2013 Nov 12 10:44 AM
Hello
Recently I completed my Sap Basis course & going for Sap Grc Security. But there is a confusion that whether should I understand the concept of Sap Security,because I am new in sap,and if we talk about the job point of view which is good sap basis or sap security as a fresher?
Plz reply
sunil
2015 May 05 7:04 PM
Hi Sunil,
You should absolutely learn SAP Security before SAP GRC. GRC directly interacts, controls, and governs user access, which in itself is SAP Security. GRC, which stands for "Governance, Risk, and Compliance", is a process by which you control user security in the system. Every concept of GRC is built on the knowledge you should have of SAP Security.
GRC relies on the "ruleset", which is a catalog of tcodes and security authorizations that need to be monitored or controlled. It is very difficult to deliver a value-add GRC system if the key security concepts are missed.
My two cents.
-Ken
2015 May 06 6:09 AM
Hi Sunil
Ken has summarised it pretty well. Learning SAP Security will making learning GRC Access Controls a heap easier.
However, there is a lot more to SAP Security than the security components within GRC. That is SAP Security <> PFCG only which a lot of security people seem to focus on
GRC does also contain process controls and risk management. If you have come from an Internal Controls and Audit background then GRC is able to be learned with basic understanding of Security. However, I think it'd be easier to have a Business Process/Functional background for Process Controls so you actually understand what you are trying to manage risk for.
Regards
Colleen