Thursday, September 26, 2013

GRC access control 10.1


Hi Friends,
It's been long time I have visited my blog , busy with an implementation of GRC10 , by the time we finished couple of implementations on GRC 10,  SAP again come up with another version GRC 10.1 , have read many documents and found following ppt is really worth reading it , Catch you again soon.




Wednesday, February 6, 2013

SAP HANA Analytics Foundation for SAP Solutions for GRC


There is an article in help.sap .com which talks about SAP HANA vs SAP GRC 10.0 , and they have nicely given the different reports we can get through HANA for Access Requests , Access Risks , Emergency Access

 Here are the details
Implementation Considerations : 
You install this software component as an add-on for SAP HANA. To use the virtual data model described in this documentation you need to run SAP GRC Access Control 10.0 or higher.
More Information : 
For more information about this product and a complete list of other add-ons available, see http://help.sap.com/hba.
You can access technical details for every view in the auto documentation. To create the auto documentation proceed as follows:
1.     In the SAP HANA Studio Modeler perspective, start Auto Documentation from the central frame.
2.     Choose the package and press Add.
3.     Enter a target location path and press Finish.
One PDF document for each view is created in the given path using the view names as file names.

Access Requests

 This virtual data model provides the prerequisites for analyzing the data generated during creation and processing of access requests. Based on this virtual data model, you can generate reports to answer the following business questions.
·         How many access requests were created for the last three months?
·         What types of access requests were created: User Access, reviews of Segregation of Duties, Emergency Access?
·         What was the length of time for the access requests to be completed for the last five months?
·         What access requests are still pending? How long have they been open?
·         How many users and roles were provisioned for the last four months?
·         What are the most frequently requested roles?
·         What are the service level agreements for the requests?

Access Risks:

 This virtual data model provides the (building blocks) prerequisites for creating ad hoc reports for analyzing the access risks, access risk violations, incidents of SoD risk and mitigating control risk violations, org rules, mitigating controls, actions, functions, critical actions/roles/profiles, action usage, incidents, Segregation of Duties (SoD) and user access risk. Analysis areas include risks library, rules library, users, roles
Based on this virtual data model, you can generate reports to answer the following business questions.
·         What are the access risk violations over the past six months?
·         What are the risk violations for a specific role?
·         What mitigating activities have been performed over the past three months?
·         What unmitigated risks exist in the system?
·         What is the history for SoD reviews?
·         What is the history for user access reviews?

Emergency Access

 This virtual data model provides the prerequisites for analyzing the data generated during emergency access and firefighting sessions. Based on this virtual data model, you can generate reports to answer the following business questions.
·         Who has performed emergency access activities for the past month?
·         What activities did they perform during the emergency access?
·         For what reasons did they perform emergency access?
·         What systems were accessed?
·         Who approved the emergency access?
·         What was the length of time emergency access was required?