Virsa GRC5.3 Guide

PREPARED BY
ADITYA JOSYULA
The Naming Differences between VIRSA and GRC 5.3 and GRC10.0:
VIRSA GRC5.3 GRC10.0
Compliance Calibrator Risk Analysis and Remediation (RAR) Access Risk Analysis(ARA)
Access Enforcer Compliant User Provisioning (CUP) Access Request Management(ARM)
Role Architect/ Role Expert Enterprise Role Management (ERM) Business Role Management(BRM)
Fire Fighter Superuser Privilege Management Emergency Access
(SPM) Management(EAM)
UNDER THE GUIDANCE OF

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
VIRSA(COMPLIANCE CALIBRATOR)
Overview:
Virsa Compliance Calibrator provides real-time compliance monitoring and controls, integrated within
your SAP deployment. Compliance Calibrator uses its built-in analysis engine to identify risks associated
with Segregation of Duty (SoD), critical actions, and critical permissions. Once identified, you use
Compliance Calibrator controls to mitigate or eliminate compliance risks.
Virsa Access Enforcer provides tools for assigning, enforcing, and logging (cross-system) network
resource access permissions, based on job-related database objects, such as users, groups, roles, and
profiles. You can also create and use workflows that model your business approval process for access
requests. If you use Compliance Calibrator, you can configure Access Enforcer to provide risk analysis
and mitigation controls, to identify and resolve access control risks and violations in your workflows.
Virsa Role Expert provides tools to create, manage, and define access permissions, either individual
access controls, or groups of access controls – based on job functions (roles). Creating role-based access
controls enables you to assign a group of access permissions to user(s) who perform a specific job
function, eliminating the need to manually reassign these permissions following a change of the user(s)
who perform that job function. If you use Compliance Calibrator, you can configure Role Expert to use
the Compliance Calibrator risk analysis engine when creating roles and assigning mitigation controls. If
you use Access Enforcer, you can configure Role Expert to require approval for new and changed roles
using Access Enforcer workflows.
Virsa Firefighter provides flexible controls that allow you to assign special permissions for emergency
access to network resources that would otherwise be restricted from the user or users performing the
emergency tasks. In addition to network emergencies, you can use Firefighter to provide temporary
and/ or time and date-restricted access permissions, for tasks that require those permissions only during
certain times, such as auditing services. Firefighter allows you to designate these permissions and who
must approve the assignment of these permissions. Once the access has been approved, Firefighter
provides an audit trail log of every action performed using these enhanced access privileges. If you use
Compliance Calibrator, you can configure Firefighter to use the risk analysis engine to identify and
resolve Firefighter risks and violations.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
The Components of Virsa are:
1. Compliance Calibrator
2. Access Enforcer
3. Fire Fighter
4. Role Architect
How to find the Risk with the User or Role Using VIRSA:
Risk can be due to
i. whenever two different Tcodes come together that will be one risk or
ii. Two similar kind of functions come together that might be a risk.
Here, Functions are the combination of multiple Actions(nothing but Tcodes) or Authorizations.
Risk Analysis can be performed by
1. User Level
2. Role Level

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Risk Analysis – User Level
To Logon to VIRSA Compliance Calibrator, the Tcode is / n/ virsa/ zvrat

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Select the Target System & Role then Click on Execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
→In Analysis Type, Under User Based Select the User and Mention the user name
→In SOD Risk Level, select the option level ALL
→ Select the Report Type which you want to perform, Here we are using SOD at Transaction Code Level
→Select the Report Format
→Select the User Type .
Check the below Screen Shot

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Execute.
After executing you will get all the levels of Risks i.e., High, Medium, Low and critical.
Check the below screen

