GRC short memo!!

GRC ....>Governace, Risk & Complaince

4 basic modules of SAP GRC

Access Control.

Process Control.

Risk Management.

Audit Management.

Enterprise Threat Detection.

Access Control

submodules

ARA....>Access Risk Analysis.

ARM.....>Access Request Mngmt.

EAM.......>Emergency A.ccess Mngmt.

BRM.........>Business Role Mngmt

3. Remiadation

>Remove an extra authorization from the users

PFCG

SU01

Users IN GRC System

..............................

technical teams

auditors

GRC admins
AC owners

...........................

Risk owner............chala

role owner

mit_approver

mit_monitor

ffid_owner

ffid_controller

access request approvers

4. Mitigation

allowing the risk.

su01....>full access

pfcg......>full access

steps how to perform mitigation

1. create org unit. created by PC team.

Navigation to create ORg Unit.

>spro

>click on SAP Referance IMG

>expand Governance, Risk and compliance

>expand shared master data.

>click on create root organization Hierarchy

2. create mitigation approver &Mit_monitor user IDs in GRC system

 Tola Bari

3. maitain those owners in AC owners table.

4. maitain those owners in Org uint.

5. create mit_control IDs for module wise.

mit_basis, mit_fi, mit_abap etc...

6. assign control id to user

3. BRM,,...> Business role Mgmt

...............................................

Import the roles from acc to grc system.

update role owner for the roles

spro settings

...................

1. adding integration scenario to target connector

2. activate BC_sets for BRM component

using T_code SCPR24

GRAC*

Activate
GRAC_ROLE_MGMT_LANDSCAPE

GRAC_ROLE_MGMT_METHODOLOGY

GRAC_ROLE_MGMT_PRE_REQ_TYPE

GRAC_ROLE_MGMT_SENTIVITY

GRAC_ROLE_MGMT_ROLE_STATUS

GRAC_ROLE_SEARCH_COFIGURATION

3. maintain configuration settings

EAM: Emergency accdess Mngmt

production changes

project implimentation

project cutover

FFIDs

SPRO settings

1. adding integration scenario to target connector.

2. activate bc_sets foe EAM.

3 Maintain config settings

EAM config

................................
Emergency Access

''''''''''''''''''''''''''''''''''''

production change

project implimentation

SM19

1. switch on audit for particular user........>sm19.

2. we can provide full access role with validity period.

3. user can use that access.

4. auditors can check audit log report.......>sm20.

5. we can switch off the audit.

Critical authorization

...........................

su01........>display..........>s_user_grp

pfcg...........display...........>s_user_agr

se16...........s_tabu_dis

se16 ..........used for any table access.

s_tabu_nam

S_Program

1.p_action

2. p_gruop

s_devlop

.....................................................

missing authorizations:

end user..>chala..>su01..>modifications...>no authorization

va01......>no authorization

su53.....>evaluate authorization