Professional Documents
Culture Documents
Unit 13
Learning Assessment
1. Which of the following prerequisites must be completed before scheduling a background job for Periodic Access Review request? Choose the correct answers. X X X X A Run the role usage sync job B Sync all the roles to the AC repository C Sync all the users to the AC repository D Sync all the workflow settings to the AC repository
2. The visibility of buttons in the Approver's Work Inbox UI are determined by the BC set. Determine whether this statement is true or false. X X True False
3. Before you can assign reviewer coordinator mapping, you must set a request type and priority for User Access Review Requests in configuration and set Admin Review Required to YES. Determine whether this statement is true or false. X X True False
4. Where can you find the access requests that you are supposed to review? Choose the correct answers. X X X X A In the Access Management work center B In the Master Data work center C In the My Home work center D In the Reports and Analytics work center
491
5. How do you remove a role during a review? Choose the correct answers. X X X X A Choose Propose Removal B Choose Actual Removal C Choose Mitigate the Risk D You cannot remove a role during a review
6. Which of the following statements are true about Role Reaffirm? Choose the correct answers. X X X X A Roles must be reaffirmed after a specific period of time B You must notify users as part of the review process C Maintain the Role Reaffirm period in Access Request Management D An automatic periodic requet is generated
492
Unit 13
Learning Assessment- Answers
1. Which of the following prerequisites must be completed before scheduling a background job for Periodic Access Review request? Choose the correct answers. X X X X A Run the role usage sync job B Sync all the roles to the AC repository C Sync all the users to the AC repository D Sync all the workflow settings to the AC repository
2. The visibility of buttons in the Approver's Work Inbox UI are determined by the BC set. Determine whether this statement is true or false. X X True False
3. Before you can assign reviewer coordinator mapping, you must set a request type and priority for User Access Review Requests in configuration and set Admin Review Required to YES. Determine whether this statement is true or false. X X True False
493
4. Where can you find the access requests that you are supposed to review? Choose the correct answers. X X X X A In the Access Management work center B In the Master Data work center C In the My Home work center D In the Reports and Analytics work center
5. How do you remove a role during a review? Choose the correct answers. X X X X A Choose Propose Removal B Choose Actual Removal C Choose Mitigate the Risk D You cannot remove a role during a review
6. Which of the following statements are true about Role Reaffirm? Choose the correct answers. X X X X A Roles must be reaffirmed after a specific period of time B You must notify users as part of the review process C Maintain the Role Reaffirm period in Access Request Management D An automatic periodic requet is generated
494
UNIT 14
Reporting
Lesson 1
Working with the Reporting Framework Exercise 1: Change an Existing Report Exercise 2: Add Custom Fields to Request Header Exercise 3: Add Custom Fields to Role Definition 496 501 504 509
UNIT OBJECTIVES
495
Unit 14 Lesson 1
Working with the Reporting Framework
LESSON OVERVIEW This lesson shows you how to change reports and add custom fields. Business Example You are tasked with creating new reports and adding custom fields to reports. LESSON OBJECTIVES After completing this lesson, you will be able to:
Changing Existing Reports Create a new report. 1. Execute transaction SM34 and maintain view cluster VC_GRFNREPCUST 2. Create a report name, for example GRAC_SPM_CONS_REPORT 3. Define report details: a) Text and description b) Report Type c) WD Name d) Function Group e) Application Component f) Cases 4. Maintain other report attributes a) Filter: define the list of selection screen filters b) Columns: Output ALV columns are maintained under the Column section 5. Assign Report to Launchpad Role a) Transaction code LPD_CUST b) Select respective Launchpad Role and assign the report to it
496
Prerequisites
These activities should be carried out by an ABAP Developer Must have S_DEVELOP authorization Must have a developer key
A Domain describes the technical attributes of a field, such as a data type or the number of positions in a field. The domain defines primarily a value range describing the valid data values for the fields referring to this domain. Different technical fields of the same type can be combined in a domain. Fields referring to the same domain are changed a the same time when a domain is changed. This ensures consistency of these fields. A Data Type is where the actual Data Element, Structure or Table type is created. Items related to Access Control v10.0 Custom Fields, only Data Element will be used. This will become the actual Field with in structures that are already delivered. This activity should be carried out by a developer as you need to have S_DEVELOP object authorization and also have a developer key to make these configuration changes. Create a Domain 1. Execute transaction SE11 for the ABAP Dictionary 2. Domain: Enter the ID of the type of data to be stored 3. Domains can be reused and standard domains are provided by SAP. Company policy should dictate how to proceed. 4. Choose the Definition tab. 5. Relevant fields for Access Control include: a) Short Description used as explanatory text in documentation (F1 Help) and when lists are generated b) Data Type The data class describes the data format at the user interface. When the fields are used in an ABAP program, that data class is converted into a format used by the ABAP processor c) Number of Characters the number of valid positions of a field d) Decimal Places the number of decimal places allowed for a value 6. Choose the Value Range tab. a) If there are always specific values or value ranges associated with this data type, the Value Range tab can constrict what values can be entered.
497
7. When all of the data has been entered for the domain, click Activate. The status at the end will change from NEW to Active.
Create a Data Type Once the domain is created, a data type must be created. 1. Execute transaction SE11. 2. There are three data types: a) Data Element b) Structure c) Table Type d) This example will focus on Data Element, which describes the technical attributes and contents of a table or structure field. Fields with the same contents refer to the same data element. 3. Data Element relevant fields: a) Short Description b) Domain 4. Enter a short description to describe this data element and enter the domain for the data element characteristics. Once the domain is entered, notice that the information entered from that domain is automatically entered. 5. Choose the Field Label tab. 6. Enter the length and the Field Label to be used on the screens where the field displays. The Short, Medium, and Long entries will be used in screen labels, and the Heading will be used when the field values are searched.
Assign Custom Fields to Access Requests and Roles Once custom fields are created, assign the custom fields to access requests and roles. 1. Again, using transaction SE11, modify Database table. a) For Access Requests: GRACREQ b) For Roles: GRACROLE Once the custom field is created, the field needs to be added to the customer include structure. This is included already in the database tables. For access request header fields, the data base table that needs to be updated is GRACREQ. For Role custom fields, the data base table that needs to be updated is GRACROLE. 2. Go to the Change Table screen, where there will be a .INCLUDE field with the appropriate structure in the Data Element. 3. Double click the structure name. If the structure has not yet been fully created, click Yes to create the structure. 4. Select the appropriate structure to modify:
498
a) Access Requests: CI_GRAC_REQ_ATTR b) Roles: CI_ROLE_ATTR 5. Once the Changs Structure screen displays, enter the relevant data needed: a) In the Short Description describe the data that is contained in the structure. b) In the Component field enter customer specific data ID. c) In the Component Type field enter the specific Custom Field to be entered. d) It is important to note, the fields are prefixed with Z or Y or ZZ or YY so as to ensure that there is no overlap with SAP delivered field names. e) It is important to keep all names unique. All Customer fields are used in the global reporting structure. If the same field name is used twice it causes problems. Also, verify that the field name is no longer than 16 characters. 6. Enter the Enhancement Category information. a) Because the Customer Include structure is already an Enhancement Structure, it cannot be further enhanced. b) This must be entered by the menu path: Extras >>>>>>>> Enhancement Category. c) In the window that displays, indicate that that the structure Cannot Be Enhanced, then click Copy. d) When complete, save, check and activate the structure. Several dependent structures and database tables are reactivated as well. 7. Personalize Custom Fields. a) To make sure there are no conflicts or issues, execute program GRFN_CHECK_CDF. This program will validate that the structures have been successfully generated. b) Run in a Correction Mode. c) Check all boxes in the To Be Corrected section. d) Execute and view confirmation message. e) Once this is complete, the fields are available in the access request header or the role maintenance screen, depending on which structure this was added to. 8. Configure Custom Fields a) Custom fields are not accessible in End User Provisioning configuration; they are configured in a separate area. b) Access the IMG using SPRO, then follow the menu path Governance, Risk and Compliance >>>>>>>> Shared Master Data Settings >>>>>>>> Maintain Field-Based Configuration. c) This task will set a custom field to be Required Entry, Optional Entry, Display, or Hidden.
