Posts Currently viewing the category: "GRC"

In my earlier blog about Firefighter lifecycles (, I mentioned the requirement to review Firefighter IDs on a regular basis. Over the last couple of years, this requirement has become an audit finding in most organizations. Firefighter ID management is still a challenge for most organizations…(Read More)

This article describes the differences between Online and Offline Risk Analysis in SAP Access Control (GRC) based on several SAP Notes and our implementation experience. Before you can run offline analysis at all, you have to set the configuration option “Enable Offline Risk Analysis” to YES (Parameter 1027) in the Access Control configuration settings in…(Read More)

As mentioned previously in our blog CIRM: Compliant Identity and Role Management in Practice, you are able to integrate your SAP Access Control (GRC) and SAP Identity Management (IDM) to leverage its functionalities. In this blog, I would like to give you an overview of the possibilities of how to connect your SAP Identity Management…(Read More)

In this article, I’ll the discuss the differences between direct vs. indirect role assignment in the context of SAP authorizations. Each assignment scenario has its pros and cons, and you can use both independently or in combination to complementary each other. What are direct role assignments? Authorization roles (and profiles) are directly assigned to…(Read More)

Many SAP customers develop applications by writing custom ABAP code. That’s a risk if you don’t have proper ABAP code scanning procedures in place. In this article, I will explain how to analyze and mitigate the risk in custom code using the Xiting ABAP Alchemist. Business processes are constantly evolving, and businesses must…(Read More)

Access Risk Analysis is a tool within SAP Access Control that enables you to define user access risk (via way of a rule set) and to identify access risk (or simulate for potential risk). It also provides you with system functionality to remediate the risk or mitigate it via assignment of a mitigating control. This…(Read More)

In this article, I would like to give you an overview of organizational rules in SAP Access Control (GRC) and explain how you can use them in the context of risk analysis. In general, you can use organizational rules in SAP Access Control to eliminate false-positive Segregation of Duties (SoD) reporting, based on organizational…(Read More)