Professional Documents
Culture Documents
Multiple-Line Organization
Defining access requires both object and
action level segregation i.e., activity based
segregation along with organization level
segregation
Cross Line/Reporting Organization
Matrix Organization
Most of the access is granted by using the
combination of the Action and Object Specific Action
principle
Finance Sales Procurement
Specific Object
Matrix/Structured Organization
derived)
Dynamic
Conditional assignment of
a role Condition 1
Role
Policy or rule-driven Condition 2
(context based)
- - - -
Bus
-
Org
Key Type Tier Process Dept Functional
Area Level
(3) (2) (8)
(1) (1) (1) (5) (4)
Role
Nirvana
Roles Rules
Permissions
Roles
End
Users
Responsibilities Privileges
Only users with active User Master Records can log onto the
system
Action Action
Transaction permitted?
Authorizations assigned?
Role Name
Profile Name
Composite Role
Derive Role
Position(s)
Composite Roles are assigned to
Shipping users based on their functional
Manager position, approval, and
completion of training.
Authorization 6
ACCESS GRANTED
Role 3 Profile 3 Authorization 7
Authorization 8
Authorization 6
ACCESS REFUSED
Role 3 Profile 3 Authorization 7
Authorization 8
Approval workflow
Change mgmt.
Audit log
Role Role Role Role Role Role
Role Role Role Role
Role
Role Status
Select Development or Production
Org Level Mapping
Define the Org levels, e.g., Plant, Company Code
Condition Groups
Define conditions on role attributes
Methodology
Define action, step and process
Workflow
Define approval criteria
Transaction Import
Import transaction code from the backend
system
Role Import
Import roles from backend system
Provides common look and feel with configurable role based user access for GRC
functions from the SAP Portal or NetWeaver Business Client.
Enables the content ecosystem by supporting version control, packaging, import and
export of content; supports parallel evolution of content and subsequent partner
updates to it.
Source : SAP
Source : SAP