on 10-14-2010 12:46 PM
There is a landscape where SAP ECC is already installed and we are planning to install AC 5.3. As the roles are already there in ECC Dev system, so we will perform the risk analysis in Dev and once free of risks, move the role to Production.
I would like to know, from where to start in already existing sap roles structure to free up them from risks. Do we need to provide the business process roles to indiviual BP Owners like FI roles to FI team and same for others to clear the risks and violations. Once completed from them, run them in RAR to found any risk violations remaining. If still found, follow the same process till all the roles and clean and can be moved to production.
Do we need to start from transaction level?
Any help appreciated.
Regards,
Sanjay
Sanjay,
there are various ways to achieve that and many replies are already there (pls search similar threads)
well small summary will be
1. customize standard rules per your org requirement
2. role are already existing, hence i expect they were create business wise
3. run analysis on all the role and have a report in your hand
4. discuss with various security leads of each buisness, which risk wish to be removed and which one to be mitigated
5. once done with cleaning of role, it's time you run analysis on users and mitigate or clean...........
hope it helps
regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.