Professional Documents
Culture Documents
BRF+ (Business Rule Framework Plus) is a business rule management system (BRMS) offered by SAP.
In Simple language you can just think BRF+ as a web-based tool where you can create some logic
which can be used in MSMP Configuration.
As we all are aware that based on client’s requirement and process, we need to configure MSMP for
different Processes used in GRC AC. So BRF+ can be used for this same purpose.
Using BRF+ we can create Initiator Rule, Routing Rules, Agent Rules, Notification and Variable Rules
etc. which we can use in MSMP Configuration.
Creating rules in BRF+ is simple because it does not involve programing and you just need to create a
conditional simple expression.
Technically, what we are doing is just creating a logic in BRF+ and then mapping the Rule ID
generated from BRF+ to MSMP “Maintain Rules” stage.
Further in this document I have given all the steps required to be followed to create rules in BRF+
which will make your understanding clear.
For GRC Access Control - we use DECISION TABLE as the Expression Type (There are few other
expression types available in BRF+)
(In simple language, if my input is A & B or A or B (some parameters in business) then my output
should be C)
OR
2. SPRO Path – SPRO – SAP Reference IMG – Governance, Risk and Compliance – Access
Control – Workflow for Access Control – Define Business Rule Framework
As soon as you enter T code or go via SPRO path, BRF+ gets opened in a browser. So, by saying
ABAP based framework we mean it is a web interface where we are working to create BRF+ rules.
COMPONENTS OF BRF+
We will try to understand some theory related to structure of BRF+ now.
Below are the components of BRF+. You don’t need to memorize anything. But to clearly and
technically understand BRF+ we should know what exactly it comprises of and how we are building
the logic.
***we mostly use DECISION TABLE as our expression type for GRC Access Control
We are creating a logic in BRF+ and then mapping the Rule ID generated here in MSMP Maintain
Rules stage.
There are few other Rules types as well which can be created in BRF+. But these are something not
very commonly used.
You can read below 2 tables to understand usage of BRF+ in GRC Access Control.
TABLE 1:
TABLE 2:
BRF+ Usage in GRC Access control BRM Module
Below table will give you an idea about how BRF+ is being used in BRM module of GRC-AC.
Now let’s get into the actual thing. Below, I have tried to put all the steps which we follow to create
BRF+ rules.
There are 2 parts of process which you need to follow in your GRC system
RULE INFO
1. MSMP Process ID
This is the field where you get options to select Process IDs used in MSMP
Example: SAP_GRAC_ACCESS_REQUEST,
2. Rule Type
4. Rule ID
GENERATION OF OPTIONS
1. Generate Rule
2. Gen. Ruleset Work-area (BRF+)
3. Override BRF+ Application Text
4. Override BRF+ Function Text
TEST RULE
STEP 1
Define Business Rules Framework
STEP 2
STEP 3
STEP 4
STEP 5
STEP 6
STEP 7
STEP 8
STEP 9
DECISION TABLE RULES CAN BE UPDATED USING EXCEL FILE as well (if lots of data)
STEP 9
STEP 10