Business Process Procedures

minceillusionInternet and Web Development

Jul 30, 2012 (5 years and 16 days ago)

266 views




SAP
GRC

Access
Control
5
.
3
0


December

200
9


English

















Risk Analysis and
Remediation
:
Risk
Terminator
-

Maintain
User Role

(678)






SAP AG

Dietmar
-
Hopp
-
Allee

16

69190 Walldorf

Germany

Business Process
Documentation


SAP Best Practices

Risk Analysis and Remediation
:
RT

-

Maintain User Role

(678)

-

BP
D





© SAP AG


Page
2

of
6

Copyright

© Copyright 200
9

SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the express
permissi
on of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software components of
other software vendors.

Microsoft, Windows, Outlook, and PowerPo
int are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400,
iSeries, pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli,
and Informix are
trademarks or registered trademarks of IBM Corporation.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, Wi
nFrame, VideoFrame, and MultiWin are trademarks or
registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web
Consortium, Massachusetts Institute of Technology.

Java is a registe
red trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and
implemented by Netscape.

MaxDB is a trademark of MySQL AB, Sweden.

SAP, R/3, mySAP, mySAP.com, xApps,
xApp, SAP NetWeaver, and other SAP products and services
mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in
Germany and in several other countries all over the world. All other product and service names
mentioned are
the trademarks of their respective companies. Data contained in this document serves informational purposes
only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by
SAP AG and its affiliated
companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and
SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP
Group pr
oducts and services are those that are set forth in the express warranty statements accompanying
such products and services, if any. Nothing herein should be construed as constituting an additional warranty.

SAP Best Practices

Risk Analysis and Remediation
:
RT

-

Maintain User Role

(678)

-

BP
D





© SAP AG


Page
3

of
6

Icons


Icon

Meaning


Caution


Example


No
te


Recommendation


Syntax



Typographic Conventions


Type Style

Description

Example text

Words or characters that appear on the screen. These include field
names, screen titles, pushbuttons as well as menu names, paths and
options.

Cross
-
references
to other documentation.

Example text

Emphasized words or phrases in body text, titles of graphics and tables.

EXAMPLE TEXT

Names of elements in the system. These include report names,
program names, transaction codes, table names, and individual key
word
s of a programming language, when surrounded by body text, for
example, SELECT and INCLUDE.

Example text

Screen output. This includes file and directory names and their paths,
messages, source code, names of variables and parameters as well as
names of in
stallation, upgrade and database tools.

EXAMPLE TEXT

Keys on the keyboard, for example, function keys (such as
F2
) or the
ENTER

key.

Example text

Exact user entry. These are words or characters that you enter in the
system exactly as they appear in the d
ocumentation.

<Example text>

Variable user entry. Pointed brackets indicate that you replace these
words and characters with appropriate entries.

SAP Best Practices

Risk Analysis and Remediation
:
RT

-

Maintain User Role

(678)

-

BP
D





© SAP AG


Page
4

of
6


Contents


Risk Analysis and Remediation:

................................
................................
................................
...........

5

1

Purpose

................................
................................
................................
................................
.........

5

2

Prerequisites
................................
................................
................................
................................
..

5

3

Process Steps

................................
................................
................................
...............................

5

3.1

Log into SAP ERP

................................
................................
................................
..................

5


SAP Best Practices

Risk Analysis and Remediation
:
RT

-

Maintain User Role

(678)

-

BP
D





© SAP AG


Page
5

of
6


Risk Analysis and Remediation
:

Risk Terminator


Maintain User Role

1

P
urpose

Risk Terminator is
functionality

within Risk Analysis and Remediation that provide
s real
-
time
reporting during role management and user assignment. Risk terminator does the analysis on
permission and action
level whenever a new role is created in PFCG
(Profile Generator)
or is
assigned to a user in SU01

(Maintain User Master)
.
R
isks
c
an be mitigated if found while
maintaining roles or users.

The first scenario is to maintain
a
security
role.

2

P
rerequisites

Building blocks 678
.1, 678.2

and 678.3 are complete.

You have entered the master data required to go through the procedures of
this scenario. Ensure
that the following scenario
-
specific master data exists before you test this scenario:

User Name

Role

Initial Roles Assigned

John
Murphy
(
JMURPHY
)

Security Administrator

VS_
USER_ADMIN

3

Process Steps

3.1

Log in
to SAP
E
RP

Use

The r
ole ow
ner of VS_FI_ACCOUNTS_PAYABLE_CLERK
submits

a

request to add F
-
43 to the
r
ole
.
The security administrator (John Murphy) log
s

on to SAP E
RP to make the change.
Risk
terminator automatically provides real
-
time
reports when a role is changed.

Prerequisite

Joh
n Murphy (
user
-
id
JMURPHY

and password initial2
) log
s

on to SAP E
RP

as a security
administrator to perform
a
role
change.

Procedure

1.

In SAP E
RP
, access
the transaction
PFCG
.

2.

E
nter
the r
ole
VS_FI_ACCOUNTS_PAYABLE_CLERK
; and
choose the
Change

button.

3.

Choose

the
Menu

tab.

4.

Choose

to
a
dd
t
ransaction(s)
.

SAP Best Practices

Risk Analysis and Remediation
:
RT

-

Maintain User Role

(678)

-

BP
D





© SAP AG


Page
6

of
6

5.

Enter
F
-
43

and select
Assign Transactions
.

6.

C
hoose
the
Authorizations

tab

and
then select
Change Authorization data
.

7.

Confirm the
Save the role

dialog box.
SOD analysis will be performed here at the
transaction
code level and results shown.


If you do not get a
violation
report, check the SAP Adapter Server in
Risk Analysis and
Remediation.
If you restart your
server,
ensure that you restart the SAP Adapter in
Risk
Analysis and Remediation
. To do so, choose
the
grey diamond
icon.
The grey diamond icon
must turn green.


8.

Choose
the
Continue
Profile
generation

button
.

9.

In the
Risk Terminator Warning

dialog box, choose the
Continue

button.

10.

In the
Change role:
authorizations

screen, click on the yellow icons and
in th
e dialog box that
appears, choose the
Execute (Enter)

button. F
ull authorizations
are now assigned
.
Do for all
open authorizations until all show green
.

11.

Choose the
Save

button and then
choose
.

SOD analysis will be performed here at the
permission
level an
d results shown.

12.

Choose
the
Continue Profile generation

button
.


The system is configured to allow profile generation even with SoD violations. You need to
consult with your business process owner to determine whether this setting should be
changed in yo
ur production environment.

13.

In the
Risk Terminator Warning

dialog box, choose the
Generate
button.

14.

In the
Risk Terminator
Comment
dialog box, enter a reason for the violation and choose the
Continue

button.

15.

Choose the
Save

button.

Result

The role is
m
aint
ain
ed
.