Skip to Content
Former Member
Jun 15, 2016 at 02:20 AM

GRC & Two Backend System (SAP-Non HR)


Hello everyone:

I have a GRC (10.1) connecting to a backend SAP system, let's called A. It uses one GLOBAL ruleset. Over the years, we customized directly on GLOBAL ruleset (without first make a copy) with customization such as creating new Z Risk, adding Z t-code ... Hence this GLOBAL was overwritten and "dedicated" to system A only.

Now we have a new SAP system, called B, connecting to GRC. The B can't use GLOBAL ruleset in GRC for it's customized for A only. The B needs to use GRC original standard ruleset (without customization) which I don't have in GRC anymore (already overwritten).

What is the best & safe approach to resolve this situation ... the simple approach and has NO impact on Mitigation (we had a huge mitigation list) ?

We mitigated users & roles against risk ID (ie: mitigate against F001*).

System A uses ARA & EAM. System B (new) uses ARA only. Both are SAP non HR. Thank you