SAP GRC SOD

© 2011 SAP AG

Applies to:

SAP® BusinessObjects™ Access Control 10.0

Summary

Access Control is an enterprise software application that enables organizations to control access and prevent fraud across the enterprise, while minimizing the time and cost of compliance. The application streamlines compliance processes, including access risk analysis and remediation, business role management, access request management, superuser maintenance, and periodic compliance certifications. It delivers immediate visibility of the current risk situation with real-time data. This guide explains the Segregation of Duties Review concept and the technical configuration to attain that functionality.

Authors: Harleen Kaur, SAP Customer Solution Adoption

Created on: August 10, 2011

Version: 1.6

Performing Segregation of Duties Reviews in Access Control 10.0

© 2011 SAP AG

Typographic Conventions

Type Style Description

Example Text Words or characters quoted

from the screen. These

include field names, screen

titles, pushbuttons labels,

menu names, menu paths,

and menu options.

Cross-references to other

documentation

Example text Emphasized words or

phrases in body text, graphic

titles, and table titles

Example text File and directory names and

their paths, messages,

names of variables and

parameters, source text, and

names of installation,

upgrade and database tools.

Example text User entry texts. These are

words or characters that you

enter in the system exactly as

they appear in the

documentation.

<Example

text>

Variable user entry. Angle

brackets indicate that you

replace these words and

characters with appropriate

entries to make entries in the

system.

EXAMPLE TEXT Keys on the keyboard, for

example, F2 or ENTER.

Icons

Icon Description

Caution

Note or Important

Example

Recommendation or Tip

© 2011 SAP AG

Table of Contents

1. Getting Started .................................................................................................................... 2

1.1 About this Guide ........................................................................................................... 2

1.2 Audience for this Guide ................................................................................................ 2

2. Introducing SoD Review ..................................................................................................... 3

2.1 Exploring the SoD Review Process ............................................................................. 3

2.2 Exploring Process Options ........................................................................................... 4

2.3 Understanding Workflow Stage Configuration ............................................................. 5

2.4 Exploring Roles in SoD Review Process ..................................................................... 6

3. Prerequisites ........................................................................................................................ 6

4. Configuration Settings for SoD Review ............................................................................ 7

4.1 Managing IMG Configuration Settings ......................................................................... 7

4.2 Managing Coordinators ................................................................................................ 8

4.3 Specifying the Service Level Agreement (Escalation) ............................................... 10

4.4 Generating Data for Requests ................................................................................... 10

4.5 Performing Request Review ...................................................................................... 14

4.6 Update Workflow Job ................................................................................................. 16

5. Workflow Configuration.................................................................................................... 18

6. Reviewing SoD Review Requests .................................................................................... 24

6.1 Managing SoD Review Requests .............................................................................. 24

6.2 Managing Rejections .................................................................................................. 26

7. Comments and Feedback ................................................................................................. 26

8. Copyright ........................................................................................................................... 27

GRC Access Control 10.0 Segregation of Duties Review

Page 2

© 2011 SAP AG

1. Getting Started

The Segregation of Duties Review (SoD Review) feature automates and documents the periodic

decentralized review of risk violations by business managers or risk owners.

In the SoD Review process, the system checks periodically for any risk and violations associated with

users and functions they are associated with.

This feature can be used during the initial “clean-up” of risk violations as well as a long-term strategy to

review and affirm previous mitigation assignments.

Requests are generated automatically based on the company’s internal control policy.

The SoD Review provides a workflow-based review and approval process.

1.1 About this Guide

In this how-to-guide, the configuration as well as the implementation of the SoD Review process is

illustrated in detail. This guide is a stand-alone document.

Note:

This guide provides business use cases as examples for how you can use SAP software for your company. These examples are intended to serve only as models and might not necessarily run the way they are described in your customer-specific landscape.

This guide discusses SoD Review for GRC Access Control 10.0. Any attempt to use this guide for other product versions is not supported.

For an overview of the Access Control 10.0 documentation, refer to the SAP BusinessObjects Access

Control 10.0 Master Guide on the SAP Service Marketplace at service.sap.com/instguides.

1.2 Audience for this Guide

This guide is intended for the following people involved in performing SoD Review:

Administrators

User Managers

Reviewers

Coordinators

http://service.sap.com/instguides


Page 3

© 2011 SAP AG

2. Introducing SoD Review

The key features of the SoD Review in Access Control (AC) 10.0 are:

Decentralized review of segregation of duties violations

Reaffirmation of mitigating control assignments

Workflow requests for Access Review and approval

Audit trail and reports for supporting internal and external audits

The key benefits of the SoD Review are:

A streamlined internal control process with collaboration among business managers, internal

control, and information technology teams

Improved efficiency and visibility of the internal control process

2.1 Exploring the SoD Review Process

The high-level process for SoD reviews is as follows:

1. The SoD background jobs generate SoD review requests. 2. The system sends e-mail notifications to reviewers. 3. The reviewer reviews the request and chooses from the following options:

a. Reject request items. b. Mitigate function risks by assigning controls. c. Remove access for items that violate your company policies.

