Enhancements in GRC 10.1
The Purpose of this document is to explain what all new features/functionality has been added in GRC 10.1. It is just to give you a brief about the enhancements done.
As we all know, Access Control is the best way to govern the system access in our environment, so to make it more easy, enhanced and single stop for several activities, we have Incorporated many features for its better interactivity and more Intuitive design.
SAP GRC Access Control 10.1 has been enhanced and advanced. Now, it incorporates SAP NetWeaver 7.40 that provides the option to run on the SAP HANA database.
The New enhancements are:
- SAP AC on HANA
Steps to Create HANA connector in GRC box are:
1.T-code DBCO, create the HANA connector.
2. Using Tcode SM59, create logical connector. Note: Logical connector can be created from Tcode SPRO (SAP Customizing Implementation Guide-->Governance, Risk and Compliance-->Common Component Settings-->Integration Framework-->Create Connectors).
3. To Integrate the HANA connector to GRC, execute the Tcode SPRO (SAP Customizing Implementation Guide-->Governance, Risk and Compliance-->Common Component Settings-->Integration Framework-->Maintain Connectors and Connection Types. Note: The Logical Port need to be the connector name provided in the tcode DBCO (refer step 1) while creating the HANA database connection.
4.Assign the required integration scenario to the HANA connector using the tcode SPRO (SAP Customizing Implementation Guide-->Governance, Risk and Compliance-->Common Component Settings –> Integration Framework–> Maintain Connection Settings.
- Corbu Theme - Enhanced User Interface
- Side Panels for My ProcessThese Side panels can be configured from Governance, Risk and Compliance -> General Settings -> UI Settings -> Configure Side panel for My Process.
- Simplified Access Request
You can see this in NWBC -> Access Management -> Create Request - Simplified
- Remediation View
It is targeted towards business user needs in terms of verbiage, more user-friendly and intuitive layout, available help information, default information displayed, layout of buttons and functions in order to enable them make intelligent decisions about risk resolution. During the Risk Analysis it is possible to remove or mitigate the user access.
- Role Search PersonalizationNow, you can customize your searching criteria based on the Attributes configured for Role Search in Access Requests, by following the path:SPRO -> IMG -> GRC --> Access Control -> User Provisioning -> Configure Attributes for Role Search Criteria in Access Requests
- Custom Group for SU01 attributes in Risk AnalysisIn GRC 10.0, there was a limitation that risk analysis could not be performed in some SU01 Attributes, like Function, Department, Parameters etc. But now, with GRC 10.1 new feauture added of Custom Groups, we can perform the risk analysis on SU01 Attributes as well. Once a custom Group is created, risk analysis can be performed on the user and to the Attribute he belongs to. GRC 10.1 has been integrated with some key attributes of SU01 which we can use to create our custom group and can perform risk analysis on it.
Steps Involved:SU01 Attributes options we have
- Decentralized Firefighting (SAP Access Control 10.0 and 10.1)
GRC 10.1 has introduced a new feature in Emergency Access management (EAM), where you can maintain Firefighter ID role name per system/connector. Instead of maintaining the SPM role in configuration parameter you can utilize the new option to map FF ID role per connector.
Go To SPRO-->IMG-->GRC-->Access Control--> Emergency Access Management->Maintain Firefighter ID role name per connector.
Here you can select the connector name and associate role to it.
- Business Role Improvement
The User to Business Role and Technical Roles relation can be checked in the GRC Box table GRACUSERROLE. Business Role would be stored in table GRACROLE. You can use the report "GRAC_CHECK_BROLE_ASSIGNMENT" (via SE38) in GRC Box (SP17 for 10.0 or higher and check for this in latest Sps for 10.1) to see any inconsistencies in the User to Business Role assignment. See note - 1981001 - Recommendations : Using business role provisioning in access request.