ARM is a workflow engine in SAP GRC Access Control that automates user access provisioning by defining approval processes for access changes. It allows creating customized access request templates and configuring parameters like provisioning settings. MSMP is the new workflow engine that directs requests along approval routes using rules. Creating ARM workflows in MSMP involves defining initiator, agent, and routing rules in BRF+ and mapping them as MSMP rules along with configuring global settings, paths, and route mapping.
ARM is a workflow engine in SAP GRC Access Control that automates user access provisioning by defining approval processes for access changes. It allows creating customized access request templates and configuring parameters like provisioning settings. MSMP is the new workflow engine that directs requests along approval routes using rules. Creating ARM workflows in MSMP involves defining initiator, agent, and routing rules in BRF+ and mapping them as MSMP rules along with configuring global settings, paths, and route mapping.
ARM is a workflow engine in SAP GRC Access Control that automates user access provisioning by defining approval processes for access changes. It allows creating customized access request templates and configuring parameters like provisioning settings. MSMP is the new workflow engine that directs requests along approval routes using rules. Creating ARM workflows in MSMP involves defining initiator, agent, and routing rules in BRF+ and mapping them as MSMP rules along with configuring global settings, paths, and route mapping.
ARM is a workflow engine in SAP GRC Access Control that automates user access provisioning by defining approval processes for access changes. It allows creating customized access request templates and configuring parameters like provisioning settings. MSMP is the new workflow engine that directs requests along approval routes using rules. Creating ARM workflows in MSMP involves defining initiator, agent, and routing rules in BRF+ and mapping them as MSMP rules along with configuring global settings, paths, and route mapping.
Download as PPTX, PDF, TXT or read online from Scribd
Download as pptx, pdf, or txt
You are on page 1/ 23
SAP GRC Access Control- ARM
1 April 2018 TCS Confidential
Access Request Management ARM is a workflow engine focused on the user access management processes. It allows you to define an approval process for different types of user changes and automate the provisioning of these changes based upon the decision of the defined approvers.
2 1 April 2018 Access request template
3 1 April 2018 Access request template Management > Create and maintain customized template through tcode SCPR20 and also need to activate BC set GRAC_ACCESS_REQUEST_EUP
4 1 April 2018 Standard SAP roles for ARM configuration
5 1 April 2018 Access control configuration parameters
6 1 April 2018 Provisioning Settings
7 1 April 2018 MSMP workflow
• the new workflow engine used within GRC Access Controls 10.0 which is capable of directing requests down multiple approval routes simultaneously.
• used for the management of automated approval workflows for the purposes of access request
• works off a multitude of different rules to govern what should happen to the requests.
• All of these rules need to be defined up front before they can be assigned in to the configuration and used in the workflow processes.
8 1 April 2018 Maintain MSMP WF
9 1 April 2018 1. Process Global Settings
10 1 April 2018 1. Process Global Settings
11 1 April 2018 2. Maintain Rules
12 1 April 2018 2. Maintain Rules: Rule kinds
13 1 April 2018 2. Maintain Rules: Rule types
14 1 April 2018 2. Maintain Rules: Results for initiator and Routing Rues
15 1 April 2018 3. Maintain agents :
16 1 April 2018 4. Variables and Templates
17 1 April 2018 5. Maintain Paths
18 1 April 2018 6. Maintain Route Mapping
19 1 April 2018 7. Generate Versions
20 1 April 2018 General Steps to create ARM WF
Create Initiator Add the Initiator Create Agent Add Agent Rule Rule using BRF+ Rule in MSMP Rule using BRF+ in MSMP •SPRO - Access •MSMP Workflow •SPRO - Access •MSMP Workflow Control - Workflow Configuration - Control - Workflow Configuration - for Access Control - Maintain Initiator for Access Control - Maintain Agent Rule Define Workflow- Rule - Add Initiator Define Workflow- - Add Agent Rule Related MSMP Rule details - Add Related MSMP details - Add Rule Rules. Rule Result. Rules Result. •Create Initiator rule . •MSMP - Generate •Create Initiator rule. •MSMP - Generate •BRF plus- Function - Versions – Save. Versions – Save. •BRFplus - Function - Top Expression - Top Expression - Create Decision Create Decision Table --Table Table - Settings - Insert •Table Settings - Condition Column - •Insert Condition Insert Row and enter Column - Insert Row Condition Values. enter Condition Values.
21 1 April 2018 General Steps to create ARM WF contd.
Maintain New Create New Path
Agent • Add Stages & Maintain Global Activate Maintain Process Initiator • MSMP - Generate • Maintain Agents- as GRC API Rules Approvers for • MSMP - Global Versions - Save & under MSMP - each stage. Rules - assign Simulate. Maintain Agents. • MSMP - Generate Process Initiator • Activate. • MSMP - Generate Versions – Save. as the new Versions – Save. Initiator rule created.
22 1 April 2018 Process ID Rule Kind Rule Types Agent Types • SAP_GRAC_ACCESS_REQUEST • Initiator Rule • ABAP Program • Directly Mapped • SAP_GRAC_ACCESS_REQUEST • Agent Rule • ABAP Class Based Users _HR • Routing Rule Rule • PFCG Roles • SAP_GRAC_CONTROL_ASGN • Notification • BRFplus rule • PFCG User Groups • SAP_GRAC_CONTROL_MAINT Variables Rule • BRFplus Flat • GRC API • SAP_GRAC_FIREFIGHT_LOG_R rule/BRF+ Easy (Application EPORT Programming Interface) Rules • SAP_GRAC_FUNC_APPR • SAP_GRAC_RISK_APPR • SAP_GRAC_SOD_RISK_REVIEW • SAP_GRAC_USER_ACCESS_RE VIEW
