The Rule Architect is central to the Risk Analysis and Remediation capability. During configuration, your administrator uploads a starter set of rules and a rules library, and you customize the rules according to your business. The Rule Architect also provides tools to manage your rules, risks, and functions.
The basis for customizing your rules is in your own systems. With the knowledge of your own system, you update the rule starter set, and then you have a complete set of rules for your company.
You associate all of your risks with your rule set; rules are risk-specific. During configuration you identify the risks in your business, then at the business level you define and create the risks, correlate them 1:1 with transaction code combinations, and assign Risk IDs and other fields to the risks.
At the security level, an administrator creates corresponding functions and associates each function to a business process. Functions tell the system to create the rules; the application auto-generates the rules to oppose the risks.
Therefore, in the Rule Architect tab, you do not directly create your rules; rather, you create or identify a risk and, then, Risk Analysis and Remediation generates the rules.
To identify the Risks produced in Risk Analysis reports, you need to identify the combinations of actions and permissions that represent conflicts. The Rule Architect provides many of the tools you need to define SoDs risks and business processes.
In the Rule Architect tab:
You can search Rules:
Action Rules
Permission Rules
Critical Action Rules
Critical Permission Rules
Create and Search:
Business Processes
Functions
Risks
Critical Roles
Critical Profiles
Organization Rules
Supplementary Rules
Use Utilities to:
Export Rules
Import Rules
Perform:
Functions Mass Maintenance
View Change History for:
Functions
Risks
You can also download and print all search results that you perform in the Rule Architect. You can save the reports as text, or as an Excel spreadsheet. The reports print in the language that you used when you logged in.
Note
Due to screen size limitations, the printed and exported versions of the search results may contain more data fields than the screen can display.
Caution
Before you start to create rules, an administrator must create system connectors. For detailed information on how to create system connectors see the SAP GRC Access Control Configuration documentation.