SPC-AD

2120661 Policy Attachment is Not Attaching in PDF Survey in correct form

GRC-SPC-AP

1948002 PC task get reserved on Approver Delegation to a AC user

GRC-SPC-IU

1912569 Problem in upgrade at step GRPC_30_2010_UPG_P1_LOCAL_CHG

GRC-SPC-MD

1914305 Multi Language support issues

1923467 Duplicated issues on Issue Status Report

2025068 GRPC_PSTEP_SYNCHRONIZE creates delinkage of objects at local level

2032790 Frequency is not updated when control type is changed to Event based

2120592 The replacement functionality dumps for some users

2119204 Valid From date of Sub Process with respect to the Timeframe selected.

GRC-SPC-MT

2121735 Custom Defined Field is not enable when Remediation Plan is editable

GRC-SPC-PR

2112810 Copy function of ad hoc issue management does not work

GRC-SPC-RE

2010446 Control Test of effectiveness Dashboard report does not show complete data

2083218 Column Owner displays only one user

2109409 How to debug the reporting engine for Process Control and Risk Management

2113340 Dump when searching for Organization unit in Policy Profile

GRC-SPC-SA

1777657 Policy survey result report shows time in UTC

1897216 Remediation Plan populated the incorrect user

2031859 Sorting does not work as expected after filter is used in Planner

2070990 Applog handling for OWP inbound processing

2119746 Error in Sending Surveys due to invalid E-mail address of recipient

2120558 Checkman error SP09

2121796 This note is technically required to be implemented and avoid delta in 'Role Assignment' correction

GRC-SPC-SC

2065101 Organization maintenance is not possible for the user with ability to do subprocess assignment

2119901 Authorization check on Plan Activity field in Planner Monitor

GRC-RM

1657668 Checkman error in migration tool

2109176 Authorization check for analysis create displays description instead of the name of the risk

2118237 New IMG entry - Activate Work Inbox Task Grouping

2120642 Popup window with error when deleting loss event

2120510 Reporting: Multiplicated results for non-power user in LEM hierarchical reports

2119756 Checkman

2120121 Reporting: Authorization check improvement

2113131 Interface Note for Enhanced Risk Graphic View

2120552 Risk change history - underlying risks

2120819 Risk change history - attachments and links

RELATED INFORMATION

2094723 - Consolidated Note for SAP Access Control 10.0 Master Note

2096196- Consolidated Note for SAP Access Control 10.1 Master Note

2104086 - Consolidated Note for Process Control 10.0 Master Data

2105791 - Consolidated Note for Process Control 10.1 Master Data

↧

Portal Integration with GRC10.0-Issues,Notes

March 27, 2015, 5:11 am

Latest and popular articles on SAP ERP

≫ Next: UAR(User Access Review) in GRC10 Access Control:Common issues,Notes

≪ Previous: GRC Weekly News - 01/26/2015

Let me share my experience in the form of document,

May be topic (Portal Integration with GRC10.0) is not new but might be useful for others who are going for same assignments.

It is not a latest assignment for us to document all exact issues, but try to document whatever we faced majorly.

We have started with help of below links which are open to everybody

Enterprise Portal Integration with SAP GRC 10.0

We have gathered the information about plug ins from below NOTE

1603438 - GRC AC 10.0 EP Plug-In (JAVA), supported NW Versions

After creating the Connectors we have followed the below NOTE for configuration in SPRO

1607232 GRC 10.0 Enterprise Portal Configuration

Please make sure the below settings should be correct

Maintain the Logical port for WS connector
Attach both the connectors (WS and SPML) to AUTH, PROV and ROLMG scenario-Make sure connectors names are correct
Maintain group field mapping correctly
We need to give SPML RFC and schema as SAPprincipals.in Synchronization Jobs > Fetch IDM Schema.

We have faced some challenges while running synchronization jobs

Portal security created some roles with special characters for administrator purpose (easy identification) and user id’s with Zero, like 0Art1CZ, 0Bah4ST.

We have followed the below NOTEs

1841549 - Portal issue with special characters

1833649 - UAM: Portal Users Starting with ZERO (0*) are not synced up

We have faced performance issue while running Repository Object Sync, the below KBA solved issue

1848113 - How to increase the performance syncing objects from portal to GRC

Repository job completed but roles are not sync

The below KBA will also help us if NO DAT FOUND in SCHEMA UPDATE

1857609 - GRC10.0: Portal roles/profiles not syncing

We need to run sync job for SCHEMA,as mentioned in the NOTE

1607232 GRC 10.0 Enterprise Portal Configuration

We can check the status of imported schema by using table GRACIDMSCHEMABUF from SE16 in GRC system.

If any issues while fetching schema into GRC,then follow the below NOTEs

1848215 - Cannot fetch the IDM schema for the EP SPML connector.

2033753 - AC10.0: Unable to Fetch IDM Schema for EP

Mostly the issue will be with connector id, Please make sure to use Portal connector that ends with "_SPML" when running the Schema job.

If portal roles are not provisioning to user,though all configuration settings are correct then check the below Notes

1838692 - Portal role provisioning not happening

1825879 - UAM:Provisioning to mapped user is not working in portal UME

If groups are not getting assigned then follow the below NOTE

1840613 - Groups are not getting assigned to users on Portal

If any error occurs while running risk analysis for portal roles implement the NOTE

1852566 - Portal Roles Risk Analysis does not work properly

Some of the old threads for more information and issues::

GRC PC 10.0 Enterprise Portal Configuration Guide- http://scn.sap.com/thread/3230036

Compatible Portal Version for GRC 10: http://scn.sap.com/thread/2110735

GRC10 End User Front-end: http://scn.sap.com/thread/2059477

SAP GRC 10 - Integration with Enterprise Portal for User Access Assignment : http://scn.sap.com/thread/3682941

Enterprise Portal Integration with SAP GRC 10.0: http://scn.sap.com/docs/DOC-61262

Role Mapping For Portal Role Assignment and ABAP Role Assignment - GRC 10: http://scn.sap.com/thread/3678168

User sync and provisioning issue in EP - GRC 10: http://scn.sap.com/thread/3595488

GRC AC 10 (RAR/CUP/ERM) configuration for EP system: http://scn.sap.com/thread/2073635

SAP GRC 10 Integration with NW7.4 Portal: http://scn.sap.com/thread/3676056

May be some more issues which are not able to re collect,if any i will add into same page.

if anyone faced issues,they could share and we can include in same page.

