Professional Documents
Culture Documents
. 9RiskAnalysisAccessRequest:1072Mitigationofcriticalriskrequiredbeforeapprovingthe request iii. 12AccessRequestRoleSelection:2031AllowAllRolesforApprover iv. 12AccessRequestRoleSelection:2032ApproverRoleRestrictionAttribute v. 12AccessRequestRoleSelection:2033AllowAllRolesforRequestor vi. 12AccessRequestRoleSelection:2034RequestorRoleRestrictionAttribute vii. 12AccessRequestRoleSelection:2035AllowRoleComments viii. 12AccessRequestRoleSelection:2036RoleCommentsMandatory ix. 12AccessRequestRoleSelection:2037Displayexpiredrolesforexistingroles x. 12AccessRequestRoleSelection:2038AutoApproveRoleswithoutApprovers xi. 13AccessRequestDefaultRoles:2009ConsiderDefaultRoles xii. 13AccessRequestDefaultRoles:2010Requesttypefordefaultroles xiii. 13AccessRequestDefaultRoles:2011DefaultRoleLevel xiv. 13AccessRequestDefaultRoles:2012RoleAttributes xv. 13AccessRequestDefaultRoles:2013RequestAttributes xvi. 14AccessRequestRoleMapping:2014EnableRoleMapping xvii. 14AccessRequestRoleMapping:2015ApplicabletoRoleRemovals xviii. 17AssignmentExpiry:2041DurationforassignmentexpiryinDays xix. 18AccessRequestTrainingVerification:2024Traningandverification 5. OpenFoldersGovernanceRiskandCompliance AccessControl UserProvisioning a. MaintainServiceLevelAgreements i. WhatServiceLevelAgreements(SLAs)areconfigured? ii. WhataretheoptionsfordeterminingtheSLAtimeframe? b. MaintainRequestTypes i. Howmanyrequesttypesareconfigured? ii. TowhichworkflowistherequesttypeRoleApprovalassigned? c. MaintainPriorityConfiguration i. HowmanyPrioritieshavebeenconfigured? ii. Towhichworkflowprocesshavetheybeenassigned? d. DefineNumberRangeforProvisioningRequests i. Whatistheendnumberforthefirstnumberrange? e. MaintainEndUserPersonalization i. WhichFieldsareMandatory? ii. DoanyofthefieldshaveaDefaultValue? Page|1
f.
Page|2
Page|3
Page|4
Page|5
Page|6
Page|7
Unit5ProvisionandManageUsers Exercise5.2SetWorkflowAdministratorandSecurityLeadOwners 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterSetup 3. ClickAccessControlOwnersundertheAccessOwnerssection 4. ClickCreate 5. CreateRoleOwnerswiththefollowinginformation a. GroupTypeOwner b. OwnerACSECURITYxx(wherexxisyourParticipantID) c. ClickboxinSelectcolumnforSecurityLead d. AddCommentsSecurityLeadMaintenanceforGRCTrainingCourseGroupxx e. ClickboxinSelectcolumnforWorkflowAdministrator f. AddCommentsWorkflowAdministratorMaintenanceforGRCTrainingCourseGroupxx g. ClickSave,thenClose 6. ClickSettingstoaddOwnerIDcolumntothevisiblequery. a. SelectFieldOwnerIDintheHiddenColumnssection b. ClickAddbuttontomovethefieldtotheDisplayedColumnssection c. ClickarrowbuttonatthebottomoftheDisplayedColumnssectiontoplacetheOwnerIDfieldatthetop ofthelist d. ClickOK 7. Filtertofindyourspecificowners. a. ClickFilter b. IncolumnforOwnerID,enterAC*xx(wherexxisyourParticipantID) c. PressEnter
Page|8
Page|9
Page|10
Page|11
