Organizations implement SAP GRC compliance calibrator to manage segregation of duties within the SAP system. Compliance calibrator works on the premise of a SoD conflict ruleset which is defined at the outset. Segregation of duties conflicts or SOD violations can be at many levels. In Compliance Calibrator, it is possible to have SOD violations at the SAP master role level or even at the the user level. Focusing the attention on managing SOD violations at the user level can be a complex process. So to remediate segregation of duties violations conflicts within Virsa, it is not always the best thing to remove transactions from the users.

Options to remediate SOD violations could include utilizing the authorization objects and field values. So what are the things to keep in mind while remediating SOD violations in SAP GRC Virsa.

1. The SOD rule set should match the business requirements, customizations and SOD environment. The rule set is at the core of compliance calibrator. If required, the rule set should be tailored to meet specific requirements.

2. Start looking at single roles first. If major SOD violations are present at the single role level, this would result in further complications later on. As far as possible, the single roles should be clean.

3. The next step is to focus on composite roles, once all the single roles are clean of segregation of duties conflicts.

4. Finally, once steps 2 and 3 above are complete, it is time to focus efforts on the user master record level. Since more than one role / composite role may be allocated to a user, managing conflicts at the user level is a bit complex. As a good practice, it would benefit to look at the organization structure and the user's job role within the structure in deciding whether to remove a transaction from the user.

Related Posts

SAP R/3 T-Codes for System Management
SAP R/3 Reporting tools Infosets
Periodic Repostings in SAP CO Module
Introduction to SAP R/3 Tables