Scribd Logo
Upload

Welcome to Scribd!

  • GRC Repository Tables

    Uploaded by

    kr_navin
    716 views5 pages
    GRC Repository Tables

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    GRC Repository Tables

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    716 views5 pages

    GRC Repository Tables

    Uploaded by

    kr_navin
    GRC Repository Tables

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    SAP GRC repository tables

    1.The details of the database tables involved in


    repository sync job.
    Purpose
    The Purpose of this document is to explain the logic behind the Repository sync job and to list the details of the tables
    involved in the plugin system and the GRC box.

    Overview
    Providing the details of the Plugin (Backend) and the GRC tables involved in the repository sync job.

    USR10

    : User master authorization profiles.

    USR11

    : User Master Texts for Profiles (USR10).

    GRACPROFILE

    : Master table

    GRACPROFILET

    : Language specific table.

    AGR_DEFINE

    AGR_TEXTS

    : File Structure for Hierarch

    AGR_AGRS

    : Composite role relation table.

    GRACRLCONN

    : Master Table

    GRACRLCONNT

    : Description Table

    GRACRLCOMPRL

    : Composite Role Table

    GRACROLEORG

    USR02: Master Table.

    GRACUSER

    : User table.

    GRACUSERCONN

    : Table to store connector specific user.

    : Master table.

    : Role org level relation table.

    GRAC_REPOSITORY_OBJECT_SYNC
    Repository sync jobs are used to sync the Users, Roles, and Profiles from the backend R/3 system to the GRC system.
    To schedule the repository sync job follow the below mentioned path

    SAP GRC repository tables

    SPRO -> IMG -> Governance, Risk and Compliance -> Access Control ->Synchronization Jobs -> Repository Object Sync.
    The Program GRAC_REPOSITORY_OBJECT_SYNC can also be used to run the repository object sync job from the ABAP
    Editor using Transaction SE38.
    By performing the synchronization, the user/roles/profiles from the back-end are updated to the front-end. The only data
    being brought over is the header information for these items.
    This does NOT bring over the actual authorizations assigned to each user/role/profile. This detail data is maintained only in
    the back-end. Performing Synchronization is to ensure the front-end database tables match completely the back-end
    connected systems.

    Types of Synchronizations
    There are two types of synchronization, Full and Incremental:
    1.

    Full synchronization

    2.

    Incremental synchronization

    1. Full Synchronization
    This is basically deleting everything in the front-end and replacing it with what is in the back-end of the Plugin system.

    2. Incremental Synchronization
    This uses various back-end SAP tables to identify users/role/profile changed from the time of the last sync until today's
    date. This includes users who have had authorizations changed. Only those items changed will be resynched into the frontend

    As part of the synchronization, any users/roles/profiles delete in the back-end will have all of the information
    deleted in the front-end, this includes their conflicts from the last batch risk analysis

    The repository sync job can be categorized into 3 different Jobs


    1.

    Profile Sync

    2.

    Role Sync

    3.

    User Sync

    Profile Sync

    SAP GRC repository tables

    The program GRAC_ROLEREP_PROFILE_SYNC is used to run the Profiles sync job.


    The Plugin and the GRC tables involved in the Profile Sync job is as follow.

    BACKEND(PLUGIN) TABLES

    USR10 : User master authorization profiles.

    USR11 : User Master Texts for Profiles (USR10).

    GRC TABLES

    GRACPROFILE : Master table

    GRACPROFILET : Language specific table.


    The Function module /GRRCPI/GRIA_PROFILE_GETLIST is used to fetch the data from the backend (Plugin) tables and
    update the GRC tables.
    The configuration parameter 1123 determines the amount of data that will be fetched in one go. The default value is set
    as 1000, can go up to 5000 without problem.

    Role Sync
    The Program GRAC_ROLEREP_ROLE_SYNC is used to run the Role sync job.
    NOTE: It is not recommended to run the role sync alone, first the profile sync should be run and only then the role
    sync should be run.
    Mentioned below is the list of the tables in the backend (Plugin system) & the GRC system.

    BACKEND TABLES (PLUGIN).

    AGR_DEFINE :Master table.

    AGR_TEXTS :File Structure for Hierarch

    AGR_AGRS

    :Composite role relation table.

    GRC TABLES

    GRACRLCONN

    : Master Table

    GRACRLCONNT

    : Description Table

    SAP GRC repository tables

    GRACRLCOMPRL

    : Composite Role Table

    GRACROLEORG

    : Role org level relation table.

    The Function module /GRCPI/GRIA_ROLE_GET_LIST is used to transfer the data from the Plugin tables the GRC table.
    The parameter 1122 defines the amount of data that will be fetched in go .

    User Sync
    The program GRAC_ROLEREP_USER_SYNC is used to run the user sync job from SE38.
    Mentioned Below is the list of tables involved in the Plugin and the GRC system.

    BACKEND TABLES
    USR02: Master Table

    GRC TABLES

    GRACUSER

    GRACUSERCONN : Table to store connector specific user.

    : User table.

    The Function module /GRCPI/GRIA_USR_GET_LIST is used to fetch the data from the backend tables and updates the
    GRC tables.
    Batch Parameter 1121 is used to determine the amount of data that will be fetched in one go .The default value of 1000.
    Note: It is not recommended to run the user sync alone. The user sync is dependent on the roles and profile.

    2. Mentioned below is the list of the tables that stores


    the relation between the user/Roles & user/Profile.

    USER PROFILE RELATION TABLE


    The following tables are used to store the relationship between the user and the profile.

    BACKEND TABLES

    USR04 : User master authorizations.

    GRC TABLES

    GARCUSERPROFILE : User Profile assignment table.

    SAP GRC repository tables

    USER ROLE RELATION TABLE


    The following tables are used to store the relationship between the user and the role.

    BACKEND TABLES

    AGR_USERS : Assignment of roles to users.

    GRC TABLES

    GRACUSERROLE : User Role Assignment Table

    You might also like