cancel
Showing results for 
Search instead for 
Did you mean: 

SAP User Role Documentation

Former Member
0 Kudos
169

Is anyone familiar with any documentation databases or tools that can be used to house documentation related to SAP user roles; basically information that would be required for audits such as: role description, transaction/objects in roles, SoD reports, users linked to the roles, etc. I am particularly interested in a documentation repository that has the functionality to allow the role owner to approve the user role documentation right in the Db.

If anyone is familiar wih any documention repositories I would appreciate our letting me know. Thank you!

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Thank you, Kiran. I may not have been very clear; I'm not referring to how to create SoD matrices because our company uses SAP GRC products. I am trying to see if anyone has found any good documentation databases or other tools that can be used to house all of the data that needs to be maintained for all SAP production user roles. My company has requirements around the type and level of documention that must be kept for each production role. All of this role documentation must be kept current (as roles are updated) and available for review by internal/external auditors. In addition, we have to store role owner approvals for all role updates.

Is anyone aware of any data repositories that are used for storing role documentation?

Former Member
0 Kudos

Hello Jane,

If I understand you correctly your two needs are:

1. All of this role documentation must be kept current (as roles are updated) and available for review by internal/external auditors.

For this, you can ask the auditor to refer to the Role Change History, which is a part of the Role expert (ERM) component itself . Here, the utility describes/lists all the changes done to a particular role/roles right from the time it is created.

2. In addition, we have to store role owner approvals for all role updates.

For this the GRC suite has Access Enforcer in which you can list/sort the requests based on the Each Role name and thus can see each of the requests which were created for a particular role, having all the role approvesrs etc listed for each.

Infact, I am not sure why you would really want the same to be documented on paper when one of the major benefits of the Access Controls Suite is the Paperless Auditing. Still you can have the broad things on paper if the need be and if the Auditor needs the details you can show him/her the two as mentioned above.

Regards,

Hersh.

Former Member
0 Kudos

Hi Jane,

I think if you dont have a tool like SAP GRC in place, then you need to do some exercise in downloading the SAP tables like AGR_USERS, AGR_TCODES, AGR_1251, AGR_1252 and combine these tables using either spreadsheets or any database commands.

You need to first list all the critical tcodes, critical authorization objects, conflicting functions in your business and then work with the above spreadsheets.

It is very time consuming if you dont have a tool like SAP GRC in acheiving the SoD conflict remediation/Mitigations.

Hope this helps.

Regards,

Kiran Kandepalli.