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
By seeing the level of the risk we need to remove the risk or we need to mitigate the risk.
Click on Detail Report and Copy the Role Name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
To see the conflicts you need to click Technical View tab.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
To remove the risk, Copy the Role Name after that go to the backend system and remove the risk from
the role.
After going to the backend system remove one confliction actions (Tcodes) from the role.
Here confliction actions are SCC4 and SU01 & SCC5 and SU01.
Then Goto PFCG and mention the role name and remove the Tcodes from the role .
Check the below screens for removing the Tcodes from the role .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
After removing the Tcode from the role goto Authorization tab and go for Expert Mode for Profile
Generation.
Check the below screen shot .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then go with Read Old Status and Merge with New Data option and click Nike.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then generate the role and do the User Comparison.
Check the below screens.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now go back to the Analysis Type, Under User Based Select the User and Mention the user name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on execute.
Now you will get a screen with No violations found .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Risk Analysis – ROLE Level

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
→In Analysis Type, Under Role/Profile Based Select the Roles and Mention the Role name
→Select the Report Type which you want to perform, Here we are using SOD at Authorization Object
Level

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Execute.
Click on Technical View.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then Click on the Role Name.
Check the below Screen shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Again Double click on the Role name.
By Double clicking the role name you will get PFCG Screen directly where you can remove the conflicts.
Check the below screens for removing the Tcodes from the role .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Generation.
Check the below screen shot .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then generate the role and do the User Comparison .
Check the below screens

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now go back to the Analysis Type, Under Role/ Profile Based Select the Role and Mention the Role name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Simulation:
By using this option we can able to identify the risk information before adding the Tcode to Role or User.
EX: If Business is asking you to add 1 particular Tcode to the existing Role then we can get the risk
information by putting the Role name & Tcode information under Simulate option and click on Simulate
Button, then system will show the Risk Analysis information without adding a Tcode to Role.
Steps for Simulation at User Level

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now give the User name and Click on Simulate Tab.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here Under the Simulation Values give the Transaction which you want to add.
Note: Leave the Remote System Details as blank.
And check Risks from Simulation Only.
Then click on Execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here the value which we have used is SU01 to the user and its showing the risk in High Level.
So this clarifies the value which we have used shouldn't be assigned to the user.
But if the business wants to allow this risk to the user we can do it by using Mitigation Control Option.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Steps for Simulation at Role Level

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now give the Role name and Click on Simulate Tab.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here Under the Simulation Values give the Transaction which you want to add.
Note: Leave the Remote System Details as blank.
And check Risks from Simulation Only.
Then click on Execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here the value which we have used is SU01 to the Role and its showing the risk in High Level.
So this clarifies the value which we have used shouldn't be assigned to the Role.
But if the business wants to allow this risk to the Role we can do it by using Mitigation Control Option.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Mitigation:
Allowing the risk by using or creating the Mitigation Control ID's as per the Business.
You can use Mitigation Controls to associate controls with the Risk, and assign them to Users, Roles,
Profiles, or HR Objects.
Make individuals as Control Monitors or Approvers and then assign them to Controls.
Steps for Creating Mitigation
Here we are creating a Mitigation Control for the below Screen Shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now come back to Virsa screen & Click on Mitigation tab.
Check the below screen shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
After clicking the Mitigation tab you will get the below screen.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here we have to create the Approvers, Monitors, Business Unit, Mitigating Control ID, Mitigated Users.
Check the below screen shot for the process.
STEP1:
In this Mitigation Screen we are going to create Approvers, Monitors.
Click on Define Monitors and Approvers
Check the below screen shots.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on New Entries and mention the Monitor ID, Company Name, Email, Role.
Here in Role option we need to select either Approver or Monitor.
Here we are creating Approver & Monitor at a time.
After that click on Save.
Check the below Screen Shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
STEP2:
Business Unit is based upon Business Processes for Functions Identification. Here Business Unit ID is a
unique ID which was picked by our own.
EX:B100
Goto Business Units Click on Define Click on New Entries.
Give the Business ID, Description.
Click on Save.
Check the below screen shots

