Custom Transactions for the SAP Access Control Rule Set

  • by Selva Kumar, Vice President, Auditbots
  • May 1, 2012
Your SAP BusinessObjects Access Control system is tracking only a portion of your segregation of duties (SoD) and transaction risks if you have not added your custom transactions to the SAP BusinessObjects Access Control rule set. The rule set tracks risks created by conflicts between two transactions and risks created by the transaction itself.
SAP BusinessObjects Access Control’s risk analysis and remediation (RAR) functionality (renamed access risk management in version 10.0) comes with a default rule set that contains segregation of duties (SoD) transactions and critical action transactions. However, this SAP BusinessObjects Access Control rule set includes only transactions created by SAP, not the custom transactions created by the company that is using the SAP system.

Selva Kumar

Selva Kumar is vice president of AuditBots, which is an SAP IT audit compliance solutions company providing preventive and detective SAP controls automation software solutions. He is also an SAP audit compliance consultant with the federal government working on SAP BusinessObjects GRC implementation. The implementation is focused on automating user provisioning, emergency access policy, and risk analysis and remediation. Selva writes for the blog sapsecuritytrainer.com and is a frequent contributor to various technical publications. Selva has spent 15 years as independent SAP security consultant with SAP America, Accenture, Deloitte, E&Y, Eli Lilly, Du Pont DE, Ogilvy Mather NY, IPG America, HMCO America MA, IGT NV, AutoFena PA, Rohm and Hass PA, Cephalon PA, and Johnson and Johnson PA.

See more by this author


Comments

No comments have been submitted on this article. 


Please log in to post a comment.

To learn more about subscription access to premium content, click here.