GRC300 6

DEMO : Purchase from www.A-PDF.
com to remove the watermark
Unit 13
Learning Assessment
1. Which of the following prerequisites must be completed before scheduling a background job for Periodic Access Review request? Choose the correct answers. X X X X A Run the role usage sync job B Sync all the roles to the AC repository C Sync all the users to the AC repository D Sync all the workflow settings to the AC repository
2. The visibility of buttons in the Approver's Work Inbox UI are determined by the BC set. Determine whether this statement is true or false. X X True False
3. Before you can assign reviewer coordinator mapping, you must set a request type and priority for User Access Review Requests in configuration and set Admin Review Required to YES. Determine whether this statement is true or false. X X True False
4. Where can you find the access requests that you are supposed to review? Choose the correct answers. X X X X A In the Access Management work center B In the Master Data work center C In the My Home work center D In the Reports and Analytics work center
Copyright . All rights reserved.
491
SAP Class Week of April 30, 2012
Unit 13: Learning Assessment
5. How do you remove a role during a review? Choose the correct answers. X X X X A Choose Propose Removal B Choose Actual Removal C Choose Mitigate the Risk D You cannot remove a role during a review
6. Which of the following statements are true about Role Reaffirm? Choose the correct answers. X X X X A Roles must be reaffirmed after a specific period of time B You must notify users as part of the review process C Maintain the Role Reaffirm period in Access Request Management D An automatic periodic requet is generated
492
Unit 13
Learning Assessment- Answers
1. Which of the following prerequisites must be completed before scheduling a background job for Periodic Access Review request? Choose the correct answers. X X X X A Run the role usage sync job B Sync all the roles to the AC repository C Sync all the users to the AC repository D Sync all the workflow settings to the AC repository
2. The visibility of buttons in the Approver's Work Inbox UI are determined by the BC set. Determine whether this statement is true or false. X X True False
3. Before you can assign reviewer coordinator mapping, you must set a request type and priority for User Access Review Requests in configuration and set Admin Review Required to YES. Determine whether this statement is true or false. X X True False
493
Unit 13: Learning Assessment- Answers
4. Where can you find the access requests that you are supposed to review? Choose the correct answers. X X X X A In the Access Management work center B In the Master Data work center C In the My Home work center D In the Reports and Analytics work center
5. How do you remove a role during a review? Choose the correct answers. X X X X A Choose Propose Removal B Choose Actual Removal C Choose Mitigate the Risk D You cannot remove a role during a review
6. Which of the following statements are true about Role Reaffirm? Choose the correct answers. X X X X A Roles must be reaffirmed after a specific period of time B You must notify users as part of the review process C Maintain the Role Reaffirm period in Access Request Management D An automatic periodic requet is generated
494
UNIT 14
Reporting
Lesson 1
Working with the Reporting Framework Exercise 1: Change an Existing Report Exercise 2: Add Custom Fields to Request Header Exercise 3: Add Custom Fields to Role Definition 496 501 504 509
UNIT OBJECTIVES
Change an existing report without programming Add custom fields to a report
495
Unit 14 Lesson 1
Working with the Reporting Framework
LESSON OVERVIEW This lesson shows you how to change reports and add custom fields. Business Example You are tasked with creating new reports and adding custom fields to reports. LESSON OBJECTIVES After completing this lesson, you will be able to:
Changing Existing Reports Create a new report. 1. Execute transaction SM34 and maintain view cluster VC_GRFNREPCUST 2. Create a report name, for example GRAC_SPM_CONS_REPORT 3. Define report details: a) Text and description b) Report Type c) WD Name d) Function Group e) Application Component f) Cases 4. Maintain other report attributes a) Filter: define the list of selection screen filters b) Columns: Output ALV columns are maintained under the Column section 5. Assign Report to Launchpad Role a) Transaction code LPD_CUST b) Select respective Launchpad Role and assign the report to it
496
Lesson: Working with the Reporting Framework
Adding Custom Fields

