What is the difference between sap grc 5.2 and 5.3

I know there are already some questions posted for you, so we can get started. With the synchronisation jobs, I would tend to have them all as scheduled periodic background jobs and would suggest the following frequency:. I would then run an incremental Batch Risk Analysis on a daily basis after the jobs above. I would also recommend a monthly or weekly full sync to make sure that everything is up to date ideally outside of core business hours. Perla Priscila : Thank you for the recommendation, Simon.

We will take it in account and schedule that frequency in our upgraded environment. You will need to upgrade to 5. To be honest, with the significant technical shift, you spend almost as much time validating and revalidating the migration that I think that its easier to think of it as a re-implementation with some accellerators on the ruleset front.

Especially with workflow, I would re-implement it directly within GRC If possible in RAR, how? If you want the role assignment conflicts, I would lean towards user level analysis as that will advise you on the conflicts arising between roles.

And if you use upload functionality like in 5. I actually quite like using the global upload functionality for mass maintenance, especially in GRC I think that it aligns more easily with audit requirements to support strong change management as you can then cite transports and effective testing in support of your processes.

It is also easier to chunk up the data into business processes so that each business can support their own data outside of the system. This also allows you to remove change access to the ruleset in production and avoid a clear SoD issue within your SoD tool! There is an argument for allowing the direct changes of the rules in production uing NWBC and the mass maintenance options as it keeps the controls within a single repository.

However, you do then have more and more people interacting with the system and increase the change of mistakes being made. If this is your preference, I would definitely configure the approval workflow for function and risk changes. Regarding your systems question, this is where connector groups help massively. In GRC 10, you can choose to assign the rules to a single system or to a logical connector group. Plus the ability to append or overwrite really helps you to manage the upload more effe ctively.

Within 5. I have not seen that in It is good practice to split your functions into managable chunks so that you reduce the load on the system to evaluate it. If you have very broad functions, then you might get performance issues during analysis. Looking at the database tables and using Early watch reporting should allow you to guard against such issues. I have also had to create agent rules and routing rules. Most of the other processes are specific to certain use cases and therefore are simple in nature.

For these e. Function, Risk approval or Firefighter Log report the standard settings seem fine. Did you ever encounter problems or even not been able to install the plug ins in a certain remote system? For example the problems are caused by online connections to other systems need to be offline before being able to install the plug in software?

This Quick Reference Guide for periodic job processing applies to the system's capability for risk analysis and remediation. This is a prerequisite to start customizing and implementation of their role management.

It explains how roles may be created. Projects may apply a different methodology. Completing the required post-installation tasks allows to start customizing and implementation of individual workflows. This article outlines the configuration procedure for provisioning to work with CUA systems. Creating firefighter, firefighter ID, firefighter controller and firefighter owner 9. Maintaining reason codes 9. Assigning firefighter controller and owner to FFID 9. Checking FF logs Post installation activities of BRM Creating a role by BRM component Business role definition- technical role definition Creating single role Creating composite role Creating Business role Assigning role owner to role Creating access request Types of access request Responding to access request Designing end user personalization form Comparison with CUP Process ID Initiator rule Agent rule Routing rule