Professional Documents
Culture Documents
BC SETS: A Business Configuration set (BC Set) is a management tool which helps users to
record, save and share customized settings.
BC SET contains a standard data provided by SAP which all the configuration data populated
into tables.
T-Codes:
SICF: To see whether the ICF Services are has been activated or not
SWE2: SAP parameter transaction code that is used to maintain the contents of
Reports:
RS_APPL_REFRES : To make entries appear in SPRO
Tables:
SCPRACTP: To see whether the BC SETS has been activated or not
RFCDES: RFCDES is a standard SAP Table which is used to store Destination table for
Remote Function Call data and is available within R/3 SAP systems depending on the version
and release level.
Basis:
GRAC_Repository_Object_Sync
GRAC_Action_Usage_Sync
GRAC_PFCG_Authorization_Sync
ARA:
Grac_BATCH_Risk_Analysis
EAM:
GRAC_SPM_LOG_SYNC_Update
GRAC_SPM_SYNC
ARM:
GRFNMW_BATCH_EMAIL_REMINDER
SAP_GRC_FN_Business_User
SAP_GRAC_NWBC
GRAC_SPM_Criticality_level
T-Codes:
Tables:
GRACFFOWNER: FF Owners
Reports:
ADMIN User:
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_NWBC
SAP_GRAC_ALL
SAP_GRAC_Super_User_Mgmt_ADMIN
Owner:
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_Super_User_Mgmt_Owner
Controller:
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_Super_User_Mgmt_Cntlr
FF USER:
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_Super_User_Mgmt_User
SAP_GRAC_SPM_FFID
4002 & 4008 – Login Notifications (When FF User login to FFID and if they execute any
SOD Risk: If user having 2 or more conflicting actions which allows to commit a fraud
Critical Action: T-Code itself is risk (like SCC5, SM01 etc)
Critical Permission: Risk at field and values level (S_Develop, S_User_GRP with activity 02)
Process:
Create Ruleset
Tables:
GRACFUNC – Functions
1063 – SAP Change Log that is stored in the CDHDR/CDPOS tables. ... If this parameter is set
to YES then the Firefighter can use logon pad available in Missing: 1063 | Must
include: 1063
1064 – SAP Change Log that is stored in the CDHDR/CDPOS tables. ... If this parameter is set
to YES then the Firefighter can use logon pad available in Missing: 1063 | Must
include: 1063
Users in ARA:
Risk Owner:
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_RISK_OWNER
MITIGATION APPROVER:
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_CONTROL_APPROER
SAP_GRC_FN_Base
SAP_GRC_FN_Business_User
SAP_GRC_NWBC
SAP_GRAC_CONTROL_MONITOR
USER LEVEL
SIMULATION LEVEL
ROLE LEVEL
GRAC_ROLE_MGMT_SENTIVITY* - Sensitivity
GRAC_ROLE_MGMT_METHODOLOGY* - Methodology Process and Steps
GRAC_ROLE_MGMT_ROLE_STATUS* - Role Status
GRAC_ROLE_MGMT_PRE_REQ_TYPE* - Prerequisite Types
GRAC_ROLE_SEARCH_COFIGURATION - Role Search Configuration for Access
Request
Role Types:
Business Process
Functions
Function Business Process
Function Actions
Function Permissions
Rule set
Risk
Risk Description
Risk Rule Set Relationship
Risk Owner
1. Role Name
2. Role Type
3. Business Process Name
4. Subprocess Name
5. Project/Release Name
6. Role Status
7. Methodology Status
8. System Allow Auto Provision
9. Role Name
10. Master
11. Assignment Approver
12. Role Content Approver
3005 – Parameter Value – No - Reset Role Methodology when Changing Role Attributes
3014 – Parameter Value –Yes - Allow role generation with Permission Level violations
Tables Related BRM:
ARM: Access Request Management
ARA provides automatic workflow for access request form
2051 – Enable User ID validation in Access Request against search data source
T- Codes:
GRFNMW_Configure_WD
GRFNMW_DEV_RULES
Process ID’s:
SAP_GRAC_ACCESS_REQUEST
SAP_GRAC_ACCESS_REQUEST_HR
SAP_GRAC_CONTROL_ASGN
SAP_GRAC_CONTROL_MAINT
SAP_GRAC_FFID_REVIEW
SAP_GRAC_FIREFIGHTER_LOG_REVIEW
SAP_GRAC_FUNC_APPR
SAP_GRAC_RISK_APPR
SAP_GRAC_ROLE_APPR
SAP_GRAC_SOD_RISK_REVIEW
SAP_GRAC_USER_ACCESS_REVIEW
Escalations Conditions:
1. No Escalations
2. Defaults
3. Escalate to Specific Agent
4. Skip to Next Stage
Notification Settings:
Notification Event:
1. Request Submission
2. End of Request
Escape Conditions:
Rule ID Maintenance:
Rule Kind:
1. Initiator Rule
2. Agent Rule
3. Notification Variable Rule
4. Routing Rule (n-1) stage
Routing Rule:
Rule Type:
1. BRFPLUS Rule
2. Function Module Based Rule
3. ABAP Class Based Rule
4. BRFPLUS Flat Rule (Lineitem by Lineitem)
AGENT TYPE:
Provisioning Rules:
No Provisioning
Manual Provisioning