Custom Fields are not accessible in End User Personalization. Multiple Languages can be configured in SE63 Standard Translation Environment
499
Custom fileds can be used in BRF+ (or other API rules) but only if the rules are created AFTER maintaining the custom field
Custom fields are not available in the End User Provisioning configuration. Multiple languages can be maintained in transaction SE63, Standard Translation Environment. Custom fields can be used in BRF+ (or other API rules) but only if the rules are maintained AFTER maintaining the custom field.
500
Unit 14 Exercise 1
Change an Existing Report
All syncs must have been completed in the GRC system to perform this exercise. 1. Create a new report. Enter /nsm34 in the Transaction code entry field, then click the green check mark icon. 2. Enter VC_GRFNREPCUST in the View Cluster field. 3. Click Maintain. 4. Click the green check mark when you see the cross-client caution message. 5. Select a report to use as a source for your new report: GRAC_SOD_ACTION_ROLES_RPT. 6. Right click and choose Copy As 7. Enter a new report name, for example, GRAC_CUSTOMxx. 8. Click the green check mark; copy all dependencies. You should see your nrew report Z_GRAC_CUSTOMxx: Action in roles not in rules-Customxx listed. 9. Double click Filters to define selection screen filters. 10.Highlight Profile and click minus to remove the filter from the screen. 11. Double click Columns to define output ALV columns. Choose New Entries. 12. Enter new columns for report, then save. 13. Assign report to Launchpad role.
501
Unit 14 Solution 1
Change an Existing Report
All syncs must have been completed in the GRC system to perform this exercise. 1. Create a new report. Enter /nsm34 in the Transaction code entry field, then click the green check mark icon. 2. Enter VC_GRFNREPCUST in the View Cluster field. 3. Click Maintain. 4. Click the green check mark when you see the cross-client caution message. 5. Select a report to use as a source for your new report: GRAC_SOD_ACTION_ROLES_RPT. 6. Right click and choose Copy As 7. Enter a new report name, for example, GRAC_CUSTOMxx. a) Enter report details: b) Text and Description: XX Report c) Report Type: End-User d) WD Name: GRAC_SOD_ACTION_ROLES_RPT e) Function Group Name: f) Application Component: GRC-AC g) Cases: One per reporting timeframe 8. Click the green check mark; copy all dependencies. You should see your nrew report Z_GRAC_CUSTOMxx: Action in roles not in rules-Customxx listed. 9. Double click Filters to define selection screen filters. 10.Highlight Profile and click minus to remove the filter from the screen. 11. Double click Columns to define output ALV columns. Choose New Entries. 12. Enter new columns for report, then save. 13. Assign report to Launchpad role. a) Enter /nLPD_CUST in the Transaction code entry field, then click the green check mark icon. b) Double click the GRACREPS launchpad role.
502
c) Highlight the top folder, then right click. d) Choose New Folder from the top menu bar. e) Enter folder information. f) Save. A new folder displays in the list. This adds a new sub group to the Reports and Analytics work center.
