Professional Documents
Culture Documents
Unit 3 - Design and Manage Roles Virtual Labs
Unit 3 - Design and Manage Roles Virtual Labs
. 10RoleManagement:3002DefaultCriticalLevel iv. 10RoleManagement:3003DefaultProjectRelease v. 10RoleManagement:3004DefaultRoleStatus vi. 10RoleManagement:3005ResetRoleMethodologywhenChangingRoleAttributes vii. 10RoleManagement:3006Allowaddfunctionstoanauthorization viii. 10RoleManagement:3007Alloweditingorganizationallevelvaluesforderivedroles ix. 10RoleManagement:3008Aticketnumberisrequiredafterauthorizationdatachanges x. 10RoleManagement:3009AllowRoleDeletionfromBackEnd xi. 10RoleManagement:3010Allowattachingfilestotheroledefinition xii. 10RoleManagement:3011ConductRiskAnalysisbeforeRoleGeneration xiii. 10RoleManagement:3012AllowRoleGenerationonMultipleSystems xiv. 10RoleManagement:3013Useloggedonusercredentialsforrolegeneration xv. 10RoleManagement:3014AllowrolegenerationwithPermissionLevelviolations xvi. 10RoleManagement:3015AllowrolegenerationwithCriticalPermissionviolations xvii. 10RoleManagement:3016AllowrolegenerationwithActionLevelviolations xviii. 10RoleManagement:3017AllowrolegenerationwithCriticalActionviolations xix. 10RoleManagement:3018AllowrolegenerationwithCriticalRole/Profileviolations xx. 10RoleManagement:3019Overwriteindividualrole'sRiskAnalysisresultduringMassRisk Analysisrun xxi. 10RoleManagement:3020Rolecertificationremindernotification xxii. 10RoleManagement:3021Directoryformassroleimportserverfiles xxiii. 5Workflow:3022RequestTypeforRoleApproval xxiv. 5Workflow:3023PriorityforRoleApproval
Page|1
Page|2
Page|3
Unit3DesignandManageRoles Exercise3.1.2ReviewDesignandManageRolesspecificConfiguration ObjectiveTounderstandthecurrentandavailableconfigurationsoftheGRCv10.0system 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement MaintainRoleType Settings DeactivateRoleTypes a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. MaintainRoleTypes 1. Arethereanyroletypesthathavebeendeactivated?YES/NO ii. MaintainLabelsforRoleTypes 1. WhatisthedescriptionofRoleTypeTPL?_________________________ iii. SpecifyMaximumLengthforRoleType 1. WhatisthemaximumnumberofcharactersforSingleRolesinUserManagement Engineapplication(Hint:ApplicationType3)_____________________ 2. WhatisthemaximumnumberofcharactersforSingleRolesinSAPapplication? __________
Page|4
Unit3DesignandManageRoles Exercise3.1.2ReviewDesignandManageRolesspecificConfiguration Solution: MaintainRoleTypes Arethereanyroletypesthathavebeendeactivated?NO MaintainLabelsforRoleTypes WhatisthedescriptionofRoleTypeTPL?TEMPLATE SpecifyMaximumLengthforRoleType WhatisthemaximumnumberofcharactersforSingleRolesinUserManagementEngine application(Hint:ApplicationType3)40 WhatisthemaximumnumberofcharactersforSingleRolesinSAPapplication?30 DeactivateRoleTypes
Page|5
Page|6
i. MaintainLabelsforRoleTypes
Page|7
Page|8
ii. SpecifyMaximumLengthforRoleTypes
Page|9
Page|10
Unit3DesignandManageRoles Exercise3.1.3ReviewDesignandManageRolesspecificConfiguration ObjectiveTounderstandthecurrentandavailableconfigurationsoftheGRCv10.0system 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement SpecifyNaming Conventions a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. Howmanynamingconventionshavebeenconfigured?__________ ii. WhatistheConnectorGroupattachedtoNamingConvention3?____________ iii. ThereisamismatchinconfigurationfortheNamingConventionforBusinessRoles.Whatisit? ______________________________________________________________________________ iv. WhatroleattributesareusedforCompositerolestocreatetheroleID? ______________________________________________________________________________
Page|11
Unit3DesignandManageRoles Exercise3.1.3ReviewDesignandManageRolesspecificConfiguration Solution: i. Howmanynamingconventionshavebeenconfigured?4 ii. WhatistheConnectorGroupattachedtoNamingConvention3?R3 iii. ThereisamismatchinconfigurationfortheNamingConventionforBusinessRoles.Whatis it?Themaximumlengthforthisroletypeisconfiguredat30characters,buttherole namingconventionisconfiguredto40characters iv. WhatroleattributesareusedforCompositerolestocreatetheroleID?RoleType,Business Process,BusinessSubprocess b. SpecifyNamingConventions
Page|12
Page|13
Page|14
Page|15
Unit3DesignandManageRoles Exercise3.1.4ReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement MaintainProject andProductReleaseName a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. Howmanyprojectreleaseshavebeenconfigured?__________ ii. WhatistheProjectReleaseIDandDescription______________________________________
Page|16
Page|17
Page|18
Unit3DesignandManageRoles Exercise3.1.5ReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement DefineRole Sensitivity a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatisthedescriptionofRoleSensitivityID3?__________
Page|19
Page|20
Page|21
Unit3DesignandManageRoles Exercise3.1.6ReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement MaintainRoleStatus a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatistheRoleStatusIDforInProductiveUse?_____________
Page|22
Page|23
Page|24
Unit3DesignandManageRoles Exercise3.1.7ReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement SpecifyCriticalLevel a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatistheCriticalLevelIDforVHmean?_____________
Page|25
Page|26
Page|27
Unit3DesignandManageRoles Exercise3.1.8ReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement DefineCompanies a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatistheCompanyIDfortheIDESCompany?_____________
Page|28
Page|29
Page|30
Unit3DesignandManageRoles Exercise3.1.9ReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement MaintainFunctional Areas a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatistheFunctionalAreaIDfortheMaterialsManagement?_____________ ii. WhatistheabbreviationfortheSalesfunctionalarea?_______________
Page|31
Page|32
Page|33
Unit3DesignandManageRoles Exercise3.1.AReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement Define OrganizationalValueMaps a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. Whatistheparentorganizationalvalueforthismap?ListOrgLevel(IDordescription)andthe value._____________ ii. WhatisthevalueofOrgLevelLGNUMforthisvaluemap?_______________
Page|34
Page|35
Page|36
Unit3DesignandManageRoles Exercise3.1.BReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement DefinePrerequisite Types a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatisthedescriptionforprerequisitetypeCERTIF?_____________
Page|37
Page|38
Page|39
Unit3DesignandManageRoles Exercise3.1.CReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement DefineRole Prerequisites a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. WhatistheCourseIDanddescriptionfortheCERTroleprerequisite?_____________
Page|40
Page|41
Page|42
Unit3DesignandManageRoles Exercise3.1.DReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement AssignCondition GroupstoBRFplusFunctions a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. Whataretheconditiongroupslisted?______________________________ 5. ExecutetransactionBRF+.AnewwindowwillopenthatwillshowtheBRFplusworkbench. a. NOTE:BRF+willbedetailsinasubsequentLab.ThisistofamiliarizetheparticipantwithsomeBRF+ screensandnavigation.ItisalsoimportanttonotetheBRF+isatooltoanalyzeattributesandreturna result.Thisresultisreturnedtotherequestingprogram. b. ReviewtheBRF+Application i. ClickSearchintheRepositoryNavigationpane ii. InDefineSearchscreen,searchforObjectNameZBRM*(fromtheapplicationcolumnofthe abovevieweddata) iii. ClickSearch iv. TheBRFapplicationwillnowappearintheNavigationarea v. ChangetheUserModetoExpert 1. ClickWorkbench 2. ClickUserMode 3. ClickExpert vi. OpenExpressionnavigationfolder vii. OpenDecisionTreenavigationfolder viii. SelectROLE_METHODOLOGY_EXPRESSION ix. ReviewtheBRFrules. 1. ThetablestatestheifRoleType=SIN,thentheMethodologyConditionresultreturned isSIN01,ifCOM,theresultisCOM01,ifBUS,theresultisBUS01.Thisisusedto determinetheRoleMethodologyaswillbeseeninExercise3.2F. 2. ViewthedetailedexpressionfortheSINrole a. Selecttherow(ifnotalreadyselected) b. ClickEditRow(ifEditRowisnotvisible,checktoseeifyouareinChangeMode atthetopofthescreen.Ifnot,clickEditbutton. c. ClickCanceltoreturntoTableContents. x. SelecttheAPPROVER_METHODOLOGY_EXPRESSION 1. ThistablestatesthatiftheRoleTypeisSINandtheBusinessProcessisMM00,the resultreturnedisMM01.Thisisusedtodetermineadefaultowner.Thiswillbe explainedinexercise3.3.
