SAP GRC Access Control 5.3 Sp9 Data Mart - Sample Reports

SAP Labs, LLCOctober 2009Copyright 2009 SAP AG

SAP BUSINESSOBJECTSACCESS CONTROL 5.3 SP09DATA MART – SAMPLE REPORTSSUPPLEMENTAL DOCUMENTATION

2

Reporting Specification Supplemental Documentation© 2009 SAP AG

The following table provides an overview of the most important changes in the latest versions.

This guide is regularly updated on SAP Service Marketplace at http://service.sap.com/instguides- > SAP BusinessObjects -> SAP BusinessObjects Governance, Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3

Name Date Reason For Changes VersionGovernance, Risk, and ComplianceSAP BusinessObjects Division October 2009 This is the initial release of Reporting

Specification Supplemental Documentation 1.0

September 2010 Text changed in section 4.5 1.1

REVISION HISTORY

http://service.sap.com/instguides-

3


Typographic Conventions

Type Style Description

Example Text Words or characters quoted fromthe screen. These include fieldnames, screen titles, pushbuttonslabels, menu names, menu paths,and menu options.

Cross-references to otherdocumentation

Example text Emphasized words or phrases inbody text, graphic titles, and tabletitles

Example text File and directory names and theirpaths, messages, names ofvariables and parameters, sourcetext, and names of installation,upgrade and database tools.

Example text User entry texts. These are wordsor characters that you enter in thesystem exactly as they appear inthe documentation.

<Example text> Variable user entry. Anglebrackets indicate that you replacethese words and characters withappropriate entries to makeentries in the system.

EXAMPLE TEXT Keys on the keyboard, forexample, F2 or ENTER.

Icons

Icon Description

Caution

Note or Important

i Example

Recommendation or Tip

4


Table of Contents1 INTRODUCTION .............................................................................................................................................. 5

1.1 PURPOSE .......................................................................................................................................... 51.2 FUNCTIONALITY .................................................................................................................................. 61.3 ASSUMPTIONS .................................................................................................................................... 61.4 REQUIREMENTS .................................................................................................................................. 61.5 IMPORTANT SAP NOTES ..................................................................................................................... 71.6 RELATED DOCUMENTATION ................................................................................................................. 8

2 REPORT OVERVIEW ....................................................................................................................................... 92.1 DATABASE CONNECTIVITY ................................................................................................................... 92.2 CREATING A NEW DATA SOURCE LOCATION ........................................................................................ 132.3 UPDATING CURRENT DATA SOURCE LOCATION .................................................................................... 15

3 CUP SAMPLE REPORT SUMMARY .............................................................................................................. 163.1 APPROVER DELEGATION ................................................................................................................... 16

Main Report ....................................................................................................................................... 163.2 LISTS REQUEST WITH THE SAME REQUESTOR AND APPROVER .............................................................. 17

Main Report ....................................................................................................................................... 173.3 SEARCH APPROVERS ........................................................................................................................ 18

Main Report ....................................................................................................................................... 18Sub-Report - Custom Approver Determinator Details ........................................................................... 18

3.4 SEARCH REQUEST ............................................................................................................................ 20Main Report ....................................................................................................................................... 20Sub-Report - Approver Status ............................................................................................................. 21

3.5 SOD REVIEW HISTORY ..................................................................................................................... 22Main Report ....................................................................................................................................... 22Sub-Report - Risk and Function Details ............................................................................................... 23

3.6 USER ACCESS REVIEW RECONCILIATION............................................................................................. 24Main Report ....................................................................................................................................... 24Sub-Report - Role Details ................................................................................................................... 25

3.7 USER ACCESS REVIEW HISTORY ........................................................................................................ 26Main Report ....................................................................................................................................... 26Sub-Report - Role Details ................................................................................................................... 27

3.8 USER REVIEW STATUS ...................................................................................................................... 28Main Report ....................................................................................................................................... 28

4 RAR SAMPLE REPORT SUMMARY .............................................................................................................. 304.1 ACCESS RULE DETAILS ..................................................................................................................... 30

Main Report ....................................................................................................................................... 30Sub-Report - Mitigated Risk Details ..................................................................................................... 31

4.2 ACCESS RULE SUMMARY................................................................................................................... 33Main Report ....................................................................................................................................... 33Sub-Report - Function Details ............................................................................................................. 34

4.3 MITIGATING CONTROL ....................................................................................................................... 35Main Report ....................................................................................................................................... 35Sub-Report - Mitigated Control Details ................................................................................................ 36Sub-Report - Mitigated Risk Details ..................................................................................................... 36

4.4 MITIGATED USER .............................................................................................................................. 38Main Report ....................................................................................................................................... 38Sub-Report - Mitigated Control Details ................................................................................................ 39Sub-Report - Mitigated Risk Details ..................................................................................................... 40

4.5 USER RISK VIOLATION DETAILS .......................................................................................................... 41Main Report ....................................................................................................................................... 41Sub-Report – Risk Details ................................................................................................................... 42Sub-Report – Function Details ............................................................................................................ 43Sub-Report – Control Details .............................................................................................................. 43

5


1.1 PurposeIn addition to standard reports, SAP BusinessObjects Access Control 5.3 SP9 provides two additional reporting options:SAP BI Integration and Custom Report Enablement through the data mart.

Customers can choose their reporting option based on their requirements.

BI Integration (Introduced in 5.3) Custom Report Enablement (5.3 SP9)

Best used for analytical reporting:

Trending information over time

Data analysis and data mining

Best used for operational reporting:

Provides snapshot of latest information

For quick custom reports

Integrates with SAP BI Enables integration with any reporting tool

Entities available for reporting:

Risk violations

Mitigating controls

Rule Architect

CUP Request information

Alerts

Entities available for reporting:

Risk violations

Mitigating controls

Rule Architect


Approver and approver delegation

The purpose of this document is to provide an overview of the sample Crystal reports and how to connect data mart withyour Crystal Reports for custom reporting.

It provides detailed documentation on how to setup the database connections for the crystal reports and goes into thedetails regarding the reporting fields, elements and formulas used in each of the sample report.

Customers who have Crystal Reports can take these sample reports as the starting point and modify for your ownrequirements.

These sample reports are examples only; the sample reports are guidelines for creating your own reports within AccessControl Data Mart.

1 INTRODUCTION

6


1.2 FunctionalityA new reporting data mart has been introduced by GRC Access Control 5.3 SP9, which enables custom reporting on RiskAnalysis and Remediation and Compliant User Provisioning data.

The data mart extracts the relevant data from the RAR and CUP and converts the data for reporting purposes.

The data mart is non-historical.

Data mart schema is published, which enables customers to integrate with any reporting tools.

Sample reports based on Crystal Reports are provided on SDN for reference.

The sample reports provided in this document use Crystal Reports 2008 standalone; you can use Crystal Reports 2008standalone or with Business Objects Enterprise and Crystal Reports 2008. Please see the Crystal Reports 2008:Supported Platforms documentation located in the SAP Marketplace for the correct versions.

The available data in Data Mart allows for reporting on the following areas:

Risk violations

Mitigating controls

Rule Architect


Approver and approver delegation

1.3 Assumptions

Your system is installed with Crystal Reports 2008 or higher.

1.4 RequirementsThe requirement for accessing and using these sample reports depends on your environment: standalone environment orEnterprise environment.

Standalone Environment – is only supported on Crystal Reports 2008 SP1 or higher.

Enterprise Environment – is supported using Crystal Reports 2008 SP1 or higher on BusinessObjects Edge BI 3.1,and on BusinessObjects Enterprise XI 3.1.

Crystal Reports 2008 supports standalone environments and supports workflows with BusinessObjects Enterprise XI 3.0,BusinessObjects Edge Series XI 3.0, and Crystal Reports Server 2008.

If you are running BusinessObjects Enterprise XI 3.1, download and install Crystal Reports 2008 Service Pack 1.

7


1.5 Important SAP NotesThe ODBC connection is not the only data source connection used for these samples reports. For more informationabout other data source connections, see the latest Access Control 5.3 installation guide available at ServiceMarketplace at http://service.sap.com/instguides.

Crystal LicenseCustomers need to have or acquire their own Crystal license.

Managing report content

Obtain sample Crystal reports through SAP's Software Developer Network (SDN). Customers can begin withsamples and modify as needed or create their own Crystal reports.

Using Access Control, customers can develop and deploy Access Control report content (.rpt) files.

Customers are responsible for their own report management, including versioning and translation.

For information on pre-requisites and deployment of data mart features, please refer to SAP Note 1369045before you start the installation. These notes also contain updates and correction to the installationdocumentation; for more information about Data Mart see the latest Access Control 5.3 Data Mart DesignDescription guide available at Service Marketplace at http://service.sap.com/support -> Help & Support ->Search for SAP Notes.

For more information, see the SAP BusinessObjects GRC Access Control 5.3 Master Guide on ServiceMarketplace at http://service.sap.com/instguides -> SAP BusinessObjects -> SAP BusinessObjects Governance,Risk, Compliance (GRC) -> Access Control -> SAP GRC Access Control 5.3.

http://service.sap.com/instguides.

http://service.sap.com/support

http://service.sap.com/instguides

8


1.6 Related DocumentationSAP Business Objects provides the following related documentation in PDF format. To access installation and productguides, go to http://help.sap.com . Select 'SAP Business Objects' in the top of the navigation bar, or go tohttp://help.sap.com/businessobjects/.

Crystal Reports 2008: Supported Platforms — this document lists the specific platforms and configuration for CrystalReports 2008.

BusinessObjects Enterprise Administrator's Guide — this help provides you with information and procedures fordeploying and configuring your BusinessObjects Enterprise system.

BusinessObjects Enterprise Installation and Configuration Guide for Windows — this documentation providesinformation, procedures, and options for installing, removing, and repairing BusinessObjects Enterprise, client tools,and language packs.

SAP GRC provides additional documentation on the Access Control in PDF format on SAP Service Marketplace athttp://service.sap.com and SAP Help Portal at http://help.sap.com.

Title LocationAccess Control Data mart 5.3 http://service.sap.com/instguidesConfiguration Guide http://service.sap.com/instguidesMaster Guide http://service.sap.com/instguidesInstallation Guide http://service.sap.com/instguidesUpgrade Guide http://service.sap.com/instguidesSecurity Guide http://service.sap.com/securityguideOperations Guide http://service.sap.com/instguidesRelease Notes http://service.sap.com/releasenotesApplication Help http://help.sap.com

http://help.sap.com/

http://help.sap.com/businessobjects/.

http://service.sap.com/

http://help.sap.com./






http://service.sap.com/securityguide


http://service.sap.com/releasenotes

http://help.sap.com/

9


2.1 Database ConnectivityThe sample reports require an ODBC connection to the database. Use the generic ODBC name called QA shipped withthe product.

For more information on create ODBC connections please see Microsoft knowledge article 300595.

Create the ODBC data source before using the sample reports. Use the following example of how to create the QAODBC data source connection.

1. From the Start Menu, choose Control Panel then Administrative Tools Data Sources (ODBC).

2. Select Tab 2 System DSN and click Add.

3. Select SQL Server then click on Finish.

2 REPORT OVERVIEW

10


This is an example of the data needed to create the ODBC. This data will depend on where your DatabaseAdministrator has created the database. Please see your DBA for the correct connection information.

Example:

Name: QADescription: Connection to Sample ReportsServer: 10.48.121.238

4. Click Next.

5. The authentication to the SQL Server will depend on how your DBA has set up the user accounts. The following isan example of using SQL Server authentication using a login and password.

Configure the login and password according to the information from your DBA. Recommendation is to have theDBA create the user account with read-only access.

6. Click Next.

11


7. Change the default database to the correct database.

8. Click Next.

9. If you need to change the default language, then select the appropriate language.

10. Click Finish.

12


11. The new ODBC screen will appear and at this point, you can test the connection by selecting Test Data Source.

12. If successful, then you will receive a “Test Completed Successfully”.

13


2.2 Creating a New Data Source LocationThe sample reports ship with a generic ODBC name called QA. Use the name of the ODBC connection that your DBAspecifies. In this example, we will be changing the QA ODBC drive to a Crystal Sample ODBC.

1. Open Crystal Reports 2008

Start Menu All Programs Crystal Reports 2008 Crystal Reports 2008.

2. Select a Sample Report

From the Crystal Reports Toolbar – Select File Open then select a Sample Report.

Set Data Source Location

3. From the Crystal Reports Toolbar, select Database then select Set Datasource Location.

4. Current Data Source Location

From the Crystal Reports Toolbar – Select Database Set Datasource Location.

The Set Datasource Location tab contains the Current Data Source the report is pointing to; the sectionReplace with is where you specify the new connection.

