on 09-19-2007 2:17 PM
Hi all,
Can SoD rules be written for analyzing a Users access to SAP and NON-SAP applications across the enterprise?
If yes will CC RTA need to be installed on the NON-SAP application?
If yes are there any requirements that need to be met by NON-SAP application and is there a list of NON-SAP applications (other than-Peoplesoft, Oracle, Hyperion, JD Edwards) that CC has an RTA for?
Is there any documentation specific to aplications that can support CC RTAs and installation on these?
-Cheers
Hi,
For non SAP Systems where RTA is not available, you can perform risk analysis using offline risk analysis.
The main steps for this are the following:
- Integration between frontend (CC) and backend (non SAP System)
- User / Role / Profile data extraction from non SAP System into flat files following CC Data Mapping templates
- Load such data into CC Database using CC Data Extractor
- Perform risk analysis
Hope this helps. Regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
Yes SoD rules can be written for analyzing user accesses to SAP and non-SAP applications.
Basically there is no other application for which an RTA exists, but there is a documentation discussing the technical requirements for file generation from the non-SAP systems for integration of non-SAP Systems with SAP Compliance Calibrator.
This documentation is available in <a href="http://service.sap.com/rkt-grc">http://service.sap.com/rkt-grc</a>
under SAP GRC Access Control 5.2 -> SAP GRC Compliance Calibrator 5.2 -> Step2: Prepare for your project -> Cross Application Material
You'll need your OSS user-id to access that page; in case you cannot access it, please post a message in the OSS.
Rgds,
Karim
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.