SAP Security GRC

Reading Time: 3 minutes

SAP Security GRC (Governance Risk and Compliance)

    SAP Security
    • Introduction about security
    • Default user id’s clients
    • Creating users
    • Overview of SAP Security (Roles and profiles)
    • Authorization concepts, transactions, auth objects
    • Introduction to profile generator
    • Introduction to composite and derived roles. (briefly mention ORG values)
    • Practical exercise building roles. Composite and derived.
    • Adding missing auth objects
    • Start review of useful tables for security
    • Review composite and derived roles
    • System trace and Su53
    • Inactivating auth objects
    • Practical Exercise running traces
    • Creating and assigning users to roles
    • Use of PFCG_TIME_DEPENDANCY
    • Use of user groups in security(SUGR)
    • Useful transactions for security – Introduction
    • How Org objects protect site specific variables
    • How are default values maintained
    • Practical exercise building roles. Composite and derived
    • How to make an auth object an org level variable
    • How SU25, SU24 and PFCG are linked
    • Use of SE16 and S_TABU_DIS
    • Use of SM30 SM31
    • Continue review of useful tables for security
    • Use of compare (remote compare if allowed)
    • Why SU53 may not give the correct information
    • Use of SUIM reports – benefits and pitfalls
    • Use of compare (remote compare if allowed)
    • System security setting SCC4, SCC1, SE03, SC06
    • Use of SE11, SE54 and securing table groups
    • Use of SAP supplies roles
    • Use of SUCP
    • Use of OSS to report and search for issues
    • Audit requirements
    • Transporting roles
    • Use of SAP_ALL and SAP_NEW
    • How to delete activity groups/roles
    • How to transport activity groups/roles
    • Use of SAP* and DDIC
    • Cal transactions and their importance
    • Use of SE97 and TCDCOUPLES tables
    • Audit requirements and how audit done for SAP.

    SAP GRC (Governance Risk and Compliance)

      Module 1: Overview of GRC access control
      • Understanding GRC applications, requirements and benefits
      • Understanding GRC landscape
      • Release roadmap and compatibility

      Module 2: Project planning and stakeholders

        Module 3: Pre-implementation and considerations

          Module 4: Understanding RFC, JCo and background job requirements

            Module 5: Risk analysis and Remediation (RAR)

            • Understanding RAR functionality
            • Pre- and post- installation check lists
            • Understanding segregation of duties (SOD)
            • Understanding RAR data requirements
            • Conducting risks and rules workshop
            • RAR rule building exercise
            • Understanding Remediation and mitigation strategy
            • Configuring RAR
            • Troubleshooting RAR

            Module 6: Super User Privilege Management (SPM)

            • Understanding SPM functionality
            • Pre- and post- installation check lists
            • Understanding SPM data requirements
            • Understanding Fire Fighter strategy
            • Understanding SAP role, Fire fighter ID and end user ID mapping
            • Configuring SPM
            • Troubleshooting SPM

            Module 7: Complaint user provisioning

            • User provisioning process workflow: Role request
            • Advanced workflows
            • Master data and process logic
            • Reporting
            • Workflow engine
            • Compliance exercise and summary
            • Pre- and post- installation check lists
            • Conclusion

            Module 8: Enterprise role management

            • Implementation Methodology in ERM
            • Role Generation using ERM
            • Pre- and post- installation check lists
            • Integration with CUP and RAR
            • Proposals in PFCG and GRC

        What to read next?

        Nothing to see here. Consider joining one of our full courses..