on 06-15-2016 3:20 AM
Hello everyone:
I have a GRC (10.1) connecting to a backend SAP system, let's called A. It uses one GLOBAL ruleset. Over the years, we customized directly on GLOBAL ruleset (without first make a copy) with customization such as creating new Z Risk, adding Z t-code ... Hence this GLOBAL was overwritten and "dedicated" to system A only.
Now we have a new SAP system, called B, connecting to GRC. The B can't use GLOBAL ruleset in GRC for it's customized for A only. The B needs to use GRC original standard ruleset (without customization) which I don't have in GRC anymore (already overwritten).
What is the best & safe approach to resolve this situation ... the simple approach and has NO impact on Mitigation (we had a huge mitigation list) ?
We mitigated users & roles against risk ID (ie: mitigate against F001*).
System A uses ARA & EAM. System B (new) uses ARA only. Both are SAP non HR. Thank you
Andy
Andy
One thing to keep in mind as you decide to do this type of configuration is if you are planning to use User Provisioning in the future, you set a default rule set that the requests are analyzed against. how much customization is there in the current rule set? i would suspect that not every rule has been customized and there will be many similarities. You can set physical system rules in place in a rule set for these types of situations where differences are required. Also, I would be questioning differences in the rules specifically in the area of Basis between 2 systems in the same company. Did you utilise the SAP_BAS_LG connector when you did your original ruleset build?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andy,
try to use the BC sets. I think there is the initial rule set available and you can download it.Maybe you have to convert it to the right format. After that you can upload the ruleset for your requirements. Do not activate the BC set for this purpose, otherwise you will maybe cause confusion in the system.
And please keep in mind, that some adjustments are available for the rule set in some SAP notes.
Much success.
Best regards,
Dirk
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Andy,
I guess you can think of downloading the default ruleset and uploading the same for system B.
I believe that you have GRC Sandbox System where from you can download the default ruleset.
Regards,
Faisal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Andy,
Does your system A belong to the default Connector group given by SAP, eg. SAP_R3_LG. If yes, then you have changed the default Ruleset.
If No, then you still have default Ruleset. And, then download the rules for the default Connector group and upload(by copying the entries of default Connector group) for System B, by appending its entries.
Regards
Plaban
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.