End User Personalization in Access Control 10.0
-
Upload
praveenkumarn -
Category
Documents
-
view
227 -
download
2
Transcript of End User Personalization in Access Control 10.0
© 2011 SAP AG
Applies to:
SAP® BusinessObjects™ Access Control 10.0
Summary
SAP GRC Access Control is an enterprise software application that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance. The application streamlines compliance processes, including access risk analysis and remediation, business role management, access request management, superuser maintenance, and periodic compliance certifications. It delivers immediate visibility of the current risk situation with real-time data. This guide explains the End User Personalization concept and the technical configuration to attain that functionality.
Authors: Ankur Baishya, SAP Customer Solution Adoption
Created on: June 8, 2011
Version: 1.1
End User Personalization in Access Control 10.0
Page 2
© 2011 SAP AG
Typographic Conventions
Type Style Description
Example Text Words or characters quoted
from the screen. These
include field names, screen
titles, pushbuttons labels,
menu names, menu paths,
and menu options.
Cross-references to other
documentation
Example text Emphasized words or
phrases in body text, graphic
titles, and table titles
Example text File and directory names and
their paths, messages,
names of variables and
parameters, source text, and
names of installation,
upgrade and database tools.
Example text User entry texts. These are
words or characters that you
enter in the system exactly as
they appear in the
documentation.
<Example
text>
Variable user entry. Angle
brackets indicate that you
replace these words and
characters with appropriate
entries to make entries in the
system.
EXAMPLE TEXT Keys on the keyboard, for
example, F2 or ENTER.
Icons
Icon Description
Caution
Note or Important
Example
Recommendation or Tip
Page 3
© 2011 SAP AG
Table of Contents
1. Overview ............................................................................................................................... 4
2. Prerequisites ........................................................................................................................ 4
3. Activate the Business Configuration Set .......................................................................... 4
4. Configure End User Personalization ................................................................................. 6
4.1 Create a New EUP Template ....................................................................................... 6
4.2 Create a Request Using the New Template ............................................................... 12
4.3 Modify an Existing EUP Template .............................................................................. 14
5. Related Content ................................................................................................................. 14
6. Comments and Feedback ................................................................................................. 15
7. Copyright ............................................................................................................................ 15
End User Personalization in Access Control 10.0
Page 4
© 2011 SAP AG
1. Overview
For companies that require their users have roles or access that are predetermined and based on a
template, Access Control 10.0 has an End User Personalization function for access requests.
This functionality:
Improves the accuracy of access requests
Streamlines access request creation and submission
Lowers or eliminates user error
This how-to guide details the configuration and subsequent implementation of End User Personalization.
2. Prerequisites
You have completed the following:
You have installed the GRCFND_A software component, and then activated Access Control.
You have completed the post-installation steps for Access Control.
Please refer to the GRC 10.0 Installation Guide for details.
You have activated the Business Configuration Set (BC Set) for End User Personalization (described below).
3. Activate the Business Configuration Set
To activate the BC set:
1. Access the GRC instance, and enter transaction code SCPR20.
2. Enter GRAC_ACCESS_REQUEST_EUP in the BC Set field.
End User Personalization in Access Control 10.0
Page 5
© 2011 SAP AG
Click Activate BC Set button or F7
3. After choosing the Activation button , an Activation Options screen appears.
4. Select Overwrite All Data.
5. Select Expert Mode.
6. Choose the Execute button to execute.
You will see a screen confirming the BC Set EUP execution.
End User Personalization in Access Control 10.0
Page 6
© 2011 SAP AG
4. Configure End User Personalization
Follow the configuration steps to create End User Personalization templates.
4.1 Create a New EUP Template
To create a new EUP template,
1. Access the GRC instance, and then enter the transaction code SPRO.
2. Navigate to IMG Governance, Risk and Compliance Access Control User Provisioning
Maintain End User Personalization.
3. Choose New Entries.
4. Enter an EUP ID. (Any number between 1 and 998 can be used; the 999 EUP ID is the default
template.)