Page|43
Page|44
Page|45
Page|46
Page|47
Page|48
Page|49
Page|50
Unit3DesignandManageRoles Exercise3.1.EReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement DefineMethodology ProcessesandSteps a. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. ClickDefineSteptoreviewtheavailablestepsandthePhasedefination ii. ClickDefineMethodologytoviewtheconfiguredrolemaintenancemethodologiesandwhich oneisthedefault. iii. SelectamethodologyandclickMethodologySteptoviewtheassociatedphasesandtheir sequence
Page|51
Page|52
Page|53
Page|54
Page|55
Page|56
Unit3DesignandManageRoles Exercise3.1.FReviewDesignandManageRolesspecificConfiguration 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl RoleManagement Associate MethodologyProcesstoConditionGroup a. Thisconfigurationusestheinformationfromtheprevious2exercises. b. ReviewthefollowingsettingsrelatedtoDesignandManageRoles i. Toexplainthecolumns 1. TheConditionGroupIDsarethesameonesthatBRF+willreturntoAccessControl basedontheattributesinthedecisiontable.ThiswascoveredinExercise3.1.D. 2. TheMethodologyColumnreferstothemethodologyIDreviewedinExercise3.1.E. c. WhichMethodologywillaCompositeroleuse?________________________________ d. WhatRoletypewilluseMethodology4?______________________________________
Page|57
Page|58
Page|59
Unit3DesignandManageRoles Exercise3.2MaintainOwnersforRoleManagement 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterSetup 3. ClickAccessControlOwnersundertheAccessOwnerssection 4. ClickCreate 5. CreateRoleOwnerswiththefollowinginformation a. GroupTypeOwner b. OwnerACROLEOWNxx(wherexxisyourParticipantID) c. ClickboxinSelectcolumnforRoleOwner d. AddCommentsRoleOwnerMaintenanceforGRCTrainingCourseGroupxx(wherexxisyour ParticipantID) e. ClickSave,thenClose f. RepeatstepsaboveforUserIDACROLEAPPxx.Incommentsuse:RoleApproverMaintenanceforGRC TrainingCourseGroupxx(wherexxisyourParticipantID) 6. ClickClose 7. UseFiltertofindyourIDs a. ClickFilter b. EnterAC*xxinOwnerIDcolumn(wherexxisyourParticipantID) 8. CloseQueryScreenbyclickingonXinupperrightcorner
Page|60
Page|61
Page|62
Page|63
Page|64
Unit3DesignandManageRoles Exercise3.3MaintainDefaultRoleOwnerswithConditionGroup 1. Note:ThisfunctionalityistoassignDEFAULTownersbasedoncriteriathatareenteredinBRF+.Theusercanbe theAssignmentApproverortheRoleContentApproverorBOTH. 2. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 3. GotoworkcenterSetup 4. ClickRoleOwnersundertheAccessOwnerssection 5. Reviewinformationshowninquery a. TheConditionGroupIDisthesameonethatwasdiscussedintheBRF+exercise(Exercise3.1.D) 6. CreateRoleOwnerswiththefollowinginformation
Page|65
Page|66
Unit3DesignandManageRoles Exercise3.4RoleMaintenanceSingleRole 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickRoleMaintenanceundertheRoleManagementsection 4. CreateaSingleRoleusingthefollowinginformation: a. OnDefineRoletabDetails i. ApplicationTypeSAP ii. LandscapeECCLandscape iii. BusinessProcessBasis iv. SubprocessSecurity v. ProjectReleaseProduction vi. FinalizeRoleNamesothatitshowsasZS:BSSE:SINGLE_ROLE_GRPxx(wherexxisyour ParticipantID) vii. DescriptionSingleRoleMaintenanceforGRCTrainingCourseGroupxx(wherexxisyour