whts the differents between SoX ,SoD??????wht kind of work
Sox do as wel .....SoD do?
whts is virsa??????? and VRAT,,,,VFAT,, how it workin
security.
- 3 Answers
- 13154 Views
- IBM, I also Faced
- E-Mail Answers
Answers were Sorted based on User's Feedback
Answer / aichik_am
SoX - refer to Sarbanes OXley act in the earlier 2000+-.
Where it impact all US companies either they operated in US
or outside (on other countries). Some people think this act
is significant, after fall down of big companies such as
Enron etc..
SoD - refer to Segregation of Duties. Basically one person
cannot have access to the whole process. The task need to be
segregated so that there is check and balance.
VIRSA - is one of third party tools used to check for SoX
compliance in a company. Other then this, there are also
other product such as APPROVA and SecurInfo. Nowadays VIRSA
have been brougt by SAP, and rebrand it as GRC (Governance,
Risk and Control).
| Is This Answer Correct ? | 8 Yes | 0 No |
Answer / ranjeet kumar
Segaration of duty, as a security principle, has as its
primary objective the prevention of fraud and errors. This
objective is achieved by disseminating the tasks and
associated privileges for a specific business process among
multiple users. This principle is demonstrated in the
traditional example of separation of duty found in the
requirement of two signatures on a cheque.With the concept
of SoD, business critical duties can be categorized into
four types of functions: authorization, custody, record
keeping, and reconciliation.
| Is This Answer Correct ? | 3 Yes | 0 No |
SOX is nothing but Sarbanes OXley act,is developed by the famous auditors Sarbens and Oxley.They developed this law to control the irregularities in the company.Long ago an American company named Enron cheated the customers and share holders and leads to the crisis in the Nation.Then SOX law came into the picture.
SOD refers to "Segregation Of Duties".SOD designed with the concept of separating any sensitive action among the people.Due to this no one can get the full command over the task, so it helps to minimize the irregularities in the company.
Virsa is a third party tool brought by SAP which is useful in finding the SODs.
/n/virsa/zVRAT is the transaction that helpful in finding the violations in virsa.
/n/virsa/VFAT is the transaction for the assigning or mapping the fire fighter id to the user.
| Is This Answer Correct ? | 2 Yes | 1 No |
How can I find List of users in system who dont have any role assigned (Role Tab Blank) but created in system ?
what is the difference between su25 & su24 , when we can make the authorization checks in su25 then what is the use of su24
1) Explain different type of Users? Explain specifically Service User? 2) Difference between System and Communication User?Explain in Context of Profile Parameter? 3) There are 5 systems say BI, SOLMAN, CRM, PI, SRM etc etc. Which system will act as a satellite system in CUA and Why? HOw CUa system works? 4) State different types of Transactions & Tables in Strutural Authorization Profile in HR Security? 5) What is L0 , L1 , L2 , L3 , L4 code called in HR Security? 6) What fields are required to create Strutural Authorization Profile in HR Security? State significance of Evaluation Path? 7) What is Structural Authorization Profile in HR Security? When required Role has already been assigned to User then why Structural Authorization Profile is required by user? 8) How are structural Authorization Profile are created? 9) Important Authorization Object in HR Security? 10) Fields in P_ORGIN A.O? 11) Important infotypes and What is PA? 12) How access is provided for tables to user? Significance of Authorization Group in TDDAT table? 13) Difference between SU22 and SU24? 14) Explain Authorization Structure? 15) Which table stores the Authorization Object of a User? 16) What we do to keep Roles consistent in DEV QAS and PRD? 17) A User has create and display access? Will he have access to change as well? 18) How User can have access to view salary slip of other employees(HR Security)?Explain in detail. 19) In HR security does we add Employee ID anywhere in Roles? 20) Any issue you have faced while Transport? 21) Have you faced any issue in Upgrade? Expalain how to compare Roles from older version of SAP to new version of SAP? 22) Any typical issue you have resolved in HR Security?
under description ; in creating a role what should be written over there ....what does ur company follows ??
Provides online GRC10 online training,covers configuration & suuport activities on all the four components. ARA,ARM,EAM,BRM. SAP Securty covers--R3 Security,BW BI Security,HR Security,SRM Security,CRM Security Practicals on each component in GRC Provides documentation and notes on each component supports resume preparation and certification For more details contact 8499995600.
can you please send me SAP Security upgrade documents and guide for CRM 5 and CRM 7 and what are the differeces between crm 5 AND crm 7 according to sap security point of view.
what is use of copy data in derived role and when we use this one ???
what is diff b/w su01 and su10?
difference between BRF flat rule in BRF flat rule lineitem by lineitem.
Can any one tell me briefly , what is the roles and responsibilities of SAP BASIS Security Administrator..
What does below stand for? SAP ERP ECC ABAP BASIS
What is audit information system?
-
SAP Basis (1262) - SAP ABAP (3939)
- SAPScript (236)
- SAP SD (Sales & Distribution) (2716)
- SAP MM (Material Management) (911)
- SAP QM (Quality Management) (99)
- SAP PP (Production Planning) (523)
- SAP PM (Plant Maintenance) (252)
- SAP PS (Project Systems) (138)
- SAP FI-CO (Financial Accounting & Controlling) (2766)
- SAP HR (Human Resource Management) (1180)
- SAP CRM (Customer Relationship Management) (432)
- SAP SRM (Supplier Relationship Management) (132)
- SAP APO (Advanced Planner Optimizer) (92)
- SAP BW (Business Warehouse) (896)
- SAP Business Workflow (72)
- SAP Security (597)
- SAP Interfaces (74)
- SAP Netweaver (282)
- SAP ALE IDocs (163)
- SAP Business One (110)
- SAP BO BOBJ (Business Objects) (388)
- SAP CPS (Central Process Scheduling) (14)
- SAP GTS (Global Trade Services) (21)
- SAP Hybris (132)
- SAP HANA (700)
- SAP PI (Process Integration) (113)
- SAP PO (Process Orchestration) (25)
- SAP BI (Business Intelligence) (174)
- SAP BPC (Business Planning and Consolidation) (38)
- SAP BODS (Business Objects Data Services) (49)
- SAP BODI (Business Objects Data Integrator) (26)
- SAP Ariba (9)
- SAP Fiori (45)
- SAP EWM (Extended Warehouse Management) (58)
- Sap R/3 (150)
- SAP FSCM Financial Supply Chain Management (101)
- SAP WM (Warehouse Management) (31)
- SAP GRC (Governance Risk and Compliance) (64)
- SAP MDM (Master Data Management) (0)
- SAP MRS (Multi Resource Scheduling) (0)
- SAP ESS MSS (Employee Manager Self Service) (13)
- SAP CS (Customer Service) (0)
- SAP TRM (Treasury and Risk Management) (0)
- SAP Web Dynpro ABAP (198)
- SAP IBP (Integrated Business Planning) (0)
- SAP OO-ABAP (Object Oriented ABAP) (70)
- SAP S/4 HANA Finance (Simple Finance) (143)
- SAP FS-CD (Collections and Disbursements) (0)
- SAP PLM (Product Lifecycle Management) (0)
- SAP SuccessFactors (33)
- SAP Vistex (0)
- SAP ISR (IS Retail) (28)
- SAP IdM (Identity Management) (0)
- SAP IM (Investment Management) (0)
- SAP UI5 (59)
- SAP SCM (Supply Chain Management) (51)
- SAP XI (Exchange Infrastructure) (49)
- SAP Cloud Platform (34)
- SAP Testing (89)
- SAP SolMan (Solution Manager) (63)
- SAP MaxDB (116)
- SAP GUI (15)
- SAP AllOther (329)
