cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Migrating roles with conflicts to GRC 10.1 - would it give error?

Go to solution
former_member356668
Participant

on ‎02-04-2015 9:20 PM

0 Kudos

Hi GRC experts,

We are going from VIRSA 4.0 to GRC 10.1. Now, some of our roles have a few conflicts at transaction / auth. object level. Is it necessary / a must to solve those conflicts before installation of GRC 10.1?

During data export to GRC would this result in error and we will have to solve all those conflicts first?

OR

It would just result in warning and we will have time to work on role design after moving to GRC?

please help!

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎02-05-2015 2:59 AM
0 Kudos

Dear Pooja

The existing risks in a end user role shouldn't have any impact what so ever on the implementation of GRC AC 10.1

feel free to implement the ARA module & then run risks analysis against the upgraded ruleset & then perform remediation or mitigation activities - so that you end up with clean roles.

I wouldnt suggest performing role cleanup activity in 4.0 & then redoing the same exercise in 10.1 since you will have new risk ruleset.

Naveen

Show replies
Show replies
former_member356668
Participant
‎02-05-2015 3:22 PM
0 Kudos

Thank you Naveen! That was very helpful.

We are not getting new rule set right away, but after some point yes.

former_member356668
Participant
‎02-05-2015 3:27 PM
0 Kudos

Naveen / everyone,

Is there any SAP note which can validate this so that I can present to my team -" Existing risks in roles should not impact GRC 10.1 installation"?

former_member356668
Participant
‎02-05-2015 6:58 PM
0 Kudos

This also brings a question - Wouldn't new rule set always have more rules added / enhanced over previous one? SODs identified in 4.6 should all be "included" in AC 10.1, no?

Is that a correct statement, if so, we might as well start working on those now so that we have fewer to work on once we have new rule set?

former_member204479
Active Participant
‎02-06-2015 8:14 AM
0 Kudos

Hi Pooja,

As Naveen mentioned it is not mandatory to resolve / mitigate all your risks for an upgrade.

Although, when you say "SODs identified in 4.6 should all be "included" in AC 10.1, no?" the answer would be it depends. Rule set is updated by SAP regularly, the updates are applicable for GRC 4.0, 5.x and 10.x versions alike. The latest update as per my understanding was in Q4, 2013. This update is already included in all above GRC 10.0 SP14. Assuming you are moving to 10.1, say even the (n-1) SP, it should have the latest updates already in its BC sets.

Now, if you would like to validate the changes in the standard rules made by SAP. You would need to verify the changes in all the updates provided from the one that is being used currently in your system and the one that is latest. You can find the changes in SAP Notes. For example the last one Q1, 2013's note is "1960531 - GRC - Access Control - Access Risk Management Rule Update Q4, 2013". Similar notes for other previous updates would hold the list of all changes.

These notes also provide information of how to use the information provided.

In whatever case, the ideal active ruleset should be the one that is signed off and customized for your customer. Which, irrespective of any changes to the standard best practice provided by SAP, must remain as is, unless said so by the decision making party from your customer's end. Therefore, any changes you find must then be ran through the customer / decision making party to come to a conclusion.

Thanks

Sammukh

former_member356668
Participant
‎02-06-2015 5:27 PM
0 Kudos

Thank you Sanmukh! Will check out 1960531.

Answers (0)

Ask a Question