Rule Analysis
Users who have access to certain SAP functions, and who have violated compliance rules can pose a significant security threat. You should analyze these users to determine if action should be taken. Two menus help you with these tasks in the Web Portal.
Rule analysis shows compliance rules that contain SAP function and identify each employee that violates the rules. You can analyze the rule violation to determine the cause.
To obtain information about SAP user accounts involved in a rule violation
-
Select Compliance | Governance Administration and click Rule Analysis.
A list of compliance rules that include SAP functions appears.
- Click Select in the desired entry, to view user accounts and employees who have violated compliance rules.
You can determine which rules have violations by using the Critical Function Analysis.
For any employee who has violated the rule, you can analyze the violation by role or ability.
- Perform one of the following tasks.
- ClickBy role to expand details about roles and profiles for the rule violation.
- Click By ability to expand details of SAP functions and transactions.
- Click Back to return to the list of employees.
Function analysis
Critical Function Analysis shows you employees with critical SAP functions, which violate compliance rules. For each employee, you can determine what SAP function is involved in the violation, and the rules that caused the violation. You can use the significance rating to prioritize your actions. If a rule with a significance rating is violated by a SAP function with a significance rating it must be handled promptly.
To identify employees who violate compliance rules with critical SAP functions
- Select Compliance | Governance Administration and click Critical Function Analysis.
A list of employees with critical SAP functions appears.
- Click Select to expand details of SAP functions and rule violations for the selected employee.
Ownerships
In the Responsibilities menu, you can run various actions and obtain information. The following tables provide you with an overview of the menu items and actions that can be executed here.
|
Menu |
Menu item |
|
Action |
Description |
|---|---|---|---|---|
|
Ownerships |
My Responsibilities |
|
People |
View your staff and their details. Add new people. |
|
|
|
|
System entitlements |
View and edit your system entitlements and their details. Add members and view historical data. |
|
|
|
|
Business roles |
View and edit your system roles and their details. Create new business roles or restore deleted ones. Split up, compare or merges roles. |
|
|
|
|
System roles |
View and edit your business roles and their details. Create new system roles. |
|
|
|
|
Departments |
View and edit your departments and their details. Restore deleted departments or split, compare and merge departments. |
|
|
|
|
Cost centers |
View and edit your cost centers and their details. Restore deleted cost centers or split, compare and merge cost centers. |
|
|
|
|
Locations |
View and edit your locations and their details. Restore deleted locations or split, compare and merge locations. |
|
|
|
|
Resources |
View and edit your resources and their details. Add new resources. |
|
|
|
|
Assignment resources |
View and edit your assignment resources and their details. Add entitlements and view historical data. |
|
|
|
|
Multi-requestable/unsubscribable resources |
View and edit Multi-requestable/unsubscribable resources and their details. Request memberships for employees and add permissions. View historical data. |
|
|
|
|
Devices |
View and edit your devices. Add new devices. |
|
|
Delegation |
|
Delegation |
View responsibilities that you can delegate. |
|
|
|
|
Delegation history |
View your delegations to other members of staff and responsibilities delegate to yourself. |
|
|
Responsibilities |
|
Claim Ownership |
Claim responsibility for a group that does not has no one in charge. |
|
|
|
|
Assign Ownership |
Assigns an owner to a business object. |
|
|
Auditing |
|
Employees |
View all employee details. |
|
|
|
|
Active Directory |
View one or all entitlements of the employee who is responsible for an Active Directory group. |
|
|
|
|
Azure Active Directory |
View one or all entitlements of the employee who is responsible for an Azure Active Directory group. |
|
|
|
|
LDAP |
View one or all entitlements of the employee who is responsible for an LDAP group. |
|
|
|
|
SAP R/3 |
View one or all entitlements of the employee who is responsible for an SAP R/3 group. |
|
|
|
|
Universal Cloud Interface |
View one or all entitlements of the employee who is responsible for an Universal Cloud Interface group. |
|
|
|
|
UNIX |
View one or all entitlements of the employee who is responsible for an Unix group. |
|
|
|
|
Business roles |
View one or all business roles of the employee who is responsible for them. |
|
|
|
|
System roles |
View one or all system roles of the employee who is responsible for them. |
|
|
|
|
One Identity Manager Application Roles |
View one or all application roles of the employee who is responsible for them. |
|
|
|
|
Departments |
View one or all departments of the employee who is responsible for them. |
|
|
|
|
Cost centers |
View one or all cost centers of the employee who is responsible for them. |
|
|
|
|
Locations |
View one or all locations of the employee who is responsible for them. |
|
|
|
|
Resources |
View one or all business roles of the employee who is responsible for them. |
|
|
|
|
Assign resources |
View one or all assignment resources of the employee who is responsible for them. |
|
|
|
|
Multi-request resources |
View one or all mulit-request resources of the employee who is responsible for them. |
|
|
|
|
Multi-requestable/unsubscribable resources |
View one or all Multi-requestable/unsubscribable resources of the employee who is responsible for them. |
|
|
|
|
Applications |
View one or all applications of the employee who is responsible for them. |
|
|
Governance Administration |
|
Business roles |
View and edit business roles and their details. Restore deleted roles. Split up, compare or merge roles. |
|
|
|
|
System entitlements |
View and edit system entitlements and their details. Add members, assign devices and view historical data. |
Detailed information about this topic
My Responsibilities
The My Responsibilities view is a submenu of the Responsibilities menu. Here you can view the tasks and entitlements under your supervision within your company. You can manage the following responsibilities: These actions can be called up over tiles.
| Employees | ||
| Devices | ||
| Herarchical roles | Organizations | Department |
| Cost center | ||
| Location | ||
| Business role | ||
| Company resources | System role | |
| System entitlement | ||
| Resources | ||
| Assignment resources | ||
| Multi-requestable/unsubscribable resources | ||