503
Unit 14 Exercise 2
Add Custom Fields to Request Header
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID) 2. Execute Transaction SE11 3. Create Domains Note: Save items as LOCAL OBJECT (where xx is your Participant ID) Domain ID ZAC_CF_TX20_xx ZAC_CF_REG_xx Short Description Char String 20 Chars for Group xx Data Type CHAR Number of Chars 20 5
Multiple Values String CHAR for Group xx Enter the following values for this domain
EMEA Europe APJ Asia Pacific Japan ANZ Australia New Zealand AMER Americas Attributes will be populated automatically
ZAC_CF_DATE_xx
DATS
4. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_EID_xx Short Description Employee ID Custom Field for AC Training Group 99 Domain ZAC_CF_TX20_xx Length-Field Label
504
Domain ZAC_CF_TX20_xx
Length-Field Label
5-DIVxx 10-Divisionxx 20- Divisionxx 20- Divisionxx 5 MKTxx 10-Marketxx 10- Marketxx 10- Marketxx 8 Hirexx 10 Hire Dtexx 12 Hire Dtexx 12 Hire Dtexx
ZAC_DE_MKT_xx
ZAC_CF_REG_xx
ZAC_DE_HIR_xx
ZAC_CF_DATE_xx
5. Modify / Create structure CI_GRAC_REQ_ATTR included in database table GRACREQ to add these fields (where xx is your Participant ID) 6. Check the Customer Defined fields for issues (where xx is your Participant ID) 7. Configure Custom Fields as shown (where xx is your Participant ID) 8. Verify that the fields just created appear on the Access Request screen. 9. Verify that the fields just created appear in BRF+ context.
505
Unit 14 Solution 2
Add Custom Fields to Request Header
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID) 2. Execute Transaction SE11 3. Create Domains Note: Save items as LOCAL OBJECT (where xx is your Participant ID) Domain ID ZAC_CF_TX20_xx ZAC_CF_REG_xx Short Description Char String 20 Chars for Group xx Data Type CHAR Number of Chars 20 5
Multiple Values String CHAR for Group xx Enter the following values for this domain
EMEA Europe APJ Asia Pacific Japan ANZ Australia New Zealand AMER Americas Attributes will be populated automatically
ZAC_CF_DATE_xx
DATS
4. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_EID_xx Short Description Employee ID Custom Field for AC Training Group 99 Domain ZAC_CF_TX20_xx Length-Field Label
506
Domain ZAC_CF_TX20_xx
Length-Field Label
5-DIVxx 10-Divisionxx 20- Divisionxx 20- Divisionxx 5 MKTxx 10-Marketxx 10- Marketxx 10- Marketxx 8 Hirexx 10 Hire Dtexx 12 Hire Dtexx 12 Hire Dtexx
ZAC_DE_MKT_xx
ZAC_CF_REG_xx
ZAC_DE_HIR_xx
ZAC_CF_DATE_xx
5. Modify / Create structure CI_GRAC_REQ_ATTR included in database table GRACREQ to add these fields (where xx is your Participant ID) a) In the short Description enter Custom Fields INCLUDE for Request Header Component ZZAC_DE_EID_xx ZZAC_DE_DIV_xx ZZAC_DE_MKT_xx ZZAC_DE_HIR_xx Component Type ZAC_DE_EID_xx ZAC_DE_DIV_xx ZAC_DE_MKT_xx ZAC_DE_HIR_xx
6. Check the Customer Defined fields for issues (where xx is your Participant ID) 7. Configure Custom Fields as shown (where xx is your Participant ID) a) Create Transport, in short description enter Custom Field Customizing Group xx Field ID ZZAC_DE_EID_xx ZZAC_DE_DIV_xx ZZAC_DE_MKT_xx ZZAC_DE_HIR_xx Status Required Entry Optional Entry Optional Entry Required Entry
