cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GRC Access Control: Ruleset Activation

reza_ahoui2
Participant
0 Kudos

Hi

Our SAP GRC (10.1) system was setup more than 5 years ago (I had not been involved in the roll out).

We have an existing ruleset with less than 300 risk definitions in our production systems. By checking the Activation Log of BCs in transaction SCPR20 we can see that only the following two BCs have logs in prod and, therefore, my conclusion is our existing ruleset was shaped out of these two BCs "only" (in addition to have few custom risk definitions):

  • GRAC_RA_RULESET_SAP_R3 BC Set for AC Rules for SAP R3
  • GRAC_RA_RULESET_SAP_HR BC Set for AC Rules for SAP HR

There is no log for the following BCs so I am assuming that they never got activated:

GRAC_RA_RULESET_SAP_APO

GRAC_RA_RULESET_SAP_BASIS

GRAC_RA_RULESET_SAP_CRM

GRAC_RA_RULESET_SAP_ECCS

GRAC_RA_RULESET_SAP_NHR

Can someone explain the followings please?

1- Am I correct in both aforementioned assumptions?

2- Despite not having GRAC_RA_RULESET_SAP_BASIS activated, I still can see we have some (non customised) Basis risk definitions at the moment. Have they been originated from GRAC_RA_RULESET_SAP_R3?

3- What is the difference between these three BCs around an ECC system?

GRAC_RA_RULESET_SAP_ECCS

GRAC_RA_RULESET_SAP_NHR

GRAC_RA_RULESET_SAP_R3

4- Is it good practice to activate all the three BCs (of no.3)?

5- What is the best practise in activating a BC to update an existing ruleset? The question is not about how to activate BC but, let's say, how to make sure the existing ruleset does not get overwritten by a BC activation and only get appended etc.

Many thanks

Reza Ahoui

madhusap
Active Contributor
0 Kudos

Hi Reza,

This query has been discussed multiple times in this forum. Please check the similar discussion in the following thread. Go through this once.

https://answers.sap.com/questions/9952081/grc-10-ac-bc-sets-implications-and-suggestions.html

Regards,

Madhu

Accepted Solutions (0)

Answers (1)

Answers (1)

RameshVithanala
Active Participant
0 Kudos

Hi Reza,

Do you have APO,CRM systems? If not we don't need to activate the BC sets for those.I think you are GRCV10.1 not on S4?Its always better to download the existing ruleset before activating any new ruleset(while activating ruleset you will get and option to append/delete).You have to choose append and download the rules again and perform the delta b/w old download and new download.

Thanks

Ramesh