Tips for Overcoming User Management Challenges When Implementing or Upgrading to SAP GRC 10.0
- by Nitin Aggarwal , Chartered Accountant and Certified Information Systems Auditor, Infosys
- Subramaniam Iyer, Security Professional, Infosys
- October 11, 2013
Learn about the challenges organizations face when implementing or upgrading to SAP GRC 10.0 in the areas of user management and authentication.
User management in SAP GRC 10.0 involves the following processes:
- User provisioning and de-provisioning: The automated process for creation and inactivation of users in SAP GRC 10.0.
- Authentication: User credentials that can be used to authenticate to SAP GRC 10.0.
- Authorization: Assignment of GRC access rights to end users in SAP GRC 10.0.
- Approval re-affirmation: Re-authentication during the approval process in SAP GRC 10.0.
Organizations that upgrade their SAP GRC systems from 5.3 to 10.0 might face big challenges in the areas of user management and user authentication for accessing their SAP GRC applications. This is primarily because SAP GRC 5.3 was on a Java platform and the application components were installed on a Java-based SAP NetWeaver application server, whereas SAP GRC 10.0 is on an ABAP platform.
The user management and authentication technologies supported on the SAP NetWeaver Java-based application server are different from those on the SAP NetWeaver ABAP-based application server. It is not easy to match the as-is situation on the ABAP platform. On version 5.3, for instance, there was default access with a basic end-user role for every employee in the organization or the user could log on to an SAP GRC application using the windows active directory password.
Such requirements are new and not a regular use case for applications on ABAP platforms. No single document highlights all the challenges you face during an implementation or upgrade to SAP GRC 10.0, or provides the solution to the requirements mentioned above. SAP does provide a few standard functionalities that support some of these requirements to an extent. However, there are plenty of gray areas. We discuss these areas and guide you in making the right decisions in selecting the right solutions.
Would you like to see this full item?