Page|12
Unit5ProvisionandManageUsers Exercise5.3MaintainAccessRequestTemplates 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickTemplateManagementundertheAccessRequestAdministrationsection 4. ClickCreate 5. CreateAccessRequestTemplatewiththefollowinginformation: a. NameACTEMPLATExx(wherexxisyourParticipantID) b. DescriptionAccessRequestTemplateMaintenanceforGRCTrainingCourseGroupxx c. EUPID999(shouldalreadybepopulated) d. RequestTypeNewAccount e. ClickAccessDetailstab f. ReasonforRequestDescriptionNewAccountRequestbyTemplateforGRCTrainingCourseGroup99 g. RequestDetails i. PriorityHigh ii. BusinessProcessBasis iii. FunctionalAreaLeaveasSelect iv. DueDateLeaveBlank h. ClickAddontheUserAccessTab,thenclickRole i. ASelectRolessearchscreenwillappear. i. Usethisscreentosearchandadd2oftherolesyoucreatedinUnit3 1. ZS:BSSE:SINGLE_ROLE_GRPxx(wherexxisyourParticipantID) 2. ZB:BS:BUSINESS_ROLE_GRPxx(wherexxisyourParticipantID) ii. WhenroleshavebeenenteredintheSelectedsection,clickOK j. ClickUserDetailstab k. Enterthefollowinginformation i. UserTypeDialog ii. ManagerACMANAGERxx(wherexxisyourParticipantID) iii. DecimalNotationChoosethenormaldefaultforyourregion iv. DateFormatChoosethenormaldefaultforyourregion l. ClickSave 6. Aconfirmationappearsthatthetemplatehasbeensaved
Page|13
Page|14
Page|15
Page|16
Page|17
Page|18
Page|19
Unit5ProvisionandManageUsers Exercise5.4CreateAccessRequest 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickAccessRequestundertheAccessRequestCreationsection 4. CreateanAccessRequestusingthefollowinginformation: a. ReasonforRequest i. Description:AccessRequestCreationforGRCTrainingCourseGroup99 b. RequestDetails i. RequestTypeNewAccount ii. RequestForOther iii. UserACUSERxx01(wherexxisyourParticipantID) iv. PriorityHigh v. BusinessProcessBasis vi. FunctionalAreaLeaveasSelect vii. DueDateLeaveBlank c. OntheUserAccesstab,ClickAdd,thenRole d. SearchfortheCompositeRolethatyoucreatedpreviously i. SystemSelectZMGCLNT800 ii. RoleTypeSelectCompositeRole iii. RoleNameSelectcontainsandenterZ*xx(wherexxisyourParticipantID) iv. ClickSearch v. SelectRole,clickDownarrowtomovetoSelectedsection vi. ClickOK e. ClickRiskViolationtab i. UsethedefaultsettingsforRiskAnalysis ii. ClickRunRiskAnalysis iii. Reviewresultsthatappear f. ClickAttachmentstab i. Addalinkforreference ii. ClickAdd,thenclickLink 1. TitletheLinkTrainingLink 2. Enterthepathwww.sap.com 3. ClickOK g. ClickUserDetailstab i. Enterthefollowinginformation 1. FirstNameACUser 2. LastNameGroupxx01(wherexxisyourParticipantID) 3. Emailacuserxx01@grc.com(wherexxisyourParticipantID) 4. UserTypeDialog 5. ManagerACMANAGERxx(wherexxisyourParticipantID) 6. Job12345 7. DecimalNotationChoosethenormaldefaultforyourregion 8. DateFormatChoosethenormaldefaultforyourregion Page|20
Page|21
Page|22
Page|23
Page|24
Page|25
