Post on 16-Apr-2015
description
transcript
© 2011 SAP AG
Applies to:
SAP® BusinessObjects™ Access Control 10.0
Summary
Access Control is an enterprise software application that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance. The application streamlines compliance processes, including access risk analysis and remediation, business role management, access request management, superuser maintenance, and periodic compliance certifications. It delivers immediate visibility of the current risk situation with real-time data. This guide explains the Segregation of Duties Review concept and the technical configuration to attain that functionality.
Authors: Harleen Kaur, SAP Customer Solution Adoption
Created on: August 10, 2011
Version: 1.6
Performing Segregation of Duties Reviews in Access Control 10.0
© 2011 SAP AG
Typographic Conventions
Type Style Description
Example Text Words or characters quoted
from the screen. These
include field names, screen
titles, pushbuttons labels,
menu names, menu paths,
and menu options.
Cross-references to other
documentation
Example text Emphasized words or
phrases in body text, graphic
titles, and table titles
Example text File and directory names and
their paths, messages,
names of variables and
parameters, source text, and
names of installation,
upgrade and database tools.
Example text User entry texts. These are
words or characters that you
enter in the system exactly as
they appear in the
documentation.
<Example
text>
Variable user entry. Angle
brackets indicate that you
replace these words and
characters with appropriate
entries to make entries in the
system.
EXAMPLE TEXT Keys on the keyboard, for
example, F2 or ENTER.
Icons
Icon Description
Caution
Note or Important
Example
Recommendation or Tip
© 2011 SAP AG
Table of Contents
1. Getting Started .................................................................................................................... 2
1.1 About this Guide ........................................................................................................... 2
1.2 Audience for this Guide ................................................................................................ 2
2. Introducing SoD Review ..................................................................................................... 3
2.1 Exploring the SoD Review Process ............................................................................. 3
2.2 Exploring Process Options ........................................................................................... 4
2.3 Understanding Workflow Stage Configuration ............................................................. 5
2.4 Exploring Roles in SoD Review Process ..................................................................... 6
3. Prerequisites ........................................................................................................................ 6
4. Configuration Settings for SoD Review ............................................................................ 7
4.1 Managing IMG Configuration Settings ......................................................................... 7
4.2 Managing Coordinators ................................................................................................ 8
4.3 Specifying the Service Level Agreement (Escalation) ............................................... 10
4.4 Generating Data for Requests ................................................................................... 10
4.5 Performing Request Review ...................................................................................... 14
4.6 Update Workflow Job ................................................................................................. 16
5. Workflow Configuration.................................................................................................... 18
6. Reviewing SoD Review Requests .................................................................................... 24
6.1 Managing SoD Review Requests .............................................................................. 24
6.2 Managing Rejections .................................................................................................. 26
7. Comments and Feedback ................................................................................................. 26
8. Copyright ........................................................................................................................... 27
GRC Access Control 10.0 Segregation of Duties Review
Page 2
© 2011 SAP AG
1. Getting Started
The Segregation of Duties Review (SoD Review) feature automates and documents the periodic
decentralized review of risk violations by business managers or risk owners.
In the SoD Review process, the system checks periodically for any risk and violations associated with
users and functions they are associated with.
This feature can be used during the initial “clean-up” of risk violations as well as a long-term strategy to
review and affirm previous mitigation assignments.
Requests are generated automatically based on the company’s internal control policy.
The SoD Review provides a workflow-based review and approval process.
1.1 About this Guide
In this how-to-guide, the configuration as well as the implementation of the SoD Review process is
illustrated in detail. This guide is a stand-alone document.
Note:
This guide provides business use cases as examples for how you can use SAP software for your company. These examples are intended to serve only as models and might not necessarily run the way they are described in your customer-specific landscape.
This guide discusses SoD Review for GRC Access Control 10.0. Any attempt to use this guide for other product versions is not supported.
For an overview of the Access Control 10.0 documentation, refer to the SAP BusinessObjects Access
Control 10.0 Master Guide on the SAP Service Marketplace at service.sap.com/instguides.
1.2 Audience for this Guide
This guide is intended for the following people involved in performing SoD Review:
Administrators
User Managers
Reviewers
Coordinators
GRC Access Control 10.0 Segregation of Duties Review
Page 3
© 2011 SAP AG
2. Introducing SoD Review
The key features of the SoD Review in Access Control (AC) 10.0 are:
Decentralized review of segregation of duties violations
Reaffirmation of mitigating control assignments
Workflow requests for Access Review and approval
Audit trail and reports for supporting internal and external audits
The key benefits of the SoD Review are:
A streamlined internal control process with collaboration among business managers, internal
control, and information technology teams
Improved efficiency and visibility of the internal control process
2.1 Exploring the SoD Review Process
The high-level process for SoD reviews is as follows:
1. The SoD background jobs generate SoD review requests. 2. The system sends e-mail notifications to reviewers. 3. The reviewer reviews the request and chooses from the following options:
a. Reject request items. b. Mitigate function risks by assigning controls. c. Remove access for items that violate your company policies.
There are other optional steps involved in the SoD Review process such as performing Admin Review
before sending requests to Reviewers. This guide explains all the steps in detail.
GRC Access Control 10.0 Segregation of Duties Review
Page 4
© 2011 SAP AG
2.2 Exploring Process Options
AC 10.0 offers multiple process options that determine the approvers of SoD Review requests. This
section describes the available process options.
Admin Review
You have the option to enable an Admin Review which provides administrators an opportunity to validate
request data after requests are generated (by the SoD Review Data job) but prior to generating workflow
tasks (by the SoD Review Update Workflow job).
If any Reviewer information is incorrect or missing, administrators can modify that data prior to generating
workflow tasks and notifications. The administrator can also delete requests as required.
Reviewer Stage
You can specify whether the Reviewer stage is addressed by a user’s manager or by the role owner, as
appropriate.
Security Stage
You can choose to include a security stage, if required.
GRC Access Control 10.0 Segregation of Duties Review
Page 5
© 2011 SAP AG
2.3 Understanding Workflow Stage Configuration
After deciding which stages to include in the SoD Review workflow, you need to determine the specific
behavior for each stage to reflect your review process. These behaviors include the following:
E-mail notification
Reminders
Escalation
Configuring E-mail Notification
You need to determine the content of e-mail notifications to be sent to the approvers at each stage. You
also need to determine the recipients, as well as the content of the notification header and the e-mail
body.
Setting Reminders
You need to decide whether to send reminders to Reviewers who have not completed their portion of the
request by the date specified in configuration. You can specify the interval of reminder notifications in
days, the reminder notification header, and body content.
Specifying Escalation
You need to specify whether to escalate SoD Review requests in the details associated with each stage.
Escalation is based on the time spent in a particular stage. If a Reviewer does not complete a review of a
request according to the date parameter defined in configuration, the request is escalated. Escalation of a
request appears in the audit trail of the request.
You also need to specify whether escalation automatically removes access that is not approved by a
certain date.
GRC Access Control 10.0 Segregation of Duties Review
Page 6
© 2011 SAP AG
2.4 Exploring Roles in SoD Review Process
SAP GRC 10.0 includes the following roles that can appear in SoD Requests:
Administrator – Administrators perform SoD Review-specific administration tasks such as performing an Admin Review before generating a workflow for the request.
Reviewer - Reviewers are approvers at the Reviewer stage. A Reviewer can be a User’s Manager or the Risk Owner.
User’s Manager – User’s Manager is the direct manager of a particular user, as defined in the User Details Data Source.
Risk Owner – Risk Owner is the owner specified in your Risk Analysis and Remediation (RAR) master data.
Coordinator – Coordinators are users assigned to one or more Reviewers. Coordinators monitor the SoD Review process and coordinate activities to ensure that the process is completed in a timely manner.
3. Prerequisites
Before running the SoD Review data job, ensure that the Batch Risk Analysis job is executed and
completed with the Management Report and that Risk Owners are assigned to risks.
Also make sure to run the following synchronization and action usage jobs as preconditions for
performing SoD Reviews in GRC 10.0. (It is recommended to run the jobs in the sequence they are listed
in the table below.)
Job Description
GRAC_ROLEREP_PROFILE_SYNC Synchronizes all profiles in the repository
GRAC_ROLEREP_ROLE_SYNC Synchronizes all roles in the repository
GRAC_ROLEREP_USER_SYNC Synchronizes all users, and roles used by these users
GRAC_BATCH_RISK_ANALYSIS Performs batch Risk Analysis
GRAC_ACTION_USAGE_SYNC Retrieves the action usage for users
GRAC_ROLE_USAGE_SYNC Retrieves the role usage
GRC Access Control 10.0 Segregation of Duties Review
Page 7
© 2011 SAP AG
4. Configuration Settings for SoD Review
This section discusses how to maintain the configuration settings related to SoD Review, and then
generate data for SoD Review.
4.1 Managing IMG Configuration Settings
Before creating a SoD Review Request, there are some configuration options that need to be
maintained in IMG.
1) Log on to the GRC 10.0 system using SAP GUI and execute transaction SPRO.
2) Select the SAP Reference IMG option and navigate to Governance, Risk and Compliance
Access Control Maintain Configuration Settings.
3) Choose Configuration Options for Risk Analysis.
4) Set the configuration parameter for the Enable Offline Risk Analysis option to YES.
5) Choose Configuration Options for SoD Review Request.
6) The configuration parameters for SoD Review request are explained below:
Field Possible Values Descriptions
Request Type Any request type Choose the Default Request Type for SoD.
Priority Any priority Choose the Default Priority for SoD.
Reviewers Risk Owner/Manager Select the role to perform the Review.
Admin Review Yes /NO
Choose whether to require an Administrator
Review before the request is forwarded to
Reviewer(s)
Admin Review provides an opportunity for the administrator to review the request data for completeness and consistency prior to sending the request(s) to Reviewers.
Removal of Roles Yes/No Whether actual removal of role is allowed.
GRC Access Control 10.0 Segregation of Duties Review
Page 8
© 2011 SAP AG
a. Request Type: This is the request type that will be associated with SoD Review workflow requests. Request types can be reference points for initializing a workflow and determining the actions to be performed.
b. Request Priority: You can set a priority for a request to determine how quickly a request is to be approved. The request priority is also one of the workflow request attributes.
c. Reviewers: This term refers to the approver at the Reviewer stage. For the SoD Review, the Reviewer may be the user’s Direct Manager or the Risk owner as maintained in the RAR master data.
d. Admin Review: This configuration option provides an opportunity for the administration to review the request data for completeness and consistency prior to sending the request to Reviewers.
If any manager or risk owner information is incorrect or missing, the administrator can modify the
data prior to generating workflow tasks and notifications. The administrator can also cancel the
requests.
An Admin can perform SoD Review-specific administrator tasks, such as cancelling SoD Review
requests and regenerating requests for rejected users.
If this Configuration Option is set to:
Yes: The administrator reviews the SoD Review requests prior to the generation of workflow
tasks. The administrator can change the Reviewer and approval roles or cancel any unwanted
SoD Review requests.
No: The administrator does not have an opportunity to Review SoD Review requests prior to
sending the workflow notifications to Reviewers.
If there are users with no manager identified in the User Detail Data Source and the Reviewer is
defined as the User’s Manager, then Admin Review is required. This allows the administrator to
maintain the missing data prior to sending workflow tasks to Reviewers.
e. Removal of Roles: In AC 10.0, Reviewers can actually remove a role if any risk is associated
with any transaction(s) given to user(s) due to some role.
4.2 Managing Coordinators
This section describes how to manage Coordinators for requests.
The procedure is as follows:
1. Log on to the frontend GRC Access Control 10.0 system. 2. Navigate to Access Management Compliance Certification Reviews Manage
Coordinators. The Manage Coordinators screen appears.
GRC Access Control 10.0 Segregation of Duties Review
Page 9
© 2011 SAP AG
3. To change a coordinator-to-reviewer mapping, choose the Open pushbutton. The Change Mapping screen appears.
4. Modify the settings, as required, and choose the Save pushbutton.
5. To delete a coordinator-to-reviewer mapping, select the mapping you want to delete, and choose the Delete pushbutton. A confirmation dialog box appears. Choose Yes.
