Escolar Documentos
Profissional Documentos
Cultura Documentos
Written by Gloria Johnson Thursday, 21 January 2010 18:02 - Last Updated Sunday, 28 March 2010 10:03
- /VIRSAZVFATBAK
- SM37
1 / 32
- User Based Fire Fighter ID because of User Traceability, Accountability with owner
and controller and also considered as best practice for audit purposes.
- FFID will work only one at a time, If other users want to login they need to wait for the User who has already logged in FFID (User Logged with FFID will get message prompt Another User is attempting to login using FFID, Do you want to end session or continue
- schedule the job , fill in all the details as asked in sm37 , then go to menu , save variant as :
Give it name.
Save it.
2 / 32
- Make Org Rule Setting = Yes in Configuration under additional setting and schedule the batch risk analysis jobs again
- Global Rule Set, Also if you need Custom Rule Set it can be created.
3 / 32
11. How can we have Custom rule set for Org level along with Global rule set in CC?
- Go to Configuration -> Yes then do mapping along with Global rule set. For eg: If you have company code for India we can do Org level rule set for this scenario.
{pub}Login To see Full Text{/pub} {reg} - Go to mitigation control Sales Check for business process Sales.
- You have to check IGS (Internet Graphic Server) is properly set. If not the basis will do IGS setting.
4 / 32
- Critical actions and permission are set in Alerts, So whenever user runs Critical transactions, An alert is sent to user and business owner.
15. What is the process for manually generating Rule Set in CC?
- Tab Rule Architect Function Create Func1 with Tcodes and Func2 with tcodes then save. Put these functions in Business process then do mapping with functions and Risk ID and henceforth Rule is generated.
16. What if auditors are sitting with you and found conflicts in 5 roles in CC?
- Will do simulation and check each role, usually single role simulation will not generate any conflict compare to combining 5 roles simulation.
- No, Risk ID cannot have multiple controls but it can be vice versa.
5 / 32
-1044173 GRC
-1044174 GRC
19. What could be the reason if you cant see authobject in CC and specify solution for this?
- You need to upload the files from two programs in SAP system.
The programs end with Sapobj and Sapobt. (Refer to CC post installation steps for details)
6 / 32
- Configuration challenges.
- Performance issue
- Management reports
- RT comes along with CC; the config part is done in backend (SAP) level.
7 / 32
- SAP, LDAP, UME, Portal, Legacy Systems- (Adapter is must for legacy systems to connect with AE)
- For this both the initiators value should be unique if not Change values of both initiators.
8 / 32
27. What is the reason if emails are not received or sent in AE?
28. How familiar are you with remediation in AE other than CC?
PS: If you dont do risk analysis in AE and its already done in CC, you will face audit issues as in CC it will show no conflicts but in AE it will show conflicts.
9 / 32
--It is when the web shows what are the steps / stages within the workflow. The entire WF is shown in pictorial guide, where you can see what steps follow your current step.
--Yes. If we have to customize rules, we need functional people from each functional module like SD, FI, MM to let us know what is critical for their business and what is their process, we can guide them but matter they have to provide.
--Auditors
Manager
Security
10 / 32
--NO
Mitigation Reaffirm
- Cross Platform :
11 / 32
SoD risk analysis and compliant provisioning for SAP Enterprise Portal and UME 35. Does RE generate Roles as well in backend?
--Hourly.
12 / 32
38.Types of FF users ?
--Administrator, Owner and Firefighter, Another type of user is Controller which is assigned owner role.
39 Type of FF reports?
Reason/Activity Report
13 / 32
-- Usually Yes, but it would work on separate servers as well but recommendation is same java stack for all 4 web products.
--You can mitigate risk at User level & role level by running risk analysis.
The Tcodes having SOD conflicts can be removed or assign a mitigating controls.
14 / 32
--
45. Hardware requirements for entire GRC suite to be installed on same server?
--
--
15 / 32
--
--Archiving is done through Conversion Utility; it converts tables of 5.2 as per schema of 5.3
49. What are 3 roles in AE used to distinguish between users and their job roles?
-- User Management Engine -With UME you can leverage existing user data repositories in your system infrastructure by connecting to them using configurable persistence adapters. You can read data from and write data to multiple data sources in parallel.
16 / 32
--
17 / 32
-- Sun IDM, SAP IDM, Novell, LDAP Active Directory, IBM Tivoli.
--Service which enables AE end users to directly change their password without having to create a request.
--
18 / 32
-- Yes
60. Which all products does CUP integrate within GRC suite?
-- To login in all GRC products URLs are in single Launchpad and it is available in 5.3
19 / 32
-- Config miscellaneous
-- Config miscellaneous
20 / 32
--
-- English
21 / 32
--
-- Install RTAs on backend, Activate BC sets, In front end you need to create connectors.
--
22 / 32
--
--
-- Connectors, Connectors Name, Workflow, Initiators, Role imports, Request Creation, Integration with CC during Risk Analysis
--ERM is used for Reporting, Audit. It integrates with AE (Role Creation Workflow), Pro-active approach before the roles are created and assigned to check SODs
23 / 32
--
--Refer: Guide
24 / 32
It supports all systems but there is no rule set for MDM and BI
It is not the part of the software but you have to get externally
25 / 32
-- End-users, Auditors, Security, Business process, Owner and for Basis Installation.
26 / 32
-- For CC you need Security Architect & Business process owner (Finance, Sales).
-- If a user has access to multiple environment for e.g. HR,R3,SRMand have different role for different environment so he wants to analysis on that particular user then it is called cross system analysis ( only for User).
Yes
27 / 32
SM59
Communication User.
96. What is maximum number of Workflows that AE application can allow you to create
It is always to have minimum number of work flow from 56 but organization can have as many they want.
28 / 32
97. Any basic WF you have made in the past? How did u reach decision of creating that particular WF.
Follow the flow chart and further take the help of the Management.
--
29 / 32
102. We have SAP MDM system, does GRC have rule set for that?
1) Yes. 2) No.
No.
Default rule set given by which has everything. Almost all Txn & AObject covered.
30 / 32
Virsa/ZVRAT
106. What do you mean when we say we need to upgrade java package?
You need to upgrade the 5x of the web based side and not the RTA.
31 / 32
32 / 32