5. Creating the New Data Source Location

In the Replace with section Click on the “+” sign beside the Create New Connection.

This will list all of the available types of Data Source Select the Data Source your DBA has configured. In thisexample, we are using Microsoft ODBC (RDO) connection.

14


Double click on ODBC (RDO) A Data Source Selection screen will appear Select the Data Source Name– in this example we are using CrystalSample.

Select Next A Connection Information screen will appear the server name, User ID and Database will bepopulated Type in the Password Click Finish.

In the Replace with section, the new connection (CrystalSample) is now available for use in the reports.

15


2.3 Updating Current Data Source LocationThe current sample reports have the Data source called QA; change this to CrystalSample. Under CurrentData Source, select QA then under Replace with select CrystalSample.

Select Update – This will take a few seconds to update. Once the update is complete, the Current Data Sourcewill show the new CrystalSample connection. If there are any sub-reports, repeat this step for each sub-report. Click Close.

After updating the Data Source connection, click the Refresh button or F5 to see your current data.

16


3.1 Approver Delegation

Report Description This report lists delegated approvers and historical delegation information.

Note This report has a main report only.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEDelegated For User ID GRC_DM_AE_DLEGAPRV.APPRVIDDelegated To User ID GRC_DM_AE_DLEGAPRV.DELEGAPPRVIDDelegation Creation Date GRC_DM_AE_DLEGAPRV.REQ_DTDate From GRC_DM_AE_DLEGAPRV.FRM_DTDate To GRC_DM_AE_DLEGAPRV.TO_DTStatus Status_Col

FORMULA NAME FORMULA

Status_Col if {GRC_DM_AE_DLEGAPRV.STATUS} = 0 then 'InActive' elseif {GRC_DM_AE_DLEGAPRV.STATUS}= 1 then 'Active'

DelegatedFor IF HASVALUE({?Delegated for UserID})THEN MINIMUM({?Delegated for UserID}) + " to " + MAXIMUM({?Delegated for UserID})

DelegatedTo IF HASVALUE({?Delegated To UserID})THEN MINIMUM({?Delegated To UserID}) + " to " + MAXIMUM({?Delegated To UserID})

Status

if HasValue({?Status}) then select {?Status} case 0: "Inactive" case 1: "Active" else 'All'

If the parameter listed is “optional”, you do not have to select the prompt to run the report.

PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESDateFrom YES N/A YESDateTo YES N/A YESDelegated for UserID YES YES N/ADelegated To UserID YES YES N/AStatus YES N/A YES

3 CUP SAMPLE REPORT SUMMARY

17


3.2 Lists Request with the Same Requestor and Approver

Report Description This report lists requests, which have requestor and approver as the same person. This reportsupports all request types except for SoD and User Access Review workflow types


Main Report

FIELD NAME DATABASE FIELD FORMULA NAMERequest ID GRC_DM_AE_RQDHDR.REQNORequestor Id GRC_DM_AE_RQDHDR.REQUESTORIDRequestor Name GRC_DM_AE_RQDHDR.REQUESTORRequested for User ID GRC_DM_AE_RQDHDR.USERIDRequested for User Name GRC_DM_AE_RQDHDR.USERNAMEApprover ID GRC_DM_AE_RQDHDR.APPROVERIDRequest Status GRC_DM_AE_RQDHDR.STATUS


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESWorkflow Type YES YES N/ARequest ID YES N/A YESRequestor ID YES N/A YESRequested for User ID YES N/A YESRequested for User Name YES N/A YESApprover ID YES N/A YESRequest Status YES N/A YESApplication YES YES N/ADate From YES N/A YESDate To YES N/A YES

18


3.3 Search Approvers

Report Description This report lists approvers defined in Custom Approver Determinator (CAD) by search requestattributes and role attributes.This report is only for approvers defined in CADs using the Compliant User Provisioning (CUP)workflow type.

This report is only for approvers defined in CAD with CUP workflow type.

Note This report has a main report and a sub-report. The main report drills to the sub-report onclicking the field Custom Approver Determinator.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMECustom Approver Determinator GRC_DM_AE_C_CTMDTNM.CSTMAPVRIDApprover GRC_DM_AE_CDTVALAP.APPROVERIDApprover Name ApproverNameAlternate Approver GRC_DM_AE_CDTVALAP.ALTAPPROVERID


ApproverName {GRC_DM_AE_APPROVER.APPROVERFIRSTNAME} + ' ' +{GRC_DM_AE_APPROVER.APPROVERLASTNAME}


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESApprover ID YES YES N/AInclude Alternate Approver YES N/A YESApplication YES YES N/ABusiness Process YES YES N/ACompany YES YES N/AApplication Of Role YES YES N/ABusiness Process of Role YES YES N/ABusiness Sub-Process of Role YES YES N/AFunctional Area of Role YES YES N/A

Sub-Report - Custom Approver Determinator Details

FIELD NAME DATABASE FIELD FORMULAAttribute Name GRC_DM_AE_CDTVALAP.ATTRIBUTENAMECustom Approver Determinator GRC_DM_AE_CTMDTNM.CSTMAPVRIDApprover Approver

19


FIELD NAME DATABASE FIELD FORMULAAlternate Approver GRC_DM_AE_CDTVALAP.ALTAPPROVERID


Approver{GRC_DM_AE_CDTVALAP.APPROVERID} + '-' +{GRC_DM_AE_APPROVER.APPROVERLASTNAME}+ ' '+{GRC_DM_AE_APPROVER.APPROVERFIRSTNAME}


PARAMETER FIELD NAMEPm-GRC_DM_AE_C_CTMDTNM.CSTMAPVRID

20


3.4 Search Request

Report Description This report is for searching requests with various criteria for CUP requests.This report is only for requests using the Compliant User Provisioning (CUP) workflow type.

Note The Main report contains 3 SQL statements and the sub-report contains 1 SQL commandstatement.This report has a main report and a sub-report. The main report drills to the sub-report onclicking the field Request Number.

Main Report

SQL Command StatementForGRC_DM_AE_C_HDRWPTRN

select DISTINCTA.REQNO,A.WFTYPE,A.PRIORITY,A.REQDATE,A.REQUESTOR,A.REQAPPDATE,A.USERNAME,A.STATUS,A.USERID,A.REQTYPE,A.REQUESTORID,A.ARCHIVED,B.APPROVERID,B.STAGE_NAMEfrom GRC_DM_AE_WFTYPET C,GRC_DM_AE_RQDHDR ALEFT OUTER JOIN GRC_DM_AE_RQDWPTRN B ON A.REQNO=B.REQNOWHERE A.WFTYPE=C.FWTYPE AND C.LOCALE=1 AND C.FWTYPE ='AE'

SQL Command StatementForGRC_DM_AE_C_REQDTYPE

SELECT REQTYPE,REQTYPEDESC FROM GRC_DM_AE_RQDTYPE WHEREWFTYPE='AE'

SQL Command StatementForGRC_DM_AE_C_WFTYPE

SELECT FWTYPE,SHORT_DESC FROM GRC_DM_AE_WFTYPET WHERELOCALE=1

FIELD NAME DATABASE FIELD FORMULA NAMERequest Number ToText({@RequestNumber},0,"")Workflow Type Static Text - CUPPriority GRC_DM_AE_C_HDRWPTRN.PRIORITYRequest Date GRC_DM_AE_C_HDRWPTRN.REQDATERequestor GRC_DM_AE_C_HDRWPTRN.REQUESTORDue Date GRC_DM_AE_C_HDRWPTRN.REQAPPDATEUser Name GRC_DM_AE_C_HDRWPTRN.USERNAMECurrent Stage GRC_DM_AE_C_HDRWPTRN.STAGE_NAMERequest Status GRC_DM_AE_C_HDRWPTRN.STATUS


ApproverID if HasValue({?ApproverID}) then Minimum({?ApproverID}) + " to " +Maximum({?ApproverID})

Archivedrequests

if HasValue({?Archivedrequests}) then select {?Archivedrequests} case 0: "Not Archived" case 1: "Archived"

Request Number TONUMBER({GRC_DM_AE_C_HDRWPTRN.REQNO})

21



PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest ID YES N/A YESUserID YES N/A YESRequestorID YES N/A YESRequestStatus YES N/A YESRequestType YES YES N/AApproverID YES YES N/AArchivedrequests YES N/A YES

Sub-Report - Approver Status

SQLCommandStatement

selectD.ROLEPROFDISPNAME,R.APPROVAL_STATUS,W.APPROVERID,W.STATUS,W.ALTAPPROVER,W.STATUS,G.APPRVID,G.STATUS,W.REQNO,W.REQPATHID,W.STAGE_NAME,R.RLPRL_PATH,R.ROLEPROFNAME FROM GRC_DM_AE_RQDWPTRN W LEFT OUTER JOIN GRC_DM_AE_DLEGAPRV G ONW.APPROVERID=G.APPRVID ,GRC_DM_AE_RQDRLPRL R,GRC_DM_AE_ROLDTLS Dwhere W.REQNO=R.REQNO AND W.REQPATHID=R.RLPRL_PATH ANDR.ROLEPROFNAME=D.ROLEPROFNAME

FIELD NAME DATABASE FIELD FORMULARole Name GRC_DM_AE_APPRVSTAT.ROLEPROFDISPNAMEOverall Role Status GRC_DM_AE_APPRVSTAT.APPROVAL_STATUSApprover GRC_DM_AE_APPRVSTAT.APPROVERIDStatus GRC_DM_AE_APPRVSTAT.STATUSAlternate Approver GRC_DM_AE_APPRVSTAT.ALTAPPROVERStatus GRC_DM_AE_APPRVSTAT.STATUS(1)Delegated Approver GRC_DM_AE_APPRVSTAT.APPRVIDStatus GRC_DM_AE_APPRVSTAT.STATUS(2)


PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRWPTRN.REQNOPm-GRC_DM_AE_C_HDRWPTRN.STAGE_NAME

22


3.5 SOD Review History

Report Description This report provides the history of SoD review tasks.

Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Risk ID.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_AE_C_HDRSODRSK.USERIDUser Name UserNameReviewer ID GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDSystem GRC_DM_AE_C_HDRSODRSK.SHORT_DESCRisk ID GRC_DM_AE_C_HDRSODRSK.RISKIDAction GRC_DM_AE_C_HDRSODRSK.ACTIONSRequest Number GRC_DM_AE_C_HDRSODRSK.REQNOEscalated GRC_DM_AE_C_HDRSODRSK.ESC_STATUSLast Action Date GRC_DM_AE_C_HDRSODRSK.LASTUPDATE


UserName {GRC_DM_AE_C_HDRSODRSK.USER_FIRST_NAME} + ' ' +{GRC_DM_AE_C_HDRSODRSK.USER_LAST_NAME}

Archived

if HasValue({?Archived Request}) then select {?Archived Request} case 0.00: "Not Archived" case 1.00: "Archived"

Coordinator_ID if HasValue({?Coordinator ID}) then Minimum({?Coordinator ID}) + " to " +Maximum({?Coordinator ID})

Reviewer_ID if HasValue({?Reviewer ID}) then Minimum({?Reviewer ID}) + " to " +Maximum({?Reviewer ID})

User_ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESReviewer ID YES YES N/ACoordinator ID YES YES N/AUserID YES YES N/ARisk ID YES YES N/ARisk Level YES N/A YES

23


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest Number YES N/A YESCreation From Date YES N/A YESCreation To Date YES N/A YESApplication YES YES N/AAction YES N/A YESArchived Request YES N/A YES

Sub-Report - Risk and Function Details

FIELD NAME DATABASE FIELD FORMULARisk Id GRC_DM_CC_C_RISK.RISKIDRisk Type Risk_TypeRisk Level Risk_LevelRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_C_RISK.DESCNBusiness Process GRC_DM_CC_C_BUSPRCT.DESCN

Relevant Functions GRC_DM_CC_C_FUNCT.FUNCTID -GRC_DM_CC_C_FUNCT.DESCN


Risk_Type

select {GRC_DM_CC_C_RISK.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""

Risk_Level

select {GRC_DM_CC_C_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""


PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRSODRSK.RISKID

24


3.6 User Access Review Reconciliation

Report Description Before sending requests to reviewers, use this report to obtain a list of users and roles includedin the User Access Review requests. Reconcile the report with the backend system data toensure the appropriate records have been extracted for inclusion in UAR requests.

Note This report has a main report and a sub-report. The main report drills to the sub-report onclicking the field Role Name.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_AE_C_HDRSODRSK.USERIDUser Name UserNameReviewer ID GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDRole Name GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAMEApplication GRC_DM_AE_C_HDRSODRSK.SYSTEMRequest Number GRC_DM_AE_C_HDRSODRSK.REQNO



ArchivedRequests

if HasValue({?ArchivedRequests}) then select {?ArchivedRequests} case 0: "Not Archived" case 1: "Archived"





PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESReviewer ID YES YES N/ACoordinator ID YES YES N/AUserID YES YES N/ARoleName YES N/A YESRequestID YES YES N/ACreation From Date YES N/A YESCreation To Date YES N/A YES

25


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESApplication YES YES N/AArchivedRequests YES N/A YES

Sub-Report - Role Details

FIELD NAME DATABASE FIELD FORMULARole Profile Name GRC_DM_AE_ROLDTLS.ROLEPROFNAMERole Profile Description GRC_DM_AE_ROLDTLS.ROLEPROFDESCBusiness Process GRC_DM_AE_ROLDTLS.BUSSPROCSub Process GRC_DM_AE_ROLDTLS.SUBPROCLast ReAffirm Date GRC_DM_AE_ROLDTLS.LST_REAFF_DTRole Profile Indicator GRC_DM_AE_ROLDTLS.ROLEPROFINDICATORDetail Description GRC_DM_AE_ROLDTLS.DETAIL_DESCRole Profile Type GRC_DM_AE_ROLDTLS.ROLEPROFTYPECritical Level GRC_DM_AE_ROLDTLS.CRITICAL_LEVELComments Mandatory GRC_DM_AE_ROLDTLS.COMMENTS_MANDATORYParent Role Owner GRC_DM_AE_ROLDTLS.PARENTROLE_OWNERRole Profile Display Name GRC_DM_AE_ROLDTLS.ROLEPROFDISPNAMERole Profname CS GRC_DM_AE_ROLDTLS.ROLEPROFNAME_CSContype GRC_DM_AE_ROLDTLS.CONTYPE


PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAME

26


3.7 User Access Review History

Report Description This report provides the history of actions performed on User Access Review requests.

Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Role Name.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_AE_C_HDRSODRSK.USERIDUser Name UserNameReviewer ID GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDRole Name GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAMEAction GRC_DM_AE_C_HDRSODRSK.ACTIONSSystem GRC_DM_AE_C_CNTT.SHORT_DESCRequest No. GRC_DM_AE_C_HDRSODRSK.REQNOJob ID GRC_DM_AE_C_HDRSODRSK.RUN_IDEscalated GRC_DM_AE_C_HDRSODRSK.ESC_STATUSLast Action Date GRC_DM_AE_C_HDRSODRSK.LASTUPDATE



Archived_Display

if HasValue({?Archived Request}) then select {?Archived Request} case 0.00: "Not Archived" case 1.00: "Archived"





PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESReviewer ID YES YES N/ACoordinator ID YES YES N/AUser ID YES YES N/ARole Name YES N/A YES

27


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest ID YES YES N/ACreation From Date YES N/A YESCreation To Date YES N/A YESApplication YES YES N/AAction YES N/A YESArchived Request YES N/A YES

Sub-Report - Role Details

FIELD NAME DATABASE FIELD FORMULARole Profile Name GRC_DM_AE_ROLDTLS.ROLEPROFNAMERole Profile Description GRC_DM_AE_ROLDTLS.ROLEPROFDESCBusiness Process GRC_DM_AE_ROLDTLS.BUSSPROCSub Process GRC_DM_AE_ROLDTLS.SUBPROCLast ReAffirm Date GRC_DM_AE_ROLDTLS.LST_REAFF_DTRole Profile Indicator GRC_DM_AE_ROLDTLS.ROLEPROFINDICATORDetail Description GRC_DM_AE_ROLDTLS.DETAIL_DESCRole Profile Type GRC_DM_AE_ROLDTLS.ROLEPROFTYPECritical Level GRC_DM_AE_ROLDTLS.CRITICAL_LEVELComments Mandatory GRC_DM_AE_ROLDTLS.COMMENTS_MANDATORYParent Role Owner GRC_DM_AE_ROLDTLS.PARENTROLE_OWNERRole Profile Display Name GRC_DM_AE_ROLDTLS.ROLEPROFDISPNAMERole Profname CS GRC_DM_AE_ROLDTLS.ROLEPROFNAME_CSContype GRC_DM_AE_ROLDTLS.CONTYPE


PARAMETER FIELD NAMEPm-GRC_DM_AE_C_HDRSODRSK.ROLEPROFNAME

28


3.8 User Review Status

Report Description This report provides the request status for SoD Review and User Access Review requests.


Main Report

FIELD NAME DATABASE FIELD FORMULA NAMERequest Number RequestNoRequest Date GRC_DM_AE_C_HDRSODRSK.REQDATEReviewer GRC_DM_AE_C_HDRSODRSK.REVIEWER_IDOrganization GRC_DM_AE_C_HDRSODRSK.REVIEWER_ORGCoordinator GRC_DM_AE_C_HDRSODRSK.COORDINATOR_IDDue Date GRC_DM_AE_C_HDRSODRSK.REQAPPDATEWorkflow Stage GRC_DM_AE_C_HDRSODRSK.STAGE_NAMERequest Status GRC_DM_AE_C_HDRSODRSK.STATUSEscalated GRC_DM_AE_C_HDRSODRSK.ESC_STATUSCompleted GRC_DM_AE_C_HDRSODRSK.COMPLETEDMissing GRC_DM_AE_C_HDRSODRSK.MISSINGRejected GRC_DM_AE_C_HDRSODRSK.REJECTED


Archived

if HasValue({?Archived Requests}) then select {?Archived Requests} case 0: "Not Archived" case 1: "Archived" case 0.00: "Not Archived" case 1.00: "Archived"


RequestNo TONUMBER({GRC_DM_AE_C_HDRSODRSK.REQNO})




PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUES

Workflow Type YES NO SOD_Review,UAR_Review

Reviewer ID YES YES N/ACoordinator ID YES YES N/AUser ID YES YES N/A

29


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRequest ID YES YES N/ARequest Status YES N/A YESCreation From Date YES N/A YESCreation To Date YES N/A YESApplication YES YES N/AArchivedRequests YES N/A YES

30


4.1 Access Rule Details

Report Description This report list Risks, Functions, Actions and associated Permission details for access rules.

Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Risk ID.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMERisk ID GRC_DM_CC_PRM.RISKIDRisk Description GRC_DM_CC_PRM.DESCNRisk Type Risk Type FieldRisk Level Risk Level FieldRisk Owner GRC_DM_CC_PRM.OWNUSERBusiness Process GRC_DM_CC_PRM.BUSPRC_DESCNFunctions GRC_DM_CC_PRM.FUNCT_DESCNPermission Rule ID GRC_DM_CC_PRM.RULESETIDSystem GRC_DM_CC_PRM.SYSTEMPermission Object GRC_DM_CC_PRM.PERMOBJField GRC_DM_CC_PRM.FIELDValue From GRC_DM_CC_PRM.FROMVALValue To GRC_DM_CC_PRM.TOVALCondition GRC_DM_CC_PRM.CONDITIONPermission Object Status Perm Status


Risk Type Field

select {GRC_DM_CC_PRM.RISKTYPE} case "1": "Segregation of Duty" case "2": "Critical Action" case "3": "Critical Permission" default: ""

Risk Level Field

select {GRC_DM_CC_PRM.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""

Perm Statusselect {GRC_DM_CC_PRM.PERMSTATUS} case 0: "Enabled" case 1: "Disabled"

Field if HasValue({?Field}) then Minimum({?Field}) + " to " + Maximum({?Field})

Function if HasValue({?Function}) then Minimum({?Function}) + " to " + Maximum({?Function})

4 RAR SAMPLE REPORT SUMMARY

31



Permissionif Not HasValue({?Permission}) then 'ALL' elseif HasValue({?Permission})then totext(Minimum({?Permission})) + " to " + totext(Maximum({?Permission}))

Risk ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})

Risk Level Param

if HasValue({?Risk Level}) then select {?Risk Level} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"

Status

if Not HasValue({?Status}) then 'ALL' elseif HasValue({?Status}) then select {?Status} case 0: "Enabled" case 1: "Disabled"


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRule Set YES YES N/ARisk ID YES YES N/ARisk Type YES N/A YESRisk Level YES N/A YESBusiness Process YES N/A YESFunction YES N/A YESStatus YES N/A YESPermission YES YES N/AField YES YES N/A

Sub-Report - Mitigated Risk Details

FIELD NAME DATABASE FIELD FORMULARisk ID Risk_Details.RISKIDRisk Type Risk_TypeRisk Level Risk_LevelRisk Owner Risk_Details.OWNUSERRisk Description Risk_Details.RISK_DESNCBusiness Process Risk_Details.BUSPROC_DESCNRelevant Functions Relevant Functions

32


FORMULA NAME FORMULARelevant Functions {Risk_Details.FUNCTID}+'-'+{Risk_Details.DESCN}

Risk_Level

select {Risk_Details.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""

Risk_Type

select {Risk_Details.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""


PARAMETER FIELD NAMEPm-GRC_DM_CC_PRM.RISKID

33


4.2 Access Rule Summary

Report Description This report provides access rule summary-level information with Risks and associated Functions.

Note This report has a main report and a sub-report. The main report drills to the sub-report on clickingthe field Function.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMERisk ID GRC_DM_CC_RISK.RISKIDRisk Description GRC_DM_CC_RISKT.DESCNRisk Level Risk Level FieldRule Set GRC_DM_CC_RULESETT.DESCNBusiness Process GRC_DM_CC_BUSPRCT.DESCNFunction GRC_DM_CC_PRM.FUNCT_DESCNRisk Owner GRC_DM_CC_RISKOWN.OWNUSER


Risk Level Field

select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""

Business Process if HasValue({?Business Process}) then {GRC_DM_CC_BUSPRCT.DESCN}

Function if HasValue({?Function}) then Minimum({?Function}) + " to " + Maximum({?Function})

Risk ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})

Risk Level

if HasValue({?Risk Level}) then select {?Risk Level} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"

Risk Level Field


Risk Type

if HasValue({?Risk Type}) then select {?Risk Type} case "1": "Segregation of Duty" case "2": "Critical Action" case "3": "Critical Permission"

Rule Set if HasValue({?Rule Set}) then {GRC_DM_CC_RULESETT.DESCN}

34



Status

if HasValue({?Status}) then select {?Status} case 0: "Enabled" case 1: "Disabled"


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESRule Set YES YES N/ARisk ID YES YES N/ARisk Description YES N/A YESRisk Type YES N/A YESRisk Level YES N/A YESBusiness Process YES YES N/AFunction YES YES N/AStatus YES N/A YES

Sub-Report - Function Details

FIELD NAME DATABASE FIELD FORMULASystem GRC_DM_CC_C_ACTRULE.SYSTEMAction GRC_DM_CC_C_ACTRULE.ACTIONSDescription GRC_DM_CC_C_ACTRULE.TTEXTAction Status Status


StatusSELECT {GRC_DM_CC_C_ACTRULE.ACTIONSTATUS} CASE 0: "Enabled" CASE 1: "Disabled"

Description {GRC_DM_CC_C_ACTRULE.FUNCTID} & ': ' & {GRC_DM_CC_C_ACTRULE.DESCN}


PARAMETER FIELD NAMEPm-GRC_DM_CC_RISK.RISKIDPm-GRC_DM_CC_RISKFUNC.FUNCTID

35


4.3 Mitigating Control

Report Description This report lists mitigating controls with descriptions and other control details.

Note This report has a main report and two (2) sub-reports. The main report drills to the sub-report onclicking the field Mitigation Control ID and Business Unit.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEMitigation Control ID {GRC_DM_CC_MITREF.MITREFNO}Control Description GRC_DM_CC_C_MITREFT.DESCNBusiness Unit GRC_DM_CC_BUSUNITT.DESCNManagement Approver GRC_DM_CC_MITREF.APPROVERIDRisk ID GRC_DM_CC_MITREF.RISKRisk Description GRC_DM_CC_C_RISKT.DESCNRisk Level Risk_LevelMonitor ID GRC_DM_CC_MITMON.MONITORID


Risk_Level

select {GRC_DM_CC_MITREF.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical" default: ""

Control_ID if HasValue({?MitigationControlId}) then Minimum({?MitigationControlId}) + " to " +Maximum({?MitigationControlId})

Display_RiskLevel

if HasValue({?RiskLevel}) then select {?RiskLevel} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"

Risk_ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESMitigationControlId YES N/A YESDescription YES N/A YESRisk ID YES YES N/ARiskLevel YES N/A YESBusinessUnit YES N/A YESManagementApprover YES YES N/A