ParticipantID) viii. ProfileNameandDescriptionLeaveBLANK b. ClickProperties i. CriticalLevelMedium ii. SensitivityNormal iii. DerivationallowedNO c. ClickFunctionalArea i. ClickAdd ii. EnterorusesearchtoselectFunctionalAreaBASIS d. ClickCompany i. ClickAdd ii. EnterorusesearchtoselectCompany0001 e. ClickPrerequisite i. ClickAdd ii. EnterorusesearchtoselectPrerequisiteNameCERT iii. VerifyonRequestNO iv. Activeenable f. ClickSavetosavedataandsayinthesamePhase g. ClickOwners/Approvers i. EnterorsearchforACROLEOWNxx(wherexxisyourParticipantID)andassignAssignment ApproverandRoleContentApprover ii. EnterorsearchforACROLEAPPxx(wherexxisyourParticipantID)andassignAssignment ApproverONLY h. ClickAdditionalDetailstab i. DetailedDescriptionThisrolewascreatedbyaTrainingParticipantGroupxx(wherexxisyour ParticipantID) i. ClickProvisioning i. SelectInDevelopment Page|67
j. k. l. m. ClickSavetoremaininsamePhase ClickChangeHistorytoviewthechangelogforthisrole ClickSave&ContinuetomovetothenextPhase(MaintainAuthorizations) ClickMaintainAuthorizationDatabutton i. EnterACParticipantIDandpasswordintheSAPGUIShortcut 1. Passwordwillbestillbetheinitialpasswordasthisisforthebackend(ZMG)system. ii. ThePFCGscreenwillopen. iii. Createarolewiththefollowinginformation 1. InMenuTab,insertthefollowingTransactions a. XK01 b. XK02 c. XK03 d. FB60 e. MIRO 2. ClickAuthorizationstab,clickChangeAuthorizationData 3. FortheOrganizationalLevels,thisshouldbeFULLAuthorizationexceptforAccount Type,enterKandSforAccounttype 4. SetallotheritemsinAuthorizationsscreentofullbyclickingonyellowarrows. 5. ClickSave 6. ClickGenerate 7. ExitoutofPFCGscreen iv. TheNWBCscreenwillappear.ClickSync.WithPFCGtobringchangesbacktoDesignand ManageRoles. v. ClickSave&Continuetomovetonextphase(DeriveRole) vi. ClickSave&Continuetomovetonextphase(AnalyzeAccessRisks) 1. ClickForegroundtorunreportwithdefaultsettings 2. AswithAnalyzeandManageRiskreportspreviouslylearned,useTypeandFormatto changetheRiskAnalysisresults. vii. SelectImpactAnalysisinAnalysisType 1. SincethisisaNEWrole,thisisnovalueforimpactanalysisastheroleisnotprovisioned toanyoneorisnotpartofotherrolesyet.. viii. ClickSave&Continuetomovetonextphase(GenerateRoles) 1. ClickGenerate 2. ValidatetheDefaultSystemiscorrect(ZMGCLNT800) 3. ClickNext 4. ScheduletheGenerationselectForeground 5. ClickNext 6. Verifysuccessfulrolegeneration ix. ClickSave&Continuetomovetocomplete x. ClickGotoPhase,selectDefineRole 1. ClickAdditionalDetailsProvisioning a. InProvisioningAllowed,selectYES b. InAllowAutoProvisioning,selectYES c. SetRoleStatustoInProductiveUse Page|68
Page|69
Page|70
Page|71
Page|72
Page|73
Page|74
Page|75
Page|76
Page|77
Page|78
Page|79
Page|80
Page|81
Page|82
Page|83
Page|84
Page|85
Page|86
Page|87
Page|88
Page|89
Page|90
Page|91
Page|92
Page|93
Page|94
Page|95
Page|96
Page|97
Page|98
Page|99