There are other optional steps involved in the SoD Review process such as performing Admin Review

before sending requests to Reviewers. This guide explains all the steps in detail.


Page 4

© 2011 SAP AG

2.2 Exploring Process Options

AC 10.0 offers multiple process options that determine the approvers of SoD Review requests. This

section describes the available process options.

Admin Review

You have the option to enable an Admin Review which provides administrators an opportunity to validate

request data after requests are generated (by the SoD Review Data job) but prior to generating workflow

tasks (by the SoD Review Update Workflow job).

If any Reviewer information is incorrect or missing, administrators can modify that data prior to generating

workflow tasks and notifications. The administrator can also delete requests as required.

Reviewer Stage

You can specify whether the Reviewer stage is addressed by a user’s manager or by the role owner, as

appropriate.

Security Stage

You can choose to include a security stage, if required.


Page 5

© 2011 SAP AG

2.3 Understanding Workflow Stage Configuration

After deciding which stages to include in the SoD Review workflow, you need to determine the specific

behavior for each stage to reflect your review process. These behaviors include the following:

E-mail notification

Reminders

Escalation

Configuring E-mail Notification

You need to determine the content of e-mail notifications to be sent to the approvers at each stage. You

also need to determine the recipients, as well as the content of the notification header and the e-mail

body.

Setting Reminders

You need to decide whether to send reminders to Reviewers who have not completed their portion of the

request by the date specified in configuration. You can specify the interval of reminder notifications in

days, the reminder notification header, and body content.

Specifying Escalation

You need to specify whether to escalate SoD Review requests in the details associated with each stage.

Escalation is based on the time spent in a particular stage. If a Reviewer does not complete a review of a

request according to the date parameter defined in configuration, the request is escalated. Escalation of a

request appears in the audit trail of the request.

You also need to specify whether escalation automatically removes access that is not approved by a

certain date.


Page 6

© 2011 SAP AG

2.4 Exploring Roles in SoD Review Process

SAP GRC 10.0 includes the following roles that can appear in SoD Requests:

Administrator – Administrators perform SoD Review-specific administration tasks such as performing an Admin Review before generating a workflow for the request.

Reviewer - Reviewers are approvers at the Reviewer stage. A Reviewer can be a User’s Manager or the Risk Owner.

User’s Manager – User’s Manager is the direct manager of a particular user, as defined in the User Details Data Source.

Risk Owner – Risk Owner is the owner specified in your Risk Analysis and Remediation (RAR) master data.

Coordinator – Coordinators are users assigned to one or more Reviewers. Coordinators monitor the SoD Review process and coordinate activities to ensure that the process is completed in a timely manner.

3. Prerequisites

Before running the SoD Review data job, ensure that the Batch Risk Analysis job is executed and

completed with the Management Report and that Risk Owners are assigned to risks.

Also make sure to run the following synchronization and action usage jobs as preconditions for

performing SoD Reviews in GRC 10.0. (It is recommended to run the jobs in the sequence they are listed

in the table below.)

Job Description

GRAC_ROLEREP_PROFILE_SYNC Synchronizes all profiles in the repository

GRAC_ROLEREP_ROLE_SYNC Synchronizes all roles in the repository

GRAC_ROLEREP_USER_SYNC Synchronizes all users, and roles used by these users

GRAC_BATCH_RISK_ANALYSIS Performs batch Risk Analysis

GRAC_ACTION_USAGE_SYNC Retrieves the action usage for users

GRAC_ROLE_USAGE_SYNC Retrieves the role usage


Page 7

© 2011 SAP AG

4. Configuration Settings for SoD Review

This section discusses how to maintain the configuration settings related to SoD Review, and then

generate data for SoD Review.

4.1 Managing IMG Configuration Settings

Before creating a SoD Review Request, there are some configuration options that need to be

maintained in IMG.

1) Log on to the GRC 10.0 system using SAP GUI and execute transaction SPRO.

2) Select the SAP Reference IMG option and navigate to Governance, Risk and Compliance

Access Control Maintain Configuration Settings.

3) Choose Configuration Options for Risk Analysis.

4) Set the configuration parameter for the Enable Offline Risk Analysis option to YES.

5) Choose Configuration Options for SoD Review Request.

6) The configuration parameters for SoD Review request are explained below:

Field Possible Values Descriptions

Request Type Any request type Choose the Default Request Type for SoD.

Priority Any priority Choose the Default Priority for SoD.