Regards

Baithi

↧

UAR(User Access Review) in GRC10 Access Control:Common issues,Notes

April 1, 2015, 8:05 am

Latest and popular articles on SAP ERP

≫ Next: SAP Customer Influence Program - Collection for SAP GRC

≪ Previous: Portal Integration with GRC10.0-Issues,Notes

Purpose of the document:

This document describes the UAR (User Access Review) configuration in GRC10 Access Control and some common issues. We have Wiki documents in SCN for configuration and troubleshoot UAR issues, along with existing information I have documented(collection of issues and notes) the common issues in UAR and related solution notes to keep everything in same page for easy search.

I hope it will be helpful for who are looking for UAR configuration and if any related issue occurs.

For UAR workflow configuration and troubleshoot refer the below WiKi links

User Access Review (UAR) Workflow Configuration and Description:

Wiki Document: http://wiki.scn.sap.com/wiki/x/foi-Eg

For Troubleshoot

Wiki Document: http://wiki.scn.sap.com/wiki/x/IYEcF

Make sure the below points/settings are mandatory for UAR (User Access Review)

(1) Prerequisite Jobs need to be executed, in sequence, as follows:

Repository Object Synch /GRAC_ROLEREP_ROLE_SYNC
Repository Object Synch /GRAC_ROLEREP_USER_SYNC
Action Usage Synch /GRAC_ACTION_USAGE_SYNC
Role Usage Synch / GRAC_ROLE_USAGE_SYNC

(2) Role Methodology verification:

Verify that all the roles have been assigned to a methodology in 'Business Role Management'.

(3) Reviewer Verification:

Verify that the role owners have been assigned to roles or role users have a manager assigned from the data source system.

(4) Verify Mandatory Configurations:

Verify that the following configuration parameters have been maintained in the IMG.

Run transaction SPRO, then go to IMG > SAP Reference IMG > Governance, Risk and Compliance-->Access Control-->Maintain Configuration Settings

parameter id = 2004 (Request Type for UAR)
parameter id = 2005 (Default Priority)
parameter id = 2006 (Who are the reviewers?)

(5) Verify Coordinator Assignments:

Verify that a coordinator has been assigned to the reviewers (role owner/manager). The coordinator assignment can be viewed from Coordinator and Reviewer Mapping screen.

Go to NWBC work center Access Management --> Compliance Certification Reviews --> Manage Coordinators

(6) User Access Review workflow job:

Verify that the task "Update Workflow for UAR request" has been executed from the background scheduler screen or the program GRAC_UAR_UPDATE_WORK FLOW has been executed.

If update workflow job does not trigger then check the below NOTE

1732890 - GRC 10.0 - Update Workflow for UAR request job does not trigger the workflow

(7) Verify Request Review:

Verify that all the requests are approved by the administrator from Request Review Screen.

Go to NWBC work center Access Management --> Compliance Certification Reviews --> Request Review.

Note: - This will only apply, when the 'Admin Review' is configured. (In IMG, Governance, Risk and Compliance-->Access Control-->Maintain Configuration Settings (parameter id = 2007))

Most common errors when using user access review, different dumps

1955397 - Background jobs fail with SYSTEM_NO_ROLL error message in ABAP dump

1620493 - GRC 10.0 UAR Background Job stuck

2062769 - UAR update workflow job dumps in case of huge data

1879104 - UAM: Getting dump while scheduling UAR request with huge data

1980305 - UAM: UAR report dumps when role usage data is huge

1780760 - Accessing the UAR request results in DUMP.

1977399 - UAM: UAR status report throwing dump.

2044946 - UAM: Dump is coming while forwarding UAR Request

If number of backend systems are connected to GRC system, not able to generate UAR request

2066113 - UAR requests not getting generated for some systems

While submitting UAR request if error occurs 'Submission failure of request“ or 'No active version exists for process SAP_GRAC_USER_ACCESS_REVIEW'

Then check below NOTE

1620495 - GRC 10.0 UAR - Submission failure of request

If created variant is not working for UAR review then check below NOTE

2042714 - UAM:Save variant not working for UAR request

If any error with“Incorrect Request Type configuration for UAR Request“then check below NOTE

2040454 - Unable to generate UAR due to Incorrect Request Type configuration for UAR Request

If UAR request screen is empty for approver to approve, then check below NOTE

1938863 - UAR Review - No content to approve when approver opens the UAR request from inbox

If the button 'Cancel Rejection' does not appear to approver, then check below NOTE

1768509 - The button 'Cancel Rejection' does not appear in User Access Review request

If error occurs while forward the request to a Reviewer with Return option, then check below NOTE

1988128 - UAM: Missing line items with forward and return in UAR

Sometimes users full details not shown in UAR request, it is basically issue with connector, check below NOTE

2053211 - Full name of some users is not shown in UAR request

If we are using two stages of approvals for UAR request then we need to maintain approval type as Complete request in both stages, otherwise approver cannot see details at second stage, check below NOTE

1907938 - UAR - User and Role details are not visible in request

We need to make it visible Escalation parameter in UAR request history report, otherwise we will get No record found message will appear in UAR request history report, check below NOTE

1805804 - UAR: No record found message in User Access Review History Report

Check the below NOTE for importance for View by field in UAR request screen

1867208 - How to understand what controls the “View By” field in the UAR Request Screen

Why Generate data for access request UAR review job status is “In Progress”, check below NOTE

2038346 - UAR/SOD jobs do not finish and keep 'In Progress' status

If only partial data in Audit log, then check below NOTE

2037408 - Audit log is showing partial data for UAR request

If no audit log for SAVE in UAR, then check below NOTE

1947373 - UAM:Unable to make comments mandatory & audit log for save in UAR

If request shows indirect roles and wrong usage count, check below NOTE

1910670 - UAR Request shows indirect roles and wrong usage count

Some of the old threads for more information on User Access Review:

UAR Review: http://scn.sap.com/thread/3719805

GRC10 - UAR using BRF+ Agent Rule: http://scn.sap.com/thread/2104971

GRC 10 UAR - Different UAR Approvers: http://scn.sap.com/thread/3297507.

Generates data for access request UAR review: http://scn.sap.com/thread/3276890.

