SAP GRC – Technical Upgrade To 12 From 10.

x
Sohom Sarkar, Sanjay Kumar, Anindita Sen Gupta
 TABLE OF CONTENTS
1. DOCUMENT OBJECTIVE ......................................................................................................................................2
2. DOCUMENT OVERVIEW ......................................................................................................................................2
3. WHY GRC 12.0? .......................................................................................................................................................2
4. GRC 12.0 NEW FEATURES ....................................................................................................................................2
5. PREREQUISITES .....................................................................................................................................................3
6. COMPONENTS ........................................................................................................................................................3
7. UPGRADE PLAN AND ACTIVITIES ....................................................................................................................4
8. DOCUMENT AND NOTES .....................................................................................................................................5
9. ISSUES AND RESOLUTION ..................................................................................................................................6
10. KEY LEARNINGS .................................................................................................................................................9

1|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
1. DOCUMENT OBJECTIVE
This document explains the set of activities required and performed for the Governance, Risk and Compliance -
Access Control technical upgrade.

2. DOCUMENT OVERVIEW
This document is helpful for SAP GRC AC consultants planning for GRC 12 from 10.x technical upgrade to provide
the best solution to clients. This document will serve as technical reference guide with all the major activities that
the GRC consultants need to follow as best practice for GRC upgrade.

This document has been prepared with the target version GRCFND_A V1200, SP07 in consideration.

3. WHY GRC 12.0?

It is required to plan and implement an upgrade to version 12 to stay ahead of the curve.

❖ SAP ends GRC 10.1 Support maintenance on 31st Dec 2020 (SAP Note - 2878927)
❖ GRC 12.0 is more compatible with Fiori for GRC
❖ GRC 12.0 provides a persona based launchpad application
❖ Future - readiness for upcoming S/4 HANA transformation journey in view of GRC rulesets, integration
with HANA DB etc.

4. GRC 12.0 NEW FEATURES

GRC 12.0 has the following enhanced functionalities:

▪ Risk analysis can be executed for FIORI, new FIORI rule set — Rule set for risk analysis integration with
Fiori Apps on S/4HANA On-premise systems.
▪ GRC 12 has capability to control EAM for HANA database.
▪ GRC 12.0 allows to use on Mobile devices as it is SAP Persona based personalization application.
▪ It supports integration down the line for cloud platforms and new SAP products like SAP Ariba, SAP
Concur, Success Factors and S/4HANA cloud. This can be achieved with IAG, which connects as a bridge
with all cloud-based applications (SF, S/4HANA, Ariba, etc.)

2|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
5. PREREQUISITES
To upgrade GRC to 12, there is minimum requirement that underlying NetWeaver version should be 7.52 SP0x.

Secondly, the existing GRC system doesn’t have to be on a particular SP level of GRC v10.0 or 10.1 to move to v12.

The following SAP notes can be more helpful in this regard.

Sl. No. SAP Note Description

1 2640373 Upgrade to Access Control 12.0 from GRC Access Control 5.3/10/10.1 Version
2 2648777 FAQ: Access Control 12.0 Upgrade
3 2654895 FAQ: GRC Access Control 12.0 Installation Questions and Recommendations

6. COMPONENTS
To understand the final versions of the components we recommend to generate stack from maintenance planner
and check the dependencies or review SAP release notes and come up with the version of the components. Also,
check the plug-in components involved and determine the versions need to be at, for the application to work
seamlessly.

We analyzed the requirement for our client in the same way and checked the current component versions and
several notes to find the recommended target version. The stack showed the same results as well.

Sl. No. Component Required Current version Recommendation Comments

1 SAP NW 7.52 in GRC SAP NW 7.4 SP17 SAP NW 7.52 SP05 SAP Note 2802102

2 GRCFND_AV1200 in GRC GRCFND_AV1100 SP13 GRCFND_AV1200 SP07 SAP Note 2833153

3 Plug-In Component GRCPINW V1100_731 GRCPINW V1100_731 SAP Note 1352498
(GRAPINW) SP14 SP26
4 GRCPINW in GRC GRCPINW V1100_731 SAP Note 1352498
SP14
Also, to get enhanced SAP Persona based application for better end user experience on mobile devices, its
recommended to go for Fiori implementation. In our scenario, we implemented the below list of components.

Sl. No. Component Required Current version Recommendation Comments

1 SAP FIORI FRONT-END SERVER GRCFND_AV1100 SAP FIORI FRONT-END SAP Note 2618605
(Embedded Fiori in GRC) SP25 SERVER 5.0 SP04
2 SAP Fiori for SAP AC 1.0 in GRC SAP FIORI FRONT- UIGRAC001 SP04 SAP Note 2654895
(UIGRAC01) END SERVER 5.0 SP03

Note: – The above components’ s SP level may vary based upon the SAP releases. It is recommended to be on the
latest Support Package level.

3|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
7. UPGRADE PLAN AND ACTIVITIES
Technical Upgrade: Check with business on what functionalities they want to enable and plan the work
accordingly. Hence, regression testing and impact assessment need to be performed to make sure the current
business scenarios work in the upgraded environment as expected.

In present scenario, upgrade plan was like any other conventional upgrades – A system copy of the Production
performed in GRC sandbox to check the upgrade compatibility, system performance and to identify the potential
challenges. A PoC upgrade performed on the Sandbox system to document the test case scenarios, test scripts and
cut-over plan steps, after successful POC, moved to development system to perform unit testing, once unit testing
completed, started with SIT in quality system, UAT was performed by Business stakeholders. Once all these are
completed successfully, moved to Go-live.

Typical upgrade will have below phases.

