GRC Imp Tables

One of the most important requirement is to make sure that the repository data is synced to the GRC
box. Some of the important repository tables in the GRC system are
 GRACUSERCONN
 GRACRLCONN
 To Check whether integration scenarios are connected properly or not. GRACCONNSTAT
The generated rule for the Risk Id's are stored in the following tables
 GRACACTRULE
 GRACACTRULEEXT

If you are using the online(ad-hoc) risk analysis the violations will be fetched at run time but if you
are using the Offline risk analysis the result will be stored in the risk analysis result will be stored in
the following tables
Action level violations
 GRACUSERACTVL
 GRACROLEACTVL
 GRACPROFILEACTVL
 -Action Usage GRACROLEUSAGE
-Role Usage GRFNCONNSCNLK
Permission level violations
 GRACUSERPRMVL
 GRACROLEPRMVL
 GRACPROFILEPRMVL

1- GRACSODRISK – here we can identify the Risk Type (SOD-1 , Critical Action-2, Critical Permission-
3) and Risk Level(Medium,0, High -1, Low -2, Critical -3)

2- GRACSODRISKFUNC – Here we will find the Risk ID function ID relationship

3- GRACSODRISKOWN – Here we will get the Risk ID owners details

4- GRACSODRISKRS – Here we will Rule ID and Risk ID relationship

GRACFUNCACT - Get the Function ID T- Codes list or Particular T-code how many functions id are
linked
5- GRACACTION – Get The T- Code ID

6- GRACCNDGPAPV - Condition Group and Approver Relation

7- GRACCNDGPMTH - Condition Group Methodology Relation

8- GRACCNDGPTPBRF - Condition group type to BRF+ function assignment

9- GRACCNDGPTYPE - GRC ERM Condition Group Type

10 - GRACCNDGPTYPEBRF - Condition group type to BRF+ function assignment.

11- GRACCNDGPTYPET - GRC ERM Condition Group Type Text
12- GRACACTUSAGE - Get The T- Code Usage info for all users/particular users
13- GRACCONNSTAT – Get the connector Status

14- GRACEUP End User Personalization

 15 -GRACEUPCONFIG - End User Personalization Fields
GRACFFOWNER - Master table for Fire fighter Owners and FF ID/Roles
GRACFFOWNERT - Fire fighter Owners
GRACFFREPMAPP - FFLOG and Repository Mapping for Firefighters
GRACFFUSER - Maintain SPM Firefighter Assignment to FF ID/Roles
GRACFFUSERT - Details related to FF ID or role assignment to Firefighter
GRACFFCTRL - Maintain assignment of FF ID or Role to Controllers
GRACFFCTRLGRP - Maintain Controller Group and FF ID/Role Assignment
GRACMITOBJECT - Mitigating control assignment
GRACMITPROF - Profile mitigating control assignment
GRACMITROLE - Role mitigating control assignment
GRACMITROLEORG - Role Org mitigating control assignment
GRACMITUSER - User mitigating control assignment
GRACMITUSERGP - User Group mitigating control assignment
GRACRISKLEVELT Risk Level Descriptions
GRACROLEAPPRVR Role Approver

ARM Related

Request Reason

Request reason is stored in SAPscript, with Text Object as “GRC” and ID as “LTXT”. You can use
standard SAPscript Function Module (READ_TEXT) to fetch request reason of a GRC request by
passing the “TEXT” value to the Name field. This TEXT value can be fetched from table STXH

e.g: ACCREQ/00155D08DA361ED2A1BD201C710165A5/LONG_TEXT (For access requests

ACCREQ/RequestID(GRACREQ Table)/LONG_TEXT
2. Request Comments

Request comments also are stored in SAPscript, with Text Object as “GRC” and ID as “NOTE”.
You can use standard SAPscript Function Module (READ_TEXT) to fetch comments of a GRC
request by passing the “TEXT” value to the Name field in the same way as done above for
request reason. This TEXT value can be fetched from table STXH.

e.g: ACCREQ/00155D08C4051ED4BDFDEF53EC12C0D7/20150511151344
(ACCREQ/RequestID(GRACREQ Table)/XXXX)

3. GRACREQ – Request details table

This table will provide the information about Request ID, Request Type, Request Creation Date
and Request Priority

4. GRACREQUSER – GRC Request User details table

This table will provide the information about user for whom GRC request has been raised and
provides details about User ID, User First Name, User Last Name and User Email ID

5. GRACREQPROVITEM – GRC Request Line Item Details

This table will provide the information about the request and the below Line Items in the
request with their corresponding VALID FROM and VALID TO dates.