User Access Review Workflow - GRC 10: http://scn.sap.com/thread/3535425

GRC AC V10 - UAR config steps: http://scn.sap.com/thread/2063607.

GRC 10.0 User Access Review-user details not showing in description: http://scn.sap.com/thread/3332003

SAP GRC10 - UAR Review: http://scn.sap.com/thread/2116399

GRC 10 UAR tables: http://scn.sap.com/thread/3721729

Please share or add if any new issues/errors occurs while working with UAR(User Access Review) ,so that we will include in the same page for easy availability.

Regards

Baithi

↧

SAP Customer Influence Program - Collection for SAP GRC

April 1, 2015, 1:38 pm

Latest and popular articles on SAP ERP

≫ Next: Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

≪ Previous: UAR(User Access Review) in GRC10 Access Control:Common issues,Notes

Dear all,

SAP Customers Influence program gives you the opportunity of collaborating closely with SAP development teams in development projects. To emphazie important ideas we have collected the most importants to get your support and your subscription. As this program closes shortly we encourage you to review and subscribe as soon as possible.

Influence program from GRC can be found here: https://influence.sap.com/ct/c_ent_homex.bix?level_id={811F71D3-900C-45FA-9AE7-A8545B9BF94C}&a=OD5979

Most important ideas

Mitigation Control Assignment vs Access Request

https://influence.sap.com/D8577

BRM - Deletion of Roles/Deactivation of roles process has to be improved

https://influence.sap.com/D8382

Set a maximum time span for delegation

https://influence.sap.com/D8609

Provision roles as they approved

https://influence.sap.com/D8367

Handling of Acesss Request Management while system are not available (e.g. inspection windows)

https://influence.sap.com/D8338

Role validity period is not considered for risk analysis in access request

https://influence.sap.com/D8318

Fire Fighter ID Review (Similar to User Access Review)

https://influence.sap.com/D8137

Intergrate ST03N transaction usage statistics into access risk analysis

https://influence.sap.com/D7213

Provide a tcode like SU10 to make mass changes to FF owners and controllers, Role Approvers, etc.

https://influence.sap.com/D7638

UAR - No Export Function

https://influence.sap.com/D7367

GRC - ARQ - Multi-User Requests Should Have Removals Per Users

https://influence.sap.com/D7640

AC 10.1 Roles Search / Mass update - Enhance search criteria by 'Between'

https://influence.sap.com/D8114

Mass Update Business Role Assignments

https://influence.sap.com/D8574

Thanks for your support in advance.

Best regards,

Alessandro & Madhu

↧

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

October 1, 2014, 7:03 am

Latest and popular articles on SAP ERP

≫ Next: GRC Document Collaboration Topics

≪ Previous: SAP Customer Influence Program - Collection for SAP GRC

The motivation to write this document comes with the Community Collaboration for GRC Blogs and Documents project that we have started recently in the GRC space. Leo (S A) has requested a document that elaborates which tools and transactions are used by a GRC consultant. I have extended the request to also name some programs and tables I regularly use to complete my job. The following listing will give you an overview of transactions, tools, programs and tables used by a GRC consultant. Each table is sortable by clicking on headings.