36


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESMonitorId YES YES N/A

Sub-Report - Mitigated Control Details

FIELD NAME DATABASE FIELD FORMULAMitigation Control Id GRC_DM_CC_MITREF.MITREFNODescription GRC_DM_CC_C_MITREFT.DESCNBusiness Unit GRC_DM_CC_C_BUSUNITT.DESCNManagement Approver Name GRC_DM_CC_MITREF.APPROVERNAMEManagement Approver ID GRC_DM_CC_MITREF.APPROVERID


PARAMETER FIELD NAMEPm-GRC_DM_CC_MITREF.MITREFNOPm-GRC_DM_CC_C_MITREFT.DESCNPm-GRC_DM_CC_MITREF.RISKID


FIELD NAME DATABASE FIELD FORMULARisk Id GRC_DM_CC_RISK.RISKIDRisk Type Risk_TypeRisk Level Risk_LevelRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_RISKTRPT.DESCNBusiness Process GRC_DM_CC_BUSPRCTRPT.DESCNRelevant Functions Relevant_Funct


Risk_Type

select {GRC_DM_CC_RISK.RISKTYPE} case '1': "Segregation of Duties" case '2': "Critical Actions" case '3': "Critical Permissions" default: ""

Risk_Level


Relevant_Funct {GRC_DM_CC_C_FUNCT.FUNCTID}+ '-' +{GRC_DM_CC_C_FUNCT.DESCN}

37



PARAMETER FIELD NAMEPm-GRC_DM_CC_MITREF.RISKID

38


4.4 Mitigated User

Report Description This report provides all mitigated users with Users, Risks and associated Mitigating controlinformation.

Note This report has a main report and two (2) sub-reports. The main report drills to the sub-report onclicking the field Risk ID and Control ID.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_CC_C_MITOBJ.GENOBJIDUser Name GRC_DM_CC_C_MITOBJ.OBJECTNAMEUser Group GRC_DM_CC_C_MITOBJ.USERGROUPRisk Id GRC_DM_CC_C_MITOBJ.RISKRisk Description GRC_DM_CC_C_MITOBJ.RDESCRisk Level Risk_LevelControl Id GRC_DM_CC_C_MITOBJ.MITREFNOControl Description GRC_DM_CC_C_MITOBJ.MITDESCBusiness Unit GRC_DM_CC_C_MITOBJ.BDESCManagement Approver GRC_DM_CC_C_MITOBJ.APPROVERIDMonitor ID GRC_DM_CC_C_MITOBJ.MONITORIDMonitor Name GRC_DM_CC_C_MITOBJ.MONITORNAMEValidity Period From GRC_DM_CC_C_MITOBJ.VALIDFROMValidity Period To GRC_DM_CC_C_MITOBJ.VALIDTOStatus Status


Risk_Level

select {GRC_DM_CC_C_MITOBJ.RISKLEVEL}case 0: "Medium"case 1: "High"case 2: "Low"case 3: "Critical"default: ""

Status if {GRC_DM_CC_C_MITOBJ.STATUS} = 0 then 'Enabled' elseif {GRC_DM_CC_C_MITOBJ.STATUS} = 1 then 'Disabled' else ''

ControlID if HasValue({?MitigationControlId}) then Minimum({?MitigationControlId}) + " to " +Maximum({?MitigationControlId})

Display_RiskLevel

if HasValue({?RiskLevel}) thenselect {?RiskLevel}case 0: "Medium"case 1: "High"case 2: "Low"case 3: "Critical"

Display_Status if HasValue({?Status}) thenselect {?Status}

39


FORMULA NAME FORMULAcase 0: "Enabled"case 1: "Disabled"

Risk_ID if HasValue({?Risk ID}) then Minimum({?Risk ID}) + " to " + Maximum({?Risk ID})

User ID if HasValue({?User ID}) then Minimum({?User ID}) + " to " + Maximum({?User ID})


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESMitigationControlId YES YES N/AUser ID YES YES N/ARisk ID YES YES N/ARiskLevel YES N/A YESBusiness Process YES N/A YESBusinessUnit YES N/A YESMonitorId YES YES N/AControl Valid From YES N/A YESControl Valid To YES N/A YESStatus YES N/A YES

Sub-Report - Mitigated Control Details

FIELD NAME DATABASE FIELD FORMULAMitigation Control Id GRC_DM_CC_MITREF.MITREFNODescription GRC_DM_CC_C_MITREFT.DESCNBusiness Unit GRC_DM_CC_C_MITREF.BUSIDDescription GRC_DM_CC_C_BUSUNITT.DESCNApprover ID GRC_DM_CC_MITREF.APPROVERIDApprover Name GRC_DM_CC_MITREF.APPROVERNAME


PARAMETER FIELD NAMEPm-GRC_DM_CC_C_MITOBJ.MITREFNO

40



FIELD NAME DATABASE FIELD FORMULARisk Id GRC_DM_CC_RISK.RISKIDRisk Type Risk_TypeRisk Level Ris_LvlRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_RISKTRPT.DESCNBusiness Process GRC_DM_CC_BUSPRCTRPT.DESCNRelevant Functions Relevant_Funct


Relevant_Funct {GRC_DM_CC_C_FUNCT.FUNCTID}+ '-' +{GRC_DM_CC_C_FUNCT.DESCN}

Risk_Lvl


Risk_Type



PARAMETER FIELD NAMEPm-GRC_DM_CC_C_MITOBJ.RISKID

41


4.5 User Risk Violation Details

Report Description This report provides detailed user risk analysis results at permission detail level with Users,Risks, Functions, Permissions, Associated Roles, and Mitigating Control ID.

Note This report has a main report and three (3) sub-reports. The main report drills to the sub-reporton clicking the field Risk ID, Function ID and Mitigation Control ID.

Main Report

FIELD NAME DATABASE FIELD FORMULA NAMEUser ID GRC_DM_CC_C_GENPRM.GENOBJIDCross System ID GRC_DM_CC_C_GENPRM.CROSSSYSTEMUser Name GRC_DM_CC_C_GENPRM.OBJECTNAMEUser Group GRC_DM_CC_C_GENPRM.USERGROUPRisk ID GRC_DM_CC_C_GENPRM.RISKIDRisk Description GRC_DM_CC_C_GENPRM.DESCNRisk Level RiskLevelFunction ID GRC_DM_CC_C_GENPRM.FUNCIDSystem GRC_DM_CC_C_GENPRM.SYSTEMRole/Profile GRC_DM_CC_C_GENPRM.ROLESPermission Object GRC_DM_CC_C_GENPRM.PERMOBJECTField GRC_DM_CC_C_GENPRM.FIELDValue ValueMitigation Control ID GRC_DM_CC_C_GENPRM.MITREFNO


Mitigated

IF HASVALUE({?Exclude Mitigated}) THEN SELECT {?Exclude Mitigated} CASE "Y": "Yes" CASE "N": "No"

RiskID IF HASVALUE({?Risk ID}) THEN MINIMUM({?Risk ID}) + " to " + MAXIMUM({?Risk ID})

RiskLevel

SELECT {GRC_DM_CC_C_GENPRM.RISKLEVEL} CASE 0: "Medium" CASE 1: "High" CASE 2: "Low" CASE 3: "Critical"

RiskLevel_Display

if HasValue({?Risk Level}) thenSELECT {?Risk Level} CASE 0: "Medium" CASE 1: "High" CASE 2: "Low" CASE 3: "Critical"

Rule SetWhileReadingRecords;if HasValue({?Rule Set}) thenNumberVar NumRanges := ubound( {?Rule Set} );

42


FORMULA NAME FORMULANumberVar i := 0;StringVar outStr := "";for i := 1 to NumRangesstep 1 do ( StringVar maxCN := Maximum( {?Rule Set} [i] ); StringVar minCN := Minimum( {?Rule Set} [i] ); outStr := outStr & iif ( outStr <> "" , ", " , "" ) & iif( len (minCN) > 0, minCN, "") & ' to ' & iif( len (maxCN) > 0, maxCN, "" ); ); outStr;

UserID IF HASVALUE({?User}) THEN {?User}Value {GRC_DM_CC_C_GENPRM.FROMVAL} & ' - ' & {GRC_DM_CC_C_GENPRM.TOVAL}


PARAMETER FIELD NAME OPTIONAL DYNAMIC VALUES STATIC VALUESUser YES N/A YESCustom Group YES YES N/ARisk ID YES YES N/ARisk Level YES N/A YESSystem YES YES N/ARule Set YES YES N/AExclude Mitigated YES N/A YES

Sub-Report – Risk Details

FIELD NAME DATABASE FIELD FORMULARisk ID GRC_DM_CC_RISK.RISKIDRisk Type Risk TypeRisk Level Risk LevelRisk Owner GRC_DM_CC_RISKOWN.OWNUSERRisk Description GRC_DM_CC_RISKT.DESCNBusiness Process GRC_DM_CC_BUSPRCT.DESCNRelevant Functions Relevant Functions


Risk Type


Risk Level

select {GRC_DM_CC_RISK.RISKLEVEL} case 0: "Medium" case 1: "High" case 2: "Low" case 3: "Critical"

43


FORMULA NAME FORMULA default: ""

Relevant Functions {GRC_DM_CC_FUNCT.FUNCTID}+'-'+{GRC_DM_CC_FUNCT.DESCN}


PARAMETER FIELD NAMEPm-GRC_DM_CC_C_GENPRM.RISKID

Sub-Report – Function Details

FIELD NAME DATABASE FIELD FORMULASystem PRM_ACT_JOIN.SYSTEMDescription GRC_DM_CC_OBJTEXT.TTEXT

FORMULA NAME FORMULADescription {PRM_ACT_JOIN.FUNCID} & ': ' & {GRC_DM_CC_FUNCT.DESCN}


PARAMETER FIELD NAMEPm-GRC_DM_CC_C_GENPRM.RISKIDPm-GRC_DM_CC_C_GENPRM.FUNCID

Sub-Report – Control Details

FIELD NAME DATABASE FIELD FORMULAControl ID GRC_DM_CC_MITREF.MITREFNODescription GRC_DM_CC_MITREFT.DESCNBusiness Unit GRC_DM_CC_BUSUNITT.DESCNManagement Approver Name GRC_DM_CC_MITREF.APPROVERNAMEManagement Approver ID GRC_DM_CC_MITREF.APPROVERID

PARAMETER FIELD NAMEPm-GRC_DM_CC_C_GENPRM.MITREFNO

44

©SAP AG 2009

© Copyright 2009 SAP AG, All rights reserved.

No part of this publication may be reproduced or transmitted inany form or for any purpose without the express permission ofSAP AG.

The information contained herein may be changed without priornotice.

Some software products marketed by SAP AG and itsdistributors contain proprietary software components of othersoftware vendors.

Microsoft, Windows, Outlook, and PowerPoint are registeredtrademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex,MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iSeries,pSeries, xSeries, zSeries, z/OS, AFP, Intelligent Miner,WebSphere, Netfinity, Tivoli, Informix, i5/OS, POWER,POWER5, OpenPower and PowerPC are trademarks orregistered trademarks of IBM Corporation.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader areeither trademarks or registered trademarks of Adobe SystemsIncorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks ofthe Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame,VideoFrame, and MultiWin are trademarks or registeredtrademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registeredtrademarks of W3C®, World Wide Web Consortium,Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc.,used under license for technology invented and implementedby Netscape.

MaxDB is a trademark of MySQL AB, Sweden.

SAP, R/3, mySAP, mySAP.com, xApps, xApp, SAPNetWeaver, and other SAP products and services mentionedherein as well as their respective logos are trademarks orregistered trademarks of SAP AG in Germany and in severalother countries all over the world. All other product and servicenames mentioned are the trademarks of their respectivecompanies. Data contained in this document servesinformational purposes only. National product specificationsmay vary.

These materials are subject to change without notice. Thesematerials are provided by SAP AG and its affiliated companies("SAP Group") for informational purposes only, withoutrepresentation or warranty of any kind, and SAP Group shallnot be liable for errors or omissions with respect to thematerials. The only warranties for SAP Group products andservices are those that are set forth in the express warrantystatements accompanying such products and services, if any.Nothing herein should be construed as constituting anadditional warranty.

DisclaimerSome components of this product are based on Java™. Anycode change in these components may cause unpredictableand severe malfunctions and is therefore expressivelyprohibited, as is any decompilation of these components.

Any Java™ Source Code delivered with this product is only tobe used by SAP’s Support Services and may not be modified oraltered in any way.

Documentation in the SAP Service MarketplaceYou can find this documentation at the following Internetaddress: service.sap.com/instguides

Date post:	12-Nov-2014
Category:	Documents
Upload:	manikandan-kamatchi-kamatchi
View:	121 times
Download:	8 times

SAP GRC Access Control 5.3 Sp9 Data Mart - Sample Reports

Documents