SAP Security GRC (Governance Risk and Compliance)
- SAP Security
- Introduction about security
- Default user id’s clients
- Creating users
- Overview of SAP Security (Roles and profiles)
- Authorization concepts, transactions, auth objects
- Introduction to profile generator
- Introduction to composite and derived roles. (briefly mention ORG values)
- Practical exercise building roles. Composite and derived.
- Adding missing auth objects
- Start review of useful tables for security
- Review composite and derived roles
- System trace and Su53
- Inactivating auth objects
- Practical Exercise running traces
- Creating and assigning users to roles
- Use of PFCG_TIME_DEPENDANCY
- Use of user groups in security(SUGR)
- Useful transactions for security – Introduction
- How Org objects protect site specific variables
- How are default values maintained
- Practical exercise building roles. Composite and derived
- How to make an auth object an org level variable
- How SU25, SU24 and PFCG are linked
- Use of SE16 and S_TABU_DIS
- Use of SM30 SM31
- Continue review of useful tables for security
- Use of compare (remote compare if allowed)
- Why SU53 may not give the correct information
- Use of SUIM reports – benefits and pitfalls
- Use of compare (remote compare if allowed)
- System security setting SCC4, SCC1, SE03, SC06
- Use of SE11, SE54 and securing table groups
- Use of SAP supplies roles
- Use of SUCP
- Use of OSS to report and search for issues
- Audit requirements
- Transporting roles
- Use of SAP_ALL and SAP_NEW
- How to delete activity groups/roles
- How to transport activity groups/roles
- Use of SAP* and DDIC
- Cal transactions and their importance
- Use of SE97 and TCDCOUPLES tables
- Audit requirements and how audit done for SAP.
- Understanding GRC applications, requirements and benefits
- Understanding GRC landscape
- Release roadmap and compatibility
- Understanding RAR functionality
- Pre- and post- installation check lists
- Understanding segregation of duties (SOD)
- Understanding RAR data requirements
- Conducting risks and rules workshop
- RAR rule building exercise
- Understanding Remediation and mitigation strategy
- Configuring RAR
- Troubleshooting RAR
- Understanding SPM functionality
- Pre- and post- installation check lists
- Understanding SPM data requirements
- Understanding Fire Fighter strategy
- Understanding SAP role, Fire fighter ID and end user ID mapping
- Configuring SPM
- Troubleshooting SPM
- User provisioning process workflow: Role request
- Advanced workflows
- Master data and process logic
- Reporting
- Workflow engine
- Compliance exercise and summary
- Pre- and post- installation check lists
- Conclusion
- Implementation Methodology in ERM
- Role Generation using ERM
- Pre- and post- installation check lists
- Integration with CUP and RAR
- Proposals in PFCG and GRC
SAP GRC (Governance Risk and Compliance)
- Module 1: Overview of GRC access control
Module 2: Project planning and stakeholders
Module 3: Pre-implementation and considerations
Module 4: Understanding RFC, JCo and background job requirements
Module 5: Risk analysis and Remediation (RAR)
Module 6: Super User Privilege Management (SPM)
Module 7: Complaint user provisioning
Module 8: Enterprise role management