Remove the 06 value from the S_USER_AUT auth object to 
remove the delete authorization. It works.....

hi,

delete the 06 activity from s_user_grp, not from s_user_aut



regards
vijay

Run PFCG and then uncheck Delete(06 value) from s_user_aut.

To make the delete option not to work,go to pfcg->select 
role->change authorization->expand object class basis 
administration and delete 06 in all the activities which u 
come across in it,and then do user comparision and check 
again with su01.

Sec. Activity may vary company to company but some of the 
conman activities
1.SOD Check While providing new authorization.
2.To maintain sensitive T-Code list
3.Approval while providing new authorization
4.update the approval process and approval for all the 
process
5.Inturlnal company audit
6.Monthly report preparation
7.prepare SOD List
8.Licence update and Check
9.Prepare SOD and Exceptional list
10.Authorization change history
11.Rule book updating  ETC…………………

1.Complex Authorization object checking using SOD Conflict 
Change activity management.
2.Extensively interact with the functional teams in the 
process of creation of Role Matrices for all the modules.
3.To Create Change requests for Roles and transport the 
Change Requests from Development to Quality system and from 
Quality to Production system.

there are 4 components in GRC

Access Enforcer
Complaince Caliber
Role expert
Fire Fighter

In GRC we have these tools:
Access Enforcer
Complaince Caliber
Role expert
Fire Fighter

In VERAS Tool we have: VRAT and VFAT

What is GRC ?

Governance, Risk, and Compliance. 

 The goal of GRC is to help a company efficiently put 
policies and controls in place to address all its 
compliance obligations while at the same time gathering 
information that helps proactively run the business. 

This means Ethical Business Process should comply with 
Effective Process controls as per the related industry 
Business Process and accounting Process and Govt Policy .

This GRC process finally Can Conculded with respect to Govt 
Orgasnisations and Public Orgaanisation which are 
Registered in Local Stock Markets are accountable to have 
Effective Governance and Process Controls to Protect the  
Share holder rights and Prevent Organised Corporate Fruads 
and scams.

GRC Tools and IT applications

There are many GRC AUDIT tools in the Market  to Facilitate 
Internal and External Audit of the Companies .

What is SAP VIRSA Tool.

focused on 1) Access controls , 2) Process Controls.

It Has 4 Sections to Audit the system.

1. Compliance Caliberator
2. Role Expert 
3. Firefighter 
4. Access enforcer .

VIRSA systems is now takenover by SAP AG.

It has been aprt of Netwever and add on now .

Hi , 


i  am  kamal Taneja , and worked as a GRC consulant in HCL. 

well there are four components of virsa 

compliance  caliberator 
Access enforcer
role expert 
fire fighter.

but in the latest version like 5.3 it has come with 
different name.

Risk analysis and remediation(compliance  caliberator )
Super user privilage (Access enforcer)
enterprise role management (role expert )
super user privilage management(fire fighter.)

Thanks 
Kamal Taneja 
09311454142

Hi,

VIRSA                                 GRC

1.Compliance Caliberator  1.Risk Analysis & Remediation
2.Role Expert             2.Enterprise Role Management
3.Firefighter             3.Superuser Privilege Management
4.Access Enforcer         4.Complaint User Provisioning

Yes

VIRSA produced a number of tools, most commonly used was
Compliance Calibrator.
SAP acquired VIRSA and integrated their tools into it's GRC
suite of products which have a wider span than the VIRSA
products.

You can use the VIRSA tools in ECC6.  As the company no
longer sells these products it is an easy way to tell if a
candidate does not understand the GRC topic by them
referring to when they mean SAP GRC.

GRC as a subject has been hijacked by SAP's use of the term,
real GRC is much wider than a set of tools which can
automate part of the GRC process

What is GRC ?

Governance, Risk, and Compliance. 

 The goal of GRC is to help a company efficiently put 
policies and controls in place to address all its 
compliance obligations while at the same time gathering 
information that helps proactively run the business. 

This means Ethical Business Process should comply with 
Effective Process controls as per the related industry 
Business Process and accounting Process and Govt Policy .

This GRC process finally Can Conculded with respect to Govt 
Orgasnisations and Public Orgaanisation which are 
Registered in Local Stock Markets are accountable to have 
Effective Governance and Process Controls to Protect the  
Share holder rights and Prevent Organised Corporate Fruads 
and scams.

GRC Tools and IT applications

There are many GRC AUDIT tools in the Market  to Facilitate 
Internal and External Audit of the Companies .

What is SAP VIRSA Tool.

focused on 1) Access controls , 2) Process Controls.

It Has 4 Sections to Audit the system.

1. Compliance Caliberator
2. Role Expert 
3. Firefighter 
4. Access enforcer .

VIRSA systems is now takenover by SAP AG.

It has been aprt of Netwever and add on now .

Hi Prakash,


If you are very strong in Security you can apply for 
Security job for 2years..If you are not please dont 
experiment in new company it wil a big problem for you.

And for SOD and SOX is very Important topic. SOD 
Sagregation of Duty Analysis is fully automated tool which 
is used for auditing.

SOD and SOX is very huge topic. You cannot understand until 
you read relevant books and start practice

SOD and SOX are used for SAP Audit purposes in the company 
and Virsa tool is a 3rd party tool integrated with SAP,used 
for finding of the risks before applying the roles (new) to 
a user.

What is GRC ?

Governance, Risk, and Compliance. 

 The goal of GRC is to help a company efficiently put 
policies and controls in place to address all its 
compliance obligations while at the same time gathering 
information that helps proactively run the business. 

This means Ethical Business Process should comply with 
Effective Process controls as per the related industry 
Business Process and accounting Process and Govt Policy .

This GRC process finally Can Conculded with respect to Govt 
Orgasnisations and Public Orgaanisation which are 
Registered in Local Stock Markets are accountable to have 
Effective Governance and Process Controls to Protect the  
Share holder rights and Prevent Organised Corporate Fruads 
and scams.

GRC Tools and IT applications

There are many GRC AUDIT tools in the Market  to Facilitate 
Internal and External Audit of the Companies .

What is SAP VIRSA Tool.

focused on 1) Access controls , 2) Process Controls.

It Has 4 Sections to Audit the system.

1. Compliance Caliberator
2. Role Expert 
3. Firefighter 
4. Access enforcer .

VIRSA systems is now takenover by SAP AG.

It has been aprt of Netwever and add on now .

While creating user the security admin should get approval 
to create that user from the Project Manger. The 
particulars like lastname of the user, type of user, 
validity dates etc are required. Now u can create user.

first thing, u need to have access su01 transaction.
if the system in which we r creating user, is connected to 
CUA, then it is necessary to check if we can create user in 
child. while assigning roles, in role tab, progi,e for that 
role should be generated and user comparision should be done

While creating the user we have to know the following 
details:
1. System
2. Approval from linemanager
3. Type of user (Dialog or service etc.)
4. Roles to be assigned.
5. Validity of th user.

1. Manager Approval
2. System name in which user to be created.
3. User Last and First Name.
4. User group.
5. Validity date
6. Role with proper approval
7. User Type
8. Decimal notation.

The following fields are necessary for creating a a user.
1) System name along with the client number.
2) Last name.
3) E-mail address, so that password is sent to user after 
user is created.
4) Validity end date for contractors.
5) User group.
6) Roles(not mandatory. General role are provided by 
default if not mentioned)
7) Approvals from BSC and line manager is a must.

My answer is there are NO issues to create user in a SAP system.
It will be a different scenario if they ask what info do you
need to create a user in a SAP system. ;-)

The question is not properly framed in the first place.

Every Tcode has list of authorization objects which are 
maintained in roles. when a Tcode is executed that objects 
will refered in roles, if an object is not maintained in 
role then it is an authorisation error which can be seen 
through SU53 tcode. This list of maintianed auth. object 
of  Tcode can be checked through SU24.

SU25: A transaction that copies SAP defaults from USBOT & 
USOBX to USOBT_C and USOBX_C.

USOBT, is a table that consists of transactions and 
authorisation objects. It stores default values of 
authorisation from authorisation objects. 

USOBX, is a table that defines the necessary authorisation 
checks that needs to be performed within a transaction. 

Initially both tables USOBT and USOBX consists of default 
values. These two tables are then used for fill up of the 
customer tables USBOT_C and USOBT_X through the transaction 
SU25. 


SU24: A transaction that maintains the assignment of 
authorisation objects in the customer tables USOBT_C and 
USOBX_C.

every t code has list of authrization su24 maintanin check 
indicators and maintain templets
su25 checked  roles maintain dispalys transacation codes 
and customer tables file upgrade This list of maintianed 
auth. object of  Tcode

Hi,
SU24 deals with many factors for Object Class,when a role 
is created and a object class is being transferred it will 
proceed with Authorization as follows:
Changed,Maintained,Unmaintained,Manually.
1)Changed is when Auth is changed.
2)Maintained is when orgfields and Auth is Maintained.
3)UnMaintained is when when there is no Auth.
4)Manually is when we manually change Auth or Org Fields to 
0.
 

temp role is a default sap provided role...and a copy role 
is one we customize from a temp role...

Derived role:- Is a role which is derived from the parent role
   Parent role can be either a customised role r temp role

in derived role, all the transactions of parent role r 
copied but not the org structure and auth.
and we cant add more transactions in derived role.
in copy roles all the transactions with auth r copied

Copy Role is a copied role from existing role. In this type 
of Role all authorizatoins will be inherited from the 
existing role.
Derived Role is a role copied from existing role (Master 
role). In this type authorizations will not be inherited 
from the master role. Here we can maintain onlly 
Organizational values.

1.Derived roles refer to roles that already exist.  The 
derived roles inherit the menu structure and the functions 
included (transactions, reports, Web links, and so on) from 
the role referenced.

Copy Roles:
A Role copy from any existing Role, should be single, 
Derived or Composite Role.

Derived Roles :
A Role derived from another existing Role, Should be Single 
Role only.