Professional Documents
Culture Documents
Role Owners will carry out the following tasks as part of their GRC-related responsibilities:
Identify potential access changes, aligned to the business area’s functions, organization and
Segregation of Duties requirements.
o New or amended role definition.
Assist the SOD Coordinator with the assessment of new risks associated with proposed changes
Formally request Production access changes (role activation and user/role assignment) when the
GRC risk analysis is completed and documented.
Manage changes to SAP access from the MIT RolesDatabase , where appropriate. Note: there is
usually no SAP Security Admin involvement in this step for existing provisioning.
Request assignment of users to Firefighter roles in GRC.
Advise SAP Security of any Transfer Out / Termination
Conduct regular reviews of
o Roles for the business area – who has them
o Users per business area – what Risk/ Mitigation combinations are assigned
Monitor access logs for business user "FireFighter" and IS&T Support role usage
Responsibilities Reference
REPORTS PROCESS
05 SUIM Roles (select by Role name) 3 and “Ad hoc”
Single Roles assigned to Composite Roles
Tcodes assigned to roles
06 User to Role Relationship 2 and 5
Users assigned to a role
07 Role Relationship with User / User Group 1, 2 and 5
Roles assigned to users or all users in the user group
08 SUIM Users (select by User Id) 3 and “Ad hoc”
Compare role assignment for two or more users
09 Count Authorization for Users 5
10 Action usage by User, Role and Profile 1 and “Ad hoc”
11 Mitigation Control report (list of Mitigation Controls) Ad hoc and 2
12 User Level Risk Analysis report Run by BA or
Analyze for SOD per user or user group SOD Controller:
Analyze assignment of Mitigating Controls to 2 and 5
Risk/User combinations.