03-26-2008 10:20 PM
According to my knowledge,
Implementation project can divided into following Phases:
1)Project preparation
2)Business Blueprint
3)Realization
4)Final Preparation
5)Go-Live & Support
During the BluePrint Phase we create a visual model of future state after
implementing R/3.
What is role "Q&A Db tool" in this Blueprint phase?
Is the Authorization Matrix(which specifies Role,transaction,respective Objects with field values) created using the "Q&A Db tool"?
03-31-2008 3:35 PM
Hi,
The "Q&A Db tool" helps analysing various scenerios,their impact from the security perspective.
For example, a scenerio can be " the Field Sales officers need to create the Customer M/Data remotely".This is a business requirement.
The Q&A helps to discuss the various ways of doing this -thro'VPN etc-,various controls - Labels for example-,the good and bad implication of this - remote cretaion of M/data-,the ways to remediate the associated security weaknesses and so on.This is its Role in the Blueprint phase.
SOD which analyses conflicting roles,Compensatory control is the main drivers in devising the access control.
The "Q&A Db tool" helps to create the "Authorization Matrix",as the Q&A covers the conflicting roles and the Compensatory control ,thus SOD aspects also.
Regards,
Ramesh
03-31-2008 3:35 PM
Hi,
The "Q&A Db tool" helps analysing various scenerios,their impact from the security perspective.
For example, a scenerio can be " the Field Sales officers need to create the Customer M/Data remotely".This is a business requirement.
The Q&A helps to discuss the various ways of doing this -thro'VPN etc-,various controls - Labels for example-,the good and bad implication of this - remote cretaion of M/data-,the ways to remediate the associated security weaknesses and so on.This is its Role in the Blueprint phase.
SOD which analyses conflicting roles,Compensatory control is the main drivers in devising the access control.
The "Q&A Db tool" helps to create the "Authorization Matrix",as the Q&A covers the conflicting roles and the Compensatory control ,thus SOD aspects also.
Regards,
Ramesh
03-31-2008 10:57 PM
Hi Ramesh,
Who is responsible for this..I mean are functional or security guy are responsible for this Q&A db tool?
Thankyou,
Ajit
03-31-2008 11:03 PM
Ofcouse the Security guy but he would need help from the functional team.
03-31-2008 11:09 PM