Terminology for ABAP Dictionary
Domain Data Type
Prerequisites
These activities should be carried out by an ABAP Developer Must have S_DEVELOP authorization Must have a developer key
A Domain describes the technical attributes of a field, such as a data type or the number of positions in a field. The domain defines primarily a value range describing the valid data values for the fields referring to this domain. Different technical fields of the same type can be combined in a domain. Fields referring to the same domain are changed a the same time when a domain is changed. This ensures consistency of these fields. A Data Type is where the actual Data Element, Structure or Table type is created. Items related to Access Control v10.0 Custom Fields, only Data Element will be used. This will become the actual Field with in structures that are already delivered. This activity should be carried out by a developer as you need to have S_DEVELOP object authorization and also have a developer key to make these configuration changes. Create a Domain 1. Execute transaction SE11 for the ABAP Dictionary 2. Domain: Enter the ID of the type of data to be stored 3. Domains can be reused and standard domains are provided by SAP. Company policy should dictate how to proceed. 4. Choose the Definition tab. 5. Relevant fields for Access Control include: a) Short Description used as explanatory text in documentation (F1 Help) and when lists are generated b) Data Type The data class describes the data format at the user interface. When the fields are used in an ABAP program, that data class is converted into a format used by the ABAP processor c) Number of Characters the number of valid positions of a field d) Decimal Places the number of decimal places allowed for a value 6. Choose the Value Range tab. a) If there are always specific values or value ranges associated with this data type, the Value Range tab can constrict what values can be entered.
497
Unit 14: Reporting
7. When all of the data has been entered for the domain, click Activate. The status at the end will change from NEW to Active.
Create a Data Type Once the domain is created, a data type must be created. 1. Execute transaction SE11. 2. There are three data types: a) Data Element b) Structure c) Table Type d) This example will focus on Data Element, which describes the technical attributes and contents of a table or structure field. Fields with the same contents refer to the same data element. 3. Data Element relevant fields: a) Short Description b) Domain 4. Enter a short description to describe this data element and enter the domain for the data element characteristics. Once the domain is entered, notice that the information entered from that domain is automatically entered. 5. Choose the Field Label tab. 6. Enter the length and the Field Label to be used on the screens where the field displays. The Short, Medium, and Long entries will be used in screen labels, and the Heading will be used when the field values are searched.
Assign Custom Fields to Access Requests and Roles Once custom fields are created, assign the custom fields to access requests and roles. 1. Again, using transaction SE11, modify Database table. a) For Access Requests: GRACREQ b) For Roles: GRACROLE Once the custom field is created, the field needs to be added to the customer include structure. This is included already in the database tables. For access request header fields, the data base table that needs to be updated is GRACREQ. For Role custom fields, the data base table that needs to be updated is GRACROLE. 2. Go to the Change Table screen, where there will be a .INCLUDE field with the appropriate structure in the Data Element. 3. Double click the structure name. If the structure has not yet been fully created, click Yes to create the structure. 4. Select the appropriate structure to modify:
498
a) Access Requests: CI_GRAC_REQ_ATTR b) Roles: CI_ROLE_ATTR 5. Once the Changs Structure screen displays, enter the relevant data needed: a) In the Short Description describe the data that is contained in the structure. b) In the Component field enter customer specific data ID. c) In the Component Type field enter the specific Custom Field to be entered. d) It is important to note, the fields are prefixed with Z or Y or ZZ or YY so as to ensure that there is no overlap with SAP delivered field names. e) It is important to keep all names unique. All Customer fields are used in the global reporting structure. If the same field name is used twice it causes problems. Also, verify that the field name is no longer than 16 characters. 6. Enter the Enhancement Category information. a) Because the Customer Include structure is already an Enhancement Structure, it cannot be further enhanced. b) This must be entered by the menu path: Extras >>>>>>>> Enhancement Category. c) In the window that displays, indicate that that the structure Cannot Be Enhanced, then click Copy. d) When complete, save, check and activate the structure. Several dependent structures and database tables are reactivated as well. 7. Personalize Custom Fields. a) To make sure there are no conflicts or issues, execute program GRFN_CHECK_CDF. This program will validate that the structures have been successfully generated. b) Run in a Correction Mode. c) Check all boxes in the To Be Corrected section. d) Execute and view confirmation message. e) Once this is complete, the fields are available in the access request header or the role maintenance screen, depending on which structure this was added to. 8. Configure Custom Fields a) Custom fields are not accessible in End User Provisioning configuration; they are configured in a separate area. b) Access the IMG using SPRO, then follow the menu path Governance, Risk and Compliance >>>>>>>> Shared Master Data Settings >>>>>>>> Maintain Field-Based Configuration. c) This task will set a custom field to be Required Entry, Optional Entry, Display, or Hidden.
Additional Information about Custom Fields
Custom Fields are not accessible in End User Personalization. Multiple Languages can be configured in SE63 Standard Translation Environment
499
Unit 14: Reporting
Custom fileds can be used in BRF+ (or other API rules) but only if the rules are created AFTER maintaining the custom field
