cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configure business rules

Former Member

on ‎06-19-2010 12:37 AM

0 Kudos

Hello

I have had conflicting information so once and for all I want to clear my doubt

someone said you can't configure the business rules in GRC. When you install or upgrade RAR ( CC), you have to run the txt file and that's how you load the rules

Another person said you can configure based on the Client business process.

Q. How do I configure business rules according to Client's business processes?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎06-22-2010 6:50 PM
0 Kudos

Hello Jack O. Trades,

The standard business rules for RAR delivered by SAP are a good starting point; however, they are not intended to be the defacto rules for all customers. All customers I've met have customized the rule set to their business.

You can do this by activating/deactivating or changing the Business Functions and Risks. You can also add new Business Functions and Risks. Some customers have moved transactions around to different Business Functions than the originally delivered ones from SAP.

The rules and rule set are yours for the changing. BUT! (big but):

1. Don't stray too far from the delivered model, make deliberate notations about rule changes and why you changed them. Get second opinions before doing so. Your rule set is the most important peice of RAR and it's a nightmare to start over from scratch. Believe me, re-configuring customer rules are part of what keeps me busy as a consultant.

2. If you do modify the existing delivered rules, don't ever reload the delivered rule set. Currently, the ruleset import will overwrite your customization. Instead, if SAP delivers a new rule set, compare the new one with a current downloaded copy of the existing in MS Excel. Understand the differences and manually add the new additions as necessary.

Regarding the "how-to," there are various approaches but I've found the following to be helpful:

1. Understand technically how to make changes to the business functions and risks (get a copy of SAP's user guides and configuration manuals)

2. Understand the impact of making a change. What happens if you add/remove/inactivate a transaction in a business function? What risks will be impacted? Is a rule change necessary or is a mitigation a better option? Is the risk valid? Should the transaction be removed from the role or the role assignment from the user? and so on...

3. Never make the decision yourself (if you are an IT person), make sure you've considered the change with the business department (e.g. A/P) and with someone in Compliance/Internal Audit.

Show replies
Show replies
Former Member
‎06-21-2010 7:03 AM
0 Kudos

Hello

SAP delivers default rule set along with the GRC Access control software and this can be uploaded in configuration tab --> rules upload . These rules can be further customized to align with the client business process.

In addition, new rules can also be configured using the Rule Architeh tab by defining the components like Business processes, functions, rule sets and risks.

Hope this clarifies.

Regards

Swarna

Show replies
Show replies
Former Member
‎06-21-2010 5:43 PM
0 Kudos

Hi,

As Swarna mentioned, you can configure rules from both ways.

1) You can either upload the SAP standard ruleset or build your own ruleset by using the sap standard ruleset files for guidance.

2) You can build your own ruleset by going to rule architect.

Regards,

Alpesh

Ask a Question