cancel
Showing results for 
Search instead for 
Did you mean: 

Creating new roles for AC implementation

Former Member
0 Kudos

Currently we are having lot of roles with thousand of transactions which definitely creating a lot of SOD conflict. We are planning to implement GRC Access control.

I would like to know whether before we implement Access control, we should create new roles from scratch with only required transaction as this help us in performing risk analysis as less SOD conflict will exist. Or it will be better to first implement Access control and than upload the existing roles and perform risk analysis. Though I believe this will through a lot of conflicts and cleaning them would be a hectic task.

Please someone can suggest from his experience which is a better strategy. Also would like to know of any best practices you follow from security point of view before or during the Access control implementation.

Thanks,

Sanjay

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Sanjay,

Second approach is better.

Implement AC and then clean your roles. (that is one of the reason, you are implementing AC)

Regards,

Surpreet

Former Member
0 Kudos

Surpreet,

Thanks for the reply. Your answer seems logical to me, But i was concerned as currently some of the roles have thousand of transactions so performing risk analysis will be consuming a lot of resources. This might also cause RAR to hang up and might cause further performance issues.

Sanjay

Former Member
0 Kudos

Hi Sanjay,

There are some notes by SAP to manage the perfomance issues in RAR. Please take a look at note 1121978.

Regards,

Chinmaya

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi ,

GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.

Thanks & Regards

Umashankar Tekumudi

SAP GRC Consultant

Former Member
0 Kudos

Hi ,

GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.

Thanks & Regards

Umashankar Tekumudi

SAP GRC Consultant