Show TOC

Function documentationRole Creation Methodology Locate this document in the navigation structure

 

GRC Access Control identifies and prevents access and authorization risks in cross-enterprise IT systems to prevent fraud and reduce the cost of continuous compliance and control. The role creation methodology designed into the Enterprise Role Management (ERM) capability is a part of this compliance and control system.

ERM provides the essential elements necessary to support this methodology, which comprise:

  • Role definition

  • Role information maintenance

  • Approval comments with date and time stamps for each role

  • Role comparison: to show any discrepancies between role definitions and actual roles generated in the back-end system

Included are preventive risk analysis at role design time prior to creating the role in the SAP Development environment, approval workflow and role generation, audit trails and reporting, and integration with the Compliant User Provisioning capability.

And, when linked to the Risk Analysis and Remediation (RAR) capability, the application also enforces the Segregation-of-Duties analysis during role design to prevent risks from entering application systems.

In the ERM capability itself, the Role Creation methodology is directly represented in the functions located in the Create Role selection on the Role Management tab.

The Create Role function works in phases that are seen to progress across the screen and are related to an array of tabs at the bottom of the screen. The tabs that you see depend on the phase.

This section describes the features that support and enable the methodology.

Features

The Role Creation methodology tabs are as follows:

Detailed Description

Use this text field to describe the role.

Functional Area

You use the Functional Area to add a new attribute to the role. You can use these attributes to select multiple functional areas, such as departments or locations.

Approvers

You define default primary and alternate approvers for this role based on the Approval Criteria set up by Enterprise Role Manager Administrator.

You can also designate the Approver as a Role Owner, or an Approver (Provisioning), or both.

Custom Attributes

You use this tab to select from the Custom Fields configured by Enterprise Role Management Administrator. You can use this tab to create a custom attribute to reflect a number of states, such as role status or critical role.

Organization Levels

When you are in the Authorization Data phase, the Organization Levels tab appears on the Role Create screen.

This tab displays all available organization levels for the role based on the authorization data added to the role.

Risk Violations

After risk analysis has been performed in the Risk Analysis phase, then Risk Violations provides a breakdown of conflicting transactions, critical transactions, conflicting objects, and critical objects.