Custom fields are not available in the End User Provisioning configuration. Multiple languages can be maintained in transaction SE63, Standard Translation Environment. Custom fields can be used in BRF+ (or other API rules) but only if the rules are maintained AFTER maintaining the custom field.
500
Unit 14 Exercise 1
Change an Existing Report
All syncs must have been completed in the GRC system to perform this exercise. 1. Create a new report. Enter /nsm34 in the Transaction code entry field, then click the green check mark icon. 2. Enter VC_GRFNREPCUST in the View Cluster field. 3. Click Maintain. 4. Click the green check mark when you see the cross-client caution message. 5. Select a report to use as a source for your new report: GRAC_SOD_ACTION_ROLES_RPT. 6. Right click and choose Copy As 7. Enter a new report name, for example, GRAC_CUSTOMxx. 8. Click the green check mark; copy all dependencies. You should see your nrew report Z_GRAC_CUSTOMxx: Action in roles not in rules-Customxx listed. 9. Double click Filters to define selection screen filters. 10.Highlight Profile and click minus to remove the filter from the screen. 11. Double click Columns to define output ALV columns. Choose New Entries. 12. Enter new columns for report, then save. 13. Assign report to Launchpad role.
501
Unit 14 Solution 1
Change an Existing Report
All syncs must have been completed in the GRC system to perform this exercise. 1. Create a new report. Enter /nsm34 in the Transaction code entry field, then click the green check mark icon. 2. Enter VC_GRFNREPCUST in the View Cluster field. 3. Click Maintain. 4. Click the green check mark when you see the cross-client caution message. 5. Select a report to use as a source for your new report: GRAC_SOD_ACTION_ROLES_RPT. 6. Right click and choose Copy As 7. Enter a new report name, for example, GRAC_CUSTOMxx. a) Enter report details: b) Text and Description: XX Report c) Report Type: End-User d) WD Name: GRAC_SOD_ACTION_ROLES_RPT e) Function Group Name: f) Application Component: GRC-AC g) Cases: One per reporting timeframe 8. Click the green check mark; copy all dependencies. You should see your nrew report Z_GRAC_CUSTOMxx: Action in roles not in rules-Customxx listed. 9. Double click Filters to define selection screen filters. 10.Highlight Profile and click minus to remove the filter from the screen. 11. Double click Columns to define output ALV columns. Choose New Entries. 12. Enter new columns for report, then save. 13. Assign report to Launchpad role. a) Enter /nLPD_CUST in the Transaction code entry field, then click the green check mark icon. b) Double click the GRACREPS launchpad role.
502
c) Highlight the top folder, then right click. d) Choose New Folder from the top menu bar. e) Enter folder information. f) Save. A new folder displays in the list. This adds a new sub group to the Reports and Analytics work center.
503
Unit 14 Exercise 2
Add Custom Fields to Request Header
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID) 2. Execute Transaction SE11 3. Create Domains Note: Save items as LOCAL OBJECT (where xx is your Participant ID) Domain ID ZAC_CF_TX20_xx ZAC_CF_REG_xx Short Description Char String 20 Chars for Group xx Data Type CHAR Number of Chars 20 5
Multiple Values String CHAR for Group xx Enter the following values for this domain
EMEA Europe APJ Asia Pacific Japan ANZ Australia New Zealand AMER Americas Attributes will be populated automatically
ZAC_CF_DATE_xx
Single Date Value for Group xx
DATS
4. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_EID_xx Short Description Employee ID Custom Field for AC Training Group 99 Domain ZAC_CF_TX20_xx Length-Field Label
10-Emp IDxx 10-Emp IDxx 20-Employee IDxx 20-Employee IDxx
504
Data Type ZAC_DE_DIV_xx
Short Description Division Custom Field for AC Training Group 99
Domain ZAC_CF_TX20_xx
Length-Field Label
5-DIVxx 10-Divisionxx 20- Divisionxx 20- Divisionxx 5 MKTxx 10-Marketxx 10- Marketxx 10- Marketxx 8 Hirexx 10 Hire Dtexx 12 Hire Dtexx 12 Hire Dtexx
ZAC_DE_MKT_xx
Market Custom Field for AC Training Group 99
ZAC_CF_REG_xx
ZAC_DE_HIR_xx
Hire Date Custom Field for AC Training Group 99
ZAC_CF_DATE_xx
5. Modify / Create structure CI_GRAC_REQ_ATTR included in database table GRACREQ to add these fields (where xx is your Participant ID) 6. Check the Customer Defined fields for issues (where xx is your Participant ID) 7. Configure Custom Fields as shown (where xx is your Participant ID) 8. Verify that the fields just created appear on the Access Request screen. 9. Verify that the fields just created appear in BRF+ context.
505
Unit 14 Solution 2
Add Custom Fields to Request Header
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID) 2. Execute Transaction SE11 3. Create Domains Note: Save items as LOCAL OBJECT (where xx is your Participant ID) Domain ID ZAC_CF_TX20_xx ZAC_CF_REG_xx Short Description Char String 20 Chars for Group xx Data Type CHAR Number of Chars 20 5
Multiple Values String CHAR for Group xx Enter the following values for this domain
EMEA Europe APJ Asia Pacific Japan ANZ Australia New Zealand AMER Americas Attributes will be populated automatically
ZAC_CF_DATE_xx
Single Date Value for Group xx
DATS
4. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_EID_xx Short Description Employee ID Custom Field for AC Training Group 99 Domain ZAC_CF_TX20_xx Length-Field Label
10-Emp IDxx 10-Emp IDxx 20-Employee IDxx 20-Employee IDxx
506
Data Type ZAC_DE_DIV_xx
Short Description Division Custom Field for AC Training Group 99
Domain ZAC_CF_TX20_xx
Length-Field Label
5-DIVxx 10-Divisionxx 20- Divisionxx 20- Divisionxx 5 MKTxx 10-Marketxx 10- Marketxx 10- Marketxx 8 Hirexx 10 Hire Dtexx 12 Hire Dtexx 12 Hire Dtexx
ZAC_DE_MKT_xx
Market Custom Field for AC Training Group 99
ZAC_CF_REG_xx
ZAC_DE_HIR_xx
Hire Date Custom Field for AC Training Group 99
ZAC_CF_DATE_xx
5. Modify / Create structure CI_GRAC_REQ_ATTR included in database table GRACREQ to add these fields (where xx is your Participant ID) a) In the short Description enter Custom Fields INCLUDE for Request Header Component ZZAC_DE_EID_xx ZZAC_DE_DIV_xx ZZAC_DE_MKT_xx ZZAC_DE_HIR_xx Component Type ZAC_DE_EID_xx ZAC_DE_DIV_xx ZAC_DE_MKT_xx ZAC_DE_HIR_xx