Transactions

Transaction	Description	Key Area	Why is this useful?	Further details, links, etc.
NWBC	Launch Netweaver Business Client	All	launch NWBC HTML. You will need to have work centre roles assigned or build you own.
SPRO	Customizing	All	Self explanatory - configuration entry point for both GRC and plug-in systems
GRAC_UPLOAD_MIT_ASGN	Upload Mitigation Assignments	ARA	Upload a huge number of mitigation (user, role, profile) in one shot. You can either append your current mitigations or overwrite. Program GRAC_UPLOAD_MIT_ASSIGNMENTS.	Mass change of Mitigation Assignments
GRAC_DWLOAD_MIT_ASGN	Download Mitigation Assignments	ARA	Download a huge number of mitigation (user, role, profile) in one shot. Program GRAC_DOWNLOAD_MIT_ASSIGNMENTS.	Mass change of Mitigation Assignments
GRFNMW_CONFIGURE_WD	MSMP Workflow Configuration	WF	MSMP Workflow Configuration - standard view (web dynpro will launch)
GRFNMW_CONFIGURE	MSMP Workflow Config Expert	WF	SAP GUI expert mode to configuration workflow configuration. Do not use this transaction if you not familiar or strong with MSMP configuration as you will risk corrupting your build. This is useful if you need to retransport or transport all of the MSMP in one go as you can select it like an IMG table.
GRFNMW_DBGMONITOR_WD	MSMP Instance Runtime Monitor	WF	Comprehensive view of the workflow execution for MSMP evaluation including Stage/Path calculation, provisioning notes, notifications and agents. This is useful for an Administrator to track issues with an MSMP after a request has been submitted.
SWDD	Workflow Builder	WF	Unlikely you will need to go into this transaction as the Worfklows for SAP are out of the box and MSMP is used. You can identify the MSMP integration from here.
SWIA		WF	SAP standard workflow. This will allow you to check the current Workflow and Task numbers. If the MSMP Instance Runtime shows the workflow is completed but SWIA is not completed then there is an issue with the workflow configuration. Check Marketplace incase there is a correction.
GRAC_ROLE_MASS_IMPRT	Mass Role Import from Backend System	BRM
GRAC_SPM_CLEANUP	Cleanup EAM Application Data	EAM	Program to clean up EAM tables.
GRAC_EAM/GRAC_SPM and /GRCPI/GRIA_EAM	EAM Logon Pad	EAM	For centralized firefighting, you use GRAC_EAM to open the EAM Launchpad on the GRC system. For decentralized firefighting, you use /GRCPI/GRIA_EAM to open the EAM Launchpad on the plug-in systems. The launchpad for centralized firefighting displays all the plug-in systems to which you have access. The launchpad for decentralized firefighting does not display any systems because it allows you to access only the current plug-in system.
GRAC_UPLOAD_RULES	Upload Access Control Rules	ARA	This is available in the IMG navigation and allows you to import the rule set. Note, if you have workflow activated for you ruleset it will not trigger workflow.
GRAC_COPY_RULES	Copy Access Control Rules	ARA	Utility for copying SOD rules from one system to another of same type.
GRAC_RULE_DELETE	Delete Access Control Rules	ARA	This is available in the IMG navigation and allows you to delete the rule set. Note, if you have workflow activated for you ruleset it will not trigger workflow.
GRAC_DOWNLOAD_RULES	Download Access Control Rules	ARA	This is available in the IMG navigation and allows you to download the rule set. Recommend you save a selection variant with the file name and paths so you do not have to continually maintain them.
GRAC_GENERATE_RULES	Generate Access Control Rules	ARA	This is available in the IMG navigation and allows you to mass generate the rules. You can also execute this via NWBC, however, this program would allow you to schedule in background via SM36/37
GRAC_RULE_TRANSPORT	Transport Access Controls Rules	ARA	This is available via IMG navigation and allows to mass transport the rule set.
GRAC_EXPORT_RA	Export Risk Analysis Data (e.g. when the file is too big for the web)	ARA	Program to download the results of the risk analysis to a local file.
GRAC_BATCH_RA	Risk Analysis in Batch Mode	ARA	This is available in the IMG navigation and triggers the program for you to schedule batch risk analysis. Ensure your configuration parameters are set
GRAC_GENERATE_RULES		WF	Build MSMP rules (usually BRF+). Refer to comment below for creating application first.
GRAC_GEN_ERM_BRFRULE		WF/BRM	Build the BRF+ Rules for BRM role methodology and approval conditions groups. Note, before running to to BRF+ and create a shell application that has been assigned to a transport and activated. Use this application in your definition. If not, it gets created in $TMP
BRFPLUS	BRFplus Workbench	WF	Alternative transactions: BRF+ and FDT_Workbench. You can maintain the BRF+ rules here and transport through to Production.
STZAD	Customizing Time Zones	BC	Discuss with Basis before making any changes to timezone as it can impact EAM log collections, etc.
SLG1	Display Application Logs	BC	Application log display. It is useful to track error messages. Most GRC authorisations errors will show in the application log
SE61	SAP Documentation (Email templates, etc.)	All	Document maintenance.
SE63	Translations	All	This transaction enables you to directly translate individual objects.
SCPR20	Activate BC Sets	Basis	Activation of BC Sets.	Activate BC Sets - Business Configuration Sets (BC-CUS) - SAP Library
PPOM	Maintain Organizational Plan	Basis	Maintain Organizational Plan
SOST/SOSB	SAPconncet Send Requests		Check if there has been an issue with sending on email notifications or reprocess requests. Transaction SOSB can be restricted to limited functionality.	Tcode SOST
SCOT	SAPconnect Administration	Basis	Configuration of SAPConnect. Discuss with your Basis team. Take care in enabling in Non-Production environment so you do not accidentally send emails to users and add confusion. If enabled for Non-Prod, recommend you put dummy email addresses on the user accounts.
ST01/STAUTHTRACE/ST05	System Trace		Trace for an application server. ST01 is useful for authorisation checks and include database calls, kernel and RFC. STAUTHTRACE is new version for security tracing with ALV functionality and drill down (heaps easier to intepret than ST01). ST05 comes in handy to trace SQL calls to find the table where information has been stored.
SM12	Enqueue Locks	Basis	You can access this in display mode only. It can be a quick way to find which tables your data is stored in. Go into the NWBC screen in change mode so it puts a lock on the tables. Open a new session and go to SM12 to find the tables.
STAD	Display Statistics for all systems	Basis	EAM FF logs import STAD information
SCC4	Client Administration		Ability to change client setting to enable cross-client changes. Do not make changes to these settings without discussing with Basis. Depending on your landscape strategy you may need to maintain some IMG settings directly in the client (such as integration framework)
SNOTE	Note Assistant	BC	Import and apply SAP Notes. You will need to check with your company's policy for note application responsible. If you have not applied and OSS note before, it is strongly recommended your talk to your developer or Basis to learn about pre-requisite and post-processing activities. In some cases, a developer key will be necessary.
SE01/SE09	Transport Organizer	BC	Manage your transports
SE16 / SE16N	Data Browser		Transaction to easily browse thru data tables.
SM01	Lock Transactions	SEC	Lock transaction to prevent users (even if authorised) from executing the transaction. Usually security is responsible for this activity.
SM36	Schedule Background Jobs	BC	GRC Access Controls uses a job scheduler via NWBC. SM36 jobs for connector sync,etc can be set up via SM36
SM37	Overview of Background Jobs	BC	Allow you to view background jobs. All jobs runtimes will show here, even if scheduled via NWBC.
SA38	ABAP Reporting	ABAP	Execute SAP ABAP programs.
SE38	ABAP Editor	ABAP	Program Editor
SE80	Object Navigation	ABAP	SAP Development workbench, most development functionality is available from this transaction.
SE37	ABAP Function	ABAP	MSMP SAP standard rules are usually function modules. You can look at the code if you want to better understand what is being evaluated. Also comes in handy for break point if you need to debug.
SE24	ABAP Class	ABAP	useful if you need to check the code and add a breakpoint to a method
OOCU	Task Customizing
BD54	Logical Systems	Basis	RFC connections have to be defined as a logical system (usually same name) to then reference in the integration framework configuration
SM59	RFC Destinations	Basis	RFC Configuration
SM66/SM50	Workprocess	Basis	View the number of background work process available to define as part of the integration framework for background job processing
SUIM		SEC	User Information Reporting system
S_BCE_68001426	Transactions for User	SEC	Report shows a list of all transactions assigned to a user. This is a very helpful report to identify critical transactions as user has access to.
S_BCE_68001418	Roles by Role Name	SEC	Report to find roles by complex selection criterias. This report can be used to find roles by description, etc.
S_BCE_68001419	Roles by User Assignment	SEC	Report shows a list of all roles assigned to a user. This is very helpful to have an overview of all authorized roles a user have.
S_BCE_68001420	Roles by Transaction Assignment	SEC	Reports shows a list of all roles that includes a specific transaction. This is very helpful to easily find possible roles to assign a transaction.
SICF	HTTP Services	BC	Discuss with Basis and Security before activating these as it poses a security risk. If you receive a 403 Forbidden error in NWBC it means a service needs to be activated for the webdynpro. You can also test the services here. For PSS/End User Login screens, the SICF services need to be configured with the Service Account Username and Password stored
GRAC_REP_OBJ_SYNC	Object Rep Sync	All	User + Role + Profile Synchronization Job
GRAC_USER_SYNC	User Sync	All	User Synchronization Job
GRAC_ROLE_SYNC	Role Sync	All	Role Synchronization Job
GRAC_ROLE_USAGE_SYNC	Role Usage Sync	All	Role Usage Synchronization Job
GRAC_ACT_USAGE_SYNC	Action Usage Sync	EAM/ARA	Action Usage Synchronization Job
GRAC_PROFILE_SYNC	Profile Sync	All	Profile Synchronization Job
GRAC_AUTH_SYNC	Auth Sync	All	Authorization data Synchronization Job
GRAC_SPM_SYNC	EAM Sync	EAM	Emergency Access Management Master Data Synchronization Job
GRAC_SPM_WF_SYNC	EAM Workflow Synchronization	EAM	Emergency Access Managmement Workflow Synchronization Job
GRAC_SPM_LOG_SYNC	EAM Log Sync	EAM	Emergency Access Management Log Synchronization Job
GRFN_STR_DISPLAY / GRFN_STR_CHANGE	Org Structure Expert Change	All	These transactions show all the relationships between objects in the structure considering the timeframe of each object and the timeframe of the relationship. Both are considered super transactions which are really sensitive. They are exclusive GRC transactions to check Objects Hierarchy. The point of GRFN_STR_CHANGE is that within this transaction you can change master data that you could not using UI. It means that the structure change transaction is not recommended as you can cause severe data inconsistency in the system if you use it without knowing it.
PFCG	Role Maintenance	Basis	Role maintenance to create and edit roles.	5 Role Maintenance in PFCG - SAP NetWeaver Business Client - SAP Library
SU01	User Maintenance	Basis	User maintenance
SE16	Data Browser	Basis	Data browser to view/add table data
SM30/SM31/SM34	View Maintenance	Basis	SE16 and SM30 essentially give direct access to tables information. SM30 is restricted in a way that you cannot use the SM30 interface to view all the tables. Only tables with a maintaince dialog defined can be accessed through SM30. But there is no restriction on the access to tables in SE16 as long as u have access to the authorization group pertaining to the table you will be able to access the information through SE16.
GRFNMW_ADMIN	MSMP Power User / Debug	WF
GRFNMW_CN_VERA	MSMP Process Active Version Maint.	WF
GRFNMW_DEBUG	MSMP Process Debug Settings	WF
GRFNMW_DEBUG_MSG	MSMP Process Debug Messages Settings	WF
GRFNMW_DEV_CONFIG	MSMP Development Configuration	WF
GRFNMW_DEV_RULES	MSMP Rule Generation / Testing	WF
GRFNMW_GEN_VERSION	Generate Versions for MSMP Config	WF	Generate version is useful to run after you import a transport (post processing activity) instead of going into MSMP screen to activate.
GRFNMW_MONITOR	MSMP Workflow Monitoring	WF	Monitoring of the MSMP Workflow statistics.
GRAC_ENDUSRFORM_SICF	End user form SICF service
GRAC_FFOBJ_DSC_MAINT	Maintain EAM FF Object Description
GRAC_FFOBJ_DSC_MNT1	Firefighter Object Maintenance
GRAC_IDM_SCHEMA_SYNC	IDM Schema Update
GRAC_DATA_MIGRATION	AC10 Data Migration		Program to migrate data from an earlier version.
GRAC_DELETE_REPORT_S	Delete Report Spool data
GRACRABATCH_MONITOR	Batch Risk Analysis Monitor		This program is used to monitor the execution status of a running batch risk analysis.
GRAC_ALERT_GENERATE	Alert Generation		Program that generates alerts.	SAP Access Control 10.0 Alerting
GRAC_BATCH_RA	Risk Analysis In Batch Mode		Offline analysis is not real-time data but is dependent on the date of the last Batch Risk Analysis. The Batch Risk Analysis is run as background job in GRC by using transaction GRAC_BATCH_RA (program GRAC_BATCH_RISK_ANALYSIS).	Online vs. Offline Risk Analysis
WD_TRACE_TOOL	WebDynpro Tracing	Basis	The Web Dynpro trace tool supports the analysis of problems and errors arising in Web Dynpro ABAP, by collecting and listing the data related to the Web Dynpro ABAP application.	Web Dynpro Trace Tool - Web Dynpro for ABAP - SAP Library

