Mitigating controls can be stored with SAP functions. These reduce the effects on the company when SAP users match with SAP functions. At the same time, you specify how to deal with SAP users or SAP groups that match the SAP function. For example, changing a user assignment to an SAP role in the SAP system can be used as a mitigating control for an SAP function.

Mitigating controls can also be used as controlling measures for compliance rules. Mitigating controls assigned to the SAP functions for testing are automatically transferred into compliance rules about SAP functions.

Prerequisites:

Enabled compliance rules are assigned to a functional area and a department.
The SAP functions for testing are assigned to the same functional area and then associated variable set of the same department.

To edit mitigating controls

In the Designer, enable the QER | CalculateRiskIndex configuration parameter.

Detailed information about this topic

Assigning mitigating controls to a function definition

To assign mitigating controls to a function definition

In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
Select the working copy in the result list.
Select the Assign mitigating controls task.

In the Add assignments pane, assign the mitigating controls.
TIP: In the Remove assignments pane, you can remove mitigating control assignments.

To remove an assignment
- Select the mitigating control and double-click .
Save the changes.

Creating mitigating controls for SAP functions

To create a mitigating control for SAP functions

In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
Select a working copy in the result list.
Select the Assign mitigating controls task.
Select the Create mitigating controls task.
Enter the main data of the mitigating control.
Save the changes.
Select the Assign function definitions task.
In the Add assignments pane, double-click the function definitions you want to assign.
Save the changes.

Detailed information about this topic

Mitigating controls for SAP functions

Base data for SAP functions

The following base data is relevant for SAP Functions:

SAP function categories

Use SAP function categories to group SAP functions by specific criteria.

For more information, see SAP function categories.
Functional areas

Functional areas can be used as an additional group characteristic for SAP functions. Furthermore, you can use functional areas to analyze rule violations in context of Identity Audit for different SAP functions and to approve requests in the IT Shop or attestation cases by peer group analysis.

For more information, see Functional areas.
Maintaining SAP functions

SAP functions can be assigned employees that manage the SAP functions and therefore can edit the working copies.

For more information, see Maintaining SAP functions.

Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen

Bitte w&auml;hlen Sie Ihr Produkt aus:

Damit wir Ihnen besser helfen können, geben Sie den Grund Ihres Chats an:

Empfohlene Lösungen für Ihr Problem

Identity Manager 9.1.3 - Administration Guide for the SAP R/3 Compliance Add-on

Assigning mitigating controls to SAP functions

Detailed information about this topic

Assigning mitigating controls to a function definition

Creating mitigating controls for SAP functions

Detailed information about this topic

Base data for SAP functions

Bitte wählen Sie Ihr Produkt aus: