Unit5ProvisionandManageUsers Exercise5.1ReviewProvisionandManageUsersspecificConfiguration ObjectiveTounderstandthecurrentandavailableconfigurationsoftheGRCv10.0system 1. LogontoABAPclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. ExecuteTransactionSPRO 3. ClickSAPReferenceIMG 4. OpenFoldersGovernanceRiskandCompliance AccessControl MaintainConfigurationSettings a. ReviewthefollowingsettingsrelatedtoAnalyzeandManageRisk b. Listwhichsettingsaresetandtheirvalues i. 9RiskAnalysisAccessRequest:1071Enableriskanalysisonformsubmission ii.

. 9RiskAnalysisAccessRequest:1072Mitigationofcriticalriskrequiredbeforeapprovingthe request iii. 12AccessRequestRoleSelection:2031AllowAllRolesforApprover iv. 12AccessRequestRoleSelection:2032ApproverRoleRestrictionAttribute v. 12AccessRequestRoleSelection:2033AllowAllRolesforRequestor vi. 12AccessRequestRoleSelection:2034RequestorRoleRestrictionAttribute vii. 12AccessRequestRoleSelection:2035AllowRoleComments viii. 12AccessRequestRoleSelection:2036RoleCommentsMandatory ix. 12AccessRequestRoleSelection:2037Displayexpiredrolesforexistingroles x. 12AccessRequestRoleSelection:2038AutoApproveRoleswithoutApprovers xi. 13AccessRequestDefaultRoles:2009ConsiderDefaultRoles xii. 13AccessRequestDefaultRoles:2010Requesttypefordefaultroles xiii. 13AccessRequestDefaultRoles:2011DefaultRoleLevel xiv. 13AccessRequestDefaultRoles:2012RoleAttributes xv. 13AccessRequestDefaultRoles:2013RequestAttributes xvi. 14AccessRequestRoleMapping:2014EnableRoleMapping xvii. 14AccessRequestRoleMapping:2015ApplicabletoRoleRemovals xviii. 17AssignmentExpiry:2041DurationforassignmentexpiryinDays xix. 18AccessRequestTrainingVerification:2024Traningandverification 5. OpenFoldersGovernanceRiskandCompliance AccessControl UserProvisioning a. MaintainServiceLevelAgreements i. WhatServiceLevelAgreements(SLAs)areconfigured? ii. WhataretheoptionsfordeterminingtheSLAtimeframe? b. MaintainRequestTypes i. Howmanyrequesttypesareconfigured? ii. TowhichworkflowistherequesttypeRoleApprovalassigned? c. MaintainPriorityConfiguration i. HowmanyPrioritieshavebeenconfigured? ii. Towhichworkflowprocesshavetheybeenassigned? d. DefineNumberRangeforProvisioningRequests i. Whatistheendnumberforthefirstnumberrange? e. MaintainEndUserPersonalization i. WhichFieldsareMandatory? ii. DoanyofthefieldshaveaDefaultValue? Page|1

f.

MaintainProvisioningSettings i. MaintainGlobalProvisioningConfiguration 1. WhataretheoptionsforPasswordexpiryforORAAPPS? 2. WhatarethefieldsavailableforSystemProvisioningConfiguration?

Page|2

Unit5ProvisionandManageUsers Exercise5.1ReviewProvisionandManageUsersspecificConfiguration Solution:

Page|3

Page|4

Page|5

Page|6

Page|7

Unit5ProvisionandManageUsers Exercise5.2SetWorkflowAdministratorandSecurityLeadOwners 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterSetup 3. ClickAccessControlOwnersundertheAccessOwnerssection 4. ClickCreate 5. CreateRoleOwnerswiththefollowinginformation a. GroupTypeOwner b. OwnerACSECURITYxx(wherexxisyourParticipantID) c. ClickboxinSelectcolumnforSecurityLead d. AddCommentsSecurityLeadMaintenanceforGRCTrainingCourseGroupxx e. ClickboxinSelectcolumnforWorkflowAdministrator f. AddCommentsWorkflowAdministratorMaintenanceforGRCTrainingCourseGroupxx g. ClickSave,thenClose 6. ClickSettingstoaddOwnerIDcolumntothevisiblequery. a. SelectFieldOwnerIDintheHiddenColumnssection b. ClickAddbuttontomovethefieldtotheDisplayedColumnssection c. ClickarrowbuttonatthebottomoftheDisplayedColumnssectiontoplacetheOwnerIDfieldatthetop ofthelist d. ClickOK 7. Filtertofindyourspecificowners. a. ClickFilter b. IncolumnforOwnerID,enterAC*xx(wherexxisyourParticipantID) c. PressEnter

