Upload
suresh-gundala
View
106
Download
7
Tags:
Embed Size (px)
DESCRIPTION
SAP GRC 5.3 RAR Risk Analysis and Mitigation
Citation preview
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 1
How to do risk analysis and mitigate user in SAP GRC 5.3
We need to create a Business Process ZTSA
We need to create Functions namely Function 1 as ZTSAFUN1 along with actions XK01 and XK02 and
save.
We need to create Functions namely Function 2 as ZTSAFUN2 along with actions FK01 and FK02 and
save.
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 2
Create a Risk ID for the action type along with t he functions which we created earlier and
save
Now it will prompt us to generate risks click on generate. It will give the available risks like after running
the job in either foreground or back ground. In order to see the risks goto Rule architecht-�rules �
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 3
action rules � search by business process. Then you will get the rules
list.
Mitigation
Create an administrator
Goto mitigation� administrator�create as approver
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 4
Create an administrator
Goto mitigation� administrator�create as monitor
Create a Business unit
Goto mitigation�business unit TSBU � create along with add approver
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 5
And then add monitor in the same screen and
save.
Create a mitigation control for risk id ZTRI
Goto mitigation� mitigation control� create
Select the risk id after filing all the above the columns
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 6
And then select the monitor and reports along with frequency.
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 7
Submit.
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 8
Now create a user and role with the above T-codes and assign it to user in the backend system. When
we run risk analysis in GRC RAR it must give us the risks involved in it.
Now with the risk description we will mitigate the user along with the mitigation control which we
created earlier in RAR.
Click on risk information then it will take you to risk resolution screen as below.
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 9
Now we can mitigate the risk so click on mitigate risk it will give a pop up like below
Now with the created mitigation control in RAR for that particular Business process we will mitigate the
risk with all the credentials like mitigation control and monitor control and all with control valid from
and valid upto dates like
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 10
After submitting, we will get information as mitigated user is created successfully.
SAP GRC Access Control
ThinkSky Property Copy-Reproduction-Print without permission
is illegal and would be prosecuted , Email: [email protected]
http://thinkskyacademy.blogspot.in/ Page 11
Now if u run risk analysis then it must not populate risks for this particular user like
In the same way we can mitigate users for any business process by creating the monitor and mitigation
controls.