Skip to Content
avatar image
Former Member

SAP Upgrade & SOD Remediation Exercise

Dear All

I know I have few items to close off posted earlier in the forums. I will get to these shortly - apologies.

I have a question on remediation efforts in relation to timing of upgrade.

Scenario - GRC 5.2 RAR implemented on 4.7 but no remediation carried out to-date. Upgrade to ECC6.0 due shortly and want to know if remediation can be done in parallel with the upgrade? When the 4.7 roles are uploaded into ECC6.0 I understand there can be changes to authorisation objects etc plus there can be additional transaction codes. Would you recommend the upgrade is fully completed before remediation begins?

Thanks once again


Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Oct 22, 2008 at 02:06 AM


    We had a few customers during ramp-up for 5.3 doing their GRC implementation in conjuction with their ECC6 upgrade. So when they had their ECC6 Dev box squared away, they connected their GRC Dev box to that, and so on and so forth through their landscape. It is recommended that you do your AC implementation in parallel with your ECC6 upgrade.


    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Oct 23, 2008 at 03:58 AM

    Hello ,

    First you upgrade from 4.7 to Ecc6.0 , install the RTA 5.2 on it . once that setup is complete , you are required to revisit the Jcos in CC 5.2 and then schedule the Jobs again in Cc 5.2. After the jobs have completed successfully , you can continue to remediate the risks as mentioned in 5.2 guides.

    Doing it parallel would cause tremendous issues.


    Add comment
    10|10000 characters needed characters exceeded

    • Jasmine & Hersh-

      I want to clear up what "parallel" really means. We have several large customers upgrading their ERP to ECC6 and in conjuction implementing GRC AC. It is fairly obvious you do not want to run SOD Scans on your old ERP system. They are creating their ECC6 Sandbox, then connecting their GRC Sandbox to that, then creating their ECC6 Dev and connecting their GRC Dev to that. And that is done throughout the landscape. They are remediating and SOD's that arise that might affect production access down the line.

      There are clear advantages of doing this:

      1. The back-end RTA's might not be up-to-date in your old ERP system.

      2. Have all your roles/users clean when you move to ECC6 Production.

      So in conclusion, doing the upgrade and your GRC AC implementation is advisable. To do it after your live with ECC6 is somewhat reactive, rather than proactive.