 Role
 System
 Fire Fighter Id
 User
 Profile
 PD Profile
 FireFighter Role

6. GRACREQPROVLOG – GRC Request Provisioning Logs

This table will provide the information about the request and the Line Items in the request with
their provisioning status (Success or Failure or Warning)

7. GRFNMWRTINST – GRC Request Instance Details

This table will provide the information about the request and its corresponding instance status.

8. GRFNMWRTDATLG – GRC Request Approval Status

Get the details of Instance ID from GRFNMWRTINST table by passing the request number in
“EXTERNAL_KEY_DIS” field. Based on the Instance ID you can get the details of each Line Item
approval status in the request, Path ID, StageSequence Number and Approver User column in
this table gives the details of the approvers.

Based on Path ID you can get the stage details by using the tables “GRFNMWCNPATH” and
“GRFNMWCNSTG”

9. GRFNMWRTAPPR – Current Approver for Request Line Items

This table will provide the information about the request and current approvers for
corresponding Line Items in the request.

10. GRACROLE & GRACROLEAPPRVR

These tables will provide the information about the roles and their corresponding role owners
maintained in BRM.

11. GRACRLCONNVAL

This table will provide you the details about Auto provisioning status for a role

12. HRUS_D2 – Approver Delegation Table

This table will provide the information about the delegated approvers in GRC

13. GRACSTDROLE and GRACSTDROLESYS

These tables will provide the information about the default roles maintained in GRC.

14. GRPCCHKO and GRPCPHIO – GRC Request Attachment Details

These tables will provide the information about the attachments in the GRC request.

Get Request ID for a GRC request from GRACREQ Table

Input Request ID retrieved above in the field PROP08 of table GRPCPHIO.Get PHIO_ID from
GRPCPHIO table. This table also gives attachment description details.

Input PHIO_ID to table GRPCCHKO. This table will provide Attachment Name and Type details.

15. Mitigating Control Vs. Risk/Monitor/Approver Details

Retrieve OBJID from table HRP5354 by inputting the Mitigating Control ID in SHORT_KEY1 field

Retrieve KEY 1 and KEY 2 from HRT5320 by passing OBJID retrieved above into T_OBJID field
which will give Risk/MC Monitor/MC Owner Details

16. Mitigating Control Short Text and Long Text

Short Text

Retrieve “OBJID” from table HRP5354 by passing Mitigating Control ID into “SHORT_KEY1” field

Retrieve ‘STEXT’ from table HRP1000 by passing ‘OBJID’ value retrieved from above table

Long Text

Retrieve “OBJID” from table HRP5354 by passing Mitigating Control ID into “SHORT_KEY1” field

Retrieve “TABNR” values by sorting ‘AEDTM’ and take the latest last modification date from table
HRP1002 by passing PLVAR = ’01’, OTYPE = ‘P2’, OBJID = value retrieved from above table and
SUBTY = ‘0001’

Retrieve “TLINE” values from table HRT1002 by passing TABNR value retrieved from above table

17. Risk Long Text

Class: CL_GRFN_SAPSCRIPT

Method: RETRIEVE_STRING

Pass following values:

 IV_LANGUAGE = EN
 IV_OBJECT_ID = SOD_RISK/<RiskID>
 IV_CLASS = LTXT
 IV_TOKEN = RSK
 IV_APPLICATION = GRC

18. Control Assignment request Items table

GRACMITMSMPVALI – This table will have the Control Assignment request and corresponding
Lineitems of that request.

MSMP Instance and External Key in this table are referenced from GRFNMWRTINST table.