6. To create a new coordinator-to-reviewer mapping, choose the Create pushbutton. The Create Mapping screen appears.
GRC Access Control 10.0 Segregation of Duties Review
Page 10
© 2011 SAP AG
7. In the Coordinator ID field, type or select the appropriate value. 8. In the Reviewer ID field, type or select the appropriate value. 9. Choose the Save pushbutton. 10. Choose the Close pushbutton. The mapping appears in the table on the Manage Coordinators
screen.
4.3 Specifying the Service Level Agreement
(Escalation)
You can define the service level agreement for SoD Review requests.
1. Log on to the backend GRC Access Control 10.0 system. 2. Enter transaction SPRO. 3. Choose the SAP Reference IMG pushbutton. 4. Navigate to Governance, Risk and Compliance Access Control User Provisioning
Maintain Service Level Agreements. The Service Level Agreement Overview screen appears. 5. Create a new Service Level Agreement using SAP_GRAC_SoD_RISK_REVIEW as the Process
ID.
4.4 Generating Data for Requests
This section describes how to generate data for SoD Review requests by creating a schedule using the
Background Scheduler.
1) Log on to AC 10.0 using the Net Weaver Business Client.
GRC Access Control 10.0 Segregation of Duties Review
Page 11
© 2011 SAP AG
2) Navigate to Access Management Scheduling Background Scheduler. The Access
Management Schedule screen will appear.
3) Choose Create to create a new SoD Review Request background job. The Schedule Details step
appears.
4) In the Schedule Name field, enter the name for the SoD Review job.
5) In the Schedule Activity field, select Generates data for access request SoD Review from the
dropdown list.
GRC Access Control 10.0 Segregation of Duties Review
Page 12
© 2011 SAP AG
6) In the Recurring Plan field, choose YES or NO for whether to schedule the job to recur.
7) If you select Yes, you need to specify the recurring date and time range, along with the frequency and
recurrence interval.
8) In the Start Immediately field, choose whether to start the job immediately. If you select Yes, the job will
start immediately.
If you select No, specify the date and time for the job to start in the Start Time field.
10) Choose the Next pushbutton. The Select Variant step appears.
GRC Access Control 10.0 Segregation of Duties Review
Page 13
© 2011 SAP AG
11) Here you can define the selection criteria for the background job by selecting a variant or entering the
criteria, and then saving it as a new variant.
12) Review the summary, and then select FINISH.
13) The scheduled job appears in the table with one of the following statuses:
Planning: The job is either currently working on the request or the job is scheduled to start at a later time.
Completed: The job has completed.
Terminated: The job was terminated by the administrator.
GRC Access Control 10.0 Segregation of Duties Review
Page 14
© 2011 SAP AG
Error: An error was detected with the job.
4.5 Performing Request Review
This step is only required if you have enabled the Admin Review option.
The administrator reviews the requests to ensure completeness and accuracy of the request information
prior to sending to Reviewers.
The procedure is as follows:
1) Go to Access Management Compliance Certification Review Request Review.
2) On the Request Review screen, search for the SoD Review requests by selecting the SoD Risk
Review Workflow and then review the data to confirm the Reviewer and Coordinator information
is accurate.
3) This is an intermediate stage (since YES was selected for the Admin Review) where all the
requests come for the Administrator to work on them prior to being generated.
4) On this screen you can enter information about the reviewer to the requests if not available.
GRC Access Control 10.0 Segregation of Duties Review
Page 15
© 2011 SAP AG
5) To enter Reviewer data, select the Request and choose the Change Reviewers pushbutton.
6) Select Reviewers and Coordinators from the list.
7) An Administrator can also cancel the request if SoD Reviews are not required or if there is
incorrect data.
GRC Access Control 10.0 Segregation of Duties Review
Page 16
© 2011 SAP AG
4.6 Update Workflow Job
This step is only required if you have enabled Admin Review and the Admin Review has been completed.
Execute the SoD Review Update Workflow Job to push the workflow tasks to the Reviewers.
The steps required to schedule the update workflow job are as follows:
1) Go to Access Management SchedulingBackground Scheduler.
2) Click Background scheduler.
3) The Schedule-Access Management Screen will appear.
4) Choose Create to create a new request for Update Workflow.
5) The Create Schedule screen will appear.
6) Enter Schedule Name.
7) Select Schedule Activity from the dropdown list. For SoD Requests, select Update Workflow
for SoD Request.
8) Choose Finish.
9) Go to Request Review, and check the status of the request if it has been completed.
10) After completing all of the above mentioned steps, the request(s) will now come to the Reviewer’s
Work Inbox (or Outlook) to work on it.
GRC Access Control 10.0 Segregation of Duties Review
Page 17
© 2011 SAP AG
To open or work on an SoD Request:
• In the Reviewer’s Work Inbox, select the request you want to open by clicking on the selected
request.
• You will see an SoD Review Screen with the Request Number that you selected.
• Since YES was selected for Actual removal of Roles during the configuration process, the
ACTUAL REMOVAL pushbutton appears on the screen.
• If NO was selected, then the PROPOSE REMOVAL pushbutton appears instead.
• By selecting Risk and then choosing the Actual Removal pushbutton, you can remove the actual
role associated with this Risk.
GRC Access Control 10.0 Segregation of Duties Review
Page 18
© 2011 SAP AG
• By choosing the Propose Removal pushbutton you can only propose the removal, no actual
removal is done on any roles.
• Choose Submit to complete the Review process.
5. Workflow Configuration
This section describes the workflow configurations required for the SoD Review access request
approval process.
Steps to manage the workflow for the SoD ReviewRequest:
1) Click SAP Reference IMG button.
2) Go to Governance, Risk and Compliance Access Control Workflow for Access
Control Maintain MSMP Workflows.
3) The MSMP Workflow Configuration screen will appear.
4) Select SAP_GRAC_SOD_RISK_REVIEW.
When you start this activity, a configuration screen appears displaying seven steps to take in the
order shown.
5) Select DISPLAY/CHANGE to change any fields on this screen.
6) Select the Enable Escalation check box to enable the escalation.
7) Enter an Escalation Date.
8) In the Escape Conditions section, maintain the Escape Routing, Escape Path, and Escape Stage.
GRC Access Control 10.0 Segregation of Duties Review
Page 19
© 2011 SAP AG
9) When done, choose NEXT to continue to the MAINTAIN RULES screen.
10) In this screen, you can maintain rules for your request. You can configure Function Module rules,
BRF plus rules, ABAP class-based rules, and BRF plus flat rules.
11) The rules can be one of the following types:
Initiator Rule: To check which path your request will take
Routing Rule: To direct your request to take a detour
Agent Rule: To check for agents (Reviewers) for the request in a particular stage
Notification Rule: Used for notification purposes only
GRC Access Control 10.0 Segregation of Duties Review
Page 20
© 2011 SAP AG
12) Select the NEXT pushbutton and the MAINTAIN AGENTS screen appears. You can define
agents for workflow stages, either for notification or approval.
13) The possible agent types are:
Directly Mapped Users A group of users created within the workflow configuration PFCG Roles All users who have specified PFCG role assignments PFCG User Group All users who are part of the specified PFCG group GRC API Rules All users returned by the configured rule for agents
GRC Access Control 10.0 Segregation of Duties Review
Page 21
© 2011 SAP AG
14) Once the agents are maintained, choose the NEXT pushbutton to maintain the VARIABLES AND
TEMPLATES.
15) In this screen, you can maintain custom notification templates as well as their variables and
reminders.
16) Choose the NEXT pushbutton to go to the MAINTAIN PATHS screen. a. In this screen, you can maintain workflow approval paths and their stages. All stages for
a selected path are shown in the Maintain Stages table.
GRC Access Control 10.0 Segregation of Duties Review
Page 22
© 2011 SAP AG
b. Select a path and choose the ADD or MODIFY pushbuttons to define the path stages. c. In the Maintain Stages table, choose the MODIFY TASK SETTINGS pushbutton to
change the stage settings.
i. In the Approval Type column, select All Approvers or Any One Approver from the dropdown list. This determines if all approvers or any one approver is required to approve the stage.
ii. If you choose Yes for Escalation, specify the escalation setting by entering the idle time in minutes. Idle time is the amount of time by which, if the stage is not approved or rejected, the task is either sent to the specified agent or the workflow moves to the next stage.
15) Choose the NEXT pushbutton to go to the Maintain Route Mappping screen. In this step you can maintain route mappings between the initiator rules result and the actual path for the result.
GRC Access Control 10.0 Segregation of Duties Review
Page 23
© 2011 SAP AG
16) Choose the NEXT pushbutton to go to the GENERATE VERSIONS screen.
In this step you can save, simulate, and generate new versions from the changed workflow for the SoD Review process.
Choose SAVE, to only save a configuration without generating a new version or without simulating validation of changes made to the configuration.
Choose SAVE/SIMULATE to save a configuration and to simulate changes to a configuration. In this case, the application displays all entities modified since the previous version was generated.
Choose ACTIVATE to activate the new version of a configuration for a selected process. After taking this step, any new workflow instances of the process will use the newly generated version.
17) Changes to the Workflow will not be reflected in any requests generated prior to the change. Only those requests generated after the changes will reflect the changes.
GRC Access Control 10.0 Segregation of Duties Review
Page 24
© 2011 SAP AG
6. Reviewing SoD Review Requests
After you update the request workflow, the request follows the workflow path and is routed to the
appropriate reviewer.
6.1 Managing SoD Review Requests
After a request is generated, it is sent to the reviewer’s Work Inbox and can be accessed by performing
the following steps:
1. Log on to the frontend GRC Access Control 10.0 system.
2. Navigate to My Home Work Inbox Work Inbox and select the request for which action is required.
GRC Access Control 10.0 Segregation of Duties Review
Page 25
© 2011 SAP AG
3. You can also display requests by using the Search Request quick link.
Alternatively, navigate to Access Management Access Request Administration Search
Requests.
GRC Access Control 10.0 Segregation of Duties Review
Page 26
© 2011 SAP AG
6.2 Managing Rejections
The line items that are rejected by an approver can be accessed and reworked from the Managing
Rejections screen. The procedure is as follows:
1. Log on to the frontend GRC Access Control 10.0 system.
2. Navigate to Access Management Compliance Certification Reviews Manage Rejections. The Manage Rejections screen appears.
3. Specify the search criteria and choose the Search pushbutton. The rejected users appear in the Result table.
4. Select the corresponding rejection and choose the Generate Requests pushbutton.
5. This marks the request for inclusion in a new SoD Review request when the SoD Review Process Rejected background job is executed.
7. Comments and Feedback
Your feedback is very valuable and will enable us to improve our documents. Please take a few moments
to complete our feedback form. Any information you submit will be kept confidential.
You can access the feedback form at:
http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d
GRC Access Control 10.0 Segregation of Duties Review
Page 27
© 2011 SAP AG
8. Copyright
© 2011 SAP AG. All rights reserved.
No part of this publication may be reproduced or transmitted in any form or for any purpose without the
express permission of SAP AG. The information contained herein may be changed without prior notice.
Some software products marketed by SAP AG and its distributors contain proprietary software
components of other software vendors.
Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.
IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z,
System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390,
OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+,
POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System
Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA,
AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks
of IBM Corporation.
Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.
Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks
of Adobe Systems Incorporated in the United States and/or other countries.
Oracle is a registered trademark of Oracle Corporation.
UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.
Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or
registered trademarks of Citrix Systems, Inc.
HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web
Consortium, Massachusetts Institute of Technology.
Java is a registered trademark of Sun Microsystems, Inc.
JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology
invented and implemented by Netscape.
SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork,
and other SAP products and services mentioned herein as well as their respective logos are trademarks
or registered trademarks of SAP AG in Germany and other countries.
Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions,
Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well
as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd.
Business Objects is an SAP company.
Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and
services mentioned herein as well as their respective logos are trademarks or registered trademarks of
Sybase, Inc. Sybase is an SAP company.
All other product and service names mentioned are the trademarks of their respective companies. Data
contained in this document serves informational purposes only. National product specifications may vary.
These materials are subject to change without notice. These materials are provided by SAP AG and its
affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of
any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only
warranties for SAP Group products and services are those that are set forth in the express warranty
GRC Access Control 10.0 Segregation of Duties Review
Page 28
© 2011 SAP AG
statements accompanying such products and services, if any. Nothing herein should be construed as
constituting an additional warranty.