cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

sap security & GRC

former_member728140
Discoverer

on ‎11-13-2020 2:12 PM

Hi,

Just refreshing on my SAP Security skills and had a question.


With regard to the SAP GRC Solution, when modelling a role, I believe the software highlights any Sod conflicts. Once the conflicts are highlighted, does GRC in anyway assist in redesigning the role? I assume the role has to be split so the conflicts are seperated (unless risk accepted), what approach has to be taken to then map these roles to users ensuring the users do not have any toxic combinations assigned to them? Does GRC assist in this activity?

Thanks in advance,

Tom

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member612251
Participant
‎11-14-2020 12:44 AM
0 Kudos

No it doesn't Tom, it just gives you the conflicts of the tcodes/fiori apps that need to be split out into their own roles....I wish it did what you're looking for 🙂 Users will have toxic combinations as you say, but as long as the role itself is clean, the business can then decide on the risk of the user.

Show replies
Show replies
former_member728140
Discoverer
‎11-14-2020 10:18 AM
0 Kudos

Cheers Michael, can I ask what you mean as ‘clean’ if the role does include toxic combos?

former_member612251
Participant
‎11-14-2020 1:58 PM
0 Kudos

For instance, if you have a Time Administrator/PA user, and the role has authorizations to both amend time and run payroll, this would flag as a violation as a user could amend someones time and pay them with the same role, so you would have to split the time evaluation into 1 role and the authorizations to run payroll into another, ultimately if the business want this user to have both roles then its down to them to sign off on this risk, but the roles themselves individually are clean.

Ask a Question