Clik here to view.
LDAP Advanced Diagnostic Tool (LADT)
The main goal of this report is to provide the GRC Access Control administrator with diagnostic of LDAPconnection and configuration. The report collects LDAP configuration data and compares to expected...
View ArticleClik here to view.
My First Firefighter
The main goal of this Screen Personas flavor My First Firefighter, is to provide the GRC Access Control administrator with diagnostic of firefighter configuration. The flavor collects firefighter...
View ArticleRepository sync is not updating GRACUSERCONN
Some customers are expiring the following issue after upgrade to GRC 10.1 SP 10 and SP11: Despite repository sync job is completed without any dumps the table GRACUSERCONN is not updated, To solve this...
View ArticleMigration from RBE data to GRC Action Usage
Sometimes you have an idea that resonates with others but you do not realize the complete requirements until you have exactly what you asked for. Such is the case when GRC Access Control 10 was being...
View ArticleClik here to view.
Security Weaver’s Process Auditor - Developer's Observations (Part 1)
Hello! This blog pertains to Security Weaver’s utility Process Auditor. I recently had the opportunity to work with Security Weaver’s Process Auditor (or PA). In summary, PA is a utility that will...
View ArticleClik here to view.
Security Weaver’s Process Auditor - Developer's Observations (Part 2)
This post is a continuation of Security Weaver’s Process Auditor - Developer's Observations (Part 1) g. How to Debug the Alert GenerationThis section will show where areas of the generated program to...
View ArticleClik here to view.
Risk Terminator
Risk terminator is a ‘hidden’ feature of SAP GRC Access Control that can be used to analyze roles and users assignments on access risks in the backend system. Depending on the GRC configuration risk...
View ArticleThe challenges of GRC 10 Access Control "ownership"
I have sat on both sides of the table: I have been the consultant working with clients to implement SAP GRC Access Control components, and I have been a customer member of the project teams. In...
View ArticleClik here to view.
Simple illustration of Risk MC for only one set of T-codes.
I have illustrated to Mitigate one set of T-code . I have assumed function Id is not being shared with other risk ID if it does then Z risks will be created as equal to no of shares respectively
View ArticleLast 5 SAP Notes of Access Control realeased to customer (Weekly)
This is a weekly blog that will have the 5 last SAP Notes of Access Control corrections released to customer by SAP! 1 - 2271800 - Full Name column is empty in Mitigated User Organization Rule...
View ArticleClik here to view.
Replacement of Deleted users
Scenario: There can be terminated users whose user id has been locked with security administrative lock and all roles are removed from the account or maybe they are completely removed from the system...
View ArticleClik here to view.
SAPinsider's Financials 2016 and GRC 2016 conferences are just weeks away!
I am looking forward to presenting "The Road Ahead: Practical Options for Extending your Investment Beyond SAP Access Control" at the SAPinsider GRC 2016 event. This session will describe the...
View ArticleRepository sync is not updating GRACUSERCONN
Some customers are experiencing the following issue after upgrade to GRC 10.1 SP 10 and SP11: Despite repository sync job is completed without any dumps the table GRACUSERCONN is not updated, To solve...
View ArticleLast 5 SAP Notes of Access Control realeased to customer (Weekly)
This is a weekly blog that will have the 5 last SAP Notes of Access Control corrections released to customer by SAP! 1 - 2269665 - Central Controller is misspelled in the Access Control Owners screen...
View ArticleClik here to view.
Measuring Performance of the Three Lines of Defense
The Three Lines of Defense concept was first introduced in 2006 as a proposal for better equipping audit committees. Figure 1 below is a simple illustration of how it is supposed to workIs it...
View ArticleClik here to view.
Risk Terminator – GRC 10/10.1
IntroductionRisk Terminator provides a framework where Risk analysis can be triggered during User and Role maintenance activities using SU01, SU10 and PFCG directly in the plug-in system. Key Concept...
View ArticleRepository sync is not updating GRACUSERCONN
Some customers are experiencing the following issue after upgrade to GRC 10.1 SP 10 and SP11: Despite repository sync job is completed without any dumps the table GRACUSERCONN is not updated, To solve...
View ArticleLast 5 SAP Notes of Access Control realeased to customer
This is a weekly blog that will have the 5 last SAP Notes of Access Control corrections released to customer by SAP! 1 - 2275603 - Existing User Assignment GRC Web Service GRAC_IDM_USER_BUSROLE_DETAIL...
View Article