Sunday, 16 November 2025
Wednesday, 8 October 2025
#4 GRC phases - Managing Risk by SOD
3 Phases:
1.Risk Recognition:
we will open each and every role.
identify risks in each role.
identify risks in each role.
Discuss with business team
👇
we will Remediation or Mitigation discussion.
2.Rule building & Validation:
we will Remediation or Mitigation discussion.
2.Rule building & Validation:
1. Validates the risks in the role.
2.customize role.
3.test
3.Analysis:
1.check in case we need to do any modifications or not.
2.Ensure Phase1( Risk Recognition & Rule buildings validation) is correct as per the business needs or not.
2.Ensure Phase1( Risk Recognition & Rule buildings validation) is correct as per the business needs or not.
eg: Providing access to room 4,7.
4.Remediation:
Remove risk
eg: Swipe in & Swipe out in office to avoid risk of unauthorized people entering in to office.
eg: Swipe in & Swipe out in office to avoid risk of unauthorized people entering in to office.
5.Mitigation:
Compensation control.
6.Continuous Compliance:
- Monitoring the present configuration.
- Adopt for the changes as per the business.
- Alert Mechanism.
- Monitoring the mitigation control.
-----------------------------------------------------------------------------------------------------------------------------
#5 GRC -ROLES
1. Mitigation: Always need to monitoring.
if there is mitigation, Then we need to monitor continuously.
if there is mitigation, Then we need to monitor continuously.
2. Risk --> High, Medium, Low
3.Some companies have zero risks in their business.but, if user want access again. Then user should raise exception requests.
why user need exception access & business requirements.
why user need exception access & business requirements.
In the below screen, we can see the sample page for function id, business process,Risk id. integration.
From the below screen, Multiple action / permissions combined toghether Function.
Multiple functions combined toghether Risk.
Multiple risks combined toghether as Business process.
Multiple business process will be assigned to one single rule set.
* SOD is complex in company code environment.
3.Analysis:
Analysis to identify risk:( best way)
object --> Fields --> Values --> Single role --> Composite role --> User.
In the below, Mitigation phase. we have 2 types of mitigation controls.
1.preventive control and
2.detective control.
* Need to monitor logs in detective conntrol mitigation. * Sometime mitigation of risk. may be taking insurence.
1.preventive control and
2.detective control.
* Need to monitor logs in detective conntrol mitigation. * Sometime mitigation of risk. may be taking insurence.
6.Continous monitoring with respect to new users creation.
Manually.
or
Configuring automatic alert mechanism.
or
Configuring automatic alert mechanism.
--------------------------------------------------xxx-----------------------------------------xxx-------------------------
Sunday, 21 September 2025
Active and configure audit in SAP HANA
Auditing: To Track the record of changes in roles of SAP HANA database.
why do we need to setup auditing:
1. Accountability - User are responsibile for the actions they do.
2.Discourage unauthorized access.
3.Monitoring any suspicious activities.
4.To find the source of breach.
To configure Audits in SAP HANA:
* Need AUDIT ADMIN - system privilege is required.
1. Select the target system, where we need to configure Aduit policy --> 1.expand -->2.Security --> 3.Security as highlighted below.
2.Choose the Auditing table as shown below.
Result of audit logs can be seen by queries in SYS.Audit
Subscribe to:
Comments (Atom)