6. Check the Customer Defined fields for issues (where xx is your Participant ID) 7. Configure Custom Fields as shown (where xx is your Participant ID) a) Create Transport, in short description enter Custom Field Customizing Group xx Field ID ZZAC_DE_EID_xx ZZAC_DE_DIV_xx ZZAC_DE_MKT_xx ZZAC_DE_HIR_xx Status Required Entry Optional Entry Optional Entry Required Entry
8. Verify that the fields just created appear on the Access Request screen.
507
9. Verify that the fields just created appear in BRF+ context.
508
Unit 14 Exercise 3
Add Custom Fields to Role Definition
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID). 2. Execute Transaction SE11 3. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_RMKT_xx Short Description Market of Role Custom Field for AC Training Group xx Domain ZAC_CF_REG_xx Length-Field Label
10 Mkt Rolexx 15 Mkt of Rolexx 10 Market of Role99 10 Market of Role99 8 ReqDtxx 10 Req Datexx 12 Req Datexx 12 Req Datexx
ZAC_DE_RREQ_xx
Role Request Date Custom Field for AC Training Group xx
ZAC_CF_DATE_xx
4. Modify / Create structure CI_ROLE_ATTR included in database table GRACROLE to add these fields (where xx is your Participant ID) Component ZZAC_DE_RMKT_xx ZZAC_DE_RREQ_xx Component Type ZAC_DE_RMKT_xx ZAC_DE_RREQ_xx
5. Check the Customer Defined fields for issues 6. Verify that the fields just created appear on the Role Maintenance screen 7. Verify that the field just created appear in BRF+ context
509
Unit 14 Solution 3
Add Custom Fields to Role Definition
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID). 2. Execute Transaction SE11 3. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_RMKT_xx Short Description Market of Role Custom Field for AC Training Group xx Domain ZAC_CF_REG_xx Length-Field Label
10 Mkt Rolexx 15 Mkt of Rolexx 10 Market of Role99 10 Market of Role99 8 ReqDtxx 10 Req Datexx 12 Req Datexx 12 Req Datexx
ZAC_DE_RREQ_xx
Role Request Date Custom Field for AC Training Group xx
ZAC_CF_DATE_xx
4. Modify / Create structure CI_ROLE_ATTR included in database table GRACROLE to add these fields (where xx is your Participant ID) Component ZZAC_DE_RMKT_xx ZZAC_DE_RREQ_xx Component Type ZAC_DE_RMKT_xx ZAC_DE_RREQ_xx
5. Check the Customer Defined fields for issues 6. Verify that the fields just created appear on the Role Maintenance screen 7. Verify that the field just created appear in BRF+ context
510
LESSON SUMMARY You should now be able to:
511
Unit 14: Reporting
512
Unit 14
Learning Assessment
1. Which view cluster do you maintain to create a new report? Choose the correct answers. X X X X A VC_GRFN_REPCUST B VC_GRFNCUST C VC_GRFNREPCUST D VC_GRFN_REP_CUST
2. Put the following steps related to creating custom fields in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 0 Create a data type 0 Create the custom fields 0 Assign custom fields to access requests and roles 0 Create a domain
513
Unit 14
1. Which view cluster do you maintain to create a new report? Choose the correct answers. X X X X A VC_GRFN_REPCUST B VC_GRFNCUST C VC_GRFNREPCUST D VC_GRFN_REP_CUST
2. Put the following steps related to creating custom fields in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 2 Create a data type 3 Create the custom fields 4 Assign custom fields to access requests and roles 1 Create a domain
514
UNIT 15
Implementing Access Control
Lesson 1
Working with the Access Control Implementation Process 516
Lesson 2
Designing the Access Control Solution 518
Lesson 3
Planning Upgrade and Migration 521
Lesson 4
Configuring Access Control 526
Lesson 5
Implementing the Solution 528
Lesson 6
Optimizing and Enhancing the Solution 531
UNIT OBJECTIVES
Describe the main implementation steps and project team members Design the Access Control Solution Identify key considerations for upgrade and migration Perform final tasks and prepare for go live Perform final tasks and prepare for go live Ensure system stability and optimize performance
515
Unit 15 Lesson 1
Working with the Access Control Implementation Process
LESSON OVERVIEW This lesson presents an overview of the Access Control Implementation Process. Business Example You are preparing for an implementation and must introduce the main steps to the project team in order to ensure a successful implementation. LESSON OBJECTIVES After completing this lesson, you will be able to:
Describe the main implementation steps and project team members
Introduction to Implementation
Planning for Implementation The most important thing to remember when implementing Access Control is PLANNING
Planning is the key to keeping the project on track Deliver the approved view of the solution end state Identify the scope of functionality Determine the use of options of chosen functionality Determine the solution implementation process: new implementation versus upgrade and migration Identify the solution deployment process: Big Bang versus Phased Approach Plan resources
Project Implementation Overview ASAP 7 Methodology
Project Preparation Blueprint Realization Final Preparation
516
Lesson: Working with the Access Control Implementation Process
Go Live Support Run
Figure 150: Project Implementation Overview
Project Preparation
Define and document project scope Define implementation plan and roll-out strategy Define project standards and infrastructure Determine knowledge transfer approach Determine master data design
Figure 151: Project Preparation
Project Teams
A typical project team may include the following members:
Installation (Technical) Architects Solution (Functional) Architects Business Process Experts Security Experts Auditors & Regulators (Internal Controls/Compliance) Senior Management
Describe the main implementation steps and project team members
517
Unit 15 Lesson 2
Designing the Access Control Solution
LESSON OVERVIEW This lesson shows you how to prepare for implementation and blueprinting. Business Example You are assigned to an implementation project and must design the Access Control solution to meet the organization's business requirements. LESSON OBJECTIVES After completing this lesson, you will be able to:
Design the Access Control Solution
Blueprinting Overview
Identify Business requirements Specify business process design Specify solution design, including a fit gap analysis
Figure 152: Blueprinting Phase
Analyze Security and Provisioning Requirements