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Again Goto Business Units Click on Assign Approvers Click on New Entries.
Give the Business Unit ID and mention the Approver ID.
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Again Goto Business Units Click on Assign Monitors Click on New Entries.
Give the Business Unit ID and mention the Monitor ID.
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
STEP3:
Mitigating Controls is based upon Risk IDs for Identification. Here Mitigating Control ID is a
EX:B200
Goto Mitigating Controls Click on Create then fill the required details.
Give the Mitigating Control ID, Description, Business Unit, Management Approver.
Add the Associated Risk ID & Monitor.
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
STEP4:
Mitigated Users is used for assigning the Mitigating Control ID's to the User to allow the Risk.
Goto Mitigated Users

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on New Entries. Then give the Mitigating Control ID, User, Risk ID, Mitigation Validity & Monitor ID.
Here we need to give the Risk ID-B011 Manually because the Risk ID for the both violations is the same.
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now come back to Virsa screen and find out the Risk to that User ID:USER1
In Analysis Type, Under User Based Select the User and Mention the User name
→Select the Report Type which you want to perform, Here we are using SOD at Transaction Code Level
→In Exclusions Tab, Check the Locked Users, Expired Users, Mitigating Controls, Expired Roles.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Execute

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now you won't find any Violations.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
GRC5.3 (Governance Risk Compliance)
Overview:
Being closely related concerns, governance, risk and compliance activities are increasingly being
integrated and aligned to some extent in order to avoid conflicts, wasteful overlaps and gaps. While
interpreted differently in various organizations, GRC typically encompasses activities such as corporate
governance, enterprise risk management (ERM) and corporate compliance with applicable laws and
regulations.
Governance, risk, and compliance or GRC are increasingly recognized terms that reflects a new way in
which organizations are adopting an integrated approach to these aspects of their business
The following are the major advantages of GRC:
1. To increase Risk awareness and resulting in better decision making.
2. Improved visibility of risk, exposure across the organization.
3. Reduced risk of reaching segregation of duties violations.
4. Simlified Compliance, minimise Audit time & Cost.
The Components of GRC 5.3 are:
1. Access Control(AC)
2. Process Control(PC)
3. Global Trade System(GTS)
4. Environmental Health & Safety(EHS)
5. Risk Management(RM)

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Access Control:
With a built-in list of critical transactions and a matrix of segregation of duties conflicts, SAP GRC Access
Control lets you check if user or role maintenance introduces risks to your business. It also lets you
record the steps you take to mitigate those risks.
SAP GRC Access Control consists of the following modules:
• Risk Analysis and Remediation (RAR)
• Compliant User Provisioning (CUP)
• Superuser Privilege Management (SPM)
• Enterprise Role Management (ERM)
Risk Analysis and Remediation (RAR)
Previously known as Compliance Calibrator, RAR is the repository for definitions of segregation of duties
rules and critical transactions. As well as using the rules to check if user and role administration activities
could introduce risks to your business, RAR reports on the risks within the system – presenting them in a
graphical format within a web browser.
Compliant User Provisioning (CUP)
CUP provides the workflow engine to drive compliant user and role maintenance processes within the
SAP environment. These processes are auditable and verifiable, with clear, configurable processes for
approval, SoD checking and provisioning.
Enterprise Role Management (ERM)
ERM rigorously applies naming conventions and validations to role creation, reducing management
effort and the risk of segregation of duties violations. To use ERM you have to define structured working
methods.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Superuser Privilege Management (SPM)
Previously known as Firefighter, SPM lets you assign ‘emergency user’ status to normal support users,
giving them extended access for exceptional circumstances. A notification is linked to the use of this
extended access. And all activities are logged during its use to reduce the risk of unauthorised activities
taking place. SPM is one of the simplest Access Control components to deploy.
To Logon to GRC 5.3 Access Control, below is the link.
http:/ / aditya:50000/ webdynpro/ dispatcher/ sap.com/ grc~acappcomp/ AC
HostName

