Authorization in GRC SYSTEM.
* SAP_GRAC_BASE is the base authorization role.
* SAP_GRAC_NWBC is for base authorization for launching NWBC.
* In GRC system, Access T-code - PFCG
role: SAP_GRAC*
Copy all standard SAP given roles in to customize name space --> then use them for operations.
* To view list of authorization objects of GRC --> SU24(T-code) --> Authorization objects tab --> Authorization objects --> GRAC*
Understanding Authorization Risks:
* Segregation of Duties(SOD) is a concept of separating "incompatible duties".
Example one person doesn't have all three duties.
1. Authorization = approving.
2.Safe keeping = holding the asset (or) Access to the asset.
3.Record keeping = keeping track of the asset /liability.