Objective: This try is to give increased visualization of the Note: 2615341 with a tiny narration.
Build: Mail conversation between Customer (A) and SAP GRC Consultant (A).
'Cut to the main plot'.
Customer A: I really appreciate your efforts towards closing a big gap of compliance breach. Yet, another requirement is going on. Discussion is in progress and will be addressing you sooner.
Consultant A: It's my pleasure and I look forward to hearing from you.
Customer A: Hi! here I come with the requirement.
We are planning to strengthen our Access Control SoD across the SAP landscapes. Currently, our GRC is being utilized for single-system risk analysis and now the requirement is to extend the functionality to cross-system risk analysis between SAP "SYSTEM1" and "SYSTEM2".
Challenge: Practice of user id naming conventions are different in both the systems. For instance,
user Ajit has user id (NADAJI) in SYSTEM1 and user id (PX000000) in SYSTEM2.
So, walk us through with a POC if you have the solution.
Consultant A: Well! it's an interesting requirement and the SAP GRC has built-in functionality to solve your challenge. Here is the POC which shows cross risk analysis for different user ID naming conventions.
Prerequisites: Repository Sync should be successful for the connectors involved.
Step1: Execute SAP reference IMG > Governance, Risk and Compliance > Access Control > Maintain Master User ID Mapping.
Step2: Consider one user as Master User ID and other user IDs as Non-Master User ID.
At present, user ID (NADAJI) is Non-Master and (PX000000) is Master User ID.
Hint: Mass upload option facilitates Mass user mapping.
User Level Risk analysis selection with Non-Master User.
User level risk analysis selection with Master User.
Note: The same behavior applies for ARM risk analysis.
1) The relation of Non Master user ID to Master user ID is M : 1.
2) key factors are decision on Master user and appropriate user to master user mapping.
3) Risk analysis can be performed either Non Master user or Master user.
Please do provide feedback and inputs in “comments” section below. And, myself, Indhu and Abhishek so on.. are passionate to bring more content across SAP GRC Portfolio and Cyber Risk/Data protection.