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
How to find the Risk with the User or Role using Risk Analysis and Remediation:
Risk can be due to
i. whenever two different Tcodes come together that will be one risk or
ii. Two similar kind of functions come together that might be a risk.
Here, Functions are the combination of multiple Actions(nothing but Tcodes) or Permissions(nothing
but Authorizations).
Click on Risk Analysis & Remediation

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
In a New window the below screen will be appeared.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Risk Analysis can be performed by
1. User Level
2. Role Level

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Risk Analysis - Role Level
Click on the Informer tab, under Informer tab
=> Go to Risk Analysis Option
=> Click on User/ Role Level and specify the required details as below screen.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
and click on execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
To remove the risk click on the risk description then you will know the role name after that go to the
back end system and remove the risk from the role, below is the screen of the role name

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
After going to the backend system remove one confliction actions (Tcodes) from the role.
Here confliction actions are SCC4 and SU01 & SCCL and SU01.
Check the below screens for removing the Tcodes from the role.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Generation.
Check the below screen shot

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then generate the role and do the User Comparison .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now go back to the Risk Analysis - Role Level and mention the role name which was removed in back
end system .

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Risk Analysis - User Level
Click on the Informer tab, under Informer tab
=> Goto Risk Analysis Option
=> Click on User Level as below screen.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
To remove the risk Go to backend system and Goto SU01 and mention the user name and select the
role tab and check the role and copy the role names and goto PFCG and mention the role name and
remove the Conflicting Actions here confliction actions are SCC4 and SU01 . Check the below screens

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on change and copy the role name

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Generation.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then generate the role and do the User Comparison.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now go back to the Risk Analysis - User Level and mention the user name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on execute.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Simulation:
By using this option we can able to identify the risk information before adding the Tcode to Role or User.
EX: If Business is asking you to add 1 particular Tcode to the existing Role then we can get the risk
information by putting the Role name & Tcode information under Simulate option and click on Simulate
Button, then system will show the Risk Analysis information without adding a Tcode to Role.
Steps for Simulation at User Level
GO to Risk Analysis User Level Give the system details and user name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Then Click on simulate

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here fill the required details & Under the Simulation Values give the value which you want to add, Here
the value is nothing but Tcode.
Then click on Simulate
Here the value which we have used is SU01 to the user and its showing the risk in High Level.
So this clarifies the value which we have used shouldn't be assigned to the user.
But if the business wants to allow this risk to the user we can do it by using Mitigation Control Option.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Steps for Simulation at Role Level
GO to Risk Analysis Role Level Give the system details and Role name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here fill the required details & Under the General Information mention the system & role name. Under
the Simulation Values give the value which you want to add, Here the value is nothing but Tcode.
Here the value which we have used is SU01 to the Role and its showing the risk in High Level.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
So this clarifies the value which we have used shouldn't be assigned to the Role.
But if the business wants to allow this risk to the Role we can do it by using Mitigation Control Option.
Mitigation:
Allowing the risk by using or creating the Mitigation Control ID's as per the Business.
You can use Mitigation Controls to associate controls with the Risk, and assign them to Users, Roles,
Profiles, or HR Objects.
Make individuals as Control Monitors or Approvers and then assign them to Controls.
Steps for Creating Mitigation
Here we are creating a Mitigation Control for the below Screen Shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now click on the Risk Description -B0111BD01.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
After clicking the Risk Description -B0111BD01, you will find the Risk information. You need to
concentrate on the Risk ID & Business Process.
Check the below screen shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now go to Mitigation Tab, Check the below screen shot.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here we have to create the Approvers, Monitors, Risk Owners, Business Unit, Mitigating Control ID,
Control Monitors and Mitigated Users.
Check the below screen shot for the process.
STEP1:
In this Administrator Tab we are going to create Approvers, Monitors, Risk Owner ID's.
Goto Administrators Click on Create then fill the required details.
Approver