Unit5ProvisionandManageUsers Exercise5.5CreateAccessRequestwithModelUser 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickModelUserundertheAccessRequestCreationsection 4. CreateanAccessRequestusingthefollowinginformation: a. OntheUserDetailstab i. RequestForOther ii. UserACUSERxx02(wherexxisyourparticipantID) i. FirstNameACUser ii. LastNameGroupxx02(wherexxisyourParticipantID) iii. Emailacuserxx02@grc.com(wherexxisyourParticipantID) iv. UserTypeDialog v. ManagerACMANAGERxx(wherexxisyourParticipantID) vi. Job98765 vii. DecimalNotationChoosethenormaldefaultforyourregion iii. DateFormatChoosethenormaldefaultforyourregion b. ClickNext c. ModelUseraccessafteruserIDGRCRA1 i. SelectModelUser(useSearchorEnterIDdirectlyandpressEnter) 1. UserGRCRA1 2. ClickSelectbuttoninupperleftcornerofAvailablesection a. ClickSelectAll 3. ClickDownarrowtomoveselectedrolestoSelectedsection d. ClickNext e. EnterRequestDetails i. ReasonforRequest 1. DescriptionModelAccessRequestforGRCTrainingCourseGroupxx(wherexxisyour participantID) ii. RequestDetails 1. BusinessProcessBasis f. ClickNext g. Reviewthedataonthescreenforaccuracy. h. ClickSubmit i. Entertherequestnumberhere_________________________________________ j. ClickClose
Page|26
Page|27
Page|28
Page|29
Page|30
Unit5ProvisionandManageUsers Exercise5.6CreateAccessRequestwithTemplate 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickTemplateBasedRequestundertheAccessRequestCreationsection 4. SelectthetemplateyoucreatedpreviouslyACTAMPLATExx(wherexxisyourParticipantID) 5. ClickNext 6. CreateanAccessRequestusingthefollowinginformation: a. RequestForOther b. UserACUSERxx03(wherexxisyourparticipantID) c. FirstNameACUser d. LastNameGroupxx03(wherexxisyourParticipantID) e. Emailacuserxx03@grc.com(wherexxisyourParticipantID) f. Job45612 7. ClickNext 8. Reviewrequestdetails 9. ClickNext 10. Reviewrequestforaccuracy 11. ClickSubmit a. Entertherequestnumberhere_________________________________________ 12. ClickClose
Page|31
Page|32
Page|33
Page|34
Page|35
Unit5ProvisionandManageUsers Exercise5.7CreateAccessRequestwithCopyRequest 1. 2. 3. 4. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) GotoworkcenterAccessManagement ClickCopyRequestundertheAccessRequestCreationsection SelectRequesttoCopy a. EnterRequestNumberyoucreatedinExercise5.4 b. Selecttherequestattributestobecopied i. UserDetails ii. RequestDetails iii. ManagerDetails iv. SystemDetails v. Roles ClickNext CreateanAccessRequestusingthefollowinginformation: a. UserACUSERxx04(wherexxisyourParticipantID) b. LastNameGroupxx04(wherexxisyourParticipantID) c. Emailacuserxx04@grc.com(wherexxisyourParticipantID) ClickNext EnterRequestDetails a. ReasonforRequest i. DescriptionCopyAccessRequestforGRCTrainingCourseGroupxx(wherexxisyour ParticipantID) ii. Reviewotherinformation ClickNext Reviewinformationforaccuracy ClickSubmit a. Entertherequestnumberhere_________________________________________ ClickClose
5. 6.
7. 8.
