cancel
Showing results for 
Search instead for 
Did you mean: 

GRC & Two Backend System (SAP-Non HR)

Former Member
0 Kudos

Hello everyone:

I have a GRC (10.1) connecting to a backend SAP system, let's called A. It uses one GLOBAL ruleset. Over the years, we customized directly on GLOBAL ruleset (without first make a copy) with customization such as creating new Z Risk, adding Z t-code ...  Hence this GLOBAL was overwritten and "dedicated" to system A only.

Now we have a new SAP system, called B, connecting to GRC. The B can't use GLOBAL ruleset in GRC for it's customized for A only. The B needs to use GRC original standard ruleset (without customization) which I don't have in GRC anymore (already overwritten).

What is the best & safe approach to resolve this situation ... the simple approach and has NO impact on Mitigation (we had a huge mitigation list) ?

We mitigated users & roles against risk ID (ie: mitigate against F001*).

System A uses ARA & EAM.  System B (new) uses ARA only. Both are SAP non HR. Thank you

Andy

Accepted Solutions (0)

Answers (4)

Answers (4)

kevin_tucholke1
Contributor
0 Kudos

Andy

One thing to keep in mind as you decide to do this type of configuration is if you are planning to use User Provisioning in the future, you set a default rule set that the requests are analyzed against.  how much customization is there in the current rule set?  i would suspect that not every rule has been customized and there will be many similarities.  You can set physical system rules in place in a rule set for these types of situations where differences are required.  Also, I would be questioning differences in the rules specifically in the area of Basis between 2 systems in the same company.  Did you utilise the SAP_BAS_LG connector  when you did your original ruleset build? 

Former Member
0 Kudos

Hi Andy,

try to use the BC sets. I think there is the initial rule set available and you can download it.Maybe you have to convert it to the right format. After that you can upload the ruleset for your requirements. Do not activate the BC set for this purpose, otherwise you will maybe cause confusion in the system.

And please keep in mind, that some adjustments are available for the rule set in some SAP notes.

Much success.

Best regards,

Dirk

former_member184114
Active Contributor
0 Kudos

Andy,

I guess you can think of downloading the default ruleset and uploading the same for system B.

I believe that you have GRC Sandbox System where from you can download the default ruleset.

Regards,

Faisal

plaban_sahoo6
Contributor
0 Kudos

Hi Andy,

Does your system A belong to the default Connector group given by SAP, eg. SAP_R3_LG. If yes, then you have changed the default Ruleset.

If No, then you still have default Ruleset. And, then download the rules for the default Connector group and upload(by copying the entries of default Connector group) for System B, by appending its entries.  

Regards

Plaban