Programs

Program	Description	Why is this useful?	Further details, links, etc.
PRGN_COMPRESS_TIMES	Program to merge the assignments of identical users and roles, provided the validity periods overlap with one another or immediately follow each other. Also you can delete expired assignments.	Very helpful to easily delete expired assignments or to clean up the assignments after a system copy. Please note that this program should not be run if you have ARQ in place for business roles provisioning.	Before Initial Load ...
TZCUSTHELP	Troubleshooting Support for Time Zone Settings		Timezone changes best practices - Basis Corner - SCN Wiki
TZONECHECK	Check Time Zone Data for Consistency		Timezone changes best practices - Basis Corner - SCN Wiki
RSLDAPSYNC_USER	Synchronization of SAP User Administration with an LDAP-Compatible Directory Service		Synchronization of SAP User Administration with an LDAP-Compatib - Identity Management - SAP Library
GRFNMW_BATCH_EMAIL_REMINDER	Job User to send Email reminders to approvers based on number of days and frequency
GRFNMW_BATCH_STALE_REQUEST	This program was useful for deleting non-actionable old requests from the system as housekeeping activity
RSCONN01	This job used for sending email (and other types of communication items)
/GRCPI/GRIA_DNLDROLES	Download roles data for mass import
GRAC_CHECK_BROLE_ASSIGNMENT	The program checks the consistency of business roles assigned to user. The report fetches all the business roles assigned to user and then gets list of single roles that are part of those business roles. Then repository is checked to see that all the single roles which are part of business roles are assigned to user with correct validity and relation.	Inconsistencies can be identified easily with a single report.	http://service.sap.com/sap/support/notes/2036088

Tables

Table	Description	Why is this useful?	Further details, links, etc.
GRACREVREJUSER	UAR Rejected Users
GRACREJREASON	UAR Rejected Reasons
GRACREJREASONT	UAR Rejected Reasons Texts
USR02	User Logon Data
GRACOWNER	Master Table for Central Owner Administration

Other tools

Tool	Description	Why is this useful?	Further details, links, etc.