Page|36
Page|37
Page|38
Page|39
Page|40
Page|41
Unit5ProvisionandManageUsers Exercise5.8.1ApproveAccessRequest 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.4 5. Reviewtheinformationontherequest 6. ClickSubmit. 7. Confirmationappears,clickClose 8. LogOfftheapplication 9. Clicklinktorestartapplication 10. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACROLEAPPxx(wherexxisyourParticipantID) 11. GotoworkcenterMyHome 12. ClickWorkInbox 13. ClicktherequestcreatedinExercise5.4 14. Reviewtheinformationontherequest 15. ClickSubmit a. AnerrormessageshouldappearthatRiskAnalysisisMandatory 16. ClickRiskViolationstab 17. ClickRunRiskAnalysisandreviewtheinformation 18. ClickSubmit 19. ClickSubmit. 20. Confirmationappears,clickClose
Page|42
Page|43
Page|44
Page|45
Page|46
Page|47
Page|48
Page|49
Page|50
Page|51
Unit5ProvisionandManageUsers Exercise5.8.2ApproveAccessRequestManagerRejectstheRequest 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.5 5. Reviewtheinformationontherequest 6. ClickOtherActions,thenReject 7. Confirmationappears,clickClose
Page|52
Page|53
Page|54
Unit5ProvisionandManageUsers Exercise5.8.3ApproveAccessRequestRoleOwnerRejectsaRole 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.6 5. Reviewtheinformationontherequest 6. ClickSubmit. 7. Confirmationappears,clickClose 8. LogOfftheapplication 9. Clicklinktorestartapplication 10. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACROLEAPPxx(wherexxisyourParticipantID) 11. GotoworkcenterMyHome 12. ClickWorkInbox 13. ClicktherequestcreatedinExercise5.6 14. Reviewtheinformationontherequest 15. RejecttheroleZS:BSSE:SINGLE_ROLE a. IntheApprovalStatuscolumn,selectRejectfromthedropdownlist 16. ClickRiskViolationstab 17. ClickRunRiskAnalysisandreviewtheinformation 18. ClickSubmit. 19. Confirmationappears,clickClose
Page|55
Page|56
Page|57
Page|58
Page|59
Unit5ProvisionandManageUsers Exercise5.8.3ApproveAccessRequestReviewAuditLog 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.7 5. Reviewtheinformationontherequest 6. ClickSubmit. 7. Confirmationappears,clickClose 8. LogOfftheapplication 9. Clicklinktorestartapplication 10. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACROLEAPPxx(wherexxisyourParticipantID) 11. GotoworkcenterMyHome 12. ClickWorkInbox 13. ClicktherequestcreatedinExercise5.7 14. ReviewtheinformationontherequestintheUserAccessandUserDetailstabs 15. ClickonAuditLogtab a. Reviewtheinformation. 16. ClickRiskViolationstab 17. ClickRunRiskAnalysisandreviewtheinformation 18. ClickSubmit. 19. Confirmationappears,clickClose
Page|60
Page|61
Page|62
Page|63
Page|64
FirefighterIDOwnerFirefighterIDOwnersareresponsibleformaintainingfirefighterIDsandtheirassignmentsto firefighters FirefighterRoleOwnerFirefighterRoleOwnersareresponsibleformaintainingfirefighterrolesandtheirassignmentsto firefighters RiskOwnerRiskOwnersareassignedtorisksandarecommonlyresponsibleforapprovingchangestoriskdefinitions andviolationsoftherisk.RiskOwnersmayalsoreceiveconflictingandcriticalactionalerts. RoleOwnerRoleownersareresponsibleforapprovingeitherrolecontentoruserroleassignmentorboth MitigationMonitorsMitigationMonitorsareassignedtocontrolstomonitoractivityandmayreceivecontrolmonitor alerts. MitigationApproversMitigationApproversareassignedtocontrolsandareresponsibleforapprovingchangestothe controldefinitionandassignmentswhenworkflowisenabled. FirefighterIDControllerFirefighterIDControllersareresponsibleforreviewingthelogreportgeneratedduring firefighterIDusage. FirefighterRoleControllerFirefighterRoleControllersareresponsibleforreviewingthelogreportgeneratedduring firefighterroleusage. PointofContactPointofContactisanapproverforaspecificFunctionalArea.FunctionalAreaisanattributeusedto categorizeusersandroles. SecurityLeadSecurityLeadisagrouporindividualthatcanprovidesecondaryapprovalforaccessrequestsandreviews WorkflowAdministratorWorkflowadministratorisresponsibleforreassignmentofworkflowsduetoanincorrect approver,errorcondition,orescalation.
Page|65