Script:
Owner:
Subdir:
Blog ID: 64040601
Group ID: User ID:

Explore the Network

 
Forum Index
Insider Learning N.. Compliance Q&A on user access reviews to prevent SoD...
Narrow by Topic:
Quick Reply
Cancel
Page 1 of 4  •  1 2 3 4 Next
Locked: Q&A on user access reviews to prevent SoD violations with GRC expert James Roeske
2 years ago  ::  Sep 15, 2011 - 11:40AM #1
Allison
Allison
Posts: 109

Preventing SoD violations with scheduled
and automated user access reviews:
Ask your SAP access control questions in a live Q&A
with GRC expert James Roeske


Setting up periodic user access reviews is a critical security requirement. How can you use standard SAP BusinessObjects GRC Access Control functionality  to quickly automate what is otherwise a cumbersome manual task? 


Today, in a live one-hour forum, ask your questionson how to schedule and streamline your own User Access Review (UAR) using SAP BusinessObjects GRC functionality for risk analysis and remediation, enterprise role management, superuser privilege management and compliant user provisioning. Post your questions for GRC expert James Roeske on September 28, and view the discussion in a live Q&A from 12:30pm-1:30 pm EDT.


To post your question, first log in to Insider Learning Network. Then, here in the Forum, select the “Post Reply” button below.  James will join the Forum from 12:30pm-1:30 pm EDT and post his response in the Forum thread. Please refresh your browser to view the latest posts.


If you have not yet registered for this Q&A, register now to download James Roeske’s GRC 2011 session “Lessons for Conducting User Access Reviews of Your SAP System,” which includes tips and advice for transitioning from manual UARs, mapping current roles, and generating alerts when roles and assignments change.


If you are not yet an Insider Learning Network member, join today


Sponsored by 



Moderated by Forum Moderator on Nov 07, 2011 - 11:02AM
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 11:26AM #2
Marko Suswanto
Marko Suswanto
Posts: 10

Howdy, James


I would like to know, could you share to us a brief strategy on how to perform scheduled and automated user access/SoD reviews using GRC10 with the following conditions:


  1. Your client reside in multilocation and each location could have different organization structure. CMIIW, can we use multiple ruleset for this?
  2. Your client's IT environment still runs old application which doesn't have role management feature, could it be possible to perform scheduled and automated user access/SoD reviews using GRC10


Thank you and looking forward to hearing your opinion.


 


Cheers,


Marko S


cheduled
and automated user access reviews
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:30PM #3
Allison
Allison
Posts: 109

Welcome to today's forum on Access Control and User Access Reviews (UARs).


This is a great opportunity to ask James Roeske your questions on developing scheduled User Access Reviews to protect your SAP systems, based on his extensive experience with SAP BusinessObjects Access Control. James is a compliance expert, a featured speaker at our GRC conferences, and President at Savera Systems.


James, thank you for joining us today!  
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:33PM #4
James Roeske
James Roeske
Posts: 12

Thank you Allison for the opportunity to answer questions on this very important compliance topic.
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:37PM #5
nancyrotfort
nancyrotfort
Posts: 1

James - Are automated user access reviews performed at the role level only?  Also - what modules of GRC do you need to have installed?
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:37PM #6
Jeffery Wolf
Jeffery Wolf
Posts: 1

Is there a technical limitation for performing UARs across mixed landscape (ABAP vs Java -- i.e. SRM portal, GTS ABAP, BPC)?  And if not, where would we find documentation to perform a mixed landscape review?
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:38PM #7
Allison
Allison
Posts: 109

James, a question that came up during one of your recent presentations, was how long does it typically take to set up and implement an automated UAR? Can you provide some insight into this?
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:38PM #8
James Roeske
James Roeske
Posts: 12

Hello Marko,


Thank you for the question.  Unfortunately I have not had a customer implement UAR in GRC 10 up to this date.  As a result I will be addressing the configuration details about 5.3 in this session and the general concept of performing User Access Reviews within Access Controls.


But, I'm in the process of updating my UAR presentation material to include detailed GRC 10 insight.  I hope to be presenting on this topic and other GRC 10 related content at the GRC 2012 conference.  Hope to see you there.


 


 
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:41PM #9
SiobhanBarnett
SiobhanBarnett
Posts: 1

James,


Do you have any tips to perform UAR's at org level ? Would his be something that makes sense to do ?


We are also investigationg setting up our mitigating controls at org level - is this activity very high maintenance ongoing ?


Thanks in advance,


 
Quick Reply
Cancel
2 years ago  ::  Sep 28, 2011 - 12:48PM #10
MaryTesterman
MaryTesterman
Posts: 1

Hello James,


What is the best way to approach user access reviews when you do not have GRC or any other software designed for this purpose.   Thanks,  


Mary
Quick Reply
Cancel
Page 1 of 4  •  1 2 3 4 Next
Quick Reply
Cancel
    Viewing this thread :: 0 registered and 1 guest
    No registered users viewing
More

    Become a member of Insider Learning Network:

    - Receive alerts for upcoming Q&As

    - Post your questions and get answers from a trusted network of peers and industry experts

    - Download free Member-only Resources including sample articles, presentations, and book chapters