Mitigating controls can be stored with SAP functions. These reduce the effects on the company when SAP users match with SAP functions. At the same time, you specify how to deal with SAP users or SAP groups that match the SAP function. For example, changing a user assignment to an SAP role in the SAP system can be used as a mitigating control for an SAP function.
Mitigating controls can also be used as controlling measures for compliance rules. Mitigating controls assigned to the SAP functions for testing are automatically transferred into compliance rules about SAP functions.
Prerequisites:
-
Enabled compliance rules are assigned to a functional area and a department.
-
The SAP functions for testing are assigned to the same functional area and then associated variable set of the same department.
To edit mitigating controls
- In the Designer, enable the QER | CalculateRiskIndex configuration parameter.
Detailed information about this topic
To assign mitigating controls to a function definition
-
In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
-
Select the working copy in the result list.
-
Select the Assign mitigating controls task.
In the Add assignments pane, assign the mitigating controls.
TIP: In the Remove assignments pane, you can remove mitigating control assignments.
To remove an assignment
- Save the changes.
To create a mitigating control for SAP functions
-
In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.
-
Select a working copy in the result list.
-
Select the Assign mitigating controls task.
-
Select the Create mitigating controls task.
-
Enter the main data of the mitigating control.
- Save the changes.
-
Select the Assign function definitions task.
-
In the Add assignments pane, double-click the function definitions you want to assign.
- Save the changes.
Detailed information about this topic
The following base data is relevant for SAP Functions: