coke sap grc access controls
DESCRIPTION
COKE SAP GRC Access ControlsTRANSCRIPT
COCA-COLA: Standardization and Optimization of SAP
Security Through the Use of SAP GRC Access Controls
Greg Capps – The Coca-Cola Company
Matthew Gantner - PwC
[
Real Experience. Real Advantage.
[
2
Learning Points
The existing environment: Where we were
The Coca-Cola Role Design: What we did
Integrating the new role design with GRC 10 Access Control:
To GRC 10 and beyond!
Real Experience. Real Advantage.
[
3
Return on Investment
How to identify actual transaction usage
Overview of different role concepts
GRC 10 Master Data Requirements and Configuration
Real Experience. Real Advantage.
[
4
Best Practices
Default Authorizations
Notify SAP
Test Transactions Stand Alone
Real Experience. Real Advantage.
[ The Existing Environment: Where we were
11 ABAP Landscapes (ECC (4-ERP, MDM, HR, Treasury), BW,
xAPPS, SRM, CRM, SCM, NFE, Sol Man, etc)
4 JAVA Landscapes (NWDI, Portal, MDM, etc)
50,000+ transactions assigned to roles
11,000+ roles
25,000+ users with multiple role assignments
5
Real Experience. Real Advantage.
[ Determining Scope for Role Design
Analysis of transactions used in production
Exported transactional usage from systems
Lesson Learned: Every transaction used is not in scope
Transactions executed few times by mistake
Users transitioned from old position to new position
Business Process Changes to use different transaction, but old
transactions never removed from existing roles
6
Real Experience. Real Advantage.
[ Role Design Decisions
Position Based Security
Shipping Clerk
A/P Processor
G/L Accountant
Business Process Based Security
Create/Maintain Vendor Master
Create/Maintain Inventory
Derived roles versus Organizational roles
7
Real Experience. Real Advantage.
[ The Business Decision
Activity based process roles : What Roles
Organizational authorization roles : Where Roles
8
Real Experience. Real Advantage.
[ How do you change 25000 users with limited risk?
Use Statistical data to identify transactions used
Test all transactions individually
Utilize business users to validate testing
Map users to new roles using statistical data
Coordinate with managers to review users assignments
9
Real Experience. Real Advantage.
[ GRC 10
10
Real Experience. Real Advantage.
[
11
Real Experience. Real Advantage.
[
12
Real Experience. Real Advantage.
[
13
Real Experience. Real Advantage.
[
14
Real Experience. Real Advantage.
[
15
Real Experience. Real Advantage.
[
16
Real Experience. Real Advantage.
[
17
Real Experience. Real Advantage.
[
18
Real Experience. Real Advantage.
[
19
Real Experience. Real Advantage.
[
20
Real Experience. Real Advantage.
[
21
Real Experience. Real Advantage.
[
22
Real Experience. Real Advantage.
[
23
Real Experience. Real Advantage.
[
24
Key Learnings
Testing every transaction individually to limit risk
Real Experience. Real Advantage.
[
25
[
] Thank you for participating.
SESSION CODE:
INSERT SESSION CODE
Please remember to complete and return your
evaluation form following this session.
For ongoing education on this area of focus, visit the
Year-Round Community page at www.asug.com/yrc