Professional Documents
Culture Documents
- SAP Community
Community
SAP Community Products and Technology Financial Management Financial Management Blogs by SAP
Running risk analysis for the SAP S/4HANA and SAP ...
Running risk analysis for the SAP S/4HANA and SAP Fiori
System.
japneet_singh2
Active Participant
01-17-2020 10:14 AM
14 Kudos
GRC 10.1 SP 22 (Initially introduced with SP 19) / GRC 12 SP 03, made it possible to
include SAP S/4HANA and SAP Fiori applications in the risk analysis. For this purpose,
the authorization object S_SERVICE has been activated in the GRC risk analysis rules
as part of SAP FIORI applications and SAP S/4 HANA integrations.
The blog post explains the steps required to be configured in the GRC system for
running the risk analysis for SAP S/4HANA and SAP Fiori systems. Based on the
landscape, you may have the SAP S/4HANA and SAP Fiori configured on the same
system or you may have separate system for SAP S/4HANA and SAP Fiori. The
connector configurations for the above mentioned scenarios are slightly different.
As mentioned above, the SAP Fiori and the SAP S/4HANA system could be on the
same box or they can be set up as separate systems. We will be covering both the
scenarios.
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 1/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
In this case only one connector is to be created. Create connector for SAP S/4HANA
Box. The connection type should be "SAP".
In this case two connector are to be created in GRC. One for SAP S/4HANA and
another for SAP Fiori box. Both the SAP S/4HANA and SAP Fiori connector will be of
type SAP.
Once the connector/s are created and maintained, the same needs to be assigned to
the integration scenarios. To maintain connection settings:
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 2/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
2. Navigate to SAP Reference IMG > Governance, Risk, and Control > Common
Component Settings > Integration Framework > Maintain Connection Settings.
4. Add SAP S/4HANA and SAP Fiori connector in the connector list.
5. Click Save.
The customer might want to use the SAP delivered rules OR would want to use
custom rules along with the standard delivered rule OR the customer might just want
to create custom rule and use the same.
The rule creation and generation process is different, all the 3 scenarios are covered
below.
1. Activate BC Sets
2. GRAC_RA_RULESET_COMMON
3. GRAC_RA_RULESET_S4HANA_ALL
4. After activating BC Set, all standard rules will be available for CONNECTOR
Group "SAP_S4A_LG".
5. As SAP Fiori apps are case sensitive, Connector Group "SAP_S4A_LG" &
"S/4HANA Connector" requires to be maintained in Configuration Parameter
1022 & 1046.
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 4/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
3. Add the SAP Fiori and SAP S/4HANA connector to the connector group
SAP_S4A_LG
SPRO ==> IMG ==> GRC ==> Common Component Setting ==>
Integration Framework ==> Maintain connectors and connection Types.
Select the connector Group "SAP_S4A_LG" and Add the SAP S/4HANA
and SAP Fiori connector to the connector group.
Note: If you do not wish to perform point number 6 described in Scenario 1, you can
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 5/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
1. Activate BC Sets
GRAC_RA_RULESET_COMMON
GRAC_RA_RULESET_S4HANA_ALL
2. After activating BC Set, all standard rules will be available for CONNECTOR
Group "SAP_S4A_LG".
3. Create your own Custom Connector Group (say… C_S4_LG). Add S/4HANA &
SAP Fiori connector in the Connector List.
1. SPRO ==> IMG ==> GRC ==> Access Control ==> Access Risk Analysis
==> SOD Rules==> Download SOD Rules. Select system "SAP_S4A_LG"
and provide path & names of all files and download.
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 6/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
1. Create your own Custom Connector Group (say… C_S4_LG). Add SAP S/4HANA
connector in the Connector List.
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 7/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
3. Create your Functions / Risk Manually or Use custom TXT files and upload your
rules against your Connector Group "C_S4_LG".
Note: While create custom Risk, kindly ensure, proper abbreviations/Prefix are
used for different types of Actions. Refer to the KBA 2655122 for more details on
the same.
Once the above mentioned steps are configured and rules are generated, the entries
in the following extension table will get populated.
GRACACTRULEEXT
GRACFUNCACTEXT
GRACFUNCPRMEXT
GRACPROFACTVLEXT
GRACPROFPRMVLEXT
GRACROLEACTVLEXT
GRACROLEPRMVLEXT
GRACUSERACTVLEXT
GRACUSERPRMVLEXT
Now if the user/role has conflicting actions pertaining to SAP S/4HANA/SAP Fiori
system, the corresponding violations will be flagged in the Risk Analysis result.
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 8/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
Important Information
1. In order to run risk analysis for SAP S/4HANA and SAP Fiori plugin only,
GRCPINW/GRCPIERP package is to be installed on both SAP S/4HANA and SAP
Fiori system. UIGRAC01(For GRC 12)/UIGRC001(For GRC 10.1) package is not
required for running Risk analysis.
2704494 - S4HANA & Fiori Risk Analysis does not show correct violations.
2655122 - Prefix / Abbreviation requires with Action for creating & running risk
analysis
Labels:
Technology Updates
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 9/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
5 Comments
01-23-2020 3:38 PM
0 Kudos
chris-h
Member
04-10-2020 12:09 PM
0 Kudos
Hi Japneet,
Not sure I agree with the line ‘Add the SAP Fiori and SAP S/4HANA connector to the
connector group SAP_S4A_LG’ though- wouldn't this mean risks that are meant purely
for the S4HANA system may appear against the Fiori Connector? e.g. HR risks,
Finance risks etc.
Totally understand that your role design should not contain HR, Finance etc in Fiori,
but even so, wouldn't it be better to have Fiori connector against basis rule set only?
Do you have a screenshot of what the Fiori & S4 on different box scenario would look
like from a risk results perspective? Are we to only be running these sorts of risk
analysis against the connector group, or will running against S4 automatically pick up
the risks coming from Fiori?
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 10/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
Cheers
hmnsh_grwl
Explorer
04-30-2021 11:24 AM
0 Kudos
Connecter group SAP_S4A_LG should be cross system or logical group only? Also I
have same question raised by Chris Harmour..
Thanks,
Datta
former_member226273
Active Participant
11-10-2021 7:42 PM
0 Kudos
Hello Japneet,
Thank you for the informative blog. Few queries which is affecting the risk setup for
me:
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 11/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
2. How the group shall be formed if we have cross system risks between ECC and S4 HANA system, and what values will be there
for parameters 1022 and 1046?
Kind regards,
Yashasvi
pellega0905
Discoverer
04-05-2023 2:51 PM
0 Kudos
Excellent!
Comment
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 12/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
Technology Updates 8
Related Content
GRC Tuesdays: Hidden Gems – Go from Sample Audit to Full Scope with
Automated Analytics
in Financial Management Blogs by SAP Tuesday
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 13/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
former_member385027
Participant
135684 33 106
gregor_dieckmann
Advisor
84767 22 68
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 14/15
4/2/24, 3:07 PM Running risk analysis for the SAP S/4HANA and SAP ... - SAP Community
T_Frenehard 2
dianagarcia 2
RISE with SAP: Multi-layer Defense in Depth Architecture of SAP S/4HANA Cloud,
Private Edition
Jana_Cyber
mmabc 1
Advisor
17076 9 60
Magnus_Metzler 1
Follow
former_member453011 1
Trademark Newsletter
https://community.sap.com/t5/financial-management-blogs-by-sap/running-risk-analysis-for-the-sap-s-4hana-and-sap-fiori-system/ba-p/13434292 15/15