on 01-30-2019 2:52 PM
We are looking a solution to run Risks Analysis for SAP Ariba authorization (Group and permission).
Our idea is to use SAP ECC system as intermediary step recreating in ABAP language the SAP Ariba group and actions.
What do you suggest? Have you ever done this?
Hi Ryan,
I have implemented ARIBA SoD rules for one of our client.
Following approach was taken:
- User and User Groups from ARIBA were updated to GRC repository tables (Exported User and User Groups to CSV file and then loaded to GRC repository tables through a upload program)
E.g. Purchasing Agent is a User Group in ARIBA for which following are the details that are uploaded to GRC.
User A - Role (Receiving Agent) - Action (Receiving Agent) - Permissions (Not required)
GRC repository tables have been updated with ARIBA roles and Actions.
Finally in the ruleset, functions are defined with System specific actions (e.g. Goods Receipt function has ECC transactions MIGO, FB08 and ARIBA actions Receiving Agent) and then the ruleset which has ECC and ARIBA actions was used to run risk analysis.
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
please refer to OSS 1594963 providing detailed input
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Do you know how can I implement the rule set and enter in Action column the permission of ariba? How does the system recognize it?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ryan,
I have mentioned the details in this blog. Please check.
https://blogs.sap.com/2019/04/30/grc-10.010.112.0-grc-manual-provisioning-for-non-sap-systems/
Regards,
Madhu
Ryan,
You could also use SAP Greenlight Connector for ARIBA.
Thanks
Ramesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Madhu.
What program did you use to load in the repository tables? Custom Program?
How does the system recognize the action : Receiving Agent and not a transaction?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
15 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.