Know monitored users in SAP GRC with GRAC_MANAGED_USERS_COUNT
A new report to simplify the Licensing calculations in SAP GRC
In the context of SAP GRC (Governance, Risk, and Compliance), monitored users refer to the individuals whose access, authorizations, and activities are actively managed and tracked by the SAP GRC Access Control system. These users are typically part of the compliance scope and are subject to access risk analysis, firefighter access monitoring, and periodic access reviews to ensure adherence to internal controls and regulatory requirements.
Identifying monitored users is a challenging task and is always a debating topic when it comes to licensing calculations.
The good news! SAP provides a new standard report called GRAC_MANAGED_USERS_COUNT. This report is specifically designed to give administrators a clear count of all users who are being monitored and managed within the GRC Access Control framework. It offers a high-level summary of the user base under governance, helping ensure that proper oversight mechanisms are in place.
Note: The report GRAC_MANAGED_USERS_COUNT is available starting from SAP GRC Access Control version 12 with Support Package (SP) level 14 or higher.
If your system is on a lower SP level, you must implement SAP Note # 3053888 to enable this functionality.
Here are the report types available:
Managed Users Count Report:
The Managed Users Count report provides the count of total number of users managed in the GRC AC system, including both expired and active users, along with unique users count of the respective user types as displayed in the below figure.
Additionally, you can validate the user count with the GRACUSERCONN table. The entries in the GRACUSERCONN table should match those in the USR02 and AGR_DEFINE tables.
Display All Users:
The "Display All Users" feature showcases comprehensive user information, including system details, User ID, User Name, User Group, User Type, lock and expire status, and validity. This detailed information helps administrators understand the scope of user management within the SAP GRC system, enabling better oversight and control of user access and compliance.
Once the reports are generated, you may download them for further analysis. Use the below options:
Download Users to File:
The "Display All Users" data can be downloaded to your local system using the "Download Users to File" option. This allows administrators to easily export and analyze user information offline. Having a local copy of the data facilitates detailed reporting and auditing processes, ensuring thorough examination and documentation of user access details.
NOTE: If any customer use more than one client as a productive clients then duplicates can removed manually using the download user’s option.
Additional options:
System Last Synch Report:
The System Last Synch Report provides details on the most recent run of the Repository Sync job. This report includes a count of all users that have been imported into the GRC user tables through the Repository Sync job.
Key Functions of GRAC_MANAGED_USERS_COUNT Report and how it helps:
User Count: The primary purpose of the report is to tally the number of users currently managed by SAP GRC AC.
Monitoring Scope: It helps in understanding the scope of user monitoring within the organization.
Resource Allocation: Assists in resource planning by providing insights into the volume of user data being managed, which can be critical for system performance and resource allocation.
Audit and Compliance: Provides a quick reference for compliance audits, demonstrating the extent of user monitoring.
System Performance: Offers insights that can help in optimizing system performance by understanding the load related to user monitoring.
Overall, the GRAC_MANAGED_USERS_COUNT report is a valuable tool for administrators to gain a clear picture of user management within the SAP GRC AC system.