Search This Blog

Tuesday, January 11, 2011

Performance Optimization of SAP GRC Access Control 5.3 - Optimize Enterprise Role Management

The performance of Compliant User Provisioning on application level can be improved by the following measures:

· Reduce Log Level

· Avoid Risk Analysis for Critical Roles

Reduce Log Level

Writing detailed logs is a resource consumptive operation. In Enterprise Role Management in Configuration->Miscellaneous you can select from the following four log levels: DEBUG, INFO, WARN, ERROR. We recommend reducing the trace level down to ERROR.

Avoid Risk Analysis for Critical Roles

In Enterprise Role Management one or multiple methodology processes can be defined for role

maintenance. A role methodology process is a sequence of the following available actions: Role

Definition, Maintenance of Authorization Data, Role Derivation, Risk Analysis, Role Approval, Role Generation and Testing. Multiple role methodology processes can be created and used in parallel.

The first action in all role methodology processes is always Role Definition. During role definition role name, role attributes, description, role approvers etc. are defined. Each role methodology process is mapped against a set of values for the role attributes. According to the values of the role attributes assigned during role definition the role will be routed to the corresponding role methodology process.

For more details on role methodology processes consult the SAP GRC Access Control Configuration Guide.

Similar to Compliant User Provisioning a risk analysis in Enterprise Role Management for a very powerful role designed for super-user or emergency access would be very time consumptive and have little benefit. For this reason it is recommended tagging such roles with a particular role attribute and routing it into a specific role methodology process for critical roles that doesn’t contain the Risk Analysis action. This avoids trapping with critical roles into a long-running risk analysis.


1 comment: