SAP GRC AC 10.1 - ARM Workflows

ARM Workflows Oct 19th , 2015

2Copyright © Capgemini 2012 – Internal Use Only. All Rights Reserved

Presentation Title | Date

CONTENTS

3. Introduction : MSMP - BRF+4. Request Header & Line Item5. If , Else If Rule6. Workflow Key Terms in SAP BusinessObjects AC 5.3 vs 10.0/10.17. Workflow Key Terms Contd.8. Workflow Key Terms Contd.9. BRF+ Initiator Rule10. BRF+ Agent Rule11. Custom Path : New User12. Custom Path : Change Account13. Route Mapping14. MSMP Workflow Prerequisites15. General steps to create ARM Workflow16. General steps to create ARM Workflow Contd

3© Capgemini 2012. All Rights ReservedGovernance, Risk and Compliance Services| Integrated and platform-based Enterprise Risk Management

MSMP

•is the new workflow engine used within GRC Access Controls 10.0 which is capable of directing requests down multiple approval routes simultaneously.•is used for the management of automated approval workflows for the purposes of access request •works off a multitude of different rules to govern what should happen to the requests. •All of these rules need to be defined up front before they can be assigned in to the configuration and used in the workflow processes.

BRF+

•is the Business Rules Framework Plus application which supports the definition of business rules.•it can be the authoring environment for the rules which can then be plugged into MSMP workflow configuration

Introduction : MSMP - BRF+


Request Header & Line Item


If , Else If Rule


Workflow Key Terms in SAP BusinessObjects AC 5.3 vs 10.0/10.1

GRC 5.3

Request Type

Initiator

CAD

Detour

Path

GRC 10

Process ID + Request Type

Initiator Rule

Agent Rule

Routing Rule

Path


Process ID• SAP_GRAC_ACCESS_REQUEST• SAP_GRAC_ACCESS_REQUEST_

HR• SAP_GRAC_CONTROL_ASGN• SAP_GRAC_CONTROL_MAINT• SAP_GRAC_FIREFIGHT_LOG_REP

ORT• SAP_GRAC_FUNC_APPR• SAP_GRAC_RISK_APPR• SAP_GRAC_SOD_RISK_REVIEW• SAP_GRAC_USER_ACCESS_REVI

EW

Rule Kind• Initiator Rule• Agent Rule• Routing Rule• Notification Variables

Rule

Rule Types• ABAP Program• ABAP Class Based

Rule• BRFplus rule• BRFplus Flat

rule/BRF+ Easy

Agent Types• Directly Mapped

Users• PFCG Roles• PFCG User Groups• GRC API (Application

Programming Interface) Rules

Workflow Key Terms Contd.


Process ID

• New Account Change Account• Change Account• Delete Account• Lock Account• unlock user• Superuser Access• Information• Role Reaffirm

• Create Risk• Update Risk• Delete Risk

Request Types

• SAP_GRAC_ACCESS_REQUEST• SAP_GRAC_ACCESS_REQUEST_HR• SAP_GRAC_CONTROL_ASGN• SAP_GRAC_CONTROL_MAINT• SAP_GRAC_FIREFIGHT_LOG_REPORT• SAP_GRAC_FUNC_APPR• SAP_GRAC_RISK_APPR• SAP_GRAC_SOD_RISK_REVIEW• SAP_GRAC_USER_ACCESS_REVIEW

Workflow Key Terms Contd.

One process ID can have multiple request types


BRF+ Initiator Rule


BRF+ Agent Rule


INITIATOR RULE SECURITY MANAGER PROVISIONING

Custom Path : New User


INITIATOR RULE ROLE OWNER PROVISIONING

Custom Path :Change Account

One initiator rule is able to trigger multiple paths based on the rule result value

For every Rule Result Value , there will be a path


Route Mapping

Work areas are not considered to be sequential when maintaining workflows.

One initiator rule is able to trigger multiple paths based on the rule result value

For every Rule Result Value , there will be a path


The following prerequisites must be completed before MSMP workflow configuration can begin. Using the SAP GUI interface, Execute Transaction SPRO -> Customizing Edit Project -> SAP Reference IMG -> Governance Risk and Compliance:

•Choose General Settings -> Workflow 1. Perform Automatic Workflow Customizing

2. Perform Tasks Specific Customizing

•Choose Access Control -> Workflow for Access Control 1. Activate Event Linkage for AC Workflows

2. Activate MSMP Content for AC (Activate the BC set)

•Access Control -> User Provisioning 1. Maintain Number Range Intervals for Provisioning Requests

2. Define Number Range Intervals for Provisioning Request

3. Maintain Provisioning Settings

• Assign Key Roles for Workflow

MSMP Workflow Prerequisites


Create Initiator Rule using BRF+•SPRO - Access Control - Workflow for Access Control - Define Workflow-Related MSMP Rules.

•Create Initiator rule .•BRF plus- Function - Top Expression - Create Decision Table --Table Settings - Insert Condition Column - Insert Row and enter Condition Values.

Add the Initiator Rule in MSMP•MSMP Workflow Configuration - Maintain Initiator Rule - Add Initiator Rule details - Add Rule Result.

•MSMP - Generate Versions – Save.

Create Agent Rule using BRF+•SPRO - Access Control - Workflow for Access Control - Define Workflow-Related MSMP Rules

•Create Initiator rule.•BRFplus - Function - Top Expression - Create Decision Table -

•Table Settings -•Insert Condition Column - Insert Row enter Condition Values.

Add Agent Rule in MSMP•MSMP Workflow Configuration - Maintain Agent Rule - Add Agent Rule details - Add Rule Result.


General steps to create ARM Workflow


Maintain New Agent •Maintain Agents-as

GRC API Rules under MSMP - Maintain Agents.


Create New Path•Add Stages &

Maintain Approvers for each stage.


Maintain Global Process Initiator•MSMP - Global

Rules - assign Process Initiator as the new Initiator rule created.

Activate•MSMP - Generate

Versions - Save & Simulate.

•Activate.

General steps to create ARM Workflow Contd.


QUESTIONS


THANK YOU

SAP GRC AC 10.1 - ARM Workflows

Documents

Transcript of SAP GRC AC 10.1 - ARM Workflows