Plan/Analyze Design Build Test & Train Deploy Hypercare

Review current Regression testing

Business processes Finalize the GRC
Configurational of the existing G
Post-upgrade
changes as per functionalities
component
the business
Documentation O support provided,
Introduce the client versions for the technical followed by the
requirement Business -
stakeholders to the and SOP change maintenance and
merits of GRC 12.0 Identify test Stakeholders operational
Perform SU25 involvement for L support of the
scenarios and Move changes to
steps for role UAT
Impact analysis of create regression
modification and
Production I upgraded GRC
the upgrade on the test scripts systems
current system
remediation User Training V
E

Pre-Upgrade Activities: -

• Kick Off session with client stakeholder

• Impacts analysis of the Upgrade
• GRC 12 Upgrade - Component Finalization
• GRC Sandbox refresh from GRC Production
• Resolve/Close open issues
• Test scenario identification based on the business needs
• Test scripts creation for GRC regression testing
• Close all open requests workflow
• Master Data and configurational backup

4|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
Post Upgrade Activities: -

• Validate all required support pack in GRC and Plugin systems.

• Validate system configuration
• Validate all Access Control sync jobs
• Perform SU25 steps for role modification and remediation

Regression Testing: -

• Unit testing in Dev, System Integration and UAT in Quality system

• A clear process was defined to obtain signoffs for the upgrade, SIT and UAT testing from the
business for each landscape before moving to the higher environments. Typically, these are IQs
(Installation Qualification) and OQs (Operation Qualification) customarily observed in Pharma
clients
• Business stakeholders also performed the regression testing to check the existing functionality

Technical documentation and Go-live: -

• Documentation for the technical, process and change documents

• Post Go-live Sanity check

Hypercare and Steady-State Support: -

• Post-upgrade support provided, followed by the maintenance and operational support of the
upgraded GRC systems

8. DOCUMENT AND NOTES

In GRC upgrade what we’ve noticed, the main difficulty is to determine the support pack level to be maintained on
the target GRC system and that of add-ons on the satellite plug-in systems and the underlying NetWeaver versions
for ABAP & JAVA.

We referred the following SAP notes during component finalization as per the business requirement.

Sl. No. SAP Note Description

1 2878927 End of Maintenance GRC 10.0/ GRC 10.1
2 1128727 Guide to install GRC Access Control Support Packages
3 1086823 GRC Access Control: When to use the VIRSA, NH or HR RTA
4 2640373 Upgrade to Access Control 12.0 from GRC Access Control 5.3/10/10.1 Version
5 2648777 FAQ: Access Control 12.0 Upgrade
6 2654895 FAQ: GRC Access Control 12.0 Installation Questions and Recommendations
7 1352498 Support Pack Numbering – GRC Access Control to assist in ensuring that systems are in sync.
5|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
 8 2602825 Release strategy and Maintenance Information for the ABAP add-on GRCPIERP V1200_S4
9 2602564 Release strategy and Maintenance Information for the ABAP add-on GRCPINW V1200_750
10 2878927 End of Maintenance GRC 10.0/ GRC 10.1

The support pack levels for add-on components on the plug-in systems for various NetWeaver versions are shown
in below mapping with the GRC Foundation software component that is installed on the GRC system. For further
details on the Support Packs of the plug-in NetWeaver systems compatibility with the add-on component, check
the corresponding release notes for each of the support packs.
Supported add-on component on plug-In system

GRC 12.0 Funndation component on GRC system

Note: - Above component mapping is from SAP note- 1352498.

9. ISSUES AND RESOLUTION

Issue#1: User Search in Access Request form – User search and detail data source is LDAP. While searching for
users in access requests, the user details like First Name, Last name and Email are getting populated but the
manager information is missing.

Resolution: 2902924-ARQ: Manager details are not fetched from LDAP system
6|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
Issue#2: “Error while inserting the request reason” – This error was coming while Access request submission.

Resolution: 1843287 - Upgraded SAP NetWeaver on GRC and Submitting a request causes error while inserting
request reason

Issue#3: Access Request Workflow getting Stuck

Resolution: SAP Notes 2881527 - UAM: Workflow is not getting triggered while creating an Access Request due to
syntax error in SWDD and 2914893 - WF: Workflow is not getting triggered while creating an Access Request or
Firefighter Review due to syntax error in SWDD.

7|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
Issue#4: Access Request not getting updated with instance status (Running/Decision Pending) correctly after
approval completion (Completed)

Resolution: 2868892-ARQ - Access Request is not closing after submit and 2823531-Access Requests stay in
Decision Pending for rejected line items and no closing notification is triggered.

8|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only
10. KEY LEARNINGS
An overview of a typical GRC upgrade – Access Control. It’s focused more on technical requirements and high-level
project planning for a successful GRC upgrade.

Key learnings: -

▪ Fiori with GRC 12.0

✓ Do not implement Fiori for GRC 10.1, better to move to GRC 12.0
✓ Upgrading to GRC 12.0, introduce the customer to Fiori instead of doing a simple version
Upgrade, to bring in the Value Addition. GRC 12.0 has new features of a Persona based Fiori
Launchpad instead of the monotonous NWBC screens.
✓ GRC 12.0 is indeed the solution to be future–ready for clients planning to undertake the S/4
HANA transformation journey.

▪ POCs are important for any new solution

✓ We allotted maximum time for the POC and that has helped us to be fully sure of the solution
and its impact on the client environment before moving on with the change.
✓ For GRC, it’s best to go for the latest SPs for the components as the solution is being constantly
developed. 10+ Notes were implemented for Fiori during POC, so we moved to higher SP for the
Fiori Component in Development.

9|P a g e
Accenture Confidential & Propriety Information. All Rights Reserved. For Internal Use Only