Chat now with support
Chat with Support

Identity Manager 9.3 - Administration Guide for the SAP R/3 Compliance Add-on

SAP functions and identity audit Setting up a synchronization project for synchronizing SAP authorization objects Basics of the authorization check Setting up SAP functions Compliance rules for SAP functions Mitigating controls for SAP functions Configuration parameters for SAP functions Default project template for the SAP R/3 Compliance Add-on Module Referenced SAP R/3 tables and BAPI calls

Creating mitigating controls for SAP functions

To create a mitigating control for SAP functions

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.

  2. Select a working copy in the result list.

  3. Select the Assign mitigating controls task.

  4. Select the Create mitigating controls task.

  5. Enter the main data of the mitigating control.

  6. Save the changes.

  7. Select the Assign function definitions task.

  8. In the Add assignments pane, double-click the function definitions you want to assign.

  9. Save the changes.
Related topics

Base data for SAP functions

The following base data is relevant for SAP Functions:

SAP function categories

Use function categories to group SAP functions by specific criteria. For example, in a function category you can group together all SAP functions for a specific use case.

To create a function category

  1. In the Manager, select the Identity Audit > Basic configuration data > SAP function categories category.

  2. Click in the result list.

  3. Edit the function category's main data.

  4. Save the changes.

To edit a function category

  1. In the Manager, select the Identity Audit > Basic configuration data > SAP function categories category.

  2. In the result list, select a function category and run the Change main data task.

  3. Edit the function category's main data.

  4. Save the changes.

Enter the following main data of a function category.

Table 22: SAP function category properties

Property

Description

Category

The function category’s name.

Parent category

Parent category for organizing function categories hierarchically.

Description

Text field for additional explanation.

To assign a function category to a function definition

  1. In the Manager, select the Identity Audit > SAP functions > Function definition working copies category.

    1. Select a working copy in the result list.

    2. Select the Change main data task.

  2. In the Function category drop-down, select a function category.

  3. Save the changes.
Related topics

Functional areas for SAP functions

You can use functional areas to analyze rule violations in context of Identity Audit for different SAP functions. You can enter criteria that provide information about risks from rule violations for functional areas and SAP functions.

To analyze rule checks for different areas of your company in the context of identity audit, you can set up functional areas. Assign functional areas to hierarchical roles, compliance rules, SAP functions, and service items. To assess the risks, specify how many rule violations are permitted in a functional area or role. You can enter separate assessment criteria for each role, such as a risk index or transparency index.

Moreover, functional areas can be replaced by peer group analysis during request approvals or attestation cases.

Example: Use of functional areas

To assess the risk of rule violations for cost centers. Proceed as follows:

  1. Set up functional areas.

  2. Assign cost centers to the functional areas.

  3. Define assessment criteria for the cost centers.

  4. Specify the number of rule violations allowed for the functional area.

  5. Assign the functional areas to the SAP functions or compliance rules that are relevant for the assessment.

  6. Use the One Identity Manager report function to create a report that prepares the result of rule checking for the functional area by any criteria.

To create or edit a functional area

  1. In the Manager, select the Identity Audit > Basic configuration data > Functional areas category.

  2. In the result list, select a function area and run the Change main data task.

    - OR -

    Click in the result list.

  3. Edit the function area main data.

  4. Save the changes.

Enter the following data for a functional area.

Table 23: Functional area properties

Property

Description

Functional area

Description of the functional area

Parent Functional area

Parent functional area in a hierarchy.

Select a parent functional area from the list for organizing your functional areas hierarchically.

Max. number of rule violations

List of rule violation valid for this functional area. This value can be evaluated during the rule check.

Description

Text field for additional explanation.

Mitigating controls assigned to the function definitions to be tested are automatically copied to rules about SAP functions. Conditions:

  • Active rules are assigned to a functional area and a department.
  • The function definitions to be tested are assigned to the same functional area and to the variable set associated with the same department.
Related topics
Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating