End User Personalization in Access Control 10.0

© 2011 SAP AG

Applies to:

SAP® BusinessObjects™ Access Control 10.0

Summary

SAP GRC Access Control is an enterprise software application that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance. The application streamlines compliance processes, including access risk analysis and remediation, business role management, access request management, superuser maintenance, and periodic compliance certifications. It delivers immediate visibility of the current risk situation with real-time data. This guide explains the End User Personalization concept and the technical configuration to attain that functionality.

Authors: Ankur Baishya, SAP Customer Solution Adoption

Created on: June 8, 2011

Version: 1.1

End User Personalization in Access Control 10.0

© 2011 SAP AG

Typographic Conventions

Type Style Description

Example Text Words or characters quoted

from the screen. These

include field names, screen

titles, pushbuttons labels,

menu names, menu paths,

and menu options.

Cross-references to other

documentation

Example text Emphasized words or

phrases in body text, graphic

titles, and table titles

Example text File and directory names and

their paths, messages,

names of variables and

parameters, source text, and

names of installation,

upgrade and database tools.

Example text User entry texts. These are

words or characters that you

enter in the system exactly as

they appear in the

documentation.

<Example

text>

Variable user entry. Angle

brackets indicate that you

replace these words and

characters with appropriate

entries to make entries in the

system.

EXAMPLE TEXT Keys on the keyboard, for

example, F2 or ENTER.

Icons

Icon Description

Caution

Note or Important

Example

Recommendation or Tip

© 2011 SAP AG

Table of Contents

1. Overview ............................................................................................................................... 4

2. Prerequisites ........................................................................................................................ 4

3. Activate the Business Configuration Set .......................................................................... 4

4. Configure End User Personalization ................................................................................. 6

4.1 Create a New EUP Template ....................................................................................... 6

4.2 Create a Request Using the New Template ............................................................... 12

4.3 Modify an Existing EUP Template .............................................................................. 14

5. Related Content ................................................................................................................. 14

6. Comments and Feedback ................................................................................................. 15

7. Copyright ............................................................................................................................ 15


© 2011 SAP AG

1. Overview

For companies that require their users have roles or access that are predetermined and based on a

template, Access Control 10.0 has an End User Personalization function for access requests.

This functionality:

Improves the accuracy of access requests

Streamlines access request creation and submission

Lowers or eliminates user error

This how-to guide details the configuration and subsequent implementation of End User Personalization.

2. Prerequisites

You have completed the following:

You have installed the GRCFND_A software component, and then activated Access Control.

You have completed the post-installation steps for Access Control.

Please refer to the GRC 10.0 Installation Guide for details.

You have activated the Business Configuration Set (BC Set) for End User Personalization (described below).

3. Activate the Business Configuration Set

To activate the BC set:

1. Access the GRC instance, and enter transaction code SCPR20.

2. Enter GRAC_ACCESS_REQUEST_EUP in the BC Set field.


© 2011 SAP AG

Click Activate BC Set button or F7

3. After choosing the Activation button , an Activation Options screen appears.

4. Select Overwrite All Data.

5. Select Expert Mode.

6. Choose the Execute button to execute.

You will see a screen confirming the BC Set EUP execution.


© 2011 SAP AG

4. Configure End User Personalization

Follow the configuration steps to create End User Personalization templates.

4.1 Create a New EUP Template

To create a new EUP template,

1. Access the GRC instance, and then enter the transaction code SPRO.

2. Navigate to IMG Governance, Risk and Compliance Access Control User Provisioning

Maintain End User Personalization.

3. Choose New Entries.

4. Enter an EUP ID. (Any number between 1 and 998 can be used; the 999 EUP ID is the default

template.)

5. Enter an EUP Config. Name.

6. Enter a Description, and then choose Save.

7. Select the EUP ID you just created, and then choose Maintain EUP Fields.

There are four columns of fields that can be maintained:

Default value

Mandatory

Editable

Visible


© 2011 SAP AG

Description: These describe the various fields on the Access Request screen.

