Professional Documents
Culture Documents
Applies to:
SAP R/3 4.6, 4.7, ECC 5.0, ECC 6.0, SAP GRC Access Control 5.X. For more information, visit the Governance, Risk, and Compliance homepage.
Summary
The Article tries to emphasize on the concept of Derived role and how it is beneficial to address the Governance, Risk and Compliance issues. Role Management is a part of Security Administration and with the Derived Role concept it makes the process much easier, where there are many cost centers, sales organisations and different plant locations. The article would be helpful for the Security consultants as well the GRC Experts for reference. Author: Gurugobinda Harichandan Parida
Author Bio
A Gurugobinda Harichandan Parida is a GRC Consultant, working for HCL-AXON.
Table of Contents
Introduction .........................................................................................................................................................3 What is derived Role?.........................................................................................................................................3
A Sample Master Role for General Ledger: .................................................................................................................5 Creation of a sample child role:....................................................................................................................................5 Sample Derived Role Showing the Organizational levels: ...........................................................................................5
Need of Derived Role .........................................................................................................................................6 Business Benefits of Derived Role: ....................................................................................................................7 Related Content..................................................................................................................................................7 Disclaimer and Liability Notice............................................................................................................................8
Introduction
Corporate Governance, Risk Management and Compliance (GRC) issues are very important buzzword in todays vulnerable business world. Corporate houses, especially in the bigger one, this is more difficult to manage, though it affects all the enterprises irrespective of their size and turnover. From the view point of corporate Governance, risk management and compliance issues; SAP Role Management always plays a pivotal role, which affects the organizational structure as a whole. It is very much essential to segregate the responsibilities and authorizations. In the limelight of Enron crash in 2001, the US Govt. was forced to enact a law with stringent norms, to check irregularities and fraudulent activities. The outcome was the SarbanesOxley Act of 2002, which stresses much on the segregation of duties for better accountability and corporate governance. Management of Role became more complex, difficult, time consuming and norms to be followed were very stringent. Automation of security activities are prime concern for any organisation. To comply with the Governance, Risk and Compliance guidelines, it is very important to manage the roles in such a manner, which do not have SoD violations. Concept of Derived Role is an attempt towards automating the process of Role Management. Though it is not an automated tool, still reduces the time and cost for Role Management significantly. Potential risk level is minimal and so as the approval steps also. You can use an existing role as reference role when creating a child role. The system transfers the transactions in on one role to a new role, one that remains dependent on the first. Derived Role is a Reliable way of creating multiple roles easily and within less time comparatively to the creation of new roles. Especially it is very useful for Organisations having operations in multiple GEOs and many plant locations.
In SAP level, the tables PARENT_AGR and AGR_DEFINE Contains the Derived Roles and the Parent Role-Child Role relationship.
There are different types of Organizational levels in the role that can be maintained when deriving a role from a master role. They are as follows:
Account type ($KOART), Business Area ($GSBER), Company Code ($BUKRS), Controlling Area ($KOKRS), Credit Control Area($KKBER), Distribution Channel ($VTWEG), Division ($SPART), Maintenance Planning Plant ($IWERK), Maintenance Plant ($SWERK), Operating Concern( $ERKRS), Plan Version ($PLVAR), Plant($WERKS), Profit Centre ($PRCTR), Purchasing Group ($EKGRP), Purchasing Organisation ($EKORG), Sales Group ($VKGRP), Sales Office($VKBUR), Sales Organisation ($VKORG), Shipping Point ($VSTEL), Storage Type ($LGTYP), Transportation Planning Point ($TPLST), Valuation Area ($BWKEY), Warehouse Number ($LGNUM), Work Centre ($ARBPL).
How to Improve Compliance through Derived Role: The derived Role concept made the role maintainance precedure hasselfree, and lessen the risk level involved in the creation of a new role. During the process of new role creation, it is to be thoroughly checked, what are the risks involved in that and what is the level of risk. SoD violations needs to be checked properly. Every time you create a role, the same procedure need to be followed. And in organisations having different plants in different locations etc, the level of risk involved is very high. Maintainance of Role is also a time consuming process. With the derived role, the process is simple, time-efficient and minimizes the level of risk. No need to be worried for risks involved in the deriived roles. Because if the parent role or template role doesnt have any SoD vilations, then the child roles also must not violate the SoD, thus minimizing the risk level and makes the whole procedure simple, time-efficient and hasselfree. With the GRC Access Control, the maintenance of Derived Role is more comfortable, less risk prone and more time-effective. To assess the risk level is easier and hassle free.
Related Content
https://www.sdn.sap.com/irj/sdn http://www.sapsecurityonline.com/ http://help.sap.com/saphelp_bw21c/helpdata/en/1c/c38028816c11d396bc0000e82de14a/content.htm For more information, visit the Governance, Risk, and Compliance homepage.