Emergency Access Management (EAM)

advertisement
SAP GRC AC EAM
Emergency Access Management
Requirements Gathering Workshop
Fahri Batur
October 2013
About This Session
Introduction
Today is all about exploring how you will
use Access Control by leveraging your
business knowledge and our product
knowledge to arrive at design decisions
that will enable us to write the Blueprint
and configure the system
It is important we have people in this
session that can provide (with our help)
direction in terms of how you will use
Access Control
So lets start by doing introductions
around the room to include what your
area of interest is in relation to Access
Control
Agenda
Running Order
Requirements gathering for super user
management via the Emergency Access
Management (EAM) module
How We’re Going to Do This
A little insight into what’s in store
Integrc’s role today
Ask you lots of questions about
how you will use Access Control
Your role today
Answer lots of questions!
Provide business context
Provide context to what we’re
discussing and how our
questions relate to your future
use of Access Control
To help you understand how
Access Control will need to be
set-up in order to meet your
business requirements
Tease out all the detail we will
need to write the Blueprint and
configure your solution
Between us, we will establish all the facts we need to proceed
How We’re Going to Do This
Method
We have various techniques and aids to help us identify how Access
Control will need to be configured
Good old fashioned talking
where your business
knowledge and our product
knowledge comes together
Structured questionnaire
that will ensure we
capture all information
we need
Access to the Integrc GRC
lab where we can demo
scenarios through the day
for context if necessary
Lets Start at the Very Beginning
Overview of SAP GRC Access Control
Marathon Phase
(Stay Clean)
Sprint Phase (Get Clean)
Risk Identification
& Remediation
Privileged User
Access
Role
Management
Emergency Access
Business Role
Management Gavin Campbell
Management
- Director
Prevention
Access Request
Management
gavin.campbell@integrc.com
Role definition and
Privileged user access
+44
7828
658812
management
control solution
Compliant provisioning
solution
Access Risk Analysis
Risk analysis, detection, and remediation solution for access and authorisation controls
Emergency Access Management (EAM)
Superuser Management
Provides enhanced control over the
provision of powerful access
Detective control enables users to be
provided with enhanced access in a
safer way than before
Implement
Monitor what the user does when
logged on with enhanced access
Maintain
Just Before We Start
An Insight Into the Variables We Need to Capture
For each Access Control
module, we will need to
capture the following
variables:-
Cross
Application
Configuration
and Settings
System settings and
parameters
Will dictate how your system
behaves and what default
settings it uses
Configuration settings
Dictate how you will use the
solution and how your GRC
processes will work
Master data
Target Systems
Identify Systems to be Connected to Access Control
A target system is a backend system that will be connected to Access
Control for the purposes of risk analysis, provisioning, super user
management or role management
Click icon for Target
Systems data capture sheet
Complete
Incomplete
Connectors
Communication Channels Between GRC and Target Systems
A connector is created in GRC for each target system that Access
Control will connect to. Your consultant will capture the connector
details for each in scope system
Implement
Click icon for Generic
System Settings data
capture sheet
Complete
Incomplete
Connector Definition
Technical Connector Settings
A connector definition is required for each defined connector/target
system. Your consultant will capture these technical settings for the
purpose of documenting them in the Blueprint
Implement
Click icon for Generic
System Settings data
capture sheet
Maintain
Complete
Incomplete
Connector Groups
Logical Groupings of Physical Connections
Your consultant will discuss with you the different types of connector
groups, what the advantages are of each type and establish which
are best for you
Implement
Click icon for Generic
System Settings data
capture sheet
Complete
Incomplete
Connector Integration Scenarios
Integration scenarios are used to define the flow of information
between different application components. Your consultant will help
work out which scenarios are relevant to you
Implement
Click icon for Generic
System Settings data
capture sheet
Complete
Incomplete
Access Control Owners
Important Users Who Are Assigned Specific Responsibilities
Users that will be involved in your Access Control processes need to
be assigned their responsibilities in the Access Control owners table
in addition to their ABAP roles
Implement
Click icon for Generic
System Settings data
capture sheet
Maintain
Complete
Incomplete
EAM Configuration Parameters
System Settings for EAM
These settings govern how EAM operates
Implement
Click icon for Generic
System Settings data
capture sheet
Complete
Incomplete
Reason Codes
Specifying a Reason for Logging on with EAM
Capture the list of reasons that users can select when logging onto
EAM to document why they needed to use enhanced access
Implement
Click icon for Generic
System Settings data
capture sheet
Complete
Incomplete
Mapping EAM ID’s
Identify EAM Users, Owners and Controllers
Looking at which SAP users will be given access to log-on as a
firefighter, which ID’s they shoul dbe mapped to and who will act as
the owners and controllers of those ID’s
Implement
Click icon for Generic
System Settings data
capture sheet
Maintain
Complete
Incomplete
Next Steps
What Happens Next
Feed design
decisions into
Blueprint
document
Collate
outstanding
items asap
and feed into
Blueprint
Approve
Blueprint
Integrc
prepare for
configuration
Configuration
and master
data loaded to
GRC
development
Test
Thank You
On behalf of Integrc, thank you for your invaluable contribution.
Your input during requirements gathering will influence the
success of the Access Control implementation
Download