Page 1 of 1

GRC V10 Connectors to non sap systems

Posted: Fri Oct 25, 2013 5:28 am
by AToomey
To use SAP GRC to analyse SoD, Provision / remove access and also Firefighter type provisioning / monitoring.

Firstly - I know that 'GreenLight' can do this ..

But has anyone found any alternative vendors who can do this or as an alternative has anyone made
a custom development and integrated the data themselves. What was involved ?

Re: GRC V10 Connectors to non sap systems

Posted: Sat Dec 28, 2013 3:18 pm
by os
It depends on whether your vendor provides APIs to such functionality which is also secure.

Few do.... so if one does then it is highly likely to be a hack.

Good ones will provide APIs with switches to turn them on and check their own customizing to validate imported values. Again here... few do.

Re: GRC V10 Connectors to non sap systems

Posted: Fri Apr 11, 2014 4:37 pm
by Gary Morris
Yes. Create transactions and the required authorization object to successfully complete a function and give it an Authorization ID in RSUSR009_NEW. Create Variants to combine these funtional authorization IDs into SOD combinations and then audit for them.
Schedule it to run at night in background and email the report
Maintain a list of authorized FFID users and Log reviewers.
Create a role that will allow a Firefighter on the list to assign themselves a particular role only.
Create an alert to send an email to the Log reviewer if the person assigns themselves the role.
You can keep your company continuously compliant if you spend enough time tweaking the SKRIA tables associated with the RSUSR009_NEW program. It takes a lot of work, but so does configuring GRC or any other 3rd party tool to audit your specific needs. Never tell a client they need to buy a 3rd party tool to stay on top of SOD compliance, it is not true. You can create Web based workflows that can connect to SAP and actually assign a role if approved as well.
Is it faster to just purchase a third party tool? Not really. My experience is that I have configured RSUSR009_NEW and additonal custom programs and alerts in about the same time it takes to get GRC implemented. I have seen more than one client purchase third party tools for SOD compliance and not have it implemented 2 years later for lack of support from all the internal members involved in using it. Not saying GRC is not a good solution, I think it is the best and will continue to get better, but does someone HAVE to implement this to get control? NO!

Re: GRC V10 Connectors to non sap systems

Posted: Tue Apr 22, 2014 2:38 am
by Al.
Hi Gary,

This post was more about connecting SAP GRC to another non-SAP system.


btw, I agree that spending on tools is not mandatory for achieving control and investment does not automatically give control. In your example of customer adoption, the same would apply to 3rd party tools, RSUSR009_NEW and anything in between.