8. Verify that the fields just created appear on the Access Request screen.
507
508
Unit 14 Exercise 3
Add Custom Fields to Role Definition
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID). 2. Execute Transaction SE11 3. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_RMKT_xx Short Description Market of Role Custom Field for AC Training Group xx Domain ZAC_CF_REG_xx Length-Field Label
10 Mkt Rolexx 15 Mkt of Rolexx 10 Market of Role99 10 Market of Role99 8 ReqDtxx 10 Req Datexx 12 Req Datexx 12 Req Datexx
ZAC_DE_RREQ_xx
ZAC_CF_DATE_xx
4. Modify / Create structure CI_ROLE_ATTR included in database table GRACROLE to add these fields (where xx is your Participant ID) Component ZZAC_DE_RMKT_xx ZZAC_DE_RREQ_xx Component Type ZAC_DE_RMKT_xx ZAC_DE_RREQ_xx
5. Check the Customer Defined fields for issues 6. Verify that the fields just created appear on the Role Maintenance screen 7. Verify that the field just created appear in BRF+ context
509
Unit 14 Solution 3
Add Custom Fields to Role Definition
1. Logon to ABAP client for GRC V10.0 (ZMC) with user ID ACTRNGxx (where xx is your Participant ID). 2. Execute Transaction SE11 3. Create Data Elements (where xx is your Participant ID) Data Type ZAC_DE_RMKT_xx Short Description Market of Role Custom Field for AC Training Group xx Domain ZAC_CF_REG_xx Length-Field Label
10 Mkt Rolexx 15 Mkt of Rolexx 10 Market of Role99 10 Market of Role99 8 ReqDtxx 10 Req Datexx 12 Req Datexx 12 Req Datexx
ZAC_DE_RREQ_xx
ZAC_CF_DATE_xx
4. Modify / Create structure CI_ROLE_ATTR included in database table GRACROLE to add these fields (where xx is your Participant ID) Component ZZAC_DE_RMKT_xx ZZAC_DE_RREQ_xx Component Type ZAC_DE_RMKT_xx ZAC_DE_RREQ_xx
5. Check the Customer Defined fields for issues 6. Verify that the fields just created appear on the Role Maintenance screen 7. Verify that the field just created appear in BRF+ context
510
511
512
Unit 14
Learning Assessment
1. Which view cluster do you maintain to create a new report? Choose the correct answers. X X X X A VC_GRFN_REPCUST B VC_GRFNCUST C VC_GRFNREPCUST D VC_GRFN_REP_CUST
2. Put the following steps related to creating custom fields in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 0 Create a data type 0 Create the custom fields 0 Assign custom fields to access requests and roles 0 Create a domain
513
Unit 14
Learning Assessment- Answers
1. Which view cluster do you maintain to create a new report? Choose the correct answers. X X X X A VC_GRFN_REPCUST B VC_GRFNCUST C VC_GRFNREPCUST D VC_GRFN_REP_CUST
2. Put the following steps related to creating custom fields in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 2 Create a data type 3 Create the custom fields 4 Assign custom fields to access requests and roles 1 Create a domain
514
UNIT 15
Lesson 1
Working with the Access Control Implementation Process 516
Lesson 2
Designing the Access Control Solution 518
Lesson 3
Planning Upgrade and Migration 521
Lesson 4
Configuring Access Control 526
Lesson 5
Implementing the Solution 528
Lesson 6
Optimizing and Enhancing the Solution 531
UNIT OBJECTIVES
Describe the main implementation steps and project team members Design the Access Control Solution Identify key considerations for upgrade and migration Perform final tasks and prepare for go live Perform final tasks and prepare for go live Ensure system stability and optimize performance
515
Unit 15 Lesson 1
Working with the Access Control Implementation Process
LESSON OVERVIEW This lesson presents an overview of the Access Control Implementation Process. Business Example You are preparing for an implementation and must introduce the main steps to the project team in order to ensure a successful implementation. LESSON OBJECTIVES After completing this lesson, you will be able to:
Introduction to Implementation
Planning for Implementation The most important thing to remember when implementing Access Control is PLANNING
Planning is the key to keeping the project on track Deliver the approved view of the solution end state Identify the scope of functionality Determine the use of options of chosen functionality Determine the solution implementation process: new implementation versus upgrade and migration Identify the solution deployment process: Big Bang versus Phased Approach Plan resources
516
Project Preparation
Define and document project scope Define implementation plan and roll-out strategy Define project standards and infrastructure Determine knowledge transfer approach Determine master data design
Project Teams
A typical project team may include the following members:
Installation (Technical) Architects Solution (Functional) Architects Business Process Experts Security Experts Auditors & Regulators (Internal Controls/Compliance) Senior Management
