Skip to Content
avatar image
Former Member

Creating new roles for AC implementation

Currently we are having lot of roles with thousand of transactions which definitely creating a lot of SOD conflict. We are planning to implement GRC Access control.

I would like to know whether before we implement Access control, we should create new roles from scratch with only required transaction as this help us in performing risk analysis as less SOD conflict will exist. Or it will be better to first implement Access control and than upload the existing roles and perform risk analysis. Though I believe this will through a lot of conflicts and cleaning them would be a hectic task.

Please someone can suggest from his experience which is a better strategy. Also would like to know of any best practices you follow from security point of view before or during the Access control implementation.

Thanks,

Sanjay

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 20, 2010 at 06:39 AM

    Hi Sanjay,

    Second approach is better.

    Implement AC and then clean your roles. (that is one of the reason, you are implementing AC)

    Regards,

    Surpreet

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Sanjay,

      There are some notes by SAP to manage the perfomance issues in RAR. Please take a look at note 1121978.

      Regards,

      Chinmaya

  • avatar image
    Former Member
    Dec 20, 2010 at 05:41 PM

    Hi ,

    GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.

    Thanks & Regards

    Umashankar Tekumudi

    SAP GRC Consultant

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 20, 2010 at 05:41 PM

    Hi ,

    GRC 300 having the details of SOD Management process for GRC implementation, that is the best way for implementation approach, may be you can take authorization clean up as the separate project apart from GRC implementation.

    Thanks & Regards

    Umashankar Tekumudi

    SAP GRC Consultant

    Add comment
    10|10000 characters needed characters exceeded