Академический Документы
Профессиональный Документы
Культура Документы
GRC Terminology
Term
Sourc
e
Meaning
Example
Action
GRC
Action Level
GRC
GRC
Access Risk
Short
term
Risk
ARA
GRC
Short
term
Sourc
e
Meaning
Example
Access Rule
Rule
GRC
Rule set
GRC
A pre-defined set of :
GLOBAL
ZAUDIT
A system may have several rule sets, e.g. SAPdelivered, External Audit, MIT modified, and the risk
analysis reports can be run using any one rule set at a
time. Also, rule sets can be compared to each other for
differences.
Short
term
Sourc
e
Meaning
Example
Authorization
Profiles
Profiles
SAP
SAP_ALL
Z#:JV_FY
Business Analyst
BA
MIT
Business End
User
End User
MIT
GRC
Business Process
Business System
Analyst
BSA
MIT
Short
term
Composite Role
Critical Role
Critical Profile
Critical Action
Critical
Custom User
Group
User
Group
ESS
ESS
Sourc
e
Meaning
SAP
GRC
GRC
SAP
Example
Z_VPF_C_ADMIN_COMMON
Role = SAP_ALL
Tcode/Action = FB01 with
Permission 01 (Post)
VPF
Short
term
Exception Access
Rules
Sourc
e
Meaning
Example
GRC
FireFighter logs
Logs
GRC
Firefighter Role
Role
SAP
SAP
FireFighter R/3
User
FireFight
er
Short
term
FFID
Sourc
e
Meaning
GRCEAM
Firefighter ID
Owner
FFID
Controlle
r
GRCEAM
GRCEAM
Example
Short
term
Function
Sourc
e
Meaning
Example
GRC
Power
User
MIT
BSAs, BAs and some Role owners will use most of the
reports in GRC - so they are known as the "Power
Users" in respect of the report usage and training
requirements.
GRC system
GRC-ARA
GRC-EAM
GRC
GRC
Short
term
MIT Roles
Database
RolesDB
Mitigation
Control
Mitigatio
n
Sourc
e
Meaning
Example
MITs custom system for managing some of the crosssystem access, including some SAP access. SAP
access is provisioned through an automated process,
mapping RolesDB rules to SAP R/3 Security profiles,
which are then assigned to the R/3 User.
GRC
Short
term
Sourc
e
Meaning
Example
Permission Level
Permissio
ns
GRC
PFCG
SAP
GRC
Provisioning
Risk Level
Permission / Authorization:
only given Activity = 03
(Display).
No access to
Activity = 01 (Create) or 02
(Change) etc.
Short
term
Sourc
e
Risk Owner
Risk Violations
Role
Role Owner
Meaning
Example
GRC
SAP
Z_VPF_S_AR_MANAGER
Z_VPF_S_DOCUMENT_REVE
RSE
SAP Access
Control
SAP
Authorization
Short
term
RolesDB
SAP R/3
Security
Sourc
e
MIT
SAP
SAP ECC
SAP Core
SAP 6.0
SAP User Group
Meaning
Example
SAP
VPF-FAR
Short
term
Sourc
e
Meaning
Example
Segregation of
Duties
SOD
GRC
Simulation
Simulatio
n
GRC
MIT
SOD Coordinator
SUIM
SUIM
SAP
Transaction code
tcode
SAP
Short
term
Sourc
e
Meaning
Example
User Master
User
SAP
PAMELAS
DALET
VACHA
Workflow ECC
Workflow GRC