517
Unit 15 Lesson 2
Designing the Access Control Solution
LESSON OVERVIEW This lesson shows you how to prepare for implementation and blueprinting. Business Example You are assigned to an implementation project and must design the Access Control solution to meet the organization's business requirements. LESSON OBJECTIVES After completing this lesson, you will be able to:
Blueprinting Overview
Identify Business requirements Specify business process design Specify solution design, including a fit gap analysis
518
Process Flows for Access Control Master Data Approvals Periodic Access Reviews Role Certifications
Approval Requirements Current State To-Be State Gap Analysis SCRUM Methodology
Define Prototype
Document possible gaps/risk identified Add further detail to the project based upon POC or prototype review Validate project changes, if any, are appropriate for project scope Secure approval for project plan changes
Hardware type and sizing System information and parameters System connectivity
519
520
Unit 15 Lesson 3
Planning Upgrade and Migration
LESSON OVERVIEW This lesson presents upgrade and migration topics as part of the Access Control Implementation process overview. Business Example You are assigned to an implementation project for an upgrade to Access Control 10.0 and must plan the upgrade and migration stratey with your project team. LESSON OBJECTIVES After completing this lesson, you will be able to:
Figure 153: Planning Upgrade and Migration is Part of the Blueprint Phase
The technical upgrade of the software program Does not touch the data within the database tables
Moves data from one platform to another No previous data will be preserved Previous data is preserved
521
Access Control Migration Overview The Access Control Migration Guide can be referenced at service.sap.com/instguides.
Configuration Prerequisites
Prerequisites for Upgrading from Version 4.0 Certain prerequisites must be completed prior to migrating Access Control 4.0 to Access Control 10.0:
Verify that SAP NetWeaver 7.02 SP6 or higher is running before migrating Access Control 4.0 data Install Access Control 10.0 plug-ins on all back end systems Create all relevant GRC 10.0 users on the target system Verify that the following default configuration parameter is maintained:
522
Specify a dedicated data export/import directory accessible from both Access Control 4.0 and Access Control 10.0 systems
Prerequisites for Upgrading from Version 5.3 Certain prerequisites must be completed prior to migrating Access Control 5.3 to Access Control 10.0:
Verify that SAP NetWeaver 7.02 SP6 or higher is running before migrating Access Control 5.3 data. Upgrade the Access Control 5.x application to Access Control 5.3 SP 13. Install Access Control 10.0 plug-ins on all back end systems. Verify that all applicable BC sets are activated for GRC 10.0.
For Access Request Management roles: the GRAC_ROLE_MGMT_STATUS and GRAC_ROLE_MGMT_METHODOLOGY BC sets must be activated. For Business Role Management roles, the GRAC_ROLE_MGMT_LANDSCAPE BC set must be activated.
Parameter ID - 3000 Default Business Process Parameter ID - 3001 Default Sub Process Parameter ID - 3002 Default Critical Level Parameter ID - 3003 Default Project Release Parameter ID - 3004 Default Role Status
Parameter Group: Superuser Management, Parameter ID - 4000 Application Type Create all relevant GRC 10.0 users on the target system Before migrating EAM and BRM data, manually create all Access Control 5.3 custom fields in Access Control 10.0, using SAP custom field naming conventions (begin field names with X, Y, or Z) Specify a dedicated data export/import directory accessible from both Access Control 5.3 and Access Control 10.0
523
The Migration guide describes the detailed information for each step below: 1. Complete the prerequisites. 2. Export the ARA and SPM data (AC 4.0) or export the SPM data (AC 5.3), and then copy the exported data to the import location. 3. Export the configuration, master, and transactional data (AC 5.3 only), and then copy the exported data to the import location. 4. Import the common configuration data into GRC 10.0. 5. Complete the intra-migration tasks: a. Maintain connectors and connector groups. b. Perform repository synchronization for all defined connectors. c. Maintain configuration settings. d. Import roles for defined connectors (Compliant User Provisioning Roles only). e. Create prerequisites (CUP Roles only). 6. Import the application data into GRC 10.0. 7. Complete the post-import tasks: a. Activate GRC_MSMP_CONFIGURATION BC set. b. Generate the rules. c. Create function modules.
524
d. Maintain workflow stage settings. e. Complete methodology process assignments. 8. Validate the data. Defining a Migration Plan for Multiple Solutions
For customers who already have multiple GRC solutions in place, a joint migration/upgrade is possible There is no pre-defined upgrade sequence for a joint PC 3.0 and RM 3.0 upgrade, so either solution can be upgraded first Note: If previous Access Control versions are involved in this migration/upgrade, Access Control must be the last component to be migrated.
525
Unit 15 Lesson 4
Configuring Access Control
LESSON OVERVIEW This lesson reviews how to configure common setting and AC-specific settings in the IMG as part of the Implementation process. Business Example You are assigned to an Access Control implementation project and must configure the application as part of the process. LESSON OBJECTIVES After completing this lesson, you will be able to:
Configuration Overview
Configuring Access Control 10.0 is completed in the IMG of the GRC Access Control system If Risk Terminator is used, configuration is also completed in each connected system where Risk Terminator is active
Activating the applications in clients Activating SAP ICF Services Maintaining System Data Activating Crystal Reports Maintaining Plug-in Settings Create Initial User in AC Main System Mass Creation of Profiles/Roles
526
Create connectors Maintain connectors and connection types Maintain connection settings
Activate BC Sets
3. Configuration: Activate Rule Set BC Sets for Access Risk Analysis
This IMG activity will upload the SAP delivered rule set The BC set GRAC_RA_RULESET_COMMON contains the master data that is assigned to the rule set in general an dis not connector-specific Depending on the systems connected, subsequent BC sets should be activated These BC sets related to the system-specific information contained in the rule set are: GRAC_RA_RULESET_JDE GRAC_RA_RULESET_ORACLE GRAC_RA_RULESET_PSOFT GRAC_RA_RULESET_SAP_APO GRAC_RA_RULESET_SAP_BASIS GRAC_RA_RULESET_SAP_CRM GRAC_RA_RULESET_SAP_ECCS GRAC_RA_RULESET_SAP_HR GRAC_RA_RULESET_SAP_NHR GRAC_RA_RULESET_SAP_R3 GRAC_RA_RULESET_SAP_SRM
Common Access Control Configuration Functionality-Specific Configuration (ARA, ARM, BRM, Workflow)
527
Unit 15 Lesson 5
Implementing the Solution
LESSON OVERVIEW This lesson shows you how to prepare for realization and go live support. Business Example You are nearing the end of your Access Control implementation project and must prepare for golive. LESSON OBJECTIVES After completing this lesson, you will be able to:
Test Data and Configuration Business Process Procedures Quality Assurance System Environment Production System Environment Develop and Test Interfaces, Conversions and Reports Evaluate and Enhance Security and Controls End User Training Material and Plan End User Training System Environment Data Conversion Plan User Acceptance Test
528
Configure Workflow
In this step, finalize workflow configuration.
Customize SAP delivered workflows Set up Access Control scheduled jobs (Synchronizations, Reminders, Notifications) Complete any necessary business rules in BRFplus Test finalized workflows to validate execution per project plan
Final Preparation During Final Preparation, you promote the solution to Production.
