Here is the extracted text from the image:
GRC
Access control consists of 4 main parts.
1. Access risk analysis(ARA) - If there are any risks in SOD. This will find all the risks.
2. Access request management(ARM) - Provides access to the request access.
3. Business Role Management(BRM) - Provides roles based on risk analysis.
4. Emergency access management(EAM) - Provides emergency access to the user, to fix issue. in emergency situations.
SOD Analytical reports
* Users
* user groups
* Roles
* profile
similarly, we can check reports for,
* critical action
* critical permissions
* critical roles
* critical profile
* simulation to check risks, can be check in both adding and removing roles.
Work flow of ARA:
Identify and select risks to manage
Build and maintain rules
Detect authorization risk
Remediate and mitigate
Test and report
prevent
Work flow of Access Request Management:
HR event -> Request generated -> Manager approval -> Risk analysis -> Automated provisioning.
Emp hire or retired -> 100% automated -> via mail -> one click simulation -> 100% automated.
BRM -> Business role management:
Role definition and maintenance in a single location.
If we have many landscapes like ECC, BW etc., if you are using GRC then you can maintain all role definition in one single place.
During the role creation itself GRC will check SOD risks and mitigations.
EAM - Emergency Access Management:
Problem:
Support one user need additional authorization, then business user will ask basis team to get it. once after completing the activity. Basis team again need to revoke the access and audit logs need to maintain. For audit purposes.
Solution: firefighter. will give additional authorization in the controlled manager. saves time. as firefighter already configured.
2 types of firefighter: 1. role based and 2. user based.
Elevated access can be provided in to controlled environment. logs will generate.
1. Access risk analysis(ARA).
2. Access request management(ARM).
3. Business Role Management(BRM).
4. Emergency access management(EAM).
all 4 are integrated to each other.
No comments:
Post a Comment