Determine Security Requirements
Configurators Administrators Approvers End Users Requestors
Determine Provisioning Requirements
Process Flows for Provisioning Approvals
518
Lesson: Designing the Access Control Solution
Process Flows for Access Control Master Data Approvals Periodic Access Reviews Role Certifications
Analyze and Propose Workflow Solution

Approval Workflow Analysis
Approval Requirements Current State To-Be State Gap Analysis SCRUM Methodology
Multiple Solution Implementation
Recommended order of implementation
Build Proof of Concept Document

Proof of Concept Document
Business Process Flows Workflow Design Requirements Documented
Define Prototype
Subset of the business processes Use to build a small demo system
Update Project Plan
Document possible gaps/risk identified Add further detail to the project based upon POC or prototype review Validate project changes, if any, are appropriate for project scope Secure approval for project plan changes
Evaluate Architecture Requirements

Architecture Requirements
Hardware type and sizing System information and parameters System connectivity
519
Unit 15: Implementing Access Control
Installation and Sizing Guides
Installation Guide: service.sap.com/instguides Sizing Guide: service.sap.com/sizing
Design the Access Control Solution
520
Unit 15 Lesson 3
Planning Upgrade and Migration
LESSON OVERVIEW This lesson presents upgrade and migration topics as part of the Access Control Implementation process overview. Business Example You are assigned to an implementation project for an upgrade to Access Control 10.0 and must plan the upgrade and migration stratey with your project team. LESSON OBJECTIVES After completing this lesson, you will be able to:
Identify key considerations for upgrade and migration
Upgrade and Migration Overview