5. Enter an EUP Config. Name.
6. Enter a Description, and then choose Save.
7. Select the EUP ID you just created, and then choose Maintain EUP Fields.
There are four columns of fields that can be maintained:
Default value
Mandatory
Editable
Visible
End User Personalization in Access Control 10.0
Page 7
© 2011 SAP AG
Description: These describe the various fields on the Access Request screen.
Default Value: These values are automatically populated in fields on the Access Request screen.
Mandatory: By Choosing YES or NO from the dropdown list under the Mandatory field, any field on the Access Request screen can be made mandatory.
Editable: Users can make these fields editable or non-editable by selecting a option from the dropdown
list under the Editable field.
Visible: Here users can select what appears on the Access Request form. By choosing the YES or NO options from the dropdown list under the Visible field, users can make any field visible on the Access Request form.
End User Personalization in Access Control 10.0
Page 8
© 2011 SAP AG
8. After completing all changes, choose Save.
9. Access the GRC instance, and then enter the transaction code NWBC or /nNWBC.
10. Go to the Access Management tab. Navigate to Access Requests Administration and choose
Template Management.
End User Personalization in Access Control 10.0
Page 9
© 2011 SAP AG
11. Choose Create in the next screen.
12. In the Template Details tab, enter Name, Description and the EUP ID which you created in the
beginning of section 4.1, or search for it by pressing the F4 key in the EUP ID field, and choosing
the Request Type for which you created the template.
13. Go to the Access Details tab, and then enter Role and System assignments.
End User Personalization in Access Control 10.0
Page 10
© 2011 SAP AG
14. Go to the User Details tab after you have completed adding role(s) or system(s).
15. Add any user details which must be pre-filled for the Access Request.
End User Personalization in Access Control 10.0
Page 11
© 2011 SAP AG
16. After filling in all the User Details, choose Save.
The newly created EUP Template should now be visible in the Template Management list.
End User Personalization in Access Control 10.0
Page 12
© 2011 SAP AG
4.2 Create a Request Using the New Template
To create a request in the new Template,
1. Access the GRC instance and enter the transaction code NWBC.
2. Go to the Access Management tab. Navigate to Access Request Creation, and then choose
Template Based Request.
3. In the next screen, choose the template name that you created previously, and then choose Next.
End User Personalization in Access Control 10.0
Page 13
© 2011 SAP AG
4. Enter details in the next screen, and then choose Next. (The edits/additions to the appropriate
fields, which were done previously, should now be visible.)
5. Enter Access Request details. (You will see any roles that were added in the template on this
screen), and then choose Next.
End User Personalization in Access Control 10.0
Page 14
© 2011 SAP AG
6. Review the Access Request, and then choose Submit.
An Access Request was created using an End User Personalization template.
4.3 Modify an Existing EUP Template
To modify an existing EUP template,
1. Access the GRC instance and enter transaction code SPRO.
2. Navigate to IMG Governance, Risk and Compliance Access Control User Provisioning
Maintain End User Personalization.
3. Select the EUP Template to be modified, and then choose Maintain EUP Fields.
5. Related Content
On the Web: http://help.sap.com SAP BusinessObjects GRC Solutions Access Control
Learn more about ramp-up knowledge transfer (RKT): http://service.sap.com/RKT
Learn more about the GRC Business Process Expert (BPX) community and related documentation at:
http://www.sdn.sap.com/irj/bpx/grc
End User Personalization in Access Control 10.0
Page 15
© 2011 SAP AG
6. Comments and Feedback
Your feedback is very valuable and will enable us to improve our documents. Please take a few moments
to complete our feedback form. Any information you submit will be kept confidential.
You can access the feedback form at:
http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d
7. Copyright
© 2011 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z,
System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390,
OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+,
POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System
Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA,
AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks
of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks
of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or
registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web
Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology
invented and implemented by Netscape.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork,
and other SAP products and services mentioned herein as well as their respective logos are trademarks or
registered trademarks of SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions,
Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well
End User Personalization in Access Control 10.0
Page 16
© 2011 SAP AG
as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd.
Business Objects is an SAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and
services mentioned herein as well as their respective logos are trademarks or registered trademarks of
Sybase, Inc. Sybase is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data
contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its
affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of
any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only
warranties for SAP Group products and services are those that are set forth in the express warranty
statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.