Skip to Content
avatar image
Former Member

Migarting from Approva to SAP GRC AC 5.3

Hello All,

One of our client using Approva applications now they are planning to move to SAP GRC Access Controls 5.3, so kindly help me or guide he how I proceed.

Key doubts u2013

1-How we upload rules in RAR, because we downloaded the rules from Approva.

2-Creation of mitigation controls etc.

It would be great if some share some documents related to above.

Thanks,

Jagat

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    Jan 18, 2011 at 11:12 AM

    Hi,

    the GRC AC 5.3 Configuration Guide has descriptions for rule set import templates. You can also import the mitigating controls.

    The main challenge will be to translate the rule set into the corresponding SAP terminology:

    - Risks (description, control target, owner, level, type, functions)

    - Functions (system specific tcodes & auth objects)

    This should be done by someone who knows a bit about GRC to make sure it creates the same level of analysis, and ideally the same results.

    Frank.

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Jagat,

      Once your GRC system is configured. You have to follow the following steps:

      1. Create system connector

      2. Define Master User Source

      3. Upload text & authorization objects. (Follow the AC53 Configuration guide to download these files from backend)

      4. Now as Frank has suggested you have to convert the downloaded Apporava files to .txt files. There are 9 .txt files you have to create:

      1. Business Process

      BusinessProcessId (CHAR 4) LANGUAGE (CHAR 2) DESCRIPTION LANGUAGE (CHAR 120)

      *fileds are TAB seperated

      2. Function

      FUNCTION ID (CHAR 8) LANGUAGE (CHAR 2) DESCRIPTION LANGUAGE (CHAR 120) FUNCTION SCOPE (CHAR 1 (S:Single System, C: Cross System))

      3. Function-Business Process

      FUNCTION ID (CHAR 8) BusinessProcessId (CHAR 4)

      4. Function-Action

      FUNCTION ID (CHAR 8) TRANSACTION(CHAR 20) STATUS (NUMC 1 (0 or 1))

      5. Function-Permission

      FUNCTION ID (CHAR 8) T-CODE (CHAR 20) OBJECT(CHAR 10) FIELD(CHAR 10) FROM VALUE(CHAR 40) TO VALUE(CHAR 40) SEARCH TYPE(CHAR3 (AND,OR,NOT)) STATUS (NUMC 1 (0 or 1))

      6. Rule Set

      RuleSetId (CHAR 8) LANGUAGE (CHAR 2) DESCRIPTION (CHAR 132)

      7. Risk ID

      RISKID (CHAR 4) FUNCTION_1_ID (CHAR 8) FUNCTION_2_ID (CHAR 8) FUNCTION_3_ID (CHAR 8) FUNCTION_4_ID (CHAR 8) FUNCTION_5_ID (CHAR 8) BusinessProcessId (CHAR 4) PRIORITYDESCRIPTION (NUMC 1 (0=Medium

      1=High 2=Low 3=Critical)) STATUS (NUMC 1 (0 or 1)) RISKTYPE (CHAR 1 (1=SoD 2=Critical Action 3=Critical Permission))

      8. Risk Description

      RISKID (CHAR 4) LANGUAGE (CHAR 2) RISKDESCRIPTION (CHAR 132) DETAILDESCRIPTION (CHAR 1000) CONTROLOBJECTIVE (CHAR 1000)

      9. RISK_RULESET

      RISKID (CHAR 4) RuleSetId (CHAR 8)

      • For more information on templates follow the configuration guide.

      Upload these files and generate the rules.

      Hope with this you will be able to continue.

      Thanks & Regards,

      Jitan