Another aspect to consider when creating an Access Control Implementation plan is the possibility of upgrade or migration.
Figure 153: Planning Upgrade and Migration is Part of the Blueprint Phase
Upgrade and Migration Terminology Upgrade Description
The technical upgrade of the software program Does not touch the data within the database tables
Migration New Implementation Upgrade/Migration
Moves data from one platform to another No previous data will be preserved Previous data is preserved
521
Figure 154: Upgrade and Migration Overview
Access Control Migration Overview The Access Control Migration Guide can be referenced at service.sap.com/instguides.
Figure 155: Access Control Migration Overview
Configuration Prerequisites
Prerequisites for Upgrading from Version 4.0 Certain prerequisites must be completed prior to migrating Access Control 4.0 to Access Control 10.0:
Verify that SAP NetWeaver 7.02 SP6 or higher is running before migrating Access Control 4.0 data Install Access Control 10.0 plug-ins on all back end systems Create all relevant GRC 10.0 users on the target system Verify that the following default configuration parameter is maintained:
Parameter Group: Superuser Management Parameter ID: 4000 - Application Type
522
Lesson: Planning Upgrade and Migration
Specify a dedicated data export/import directory accessible from both Access Control 4.0 and Access Control 10.0 systems
Prerequisites for Upgrading from Version 5.3 Certain prerequisites must be completed prior to migrating Access Control 5.3 to Access Control 10.0:
Verify that SAP NetWeaver 7.02 SP6 or higher is running before migrating Access Control 5.3 data. Upgrade the Access Control 5.x application to Access Control 5.3 SP 13. Install Access Control 10.0 plug-ins on all back end systems. Verify that all applicable BC sets are activated for GRC 10.0.
For Access Request Management roles: the GRAC_ROLE_MGMT_STATUS and GRAC_ROLE_MGMT_METHODOLOGY BC sets must be activated. For Business Role Management roles, the GRAC_ROLE_MGMT_LANDSCAPE BC set must be activated.
Verify that the following default configuration parameters are maintained:
Parameter Group: Role Management
Parameter ID - 3000 Default Business Process Parameter ID - 3001 Default Sub Process Parameter ID - 3002 Default Critical Level Parameter ID - 3003 Default Project Release Parameter ID - 3004 Default Role Status
Parameter Group: Superuser Management, Parameter ID - 4000 Application Type Create all relevant GRC 10.0 users on the target system Before migrating EAM and BRM data, manually create all Access Control 5.3 custom fields in Access Control 10.0, using SAP custom field naming conventions (begin field names with X, Y, or Z) Specify a dedicated data export/import directory accessible from both Access Control 5.3 and Access Control 10.0
523
Define a Migration Plan
Figure 156: Define a Migration Plan
The Migration guide describes the detailed information for each step below: 1. Complete the prerequisites. 2. Export the ARA and SPM data (AC 4.0) or export the SPM data (AC 5.3), and then copy the exported data to the import location. 3. Export the configuration, master, and transactional data (AC 5.3 only), and then copy the exported data to the import location. 4. Import the common configuration data into GRC 10.0. 5. Complete the intra-migration tasks: a. Maintain connectors and connector groups. b. Perform repository synchronization for all defined connectors. c. Maintain configuration settings. d. Import roles for defined connectors (Compliant User Provisioning Roles only). e. Create prerequisites (CUP Roles only). 6. Import the application data into GRC 10.0. 7. Complete the post-import tasks: a. Activate GRC_MSMP_CONFIGURATION BC set. b. Generate the rules. c. Create function modules.
524
Lesson: Planning Upgrade and Migration
d. Maintain workflow stage settings. e. Complete methodology process assignments. 8. Validate the data. Defining a Migration Plan for Multiple Solutions
For customers who already have multiple GRC solutions in place, a joint migration/upgrade is possible There is no pre-defined upgrade sequence for a joint PC 3.0 and RM 3.0 upgrade, so either solution can be upgraded first Note: If previous Access Control versions are involved in this migration/upgrade, Access Control must be the last component to be migrated.
Figure 157: Defining a Migration Plan for Multiple Solutions
Identify key considerations for upgrade and migration
525
Unit 15 Lesson 4
Configuring Access Control
LESSON OVERVIEW This lesson reviews how to configure common setting and AC-specific settings in the IMG as part of the Implementation process. Business Example You are assigned to an Access Control implementation project and must configure the application as part of the process. LESSON OBJECTIVES After completing this lesson, you will be able to:
Perform final tasks and prepare for go live
Configuration Overview
Configuring Access Control 10.0 is completed in the IMG of the GRC Access Control system If Risk Terminator is used, configuration is also completed in each connected system where Risk Terminator is active
Figure 158: Configuring Access Control is part of the Realization Phase
Configure Common Settings

