From The Tip Doctor, Insider Learning Network.
This tip was created by Ms. Christa Schönberg, GRC Nordic, for a session at the GRC 2010 Europe conference presented in Barcelona, November 2010.
Whichever system you are using, the configuration of compliant user provisioning must be done. Configuration does not require any deep technical skills; simple logical thinking skills are enough.
Make all the necessary configurations on the configuration tab page. Depending on the version that you are using, you might see some different paths available. (These paths are valid for SAP BusinessObjects Access Control 5.3 SP 11.) The assumption is that the technical post-installation steps for configuration of SAP BusinessObjects Access Control compliant user provisioning have already been completed.
Here are steps required to configure approval workflows for compliant user provisioning:
- Request Type Step: Activate the relevant preconfigured request types (change user, new hire, etc.)
- Priority Step: Create the priorities for your requests that you will be using
- Employee Type: Create the employee types you will be using
- ?Number ?Range?
- Activate your number range
- Risk Analysis
- Specify some detail data on how the risk analysis will work in conjunction with CUP. Make all necessary settings here.
- Specify some detail data on how the mitigations should work in conjunction with CUP. Make all necessary settings here.
- Configure how the request form looks in this step (i.e., are certain fields available or not, are they drop down lists or not).
- Request form customization
- Configure how the rest of the request form looks in this step (i.e., make fields mandatory, editable or visible).
- Workflow configuration
- Initiator: All workflows need an initiator. Make sure there is only one initiator valid for each of your scenarios. You can use many of the predefined attributes as initiators (e.g., company, action of role or request type).
- Stage: In the stage you will define most of the things that determine how the approval workflows will work.
- Path: The path combines all the data, the stage, and the initiator. You may connect many stages to one path.
- Email reminder: In this step, you can configure how the reminders are sent out, for example, the approvers, in case they do not react to the access requests.
- SMTP server: This is mandatory if you want to send emails out from GRC CUP to the approvers.
In addition to these steps, you will need to ensure that the roles are available in GRC CUP. Those can either be loaded from MS Excel, or taken from GRC Enterprise Role Management (ERM). This is configured in the step Roles – Import Roles.
Finally, you need to schedule the following background jobs: Email Dispatcher, Email Reminder, and Escalation for the emails to be sent out. The emails get sent out each time a job is run and the jobs can also be run manually if needed.
For more information about configuring SAP BusinessObjects GRC Solutions, the sessions presented at GRC 2010, 9-11 November, Barcelona, Spain, or the 2011 dates for SAPinsider's GRC conference, visit the GRC Conference Group on Insider Learning Network.