Data Converted Cut-Over Plan established End Users Trained End User IDs created Support Organization is in place Productive system is operational
529
Live Production Environment Operational Help Desk Cut-over and Conversion activities completed Post Go Live End User Training Updated Business Case Lessons Learned
530
Unit 15 Lesson 6
Optimizing and Enhancing the Solution
LESSON OVERVIEW This lesson presents the last phase of the implementation process, during which you run the solution and adjust for optimal results. Business Example You have completed the earlier steps of the Access Control implementation process and now are tasked with optimizing the system stability and performance. LESSON OBJECTIVES After completing this lesson, you will be able to:
Run Phase
Design of processes, organization and roles, blueprint for tool usage Setup of processes, organizations and roles, tool setup Transition into Production, including training and rollout Operating
Track Performance
When tracking performance, you are implementing or optimizing the relevant SAP Standards for Solution Operations:
531
Exception handling and business process and interface monitoring Data volume management Job scheduling management Transactional consistency and data integrity Value Management
Changes are implemented and transferred to the Test or Production environment, using SAP Solution Manager, if available
During this step, publish policies to handle requests for additional requirements or possible enhancements
Defined and verified monitoring objects Defined KPIs with reaction methods and defined thresholds Clear task, roles, responsibilities and contact persons within each process Defined dependencies on and interfaces to other processes Concept for service-level reporting Physical implementation of the monitoring and reporting processes Testing of the monitoring process and report functionality Adjustment of the system monitoring concept to changes in the environment Constant quality improvement for the monitoring concept
532
Unit 15
Learning Assessment
1. Which of the groups below may be included on a typical project team? Choose the correct answers. X X X X A Business Process Experts B End Users C Security Experts D Senior Management
2. The most important aspect of project preparation is planning. Determine whether this statement is true or false. X X True False
3. What are the main tasks performed during blueprinting? Choose the correct answers. X X X X A Identify business requirements B Specify business process design C Identify members of the project team D Specify solution design, including a fit gap analysis
533
4. If previous Access Control versions are involved in a migration/upgrade for multiple solutions, when must Access Control be migrated? Choose the correct answers. X X X X A First B Last C Before Process Control, but after Risk Management D After Process Control, but before Risk Management
5. Match the term on the left with the best description on the right. Match items from 1st column to the corresponding item in 2nd column.
No previous data will be preserved Previous data is preserved Moves data from one platform to another Does not touch the data within the database tables
6. Arrange the following configuration steps in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 0 Configure common component settings 0 Perform post-installation tasks 0 Configure Access Control-Specific Settings 0 Activate Rule Set BC Sets for Access Risk Analysis
534
7. At what point do you move from Realization to Final Preparation? Choose the correct answers. X X X X A When you conduct the Business Process Definition workshop B After you test the implementation C When you load the rule set D When you promote the solution design from development to testing
8. During the Run phase, you assess operation standards in order to optimize solution operation and system performance. Determine whether this statement is true or false. X X True False
535
Unit 15
Learning Assessment- Answers
1. Which of the groups below may be included on a typical project team? Choose the correct answers. X X X X A Business Process Experts B End Users C Security Experts D Senior Management
2. The most important aspect of project preparation is planning. Determine whether this statement is true or false. X X True False
3. What are the main tasks performed during blueprinting? Choose the correct answers. X X X X A Identify business requirements B Specify business process design C Identify members of the project team D Specify solution design, including a fit gap analysis
536
4. If previous Access Control versions are involved in a migration/upgrade for multiple solutions, when must Access Control be migrated? Choose the correct answers. X X X X A First B Last C Before Process Control, but after Risk Management D After Process Control, but before Risk Management
5. Match the term on the left with the best description on the right. Match items from 1st column to the corresponding item in 2nd column.
Does not touch the data within the database tables Moves data from one platform to another No previous data will be preserved Previous data is preserved
6. Arrange the following configuration steps in the correct sequence. Match items from 1st column to the corresponding item in 2nd column. 2 Configure common component settings 1 Perform post-installation tasks 4 Configure Access Control-Specific Settings 3 Activate Rule Set BC Sets for Access Risk Analysis
537
7. At what point do you move from Realization to Final Preparation? Choose the correct answers. X X X X A When you conduct the Business Process Definition workshop B After you test the implementation C When you load the rule set D When you promote the solution design from development to testing
8. During the Run phase, you assess operation standards in order to optimize solution operation and system performance. Determine whether this statement is true or false. X X True False
538