Unit3DesignandManageRoles Exercise3.5RoleMaintenanceCompositeRole 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickRoleMaintenanceundertheRoleManagementsection 4. CreateaCompositeRoleusingthefollowinginformation: a. OnDefineRoletabDetails i. ApplicationTypeSAP ii. LandscapeECCLandscape iii. BusinessProcessBasis iv. SubprocessSecurity v. ProjectReleaseProduction vi. FinalizeRoleNamesothatitshowsasZS:BSSE:COMPOSITE_ROLE_xx(wherexxisyour ParticipantID) vii. DescriptionCompositeRoleMaintenanceforGRCTrainingCourseGroupxx(wherexxisyour ParticipantID) viii. ProfileNameandDescriptionLeaveBLANK b. ClickProperties i. CriticalLevelHigh ii. SensitivityRestricted iii. CommentsMandatoryYES c. ClickFunctionalArea i. ClickAdd ii. EnterorusesearchtoselectFunctionalAreaBASIS d. ClickCompany i. ClickAdd ii. EnterorusesearchtoselectCompany0001 e. ClickPrerequisite i. ClickAdd ii. EnterorusesearchtoselectPrerequisiteNameCERT iii. VerifyonRequestNO iv. Activeenable f. ClickSavetosavedataandsayinthesamePhase g. ClickRoles i. ClickAdd ii. EnterorSearchforRole 1. ZS:BSSE:SINGLE_ROLE_GRPxx(wherexxisyourParticipantID) 2. UseArrowtomoveroletoSelected 3. ClickOK h. ClickOwners/Approvers i. EnterorsearchforACROLEOWNxxandRoleContentApproverONLY(wherexxisyour ParticipantID) Page|100
ii. EnterorsearchforACROLEAPPxxandassignAssignmentApproverONLY(wherexxisyour ParticipantID) i. ClickAdditionalDetailstab i. DetailedDescriptionThisrolewascreatedbyaTrainingParticipant(Groupxx) j. ClickProvisioning i. SelectInDevelopment k. ClickSavetoremaininsamePhase l. ClickChangeHistorytoviewthechangelogforthisrole m. ClickSave&ContinuetomovetothenextPhase(MaintainAuthorizations) i. ClickSave&Continuetomovetonextphase(AnalyzeAccessRisks) 1. ClickForegroundtorunreportwithdefaultsettings 2. AswithAnalyzeandManageRiskreportspreviouslylearned,useTypeandFormatto changetheRiskAnalysisresults. ii. SelectImpactAnalysisinAnalysisType 1. SincethisisaNEWrole,thisisnovalueforimpactanalysisastheroleisnotprovisioned toanyoneorisnotpartofotherrolesyet.. iii. ClickSave&Continuetomovetonextphase(RequestApproval) 1. ClickitiateApprovalRequest 2. EnterRequestReasonTrainingCourseGroupxx(wherexxisyourParticipantID) 3. ClickOK iv. LogofftheNWBCclientusingtheLogofflink. v. LogontheNWBCclientusingIDACROLEOWNxx(wherexxisyourParticipantID) vi. InMyHomeworkcenter,clickWorkInox vii. Locaterequestfornewcompositeroleandapprove 1. EnterCommentsApprovedTrainingRequestGroupxx(wherexxisyourParticipantID) 2. ClickYEStoconfirmapproval 3. ClickClose 4. LogoffACROLEOWNxx(wherexxisyourParticipantID) viii. LogonasACTRNGxx(wherexxisyourParticipantID) ix. GotoworkcenterAccessManagement x. ClickRoleMaintenanceundertheRoleManagementsection xi. SelectRolefromquery xii. ClickOpen xiii. OnceRequestisapproved,beginRoleMaintenanceprocesstogeneraterole 1. GotoworkcenterAccessManagement 2. ClickRoleMaintenanceundertheRoleManagementsection 3. ValidatetheDefaultSystemiscorrect(ZMGCLNT800) 4. ClickNext 5. ScheduletheGenerationselectForeground 6. ClickNext 7. Verifysuccessfulrolegeneration xiv. ClickSave&Continuetomovetocomplete xv. ClickGotoPhase,selectDefineRole 1. ClickAdditionalDetailsProvisioning Page|101
a. SetRoleStatustoInProductiveUse b. InProvisioningAllowed,selectYES c. InAllowAutoProvisioning,selectYES ClickChangeHistorytoviewchangelog ClickPFCGChangeHistorytoviewthebackendLog a. EnterlogondatainSAPGUIShortcut b. VerifyReportParameters c. ClickExecute,reviewreturneddata d. ExittheBackendsystem CloseRolescreen VerifyCurrentPhaseforroleisnowCOMPLETE.
2. 3.
4. 5.
