Skip to Content
avatar image
Former Member

Best practice for the Update of SAP GRC CC Rule Set

Hi GRC experts,

We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.

Which is a best practice for accomplish our goal?

Many thanks in advance. Best regards,

Imanol

Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

13 Answers

  • avatar image
    Former Member
    Sep 11, 2008 at 09:44 AM

    Create a set of upload files using Excel or Notepad

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Simon and Amir

      My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?

      I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,

      Connie

  • avatar image
    Former Member
    Sep 11, 2008 at 10:10 AM

    Hi Simon,

    Are you sure existing rule set is properly updated at Database level. Will the existing rules be properly updated also?

    Many thanks. Regards,

    Imanol

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:13 AM

    Create your custom ruleset using unique Function & Risk IDs, that differ from the SAP standard ones, otherwise you will run into problems of functions overwriting and riks not overwriting.

    It is also best to have a new Ruleset name so there is no confusion.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:18 AM

    Hi again Simon,

    The thing is that we did already upload custom Rule Set files (Business Processes, Functions, Function-Action, Function-Permission etc) linked to a custom RuleSet.

    Such Ruleset is the one we want to modify extensively.

    Do you suggest to overwrite the existing RuleSet by upaloading the new one? Our concern here is if the data is accurately updated into DB.

    Best regards,

    Imanol

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:24 AM

    If you upload files with the same risk ids andf function ids as existing rulesets then the new risks will be rejected and the new functions will overwrite the existing ones, therefore you will create lots of issues.

    Therefore in your case delete the existing ruleset out and create a replacement if you want to use the same names for functions,risk etc

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:29 AM

    Hi again Simon,

    When you mention delete the existing Rule Set. Do you mean to delete it at DB level or from CC application?

    Best regards,

    Imanol

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:32 AM

    whichever you find easiest

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:34 AM

    Hi again,

    If we go for the option to remove all rule set and rules generated at the DB level. Which are all the tables we should remove to be sure all data is removed but DB consistency is maintained?

    Thanks in advace. Best regards,

    Imanol

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 11, 2008 at 10:36 AM

    You do not do anything to the database tables.

    You obtain the script from SAP Support to delete the ruleset to perform this function.

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Sep 12, 2008 at 01:26 PM

    Simon,

    Have you ever executed such script?

    Regards,

    Imanol

    Add comment
    10|10000 characters needed characters exceeded