Page|8

Unit5ProvisionandManageUsers Exercise5.2SetWorkflowAdministratorandSecurityLeadOwners Solution:

Page|9

Page|10

Page|11

Page|12

Unit5ProvisionandManageUsers Exercise5.3MaintainAccessRequestTemplates 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickTemplateManagementundertheAccessRequestAdministrationsection 4. ClickCreate 5. CreateAccessRequestTemplatewiththefollowinginformation: a. NameACTEMPLATExx(wherexxisyourParticipantID) b. DescriptionAccessRequestTemplateMaintenanceforGRCTrainingCourseGroupxx c. EUPID999(shouldalreadybepopulated) d. RequestTypeNewAccount e. ClickAccessDetailstab f. ReasonforRequestDescriptionNewAccountRequestbyTemplateforGRCTrainingCourseGroup99 g. RequestDetails i. PriorityHigh ii. BusinessProcessBasis iii. FunctionalAreaLeaveasSelect iv. DueDateLeaveBlank h. ClickAddontheUserAccessTab,thenclickRole i. ASelectRolessearchscreenwillappear. i. Usethisscreentosearchandadd2oftherolesyoucreatedinUnit3 1. ZS:BSSE:SINGLE_ROLE_GRPxx(wherexxisyourParticipantID) 2. ZB:BS:BUSINESS_ROLE_GRPxx(wherexxisyourParticipantID) ii. WhenroleshavebeenenteredintheSelectedsection,clickOK j. ClickUserDetailstab k. Enterthefollowinginformation i. UserTypeDialog ii. ManagerACMANAGERxx(wherexxisyourParticipantID) iii. DecimalNotationChoosethenormaldefaultforyourregion iv. DateFormatChoosethenormaldefaultforyourregion l. ClickSave 6. Aconfirmationappearsthatthetemplatehasbeensaved

Page|13

Unit5ProvisionandManageUsers Exercise5.3MaintainAccessRequestTemplates Solution: 8. TemplateManagement

Page|14

Page|15

Page|16

Page|17

Page|18

Page|19

Unit5ProvisionandManageUsers Exercise5.4CreateAccessRequest 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickAccessRequestundertheAccessRequestCreationsection 4. CreateanAccessRequestusingthefollowinginformation: a. ReasonforRequest i. Description:AccessRequestCreationforGRCTrainingCourseGroup99 b. RequestDetails i. RequestTypeNewAccount ii. RequestForOther iii. UserACUSERxx01(wherexxisyourParticipantID) iv. PriorityHigh v. BusinessProcessBasis vi. FunctionalAreaLeaveasSelect vii. DueDateLeaveBlank c. OntheUserAccesstab,ClickAdd,thenRole d. SearchfortheCompositeRolethatyoucreatedpreviously i. SystemSelectZMGCLNT800 ii. RoleTypeSelectCompositeRole iii. RoleNameSelectcontainsandenterZ*xx(wherexxisyourParticipantID) iv. ClickSearch v. SelectRole,clickDownarrowtomovetoSelectedsection vi. ClickOK e. ClickRiskViolationtab i. UsethedefaultsettingsforRiskAnalysis ii. ClickRunRiskAnalysis iii. Reviewresultsthatappear f. ClickAttachmentstab i. Addalinkforreference ii. ClickAdd,thenclickLink 1. TitletheLinkTrainingLink 2. Enterthepathwww.sap.com 3. ClickOK g. ClickUserDetailstab i. Enterthefollowinginformation 1. FirstNameACUser 2. LastNameGroupxx01(wherexxisyourParticipantID) 3. Emailacuserxx01@grc.com(wherexxisyourParticipantID) 4. UserTypeDialog 5. ManagerACMANAGERxx(wherexxisyourParticipantID) 6. Job12345 7. DecimalNotationChoosethenormaldefaultforyourregion 8. DateFormatChoosethenormaldefaultforyourregion Page|20

h. ClickSubmit i. Entertherequestnumberhere_________________________________________ j. ClickClose

Page|21

Unit5ProvisionandManageUsers Exercise5.4CreateAccessRequest Solution: 9. CreateAccessRequest