Page|102
Page|103
Page|104
Page|105
Page|106
Page|107
Page|108
Page|109
Page|110
Page|111
Page|112
LogonasACTRNGxx
Page|113
Page|114
Page|115
Page|116
Page|117
Unit3DesignandManageRoles Exercise3.6RoleMaintenanceBusinessRole 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickRoleMaintenanceundertheRoleManagementsection 4. CreateaBusinessRoleusingthefollowinginformation: a. OnDefineRoletabDetails i. ApplicationTypeBusinessRoles ii. LandscapeRoleMangementBusinessGroup iii. ProcessBasis iv. SubprocessSecurity v. ProjectReleaseProduction vi. FinishRoleNameZB:BS:BUSINESS_ROLE_GRPxx(wherexxisyourParticipantID) vii. DescriptionBusinessRoleMaintenanceforGRCTrainingCourseGroupxx(wherexxisyour ParticipantID) b. ClickProperties i. CriticalLevelHigh ii. CommentsMandatoryYES c. ClickFunctionalArea i. ClickAdd ii. EnterorusesearchtoselectFunctionalAreaBASIS d. ClickCompany i. ClickAdd ii. EnterorusesearchtoselectCompany0001 e. ClickPrerequisite i. ClickAdd ii. EnterorusesearchtoselectPrerequisiteNameCERT iii. VerifyonRequestNO iv. Activeenable f. ClickSavetosavedataandsayinthesamePhase g. ClickRoles i. ClickAdd ii. EnterorSearchforRole 1. ZS:BSSE:SINGLE_ROLE_GRPxx(wherexxisyourParticipantID) 2. ZC:BSSE:COMPOSITE_ROLExx(wherexxisyourParticipantID) 3. UseArrowtomoveroletoSelected 4. ClickOK h. ClickOwners/Approvers i. EnterorsearchforACROLEOWNxxandRoleContentApproverONLY(wherexxisyour ParticipantID) ii. EnterorsearchforACROLEAPPxxandassignAssignmentApproverONLY(wherexxisyour ParticipantID) i. ClickAdditionalDetailstab Page|118
i. DetailedDescriptionThisrolewascreatedbyaTrainingParticipantGroupxx(wherexxisyour ParticipantID) ClickProvisioning i. SelectInDevelopment ClickDefineRoletab ClickSavetoremaininsamePhase ClickChangeHistorytoviewthechangelogforthisrole ClickSave&Continuetomovetonextphase(AnalyzeAccessRisks) i. ClickForegroundtorunreportwithdefaultsettings ii. AswithAnalyzeandManageRiskreportspreviouslylearned,useTypeandFormattochange theRiskAnalysisresults. SelectImpactAnalysisinAnalysisType i. SincethisisaNEWrole,thisisnovalueforimpactanalysisastheroleisnotprovisionedto anyoneorisnotpartofotherrolesyet.. ClickSave&Closetomovetonextphase(MaintainTestCases) i. ClickCreate ii. EnterTestCaseNameBusinessRoleTestCaseGroupxx(wherexxisyourParticipantID) iii. EnterTestCaseDescriptionBusinessRoleTestCaseGroupxx(wherexxisyourParticipantID) iv. ClickAdd,thenAddLink 1. TitleBusinessRoleTestLinkxx(wherexxisyourParticipantID) 2. Pathwww.sap.com 3. ClickSave ClickSave&Continuetocompletemaintenance. ClickGotoPhase,selectDefineRole i. ClickAdditionalDetailProvisioning ii. InRoleStatus,selectInProductiveUse iii. ClickSave.
j. k. l. m. n.
o.
p.
q. r.
Page|119
Page|120
Page|121
Page|122
Page|123
Page|124
Page|125
Page|126
Page|127
Page|128
FirefighterIDOwnerFirefighterIDOwnersareresponsibleformaintainingfirefighterIDsandtheirassignmentsto firefighters FirefighterRoleOwnerFirefighterRoleOwnersareresponsibleformaintainingfirefighterrolesandtheirassignmentsto firefighters RiskOwnerRiskOwnersareassignedtorisksandarecommonlyresponsibleforapprovingchangestoriskdefinitions andviolationsoftherisk.RiskOwnersmayalsoreceiveconflictingandcriticalactionalerts. RoleOwnerRoleownersareresponsibleforapprovingeitherrolecontentoruserroleassignmentorboth MitigationMonitorsMitigationMonitorsareassignedtocontrolstomonitoractivityandmayreceivecontrolmonitor alerts. MitigationApproversMitigationApproversareassignedtocontrolsandareresponsibleforapprovingchangestothe controldefinitionandassignmentswhenworkflowisenabled. FirefighterIDControllerFirefighterIDControllersareresponsibleforreviewingthelogreportgeneratedduring firefighterIDusage. FirefighterRoleControllerFirefighterRoleControllersareresponsibleforreviewingthelogreportgeneratedduring firefighterroleusage. PointofContactPointofContactisanapproverforaspecificFunctionalArea.FunctionalAreaisanattributeusedto categorizeusersandroles. SecurityLeadSecurityLeadisagrouporindividualthatcanprovidesecondaryapprovalforaccessrequestsandreviews WorkflowAdministratorWorkflowadministratorisresponsibleforreassignmentofworkflowsduetoanincorrect approver,errorcondition,orescalation.
Page|129