I am really looking forward to your input to extend the listing.

Best regards,

Ale,Col& Madhu

↧

GRC Document Collaboration Topics

August 22, 2014, 8:40 pm

Latest and popular articles on SAP ERP

≫ Next: SAP Process Control - Useful Documents, Blogs, Resources, etc.

≪ Previous: Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

Hi All

If you are wondering what this document is all about then please refer to: Community Collaboration for GRC Blogs and Documents - you will find an overview of what this community collaboration is about and the rules on how you can contribute. You are still encouraged to write your own blogs and documents without participating in this process (it would be nice if you could update this document to let the community know you are working on something).

You are also welcome to be both the person who suggests the topic and the author. This can advertise you are working on the topic and hold yourself accountable to a deadline that the community is aware of.

Remember: Add a row below the 3rd row of the table to included your suggestion. Please do not change the first three heading rows as these rows indicate the title and a short summary of the content below. When including your name, please include your SCN profile as a hyperlink (easiest way to open your Profile in a new browser tab and copy the URL)

DateSuggested	Suggested By	Document Type	Idea	Author	Date Due	Assistance?	Name	Link to item	Moderator and reason for rejection
Step 1: Requester to Complete				Step 2: Author to complete			Step 3: Option (collaborator to complete)	Step 4: Author to Publish	Moderator and Coordinator Override
DD/MM/YYYY	Your SCN Profile URL	blog or document	Title or topic idea	Your SCN Profile URL	DD/MM/YYYY	do you want any assistance? If yes, summarise (input, review, etc)	Your SCN profile URL	SCN document or blog link	Moderators or Coordinators to advise if topic is not appropriate.
27/08/2014	Alessandro Banzer / Colleen Lee	Document	Analysis of the SAP delivered rule-set - do you accept as it is? Do you build your own or do you do something in between?
13/09/2014	Colleen Lee	Document	Business Role Management - overview and use of the methodology customisation
13/09/2014	Colleen Lee	Blog	Business Role Manager - What are the benefits and issues with using BRM and integrating with ARA and ARQ?
02/10/14	S A	Document	PSS - Best practices, pitfalls to avoid and things to consider while enabling PSS?	Colleen Lee	12/10/2014	Reviewed by S.A, Alessandro & Gretchen		Design Considerations to reduce Password Self Service (PSS) Intruder Risk	Approved
02/10/2014	Colleen Lee	Blog	BRM - discussion use of profile generation to distribute role to different systems vs system transports	Alessandro Banzer	12/12/2014	Input from Susanne Obrist-Niederer (Susanne is a highly experienced authorization consultant with several international projects in her backpack).
02/10/2014	Colleen Lee	Document	Summary of the GRC Org structure - which sections apply to AC, PC and RM and any tips on integration with ERP
30/10/2014	Darnell Suggs	Document	Link or Page to latest Configuration and Integration Documents for GRC AC 10.1 similar to SAP BOBJ AC 10.0
21/11/2014	Alessandro Banzer	Document	Usage of EAM - appropriate and inappropriate usage and its dangers	Alessandro Banzer	30/11/2014	Reviewed by Alessandro & Colleen		Usage of EAM	Approved
02/03/2015	Alessandro Banzer	Document	Differences of direct and indirect role assignment	Alessandro Banzer	06/03/2015			Direct vs. Indirect Role Assignment	Approved

↧

SAP Process Control - Useful Documents, Blogs, Resources, etc.

August 28, 2014, 2:15 am

Latest and popular articles on SAP ERP

≫ Next: SAP Risk Management - Useful Documents, Blogs, Resources, etc.

≪ Previous: GRC Document Collaboration Topics

This document is a collection of the most useful SAP GRC Process Control documents, blogs, resources, links, etc. here in SCN.

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Risk Management and Process Control 10.0 Content Starter Kits

SAP BusinessObjects GRC 10.0 Integration Guide – Access and Process Control 10.0

General opinion and thought-leadership

Are you ready to implement GRC 10?

SAP BusinessObjects Process Control 3.0 Implementation Checklist

Using RiskBusiness Content with GRC Risk Management and Process Control 10.0

SAP Business Objects Process Control 10.0 Automated Monitoring Overview

SAP BusinessObjects Process Control 3.0 Expert Guidelines, Tips, and Techniques to Successfully Implement SAP BusinessOb…

How To's

SAP BusinessObjects Process Control 3.0 and Risk Management 3.0 How to Enable Additional Survey Capabilities

SAP BusinessObjects Process Control 3.0 Reports Description

SAP BusinessObjects Process Control 3.0 How-To Choose the Best Technique for Master Data Uploads

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

General tips to help in troubleshooting scenarios

Debugging tips

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

Extended Workflows

Configuring Workflow E-mail Notification

CLM and MDUG

GRC Process Control 10.0: Content Lifecycle Management

Reports and Dashboards (RE)

How to Customize and Enhance reports in PC and RM

Automated Monitoring (AM)

How to set up a Configurable Business Rule

SAP Business Objects Process Control 10.0 Automated Monitoring Overview

Legend

	SAP SCN Documents
	SAP SCN Blogs
	SAP Wiki
	Newly added document (Contributors: please select from Emoticons )

Please help in updating the collection so that new users can get a well structured overview for their information.

Best regards,

Alessandro& Fernando

↧

SAP Risk Management - Useful Documents, Blogs, Resources, etc.

August 28, 2014, 2:18 am

Latest and popular articles on SAP ERP

≫ Next: SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

≪ Previous: SAP Process Control - Useful Documents, Blogs, Resources, etc.

This document is a collection of the most useful SAP GRC Risk Management documents, blogs, resources, links, etc. here in SCN.

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Risk Management and Process Control 10.0 Content Starter Kits

Overview of SAP BusinessObjects Risk Management 10.0

General opinion and thought-leadership

Are you ready to implement GRC 10?

Using RiskBusiness Content with GRC Risk Management and Process Control 10.0

How To's

SAP BusinessObjects Process Control 3.0 and Risk Management 3.0 How to Enable Additional Survey Capabilities

SAP BusinessObjects RM 3.0 Quantitative Risk Analysis v1.0

Risk Management 3.0 Architecture Requirements

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

General tips to help in troubleshooting scenarios

Debugging tips

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

Bow-Tie Risks

Integration with Bow-Tie Builder in Risk Management 10.0

Risk Aggregation

Risk Aggregation in RM 10.0

Integration

RM 10.0 Integration of Activity and Process Control local Sub processes

Legend

	SAP SCN Documents
	SAP SCN Blogs
	SAP Wiki
	Newly added document (Contributors: please select from Emoticons )

Please help in updating the collection so that new users can get a well structured overview for their information.