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Monitor
Risk Owner

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
STEP2:
Business Unit is based upon Business Processes for Functions Identification. Here Business Unit ID is a
EX:B100
Goto Business Unit Click on Create then fill the required details.
Give the Business ID, Description and add the Approver & Monitor.
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on the Plus(+) button to add the Approver.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Go to Monitor Tab & Click on the Plus(+) button to add the Monitor.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
STEP3:
Mitigating Controls is based upon Risk IDs for Identification. Here Mitigating Control ID is a unique ID
which was picked by our own.
EX:B200
Goto Mitigating Controls Click on Create then fill the required details.
Give the Mitigating Control ID, Description, Business Unit, Management Approver.
Add the Associated Risk ID & Monitor.
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
STEP4:
Mitigated Users is used for assigning the Mitigating Control ID's to the User to allow the Risk.
Goto Mitigated Users

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Search.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here click on the add button, then give the Mitigating Control, User ID, Risk ID & Monitor ID.
Here we need to give the Risk ID-B011* Manually because the Risk ID for the both violations is the same.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Save.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now Schedule the Background Jobs. Check the below Screen Shot

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Schedule.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Here give the Job Name & Click on Schedule.
After that check the Job States.
The State would be COMPLETE.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Now Go back to the Informer Tab and find out the Risk to that User ID:USER1
GO to Risk Analysis User Level.
Mention the System and User name.

RASHEED AHMED
PREPARED BY
ADITYA JOSYULA
Click on Execute.
Now you won't find any Violations.

RASHEED AHMED

Virsa GRC5.3 Guide

Uploaded by

Document Informationclick to expand document information

Copyright:

Available Formats

Virsa GRC5.3 Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Virsa GRC5.3 Guide

Uploaded by

Copyright:

Available Formats

PREPARED BY

VIRSA GRC5.3 GRC10.0

UNDER THE GUIDANCE OF

UNDER THE GUIDANCE OF

The Components of Virsa are:

Risk can be due to

Risk Analysis can be performed by

UNDER THE GUIDANCE OF

Risk Analysis – User Level

To Logon to VIRSA Compliance Calibrator, the Tcode is / n/ virsa/ zvrat

UNDER THE GUIDANCE OF

Select the Target System & Role then Click on Execute.

UNDER THE GUIDANCE OF

→In SOD Risk Level, select the option level ALL

→Select the Report Format

→Select the User Type .

Check the below Screen Shot

UNDER THE GUIDANCE OF

Check the below screen

UNDER THE GUIDANCE OF

Click on Detail Report and Copy the Role Name.

UNDER THE GUIDANCE OF

To see the conflicts you need to click Technical View tab.

UNDER THE GUIDANCE OF

UNDER THE GUIDANCE OF

UNDER THE GUIDANCE OF

UNDER THE GUIDANCE OF

Check the below screen shot .

UNDER THE GUIDANCE OF

Check the below screen

UNDER THE GUIDANCE OF

Then generate the role and do the User Comparison.

Check the below screens.

UNDER THE GUIDANCE OF

UNDER THE GUIDANCE OF

Check the below screen

UNDER THE GUIDANCE OF

Now you will get a screen with No violations found .

Check the below screen

UNDER THE GUIDANCE OF

Risk Analysis – ROLE Level

To Logon to VIRSA Compliance Calibrator, the Tcode is / n/ virsa/ zvrat

UNDER THE GUIDANCE OF

Select the Target System & Role then Click on Execute.

UNDER THE GUIDANCE OF

→In SOD Risk Level, select the option level ALL

→Select the Report Format

→Select the User Type .

Check the below Screen Shot

UNDER THE GUIDANCE OF

Click on Technical View.

Check the below screen

UNDER THE GUIDANCE OF

Then Click on the Role Name.

Check the below Screen shot.

UNDER THE GUIDANCE OF

UNDER THE GUIDANCE OF