cancel
Showing results for 
Search instead for 
Did you mean: 

GRC - Parameter 1071 set to "ASYNC" - can this bypass TEST and DEVELOPMENT tagged roles?

0 Kudos

We have noticed with newer support packs the ability to tag individual roles in GRC as "Production" vs "Test" vs "Development". Not sure if this setting could be used to set non-prod roles outside of the auto SOD check via parameter 1071. Right now in PROD, we have this parameter set to "ASYNC" so as soon as users submit their request, the SOD check kicks off in the background. We would like to one day connect our PROD GRC instance to all SAP clients, including non-prod so we can have one source for access requests. However, we today with 1071 set to "ASYNC" - if a user requests the any of the roles we have built for Developers / Basis / Security Admin / Configurators in the non-prod environments, the SOD check will run against these large roles and bomb the request. Wondering if there would be some way to bypass the non-prod roles when the SOD check takes place and have it only check PROD roles.

Accepted Solutions (1)

Accepted Solutions (1)

bipul_kumar3
Explorer
0 Kudos

Hello Anthony,

When you define risk, you define it for a particular system or group of logical systems. as per my understanding, we never define any risk against non production system so in case of risk analysis against those systems, no rules will be found. So you can easily integrate your non production systems with your production GRC with parameter 1071 as "ASYNC" and it will have no effect.

I am running a GRC production system which is connected with 11 production and 60+ non production systems and have parameter 1071 set as "ASYNC" . Till now, we have not faced any performance issue.

In short, your risk definition is the key. If you define risk for non prod systems, your request may bomb.


Thanks & regards,

Bipul Kumar

Answers (0)