Best regards,

Alessandro& Fernando

↧

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

August 28, 2014, 10:53 pm

Latest and popular articles on SAP ERP

≫ Next: SAP Access Control - Useful Documents, Blogs, Resources, etc.

≪ Previous: SAP Risk Management - Useful Documents, Blogs, Resources, etc.

This document is a collection of the most useful SAP Fraud Management documents, blogs, resources, links, etc. here in SCN.

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

General opinion and thought-leadership

Are you ready to implement GRC 10?

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

General tips to help in troubleshooting scenarios

Debugging tips

Fraud Management

SAP Fraud Management 1.1 – SAP Help Portal Page

SAP Fraud Management - Governance, Risk and Compliance - SCN Wik i

SAP Fraud Management@HANA

Extended Anti-Corruption Content with SAP Fraud Management Release 1.1 SP01

SAP Fraud Management Released with New SAP Audit Management Solution

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

Video tutorials

Video Tutorials for SAP Fraud Management

High Risk Rule

How to Create a High-Risk Country Rule

Legend

	SAP SCN Documents
	SAP SCN Blogs
	SAP Wiki
	Newly added document (Contributors: please select from Emoticons )

Please help in updating the collection so that new users can get a well structured overview for their information.

Best regards,

Alessandro& Fernando

↧

SAP Access Control - Useful Documents, Blogs, Resources, etc.

August 19, 2014, 7:35 am

Latest and popular articles on SAP ERP

≫ Next: Top 10 most viewed SAP KBA's for GRC Risk Management in January 2015

≪ Previous: SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

This document is a collection of the most useful SAP GRC Access Control documents, blogs, resources, links, etc. here in SCN.

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Processes, Lifecycles and Responsibilities

General opinion and thought-leadership

Are you ready to implement GRC 10?

A lot of help from my friends

If I had it to do all over: looking back on GRC 10 projects

Lessons learned from SAP GRC projects

Remediating Access Control SoD Risks

Internal Controls - a step towards strong controls

Defining Mitigating Controls / Compensating Controls

IT Control Testing - SOX Compliance

A #GRC tool is just part of the solution

It’s Just a Few GRC Ideas….Place

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

NWBC screen layout options for GRC

Customizing NWBC for New Menus with our own Transactions, Reports and Accessing SAP Backend Systems from NWBC

Configure LaunchPad for Menus

Customizing Access request and approval screens in GRC Access Control

Issues, Bugs in GRC SP13 - Related Fixes

General tips to help in troubleshooting scenarios

Access Control Debugging tips

SAP GRC AC 10.1 - Enhancements

Product Support

GRC Product Support Monthly Newsletter

HR Triggers

Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki

GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki

Example of decision table for GRC 10 HR Trigger rule, using BRF+ tool

GRC Access Control - Compliant User Provisioning: HR Triggers

Debugging HR Trigger - GRAC_HR_TRIGGER_EVENT_RECIEVER

Debugging HR Trigger - Simulation

Debugging HR Trigger - PA40 changes to infotypes

MSMP Workflows

AC 10.0 - Customizing Workflows for Access Management

MSMP - Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility

BRF+ Configuration

Determining the Logic behind Decision Tables

LDAP

Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control

LDAP Group parameter mapping.. what does it mean?

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

Access Control with Identity Management (IdM)

SAP BusinessObjects GRC 10.0 Integration Guide – Access Control 10.0 and NetWeaver Identity Management

SAP Access Control 10.0 Interface for Identity Management

SAP GRC with SAP BPC

How to Assign SAP Business Planning and Consolidation Authorizations via the SAP Governance, Risk, and Compliance (GRC) Access Control Compliance User Provisioning Product

Access Risk Analysis (ARA)

ARA - For the new kid on the block

Rule set - Rules & Rule Types

Business Risks / Rule Set

Download, Modify and Upload the Access Risk Analysis Rule Set in SAP Access Control 10.x.

How to set up a Configurable Business Rule

Online vs. Offline Risk Analysis

Creation of Mitigation Controls in GRC 10.0

Organizational Rules in GRC Access Control

Mass change of Mitigation Assignments

SAP GRC AC 10.0 Alerting

The Action Usage Sync job in technical details - GRC Access Control 10.0

The Repository - GRC Access Control 10.0

Access Request Management (ARM)

ARM - For the new kid on the block

AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls

Approve/Reject Own Requests

How to Change Subject Line in SAP GRC Email notification

Recommendations for using Business roles provisioning in access request

Configure Manager Look-Up in ARM for GRC 10

Role Search Screen Enhancement – GRC 10

Terminate Account - Request Process - GRC 10

Creating Access Request: Template Based Requests and Configuring End User Personalization forms for use with Access Requ…

GRC Request with both System and Role Line Items

Access Control 10 (ARM) – Risk Analysis Report Type is editable in Access Request.

Access Control: - Create Access Request Using Web Service in GRC10

Design Considerations to reduce Password Self Service (PSS) Intruder Risk

User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki

Direct vs. Indirect Role Assignment

Business Role Management (BRM)

BRM - For the new kid on the block

Maintain Default Roles in BRM GRC AC 10.1

Role Import - GRC 10

Import Role from ECC to GRC system

Business Roles concept and usability in GRC AC10

Enabling Business Role updates to existing assigned users

BRM Default Approvers via Condition Groups

BRM Role Methodology via Condition Groups

Emergency Access Management (EAM)

EAM - For the new kid on the block

Usage of EAM

EAM - Provisioning Strategies

ID-Based Firefighting vs. Role-Based Firefighting

AC 10.0 - Centralized Emergency Access

Configure Emergency Access (EAM) in GRC 10

De-centralized EAM GRC 10.0

EAM - Approve through Wrokflow

Emergency Access Management Reporting

Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20)

EAM: Requesting emergency access via access request workflow in SAP GRC - step by step.

Legend

	SAP SCN Documents
	SAP SCN Blogs
	SAP Wiki
	Newly added document (Contributors: please select from Emoticons )

Please help in updating the collection so that new users can get a well structured overview for their information.