Page|22

Page|23

Page|24

Page|25

Unit5ProvisionandManageUsers Exercise5.5CreateAccessRequestwithModelUser 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickModelUserundertheAccessRequestCreationsection 4. CreateanAccessRequestusingthefollowinginformation: a. OntheUserDetailstab i. RequestForOther ii. UserACUSERxx02(wherexxisyourparticipantID) i. FirstNameACUser ii. LastNameGroupxx02(wherexxisyourParticipantID) iii. Emailacuserxx02@grc.com(wherexxisyourParticipantID) iv. UserTypeDialog v. ManagerACMANAGERxx(wherexxisyourParticipantID) vi. Job98765 vii. DecimalNotationChoosethenormaldefaultforyourregion iii. DateFormatChoosethenormaldefaultforyourregion b. ClickNext c. ModelUseraccessafteruserIDGRCRA1 i. SelectModelUser(useSearchorEnterIDdirectlyandpressEnter) 1. UserGRCRA1 2. ClickSelectbuttoninupperleftcornerofAvailablesection a. ClickSelectAll 3. ClickDownarrowtomoveselectedrolestoSelectedsection d. ClickNext e. EnterRequestDetails i. ReasonforRequest 1. DescriptionModelAccessRequestforGRCTrainingCourseGroupxx(wherexxisyour participantID) ii. RequestDetails 1. BusinessProcessBasis f. ClickNext g. Reviewthedataonthescreenforaccuracy. h. ClickSubmit i. Entertherequestnumberhere_________________________________________ j. ClickClose

Page|26

Unit5ProvisionandManageUsers Exercise5.5CreateAccessRequestwithModelUser Solution: 10. CreateModelUserAccessRequest

Page|27

Page|28

Page|29

Page|30

Unit5ProvisionandManageUsers Exercise5.6CreateAccessRequestwithTemplate 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) 2. GotoworkcenterAccessManagement 3. ClickTemplateBasedRequestundertheAccessRequestCreationsection 4. SelectthetemplateyoucreatedpreviouslyACTAMPLATExx(wherexxisyourParticipantID) 5. ClickNext 6. CreateanAccessRequestusingthefollowinginformation: a. RequestForOther b. UserACUSERxx03(wherexxisyourparticipantID) c. FirstNameACUser d. LastNameGroupxx03(wherexxisyourParticipantID) e. Emailacuserxx03@grc.com(wherexxisyourParticipantID) f. Job45612 7. ClickNext 8. Reviewrequestdetails 9. ClickNext 10. Reviewrequestforaccuracy 11. ClickSubmit a. Entertherequestnumberhere_________________________________________ 12. ClickClose

Page|31

Unit5ProvisionandManageUsers Exercise5.6CreateAccessRequestwithTemplate Solution: 11. CreateTemplateUserAccessRequest

Page|32

Page|33

Page|34

Page|35

Unit5ProvisionandManageUsers Exercise5.7CreateAccessRequestwithCopyRequest 1. 2. 3. 4. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACTRNGxx(wherexxisyourParticipantID) GotoworkcenterAccessManagement ClickCopyRequestundertheAccessRequestCreationsection SelectRequesttoCopy a. EnterRequestNumberyoucreatedinExercise5.4 b. Selecttherequestattributestobecopied i. UserDetails ii. RequestDetails iii. ManagerDetails iv. SystemDetails v. Roles ClickNext CreateanAccessRequestusingthefollowinginformation: a. UserACUSERxx04(wherexxisyourParticipantID) b. LastNameGroupxx04(wherexxisyourParticipantID) c. Emailacuserxx04@grc.com(wherexxisyourParticipantID) ClickNext EnterRequestDetails a. ReasonforRequest i. DescriptionCopyAccessRequestforGRCTrainingCourseGroupxx(wherexxisyour ParticipantID) ii. Reviewotherinformation ClickNext Reviewinformationforaccuracy ClickSubmit a. Entertherequestnumberhere_________________________________________ ClickClose

5. 6.

7. 8.

9. 10. 11. 12.

Page|36

Unit5ProvisionandManageUsers Exercise5.7CreateAccessRequestwithCopyRequest Solution: 12. CreateCopyRequest

Page|37

Page|38

Page|39

Page|40

Page|41

Unit5ProvisionandManageUsers Exercise5.8.1ApproveAccessRequest 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.4 5. Reviewtheinformationontherequest 6. ClickSubmit. 7. Confirmationappears,clickClose 8. LogOfftheapplication 9. Clicklinktorestartapplication 10. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACROLEAPPxx(wherexxisyourParticipantID) 11. GotoworkcenterMyHome 12. ClickWorkInbox 13. ClicktherequestcreatedinExercise5.4 14. Reviewtheinformationontherequest 15. ClickSubmit a. AnerrormessageshouldappearthatRiskAnalysisisMandatory 16. ClickRiskViolationstab 17. ClickRunRiskAnalysisandreviewtheinformation 18. ClickSubmit 19. ClickSubmit. 20. Confirmationappears,clickClose

Page|42

Unit5ProvisionandManageUsers Exercise5.8.1ApproveAccessRequest Solution: 13. RequestApproval

Page|43

Page|44

Page|45

Page|46

Page|47

Page|48

Page|49

Page|50

Page|51

Unit5ProvisionandManageUsers Exercise5.8.2ApproveAccessRequestManagerRejectstheRequest 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.5 5. Reviewtheinformationontherequest 6. ClickOtherActions,thenReject 7. Confirmationappears,clickClose

Page|52

Unit5ProvisionandManageUsers Exercise5.8.2ApproveAccessRequestManagerRejectstheRequest Solution:

Page|53

Page|54

Unit5ProvisionandManageUsers Exercise5.8.3ApproveAccessRequestRoleOwnerRejectsaRole 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.6 5. Reviewtheinformationontherequest 6. ClickSubmit. 7. Confirmationappears,clickClose 8. LogOfftheapplication 9. Clicklinktorestartapplication 10. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACROLEAPPxx(wherexxisyourParticipantID) 11. GotoworkcenterMyHome 12. ClickWorkInbox 13. ClicktherequestcreatedinExercise5.6 14. Reviewtheinformationontherequest 15. RejecttheroleZS:BSSE:SINGLE_ROLE a. IntheApprovalStatuscolumn,selectRejectfromthedropdownlist 16. ClickRiskViolationstab 17. ClickRunRiskAnalysisandreviewtheinformation 18. ClickSubmit. 19. Confirmationappears,clickClose

Page|55

Unit5ProvisionandManageUsers Exercise5.8.3ApproveAccessRequestRoleOwnerRejectsaRole Solution:

Page|56

Page|57

Page|58

Page|59

Unit5ProvisionandManageUsers Exercise5.8.3ApproveAccessRequestReviewAuditLog 1. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACMANAGERxx(wherexxisyourParticipantID) a. IfyouareloggedintoNWBCalready,youcanclickLogOfffromaworkcenterpage. b. Confirmlogoffaction c. ClicklinkTorestarttheapplication,pleaseclickhere d. SigninwithdesiredUserID 2. GotoworkcenterMyHome 3. ClickWorkInbox 4. ClicktherequestcreatedinExercise5.7 5. Reviewtheinformationontherequest 6. ClickSubmit. 7. Confirmationappears,clickClose 8. LogOfftheapplication 9. Clicklinktorestartapplication 10. LogontoNWBCclientforGRCV10.0(ZMC)withuserIDACROLEAPPxx(wherexxisyourParticipantID) 11. GotoworkcenterMyHome 12. ClickWorkInbox 13. ClicktherequestcreatedinExercise5.7 14. ReviewtheinformationontherequestintheUserAccessandUserDetailstabs 15. ClickonAuditLogtab a. Reviewtheinformation. 16. ClickRiskViolationstab 17. ClickRunRiskAnalysisandreviewtheinformation 18. ClickSubmit. 19. Confirmationappears,clickClose

Page|60

Unit5ProvisionandManageUsers Exercise5.8.3ApproveAccessRequestRoleOwnerRejectsaRole Solution

Page|61

Page|62

Page|63

Page|64

FirefighterIDOwnerFirefighterIDOwnersareresponsibleformaintainingfirefighterIDsandtheirassignmentsto firefighters FirefighterRoleOwnerFirefighterRoleOwnersareresponsibleformaintainingfirefighterrolesandtheirassignmentsto firefighters RiskOwnerRiskOwnersareassignedtorisksandarecommonlyresponsibleforapprovingchangestoriskdefinitions andviolationsoftherisk.RiskOwnersmayalsoreceiveconflictingandcriticalactionalerts. RoleOwnerRoleownersareresponsibleforapprovingeitherrolecontentoruserroleassignmentorboth MitigationMonitorsMitigationMonitorsareassignedtocontrolstomonitoractivityandmayreceivecontrolmonitor alerts. MitigationApproversMitigationApproversareassignedtocontrolsandareresponsibleforapprovingchangestothe controldefinitionandassignmentswhenworkflowisenabled. FirefighterIDControllerFirefighterIDControllersareresponsibleforreviewingthelogreportgeneratedduring firefighterIDusage. FirefighterRoleControllerFirefighterRoleControllersareresponsibleforreviewingthelogreportgeneratedduring firefighterroleusage. PointofContactPointofContactisanapproverforaspecificFunctionalArea.FunctionalAreaisanattributeusedto categorizeusersandroles. SecurityLeadSecurityLeadisagrouporindividualthatcanprovidesecondaryapprovalforaccessrequestsandreviews WorkflowAdministratorWorkflowadministratorisresponsibleforreassignmentofworkflowsduetoanincorrect approver,errorcondition,orescalation.

Page|65