Skip to Content
avatar image
Former Member

GRC AC 10.0 Risk Analysis -Risk Terminator Vs BRM-Role Management

Hi All,

After having seen the configuration for Risk Analysis- Risk Terminator and Role Management , I observed that there is very little difference for eg parameters 1085 and 3011 ,3014 . If we configure all three parameters to TRUE which one would take effect ?Can anyone let us know under what circumstances we must configure RT and Role Management . BRM to has a whole lot of new features which supercede RT.

Best Regards,

Vishal

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Oct 14, 2011 at 03:15 PM

    Hi Vishal,

    The parameters will be invoked in different scenarios. 1085 is specific to when roles are generated in the SAP Backend system using risk terminator and therefore this will have no impact if you are using BRM to generate the roles.

    3011 & 3014 are specific to BRM and govern different behaviours. 3011 will facilitate the risk analysis prior to triggering the generation steps in the methodology and 3014 will allow the roles to be generated despite any permission risks that are returned.

    They are not exclusive and actually work together. For instance, you may want to have a block on generation of roles when there are open conflicts identified and therefore you should have 3011 set to YES and 3014 set to NO. If both are set to YES, then you could propagate conflicts in the roles.

    You can use Risk Terminator if you wish to continue to develop roles within the SAP system itself rather than to rely on the GRC BRM system wholly.

    There are still wide discussions and differing opinions about which represents the best approach for this and so it depends on your organisation as to which process you follow.

    The parameter descriptions in question are:

    1085 - Stop Role Generation if violations exist

    3011 - Conduct Risk Analysis before Role Generation

    3014 - Allow role generation with Permission Level violations

    Regards, Simon

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Simon Persin

      Hi Simon,

      I have a question in relation to that, during the Access risk Analysis Methodology stage during Business Role updates i am not able to Select the Option User or Business Role checkbox Under Select Options for Impact analysis this item is freezed.

      Do you know any setting by which we can enable this Parameter??.

      Thanks,

      Ravi