Notes
Notes
Notes
SLL-LEG
SLL-NFE
SAP GRC10.1
SAP NW AS ABAP 7.40 SP02
GRCFND_A V1100
000-----------------------------DDIC
SAINT/SUM Tool - ADD ONS
add ons available .sar file
client copy
a. now establish the communication between 400 (front grc server) and 399 (backend
ecc system) client through RFC
2. ACTIVATING APPLICATIONS
SPRO
sap reference img
GRC
GENERAL SETTINGS
GRC-PC
GRC-RM
GRC-AC NOW SELECT THE CHECK BOX: ACTIVATE
NOW SAVE.
T-CODE SICF
EXECUTE
EXPAND SAP
4. Activating BC Sets
SCPR20
ARA----1 1
GRAC_RA_RULESET_COMMON
ARM----4 7
GRAC_ACCESS_REQUEST_APPL_MAPPING
GRAC_ACCESS_REQUEST_EUP
GRAC_ACCESS_REQUEST_PRIORITY
GRAC_ACCESS_REQUEST_REQ_TYPE
GRAC_DT_REQUEST_DISPLAY_SECTIONS
GRAC_DT_REQUEST_FIELD_LABELS
GRAC_DT_REQUEST_PAGE_SETTINGS
BRM----5 6
GRAC_ROLE_MGMT_LANDSCAPE
GRAC_ROLE_MGMT_METHODOLOGY
GRAC_ROLE_MGMT_PRE_REQ_TYPE
GRAC_ROLE_MGMT_ROLE_STATUS
GRAC_ROLE_MGMT_SENTIVITY
GRAC_ROLE_SEARCH_COFIGURATION
EAM----1 1
GRAC_SPM_CRITICALITY_LEVEL
BACKEND SYSTEM----1
GRAC_RA_RULESET_SAP_R3
Note
A message with a yellow background is only a warning and you can proceed.
A message with a red background is an error message and you must resolve the error.
If you receive a Basis error message with a red background, contact your system
administrator.
connector groups
now save
note: source connector and logical port must be the same
NOW SELECT EH6CLNT455
NOW DOUBLE CLICK ON DEFINE CONNECTOR GROUP
CLICK ON NEW ENTRIES
CONTINUE
ENTER
AUTH - ARA
PROV - ARM
ROLMG - BRM
SUPMG - EAM
UNICODE
TABLE:
GRFNCGRPCONLK Connector Group and Connector Type Link
GRFNCONNGRP Connector Group definition
Work Center- Work Set (no workset in grc) - Function- Related links
SAVE.
OR
SAVE.
FROM THIS STEP WE SPECIFY THE SYSTEM BELONGS TO WHICH TYPE OF ENVIRONMENT, WHETHTER
IT IS DEV, QUA, PRO
In this Customizing activity, you can assign the actions to a connector group and
then choose the default connector for each group.
SPRO - SAP REF IMG- GRC- ACCESS CONTROL- MAINTAIN MAPPING FOR ACTIONS AND CONNECTOR
GROUPS
NEW ENTRIES
CONNECTOR GROUP ACTION TARGET CONNECTOR DEFAULT
BATCH10 0001 RFC DEST SELECT
BATCH10 0002 " "
BATCH10 0003 " "
BATCH10 0004 " "
save
SPRO- SAP REF. IMG- GRC (PLUGINS)- MAINTAIN PLUG-IN CONFIGURATIN SETTINGS
NEW ENTRIES
NEW ENTRIES
SAVE
AUTHORIZATIN SYNCH
BY THIS STEP WE ARE GOING TO SYNCH BACK END SU24 DATA INTO THE GRC SYSTEM.
USOBT AND USOBX TABLES, CUSTOMER TABLE ARE USOBT_C AND USOBX_C.
SPRO- SAP REF. IMG- GRC- ACEESS CONTROL- SYNCHRONIZATION JOBS- AUTHORIZATION SYNCH
NOW GRAC_PFCG_AUTHORIZATION_SYNC JOB IS SHEDULE WHICH WILL SYNCH SU24 DATA FROM
BACKEND TO FRONT END SYSTEM.
PROGRAM: GRAC_PFCG_AUTHORIZATION_SYNC
13. NOW SYNCH REPOSITORY OBJECTS
THE FOLLOWING ARE THE PROGRAMS/BACKGROUND JOB INCLUDED IN REPOSITORY OBJECT SYNCH:
GRAC_ROLEREP_PROFILE_SYNC
GRAC_ROLEREP_ROLE_SYNC
GRAC_ROLEREP_USER_SYNC
FOLLOWING ARE THE TABLES connector specific users, roles and profiles
SPRO- SAP REF IMG- GRC- ACCESS CONTROL- ACCESS RISK ANALYSIS- SOD RULES- GENERATE
SOD RULES
RISK ID: *
SU01, SU10, SUGR PFCG, SUPC SM30, SE16N, SE38, STMS, SM69
ACTIONS/PERMISSIONS A/P
ACTIONS - T-CODES
TABEL: GRACRULESET
SPRO- SAP REF IMG- GRC- ACCESS CONTROL- MAINTAIN BUSINESS PROCESS AND SUB PROCESS
SAVE
TABLE
GRACBPROC Business Process
GRACBSUBPROC SUB BUSINESS PROCESS
GRACBPROCT Business Process Text
FUNCTIONS
CREATE-
FUNCTION ID: B10FUN1
BUSINESS PROCESS: BATCH10 BUSINESS PROCESS
DESCRIPTION: SU01
CLICK ON ADD
SAVE
CREATE-
FUNCTION ID: B10FUN2
BUSINESS PROCESS: BATCH10 BUSINESS PROCESS
DESCRIPTION: pfcg
CLICK ON ADD
SAVE
TABLE: GRACFUNC
17. NOW CREATE A RISK AND ATTACH THE ABOVE TWO FUNCTIONS TO THIS RISK:
CREATE
save
CREAT
OWNER: GRCUSER4
SAVE CLOSE
NOW GO TO BACKEND SYSTEM AND CREATE ROLE WITH THE COMBINATION OF SUO1 AND PFCG
FF:lara
FFID: backend as service user
FFOWNER:
FFCONTROLLER:
ff
ffowner
ffcontroller
/N/VIRSA/VFAT 5X
GRAC_SPM
SAP_GRAC_SUPER_USER_MGMT_USER
SAP_GRC_FN_BASE
SAP_GRC_FN_BUSINESS_USER
The Background Job for Log Collection can be scheduled periodically from SM36
using program GRAC_SPM_LOG_SYNC_UPDATE.
2. Maintain AC owners
Go to NWBC ?Access Management ?Access Control Owners and maintain the owners
GRFNMW_DBGMONITOR_WD
slg1
sost
CREATE APPROVER:
ROLES:
SAP_GRC_FN_BASE
SAP_GRC_FN_BUSINESS_USER
SAP_GRC_NWBC
SAP_GRAC_ACCESS_APPROVER
GRFNMW_CONFIGURE
RSUVM002
TUTYP
USMM
GRC_MSMP_CONFIGURATION
https://www.youtube.com/watch?v=9vWiJ3tNTTg
ARM 91
BRM 143
risk--- good, manufacturing product- risk, safety measures, health and safety
fraud management: preventing the risk before risk takes place and in pc, we are
detecting the existing risk
controls business process person, stake holders, anything is deviating, it will be
notified.