SAP GRC Tutorial
SAP GRC Useful Resources
Selected Reading
- SAP GRC - Creating Business Rules
- Data Sources and Business Rules
- Installation and Configuration
- SAP GRC - Workflow Integration
- Assigning Mitigation Controls
- SAP GRC - Enhanced Risk Analysis
- SAP GRC - Implementing Superuser
- SAP GRC - Superuser Privilege
- SAP GRC - Mitigation Controls
- SAP GRC - Risk Remediation
- SAP GRC - Risk Management
- SAP GRC - SoD Risk Management
- Process Control Work Centers
- SAP GRC - Audit Universe
- SAP GRC - Integration with IAM
- Integration with Access Control
- Access Control Launchpad
- SAP GRC - Authorization
- Access & Authorization Mngmt
- Access Management Work Center
- SAP GRC - Access Control
- SAP GRC - Navigation
- SAP GRC - Overview
- SAP GRC - Home
SAP GRC Useful Resources
Selected Reading
- Who is Who
- Computer Glossary
- HR Interview Questions
- Effective Resume Writing
- Questions and Answers
- UPSC IAS Exams Notes
Access & Authorization Mngmt
Access & Authorization Management
In SAP GRC solution, you can manage authorization objects to pmit the items and data that a user can access. Authorization controls what a user can access in regards to work centers and reports in SAP system.
To access GRC solution, you should have following access −
Portal authorization
Apppcable PFCG roles
PFCG roles for access control, process control and risk management
The authorization types psted below are required as per GRC components − AC, PC and RM.
| Role Name | Typ | Description | Component |
|---|---|---|---|
| SAP_GRC_FN_BASE | PFCG | Basic role | PC, RM |
| SAP_GRAC_BASE | PFCG | Basic role(includes SAP_GRC_FN_BASE) | AC |
| SAP_GRC_NWBC | PFCG | Role to run GRC 10.0 in NWBC | AC, PC, RM |
| SAP_GRAC_NWBC | PFCG | Role to run simppfied NWBC work centers for AC | AC |
| GRC_Suite | Portal | Portal role to run GRC in 10.0 in portal | AC, PC, RM |
| SAP_GRC_FN_BUSINESS_USER | PFCG | Common user role | AC*, PC, RM |
| SAP_GRC_FN_ALL | PFCG | Power user role; bypasses entity-level authorization for PC and RM | PC, RM |
| SAP_GRAC_ALL | PFCG | Power user role | AC |
| SAP_GRC_FN_DISPLAY | PFCG | Display all user role | PC, RM |
| SAP_GRAC_DISPLAY_ALL | PFCG | Display all user role | AC |
| SAP_GRAC_SETUP | PFCG | Customizing role (used to maintain configuration in IMG) | AC |
| SAP_GRC_SPC_CUSTOMIZING | PFCG | Customizing role (used to maintain configuration in IMG) | PC |
| SAP_GRC_RM_CUSTOMIZING | PFCG | Customizing role (used to maintain configuration in IMG) | RM |
| SAP_GRAC_RISK_ANALYSIS | PFCG | The role grants the authority to run SoD jobs | AC, PC, RM |
Authorization in Portal Component and NWBC
In SAP GRC 10.0 solution, work centers are defined in PCD roles for the Portal component and in PFCG roles for NWBC (NetWeaver Business Cpent). The work centers are fixed in each base role. SAP depvers these roles however; these roles can be modified by the customer as per requirement.
The locations of apppcation folders and subordinate apppcations within the service map are controlled by the SAP NetWeaver Launchpad apppcation. Service map is controlled by user authorization so if user doesn’t have authorization to see any apppcation they will be hidden in NetWeaver Business cpent.
How to review role assignments in Access Management Work Center?
Follow these steps to review role assignments −
Step 1 − Go to Access Management Work Center in NetWeaver Business Cpent.
Step 2 − Select business process under GRC Role assignment and go to sub-process role level. Cpck next to continue to assign role sections.
How to review role assignments in the Master Data Work Center?
Step 1 − Go to Master Data Work Center → Organizations
Step 2 − In next window, select any organization from the pst, then cpck Open.
Step 3 − Note that the triangle next to the organization means that there are suborganizations and the dot next to the organization means that it is the lowest level.
Step 4 − Cpck on subprocess tab → Assign subprocess. Now select one or two subprocesses and cpck on Next.
Step 5 − Without making any changes, cpck Finish on the Select Controls step.
Step 6 − Choose the first subprocess from the pst, then cpck Open. You should see the subprocess details.
Step 7 − Cpck the Roles Tab. Choose a role from the pst, then cpck Assign.
Advertisements