Compliance and security officer
NOTE: This application role is available if Attestation Module, Compliance Rules Module, or Company Policies Module is installed.
Compliance and security officers must be assigned to the Identity & Access Governance | Compliance & Security Officer application role.
Users with this application role:
- View all compliance relevant information and other analysis in the Web Portal. This includes attestation policies, company policies and policy violations, compliance rules, and rule violations and risk index functions.
- Edit attestation polices.
Auditors
NOTE: This application role is available if Attestation Module, Compliance Rules Module or Company Policies Module is installed.
Auditors are assigned to the Identity & Access Governance | Auditors application role.
Users with this application role:
- See the Web Portal all the relevant data for an audit.
Application roles for identity audit
NOTE: This application role is available if the Compliance Rules Module is installed.
The following application roles are available for managing compliance rule:
Table 2: Application roles for identity audit
|
Administrators |
Administrators must be assigned to the Identity & Access Governance | Identity Audit | Administrators application role.
Users with this application role:
- Enter base data for setting up company policies.
- Create compliance rules and assign rule supervisors to them.
- Can start rule checking and view rule violations as required.
- Create reports about rule violations.
- Enter mitigating controls.
- Create and edit risk index functions.
- Monitor Identity Audit functions.
- Administer application roles for rule supervisors, exception approvers and attestors.
- Set up other application roles as required.
|
|
Rule supervisors
|
Rule supervisors must be assigned to the Identity & Access Governance | Identity Audit | Rule supervisors application role or a child application role.
Users with this application role:
- Are responsible for compliance rule content, for example, an auditor or a auditing department.
- Edit the compliance rule working copies, which are assigned to the application role.
- Enable and disable compliance rules.
- Can start rule checking and view rule violations as required.
- Assign mitigating controls.
|
|
Exception approvers
|
Administrators must be assigned to the Identity & Access Governance | Identity Audit | Exception approvers application role or a child application role.
Users with this application role:
- Edit rule violations in the Web Portal.
- Can grant exception approval or revoke it in the Web Portal.
|
|
Attestors
|
Attestors must be assigned to the Identity & Access Governance | Identity Audit | Attestors application role.
Users with this application role:
- Attest compliance rules and exception approvals in the Web Portal for which they are responsible.
- Can view master data for these compliance rules but not edit them.
NOTE: This application role is available if the module Attestation Module is installed. |
|
Maintain SAP Functions |
Administrators must be assigned to the Identity & Access Governance | Identity Audit | Maintain SAP functions application role or a child application role.
Users with this application role:
- Are responsible for SAP function contents.
- Edit working copies of function definitions for which they are responsible.
- Define function instances and variables sets for SAP functions.
- Assign mitigating controls.
NOTE: This application role is available if the module SAP R/3 Compliance Add-on Module is installed. |
Application roles for company policies
NOTE: This application role is available if the Company Policies Module is installed.
The following application roles are available for managing company policies:
Table 3: Application roles for company policies
|
Administrators
|
Administrators must be assigned to the Identity & Access Governance | Company policies | Administrators application role.
Users with this application role:
- Enter base data for setting up company policies.
- Set up policies and assign policy supervisors to them.
- Can calculation policies and view policy violations if required.
- Set up reports about policy violations.
- Enter mitigating controls.
- Create and edit risk index functions.
- Administer application roles for policy supervisors, exception approvers and attestors.
- Set up other application roles as required.
|
|
Policy supervisors
|
Policy supervisors must be assigned to the Identity & Access Governance | Company policies | Policy supervisors application role or another child application role.
Users with this application role:
- Are responsible for the contents of company policies.
- Edit working copies of company policies.
- Enable and disable company policies.
- Can calculation policies and view policy violations if required.
- Assign mitigating controls.
|
|
Exception approvers
|
Exception approvers must be assigned to the Identity & Access Governance | Company policies | Exception approvers application role or a child application role.
Users with this application role:
- Edit policy violations.
- Can grant exception approval or revoke it.
|
|
Attestors
|
Attestors must be assigned to the Identity & Access Governance | Company policies | Attestors application role.
Users with this application role:
- Attest company policies and exception approvals in the Web Portal for which they are responsible.
- Can view the master data for these company policies but not edit them.
NOTE: This application role is available if the module Attestation Module is installed. |
