Skip to Content
author's profile photo Former Member
Former Member

Creating new roles for AC implementation

Currently we are having lot of roles with thousand of transactions which definitely creating a lot of SOD conflict. We are planning to implement GRC Access control.

I would like to know whether before we implement Access control, we should create new roles from scratch with only required transaction as this help us in performing risk analysis as less SOD conflict will exist. Or it will be better to first implement Access control and than upload the existing roles and perform risk analysis. Though I believe this will through a lot of conflicts and cleaning them would be a hectic task.

Please someone can suggest from his experience which is a better strategy. Also would like to know of any best practices you follow from security point of view before or during the Access control implementation.

Thanks,

Sanjay

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Dec 20, 2010 at 06:39 AM

    Hi Sanjay,

    Second approach is better.

    Implement AC and then clean your roles. (that is one of the reason, you are implementing AC)

    Regards,

    Surpreet

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 20, 2010 at 05:41 PM

    Hi ,

    GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.

    Thanks & Regards

    Umashankar Tekumudi

    SAP GRC Consultant

    Add a comment
    10|10000 characters needed characters exceeded

  • author's profile photo Former Member
    Former Member
    Posted on Dec 20, 2010 at 05:41 PM

    Hi ,

    GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.

    Thanks & Regards

    Umashankar Tekumudi

    SAP GRC Consultant

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.