Hi all,
Can SoD rules be written for analyzing a Users access to SAP and NON-SAP applications across the enterprise?
If yes will CC RTA need to be installed on the NON-SAP application?
If yes are there any requirements that need to be met by NON-SAP application and is there a list of NON-SAP applications (other than-Peoplesoft, Oracle, Hyperion, JD Edwards) that CC has an RTA for?
Is there any documentation specific to aplications that can support CC RTAs and installation on these?
-Cheers
2 Answers
-
Former MemberPosted on Sep 19, 2007 at 03:03 PMHi,
Yes SoD rules can be written for analyzing user accesses to SAP and non-SAP applications.
Basically there is no other application for which an RTA exists, but there is a documentation discussing the technical requirements for file generation from the non-SAP systems for integration of non-SAP Systems with SAP Compliance Calibrator.
This documentation is available in http://service.sap.com/rkt-grchttp://service.sap.com/rkt-grc">http://service.sap.com/rkt-grc>
under SAP GRC Access Control 5.2 -> SAP GRC Compliance Calibrator 5.2 -> Step2: Prepare for your project -> Cross Application Material
You'll need your OSS user-id to access that page; in case you cannot access it, please post a message in the OSS.
Rgds,
Karim
Add a comment
-
Former MemberPosted on Sep 20, 2007 at 10:47 PM
Hi,
For non SAP Systems where RTA is not available, you can perform risk analysis using offline risk analysis.
The main steps for this are the following:
- Integration between frontend (CC) and backend (non SAP System)
- User / Role / Profile data extraction from non SAP System into flat files following CC Data Mapping templates
- Load such data into CC Database using CC Data Extractor
- Perform risk analysis
Hope this helps. Regards,
Imanol
Add a comment
Add a comment