Best regards,

Alessandro

↧

Top 10 most viewed SAP KBA's for GRC Risk Management in January 2015

February 3, 2015, 11:04 am

Latest and popular articles on SAP ERP

≫ Next: GRC Weekly News - 01/19/2015

≪ Previous: SAP Access Control - Useful Documents, Blogs, Resources, etc.

Purpose

The purpose of this document is to provide a list of the top ten most viewed SAP KBA's for GRC Risk Management in the month of January 2015.

Overview

Below are the top 10 most viewed SAP KBA's for GRC Risk Management.

KBA Number	KBA Title
1804950	GRC RM 10.0- From Risk & Opportunity OIF submission of Issue
1705870	RABAX_STATE dump while creating a response in "Response and Enhancement Plans"
1803876	Maintain Analysis Profile dumps as "DYNP_TOO_MANY_RADIOBUTTONS_ON"
1784868	GRC 10.0 Email notification is not sent for Incident workflow
1722449	KRI alert email notification is sent without logo
1800920	How to set work inbox default query
1744953	Text message not translated.
1731254	POWL does not refresh automatically
1841359	Loss Event Approval task is not generated
1843598	KRI Implementation based on table KNB4 is throwing error "Data buffer exceeded; Table "KNB4" contains too many fields"

Please note, in order to view the contents of the Knowledgebase Articles (KBA), you will need to be logged into Service Marketplace.

See Also

Top 10 most viewed SAP KBAs for GRC

↧

GRC Weekly News - 01/19/2015

February 4, 2015, 10:58 am

Latest and popular articles on SAP ERP

≫ Next: GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

≪ Previous: Top 10 most viewed SAP KBA's for GRC Risk Management in January 2015

RELEASED NOTES AND KBAs

GRC-SAC-ARA

1986732 GRC 10.0: Risk Violations - Number of Analyzed Users

2099999 Remediation View screen shows blank while Risk Analysis

2113597 Tuning Organization Rules for better performance

2116171 Rule Set is not considered for Critical Role/Profile Risk Analysis

2117916 Incorrect status in Access rule detail report

GRC-SAC-ARQ

1791296 Note for SAP GRC AC PORTAL PI GRCPIEP in AC10 for NW 730/731

1806141 GRC 10.0: EUP not supported for Multiple Users requests

1973753 UAM: Incorrect default roles added into request

1982339 UAM: End user is able to submit request for business role with retain provision

2058184 Request with conflict and mitigation report not working

2069094 Fix related to User details, Default role, system description and unlock action type

2115282 UAM: Portal role name incomplete in audit log after provisioning

2116145 Fiori Check Request Status - Cancelled requests displays as "Pending"

2116262 UAM: Request approval possible with risks

2116829 Mass load of Business role assignments to users

2116843 GRC 10.0: Maintain Guided Procedures Gateway

GRC-SAC-BRM

2083724 Program GRAC_CHECK_BROLE_ASSIGNMENT does not exist

2117294 AC10.1 - Poor performance of Repository Sync

2117340 Default role import not working

2058957 Enable manual editing in EAM maintenance screens

2113707 Remove non working print button

2116307 Background job status does not change on RFC time out error

GRC-SPC

1899028 Notification goes to Owner if there is no deficiency in Sap Query Scenario in Automated Monitoring

1954054 Can’t Cancel Event Trigger Automated Monitoring Job

1988286 Currency amount issue error in ad-hoc query

2096980 Unreserve the work item for process control work items

1948002 PC task get reserved on Approver Delegation to a AC user

2117375 Navigate to Subprocess Tab into Organization details causes short dump

2117756 Risk template cut not reflected on sub process risks

2079702 PC10.1SP07: Dump in Evaluation Status Bar Chart

2104886 Reporting: Long running traverses of Process

1949265 GRC PC: How to enable multilingual test steps in test plan

1951090 Problem with period in a copy of recurring plan

2112383 Empty comments for assessments/surveys

GRC-RM

2114201 Risk OIF - create new risk with Influenced risks - error on save

2114360 Bow tie builder - entering big number causes dump

2116408 Risk OIF - Start risk validation in one click

2117409 WF monitor application for managers - activation/deactivation

2117687 RM reporting - performance improvement of KRI instance reports

2118235 Risk template cut - related local risks remains locked

2118325 Deleted loss events are shown in the "Loss Event Structure" dashboard

1847859 Reporting: More detail logging of errors in reporting engine

2117051 Reporting: Performance improvement when processing merged nodes

2117742 Number of losses and/or loss events in the dashboards are not correct

2118287 Response Upload: Wrong risk check

RELATED INFORMATION

2094723 Consolidated Note for SAP Access Control 10.0 Master Note

2096196 Consolidated Note for SAP Access Control 10.1 Master Note

2104086 Consolidated Note for Process Control 10.0 Master Data

2105791 Consolidated Note for Process Control 10.1 Master Data

↧

GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

February 9, 2015, 9:02 am

Latest and popular articles on SAP ERP

≫ Next: GRC Weekly News - 01/26/2015

≪ Previous: GRC Weekly News - 01/19/2015

GRC 10.1 How Reassign functionality works in Emergency Access Management in GRC Access Control

Suppose due to some organizational changes in the company one user has been replaced by another user.

Or else some user left the organization and he was the Firefighter Owner/Controller of multiple firefighter Ids.

Find the detailed step by step screenshots below:

The POWL screens of Owner, Controller, Firefighters and Firefighter ID’s links in GRC application are provided with Reassign button.

In Owner link, select the existing Owner-Firefighter ID assignment and click Reassign button.

Make sure you get confirmation popup with options Yes/No

In the Reassignment Screen, the Owner ID text field should be blank and all the already existing firefighter ID’s to that owner ID should be available in the table below.

Select the new Owner ID using F4 help and click on Save button.

On opening this Owner, it should have all the Firefighter ID assigned which includes his own old assignments and new assignments from the other user.

Related code fixes/notes on similar area:

2108258 - EAM 10.1, functionality of reassign button on FFID screen
24644 - Reassign should validate the current value at FFuser screen

↧

GRC Weekly News - 01/26/2015

February 11, 2015, 11:24 am

Latest and popular articles on SAP ERP

≫ Next: BRM Role Methodology via Condition Groups