SAP GRC AC EAM Emergency Access Management Requirements Gathering Workshop Fahri Batur October 2013 About This Session Introduction Today is all about exploring how you will use Access Control by leveraging your business knowledge and our product knowledge to arrive at design decisions that will enable us to write the Blueprint and configure the system It is important we have people in this session that can provide (with our help) direction in terms of how you will use Access Control So lets start by doing introductions around the room to include what your area of interest is in relation to Access Control Agenda Running Order Requirements gathering for super user management via the Emergency Access Management (EAM) module How We’re Going to Do This A little insight into what’s in store Integrc’s role today Ask you lots of questions about how you will use Access Control Your role today Answer lots of questions! Provide business context Provide context to what we’re discussing and how our questions relate to your future use of Access Control To help you understand how Access Control will need to be set-up in order to meet your business requirements Tease out all the detail we will need to write the Blueprint and configure your solution Between us, we will establish all the facts we need to proceed How We’re Going to Do This Method We have various techniques and aids to help us identify how Access Control will need to be configured Good old fashioned talking where your business knowledge and our product knowledge comes together Structured questionnaire that will ensure we capture all information we need Access to the Integrc GRC lab where we can demo scenarios through the day for context if necessary Lets Start at the Very Beginning Overview of SAP GRC Access Control Marathon Phase (Stay Clean) Sprint Phase (Get Clean) Risk Identification & Remediation Privileged User Access Role Management Emergency Access Business Role Management Gavin Campbell Management - Director Prevention Access Request Management gavin.campbell@integrc.com Role definition and Privileged user access +44 7828 658812 management control solution Compliant provisioning solution Access Risk Analysis Risk analysis, detection, and remediation solution for access and authorisation controls Emergency Access Management (EAM) Superuser Management Provides enhanced control over the provision of powerful access Detective control enables users to be provided with enhanced access in a safer way than before Implement Monitor what the user does when logged on with enhanced access Maintain Just Before We Start An Insight Into the Variables We Need to Capture For each Access Control module, we will need to capture the following variables:- Cross Application Configuration and Settings System settings and parameters Will dictate how your system behaves and what default settings it uses Configuration settings Dictate how you will use the solution and how your GRC processes will work Master data Target Systems Identify Systems to be Connected to Access Control A target system is a backend system that will be connected to Access Control for the purposes of risk analysis, provisioning, super user management or role management Click icon for Target Systems data capture sheet Complete Incomplete Connectors Communication Channels Between GRC and Target Systems A connector is created in GRC for each target system that Access Control will connect to. Your consultant will capture the connector details for each in scope system Implement Click icon for Generic System Settings data capture sheet Complete Incomplete Connector Definition Technical Connector Settings A connector definition is required for each defined connector/target system. Your consultant will capture these technical settings for the purpose of documenting them in the Blueprint Implement Click icon for Generic System Settings data capture sheet Maintain Complete Incomplete Connector Groups Logical Groupings of Physical Connections Your consultant will discuss with you the different types of connector groups, what the advantages are of each type and establish which are best for you Implement Click icon for Generic System Settings data capture sheet Complete Incomplete Connector Integration Scenarios Integration scenarios are used to define the flow of information between different application components. Your consultant will help work out which scenarios are relevant to you Implement Click icon for Generic System Settings data capture sheet Complete Incomplete Access Control Owners Important Users Who Are Assigned Specific Responsibilities Users that will be involved in your Access Control processes need to be assigned their responsibilities in the Access Control owners table in addition to their ABAP roles Implement Click icon for Generic System Settings data capture sheet Maintain Complete Incomplete EAM Configuration Parameters System Settings for EAM These settings govern how EAM operates Implement Click icon for Generic System Settings data capture sheet Complete Incomplete Reason Codes Specifying a Reason for Logging on with EAM Capture the list of reasons that users can select when logging onto EAM to document why they needed to use enhanced access Implement Click icon for Generic System Settings data capture sheet Complete Incomplete Mapping EAM ID’s Identify EAM Users, Owners and Controllers Looking at which SAP users will be given access to log-on as a firefighter, which ID’s they shoul dbe mapped to and who will act as the owners and controllers of those ID’s Implement Click icon for Generic System Settings data capture sheet Maintain Complete Incomplete Next Steps What Happens Next Feed design decisions into Blueprint document Collate outstanding items asap and feed into Blueprint Approve Blueprint Integrc prepare for configuration Configuration and master data loaded to GRC development Test Thank You On behalf of Integrc, thank you for your invaluable contribution. Your input during requirements gathering will influence the success of the Access Control implementation