Skip to Content
Jul 16, 2020 at 05:31 PM

SAP SOLMAN configuration validation vs SAP GRC Rulesets


Wondering if anyone has compared the two tools for evaluating users with specific authorizations.

Solman Configuration validation allows for the creation of a configuration store where you can maintain specific authorization combinations that are determined high risk or something that you would like to monitor. You create this as a baseline and monitor your target systems to evaluate if any users are in violation of any authorization combos. A report can then be scheduled to run with results saved. Alerts can probably be configured or monitored via a dashboard.

Within GRC you can build the same authorization combinations as part of a ruleset and schedule the evaluation. Results can be reviewed and actions can be taken.

Is there a benefit or need to use both? Can anyone think of the advantages or disadvantages of either tool?

Thank you