1. Configuration: Post Installation Tasks
Activating the applications in clients Activating SAP ICF Services Maintaining System Data Activating Crystal Reports Maintaining Plug-in Settings Create Initial User in AC Main System Mass Creation of Profiles/Roles
526
Lesson: Configuring Access Control
Activating Common Workflow
2. Configuration: Common Component Settings / Integration Framework
Create connectors Maintain connectors and connection types Maintain connection settings
Activate BC Sets
3. Configuration: Activate Rule Set BC Sets for Access Risk Analysis
This IMG activity will upload the SAP delivered rule set The BC set GRAC_RA_RULESET_COMMON contains the master data that is assigned to the rule set in general an dis not connector-specific Depending on the systems connected, subsequent BC sets should be activated These BC sets related to the system-specific information contained in the rule set are: GRAC_RA_RULESET_JDE GRAC_RA_RULESET_ORACLE GRAC_RA_RULESET_PSOFT GRAC_RA_RULESET_SAP_APO GRAC_RA_RULESET_SAP_BASIS GRAC_RA_RULESET_SAP_CRM GRAC_RA_RULESET_SAP_ECCS GRAC_RA_RULESET_SAP_HR GRAC_RA_RULESET_SAP_NHR GRAC_RA_RULESET_SAP_R3 GRAC_RA_RULESET_SAP_SRM
Configure Access Control-Specific Settings

Configuration settings configured in this section of the IMG apply to two or more of the Access Control functionalities. 4. Configuration: Access Control-Specific Settings
Common Access Control Configuration Functionality-Specific Configuration (ARA, ARM, BRM, Workflow)
527
Unit 15 Lesson 5
Implementing the Solution
LESSON OVERVIEW This lesson shows you how to prepare for realization and go live support. Business Example You are nearing the end of your Access Control implementation project and must prepare for golive. LESSON OBJECTIVES After completing this lesson, you will be able to:
Implementing the Solution Overview
Test Data and Configuration Business Process Procedures Quality Assurance System Environment Production System Environment Develop and Test Interfaces, Conversions and Reports Evaluate and Enhance Security and Controls End User Training Material and Plan End User Training System Environment Data Conversion Plan User Acceptance Test
Figure 159: Realization Phase
Conduct Deployment and Business Process Definition Workshop
Deliver Business Process Flows to End Users
528
Lesson: Implementing the Solution
Validate Design Plan Gain acceptance of the Deployment Plan
Determine Rule Set Load Methodology
Custom rule set load SAP delivered
Configure Workflow
In this step, finalize workflow configuration.
Customize SAP delivered workflows Set up Access Control scheduled jobs (Synchronizations, Reminders, Notifications) Complete any necessary business rules in BRFplus Test finalized workflows to validate execution per project plan
Promote Solution Design from Development to Testing to Production