Default Value: These values are automatically populated in fields on the Access Request screen.

Mandatory: By Choosing YES or NO from the dropdown list under the Mandatory field, any field on the Access Request screen can be made mandatory.

Editable: Users can make these fields editable or non-editable by selecting a option from the dropdown

list under the Editable field.

Visible: Here users can select what appears on the Access Request form. By choosing the YES or NO options from the dropdown list under the Visible field, users can make any field visible on the Access Request form.


© 2011 SAP AG

8. After completing all changes, choose Save.

9. Access the GRC instance, and then enter the transaction code NWBC or /nNWBC.

10. Go to the Access Management tab. Navigate to Access Requests Administration and choose

Template Management.


© 2011 SAP AG

11. Choose Create in the next screen.

12. In the Template Details tab, enter Name, Description and the EUP ID which you created in the

beginning of section ‎4.1, or search for it by pressing the F4 key in the EUP ID field, and choosing

the Request Type for which you created the template.

13. Go to the Access Details tab, and then enter Role and System assignments.


© 2011 SAP AG

14. Go to the User Details tab after you have completed adding role(s) or system(s).

15. Add any user details which must be pre-filled for the Access Request.


© 2011 SAP AG

16. After filling in all the User Details, choose Save.

The newly created EUP Template should now be visible in the Template Management list.


© 2011 SAP AG

4.2 Create a Request Using the New Template

To create a request in the new Template,

1. Access the GRC instance and enter the transaction code NWBC.

2. Go to the Access Management tab. Navigate to Access Request Creation, and then choose

Template Based Request.

3. In the next screen, choose the template name that you created previously, and then choose Next.


© 2011 SAP AG

4. Enter details in the next screen, and then choose Next. (The edits/additions to the appropriate

fields, which were done previously, should now be visible.)

5. Enter Access Request details. (You will see any roles that were added in the template on this

screen), and then choose Next.


© 2011 SAP AG

6. Review the Access Request, and then choose Submit.

An Access Request was created using an End User Personalization template.

4.3 Modify an Existing EUP Template

To modify an existing EUP template,

1. Access the GRC instance and enter transaction code SPRO.

2. Navigate to IMG Governance, Risk and Compliance Access Control User Provisioning

Maintain End User Personalization.

3. Select the EUP Template to be modified, and then choose Maintain EUP Fields.

5. Related Content

On the Web: http://help.sap.com SAP BusinessObjects GRC Solutions Access Control

Learn more about ramp-up knowledge transfer (RKT): http://service.sap.com/RKT

Learn more about the GRC Business Process Expert (BPX) community and related documentation at:

http://www.sdn.sap.com/irj/bpx/grc

http://help.sap.com/

http://service.sap.com/RKT

http://www.sdn.sap.com/irj/bpx/grc


© 2011 SAP AG

6. Comments and Feedback

Your feedback is very valuable and will enable us to improve our documents. Please take a few moments

to complete our feedback form. Any information you submit will be kept confidential.

You can access the feedback form at:

http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d

7. Copyright

© 2011 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the

express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software

components of other software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z,

System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390,

OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+,

POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System

Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA,

AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks

of IBM Corporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks

of Adobe Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or

registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web

Consortium, Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology

invented and implemented by Netscape.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork,

and other SAP products and services mentioned herein as well as their respective logos are trademarks or

registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions,

Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well

http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d


© 2011 SAP AG

as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd.

Business Objects is an SAP company.

Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and

services mentioned herein as well as their respective logos are trademarks or registered trademarks of

Sybase, Inc. Sybase is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data

contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its

affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of

any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only

warranties for SAP Group products and services are those that are set forth in the express warranty

statements accompanying such products and services, if any. Nothing herein should be construed as

constituting an additional warranty.

End User Personalization in Access Control 10.0

Documents

Transcript of End User Personalization in Access Control 10.0