At this point you enter the Final Preparation stage.
Figure 160: Final Preparation
Final Preparation During Final Preparation, you promote the solution to Production.
Promote transports to Production in preparation for cut-over Final preparation:
Data Converted Cut-Over Plan established End Users Trained End User IDs created Support Organization is in place Productive system is operational
Test the Implementation
Testing the implementation includes the following actions:
Execute test plans in Productive environment
529
Correct any issues that arise
Complete any remaining End User Training
Prepare for Go Live
Live Production Environment Operational Help Desk Cut-over and Conversion activities completed Post Go Live End User Training Updated Business Case Lessons Learned
530
Unit 15 Lesson 6
Optimizing and Enhancing the Solution
LESSON OVERVIEW This lesson presents the last phase of the implementation process, during which you run the solution and adjust for optimal results. Business Example You have completed the earlier steps of the Access Control implementation process and now are tasked with optimizing the system stability and performance. LESSON OBJECTIVES After completing this lesson, you will be able to:
Ensure system stability and optimize performance
Run Phase Overview
Figure 161: Run Phase
Run Phase
Assessment of Operation Standards for optimized solution operation
Identify scope Set up project schedule for implementing
For each relevant operation standard:
Design of processes, organization and roles, blueprint for tool usage Setup of processes, organizations and roles, tool setup Transition into Production, including training and rollout Operating
Track Performance
When tracking performance, you are implementing or optimizing the relevant SAP Standards for Solution Operations:
531
Exception handling and business process and interface monitoring Data volume management Job scheduling management Transactional consistency and data integrity Value Management
Adjust Configuration Settings
Change request management Change control management
Changes are implemented and transferred to the Test or Production environment, using SAP Solution Manager, if available
Test management Upgrade change
Manage Expectations for Additional Requirements and Enhancements
During this step, publish policies to handle requests for additional requirements or possible enhancements
Ensure System Stability
Defined and verified monitoring objects Defined KPIs with reaction methods and defined thresholds Clear task, roles, responsibilities and contact persons within each process Defined dependencies on and interfaces to other processes Concept for service-level reporting Physical implementation of the monitoring and reporting processes Testing of the monitoring process and report functionality Adjustment of the system monitoring concept to changes in the environment Constant quality improvement for the monitoring concept
Ensure system stability and optimize performance
532
Unit 15
Learning Assessment
1. Which of the groups below may be included on a typical project team? Choose the correct answers. X X X X A Business Process Experts B End Users C Security Experts D Senior Management
2. The most important aspect of project preparation is planning. Determine whether this statement is true or false. X X True False
3. What are the main tasks performed during blueprinting? Choose the correct answers. X X X X A Identify business requirements B Specify business process design C Identify members of the project team D Specify solution design, including a fit gap analysis
533
4. If previous Access Control versions are involved in a migration/upgrade for multiple solutions, when must Access Control be migrated? Choose the correct answers. X X X X A First B Last C Before Process Control, but after Risk Management D After Process Control, but before Risk Management
5. Match the term on the left with the best description on the right. Match items from 1st column to the corresponding item in 2nd column.
Upgrade Migration New Implementation Upgrade/Migration
No previous data will be preserved Previous data is preserved Moves data from one platform to another Does not touch the data within the database tables
6. Arrange the following configuration steps in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 0 Configure common component settings 0 Perform post-installation tasks 0 Configure Access Control-Specific Settings 0 Activate Rule Set BC Sets for Access Risk Analysis
534
7. At what point do you move from Realization to Final Preparation? Choose the correct answers. X X X X A When you conduct the Business Process Definition workshop B After you test the implementation C When you load the rule set D When you promote the solution design from development to testing
8. During the Run phase, you assess operation standards in order to optimize solution operation and system performance. Determine whether this statement is true or false. X X True False
535
Unit 15
1. Which of the groups below may be included on a typical project team? Choose the correct answers. X X X X A Business Process Experts B End Users C Security Experts D Senior Management
2. The most important aspect of project preparation is planning. Determine whether this statement is true or false. X X True False
3. What are the main tasks performed during blueprinting? Choose the correct answers. X X X X A Identify business requirements B Specify business process design C Identify members of the project team D Specify solution design, including a fit gap analysis
536
4. If previous Access Control versions are involved in a migration/upgrade for multiple solutions, when must Access Control be migrated? Choose the correct answers. X X X X A First B Last C Before Process Control, but after Risk Management D After Process Control, but before Risk Management
5. Match the term on the left with the best description on the right. Match items from 1st column to the corresponding item in 2nd column.
Upgrade Migration New Implementation Upgrade/Migration
Does not touch the data within the database tables Moves data from one platform to another No previous data will be preserved Previous data is preserved
6. Arrange the following configuration steps in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 2 Configure common component settings 1 Perform post-installation tasks 4 Configure Access Control-Specific Settings 3 Activate Rule Set BC Sets for Access Risk Analysis
537
7. At what point do you move from Realization to Final Preparation? Choose the correct answers. X X X X A When you conduct the Business Process Definition workshop B After you test the implementation C When you load the rule set D When you promote the solution design from development to testing
8. During the Run phase, you assess operation standards in order to optimize solution operation and system performance. Determine whether this statement is true or false. X X True False
538

GRC300 6

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

GRC300 6

Uploaded by

Copyright:

Available Formats

DEMO : Purchase from www.A-PDF.

com to remove the watermark

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Unit 13: Learning Assessment

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Unit 13: Learning Assessment- Answers

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Change an existing report without programming Add custom fields to a report

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Change an existing report without programming Add custom fields to a report

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Lesson: Working with the Reporting Framework

Adding Custom Fields

Domain Data Type

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Unit 14: Reporting

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Lesson: Working with the Reporting Framework

Additional Information about Custom Fields

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Unit 14: Reporting

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Single Date Value for Group xx

10-Emp IDxx 10-Emp IDxx 20-Employee IDxx 20-Employee IDxx

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Data Type ZAC_DE_DIV_xx

Short Description Division Custom Field for AC Training Group 99

Market Custom Field for AC Training Group 99

Hire Date Custom Field for AC Training Group 99

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Single Date Value for Group xx

10-Emp IDxx 10-Emp IDxx 20-Employee IDxx 20-Employee IDxx

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

Data Type ZAC_DE_DIV_xx

Short Description Division Custom Field for AC Training Group 99

Market Custom Field for AC Training Group 99

Hire Date Custom Field for AC Training Group 99

Copyright . All rights reserved.

SAP Class Week of April 30, 2012

9. Verify that the fields just created appear in BRF+ context.

Copyright . All rights reserved.

SAP Class Week of April 30, 2012