Reviewers Risk Owner/Manager Select the role to perform the Review.

Admin Review Yes /NO

Choose whether to require an Administrator

Review before the request is forwarded to

Reviewer(s)

Admin Review provides an opportunity for the administrator to review the request data for completeness and consistency prior to sending the request(s) to Reviewers.

Removal of Roles Yes/No Whether actual removal of role is allowed.


Page 8

© 2011 SAP AG

a. Request Type: This is the request type that will be associated with SoD Review workflow requests. Request types can be reference points for initializing a workflow and determining the actions to be performed.

b. Request Priority: You can set a priority for a request to determine how quickly a request is to be approved. The request priority is also one of the workflow request attributes.

c. Reviewers: This term refers to the approver at the Reviewer stage. For the SoD Review, the Reviewer may be the user’s Direct Manager or the Risk owner as maintained in the RAR master data.

d. Admin Review: This configuration option provides an opportunity for the administration to review the request data for completeness and consistency prior to sending the request to Reviewers.

If any manager or risk owner information is incorrect or missing, the administrator can modify the

data prior to generating workflow tasks and notifications. The administrator can also cancel the

requests.

An Admin can perform SoD Review-specific administrator tasks, such as cancelling SoD Review

requests and regenerating requests for rejected users.

If this Configuration Option is set to:

Yes: The administrator reviews the SoD Review requests prior to the generation of workflow

tasks. The administrator can change the Reviewer and approval roles or cancel any unwanted

SoD Review requests.

No: The administrator does not have an opportunity to Review SoD Review requests prior to

sending the workflow notifications to Reviewers.

If there are users with no manager identified in the User Detail Data Source and the Reviewer is

defined as the User’s Manager, then Admin Review is required. This allows the administrator to

maintain the missing data prior to sending workflow tasks to Reviewers.

e. Removal of Roles: In AC 10.0, Reviewers can actually remove a role if any risk is associated

with any transaction(s) given to user(s) due to some role.

4.2 Managing Coordinators

This section describes how to manage Coordinators for requests.

The procedure is as follows:

1. Log on to the frontend GRC Access Control 10.0 system. 2. Navigate to Access Management Compliance Certification Reviews Manage

Coordinators. The Manage Coordinators screen appears.


Page 9

© 2011 SAP AG

3. To change a coordinator-to-reviewer mapping, choose the Open pushbutton. The Change Mapping screen appears.

4. Modify the settings, as required, and choose the Save pushbutton.

5. To delete a coordinator-to-reviewer mapping, select the mapping you want to delete, and choose the Delete pushbutton. A confirmation dialog box appears. Choose Yes.

6. To create a new coordinator-to-reviewer mapping, choose the Create pushbutton. The Create Mapping screen appears.


Page 10

© 2011 SAP AG

7. In the Coordinator ID field, type or select the appropriate value. 8. In the Reviewer ID field, type or select the appropriate value. 9. Choose the Save pushbutton. 10. Choose the Close pushbutton. The mapping appears in the table on the Manage Coordinators

screen.

4.3 Specifying the Service Level Agreement

(Escalation)

You can define the service level agreement for SoD Review requests.

1. Log on to the backend GRC Access Control 10.0 system. 2. Enter transaction SPRO. 3. Choose the SAP Reference IMG pushbutton. 4. Navigate to Governance, Risk and Compliance Access Control User Provisioning

Maintain Service Level Agreements. The Service Level Agreement Overview screen appears. 5. Create a new Service Level Agreement using SAP_GRAC_SoD_RISK_REVIEW as the Process

ID.

4.4 Generating Data for Requests

This section describes how to generate data for SoD Review requests by creating a schedule using the

Background Scheduler.

1) Log on to AC 10.0 using the Net Weaver Business Client.


Page 11

© 2011 SAP AG

2) Navigate to Access Management Scheduling Background Scheduler. The Access

Management Schedule screen will appear.

3) Choose Create to create a new SoD Review Request background job. The Schedule Details step

appears.

4) In the Schedule Name field, enter the name for the SoD Review job.

5) In the Schedule Activity field, select Generates data for access request SoD Review from the

dropdown list.


Page 12

© 2011 SAP AG

6) In the Recurring Plan field, choose YES or NO for whether to schedule the job to recur.

7) If you select Yes, you need to specify the recurring date and time range, along with the frequency and

recurrence interval.

8) In the Start Immediately field, choose whether to start the job immediately. If you select Yes, the job will

start immediately.

If you select No, specify the date and time for the job to start in the Start Time field.

10) Choose the Next pushbutton. The Select Variant step appears.


Page 13

© 2011 SAP AG

11) Here you can define the selection criteria for the background job by selecting a variant or entering the

criteria, and then saving it as a new variant.

12) Review the summary, and then select FINISH.

13) The scheduled job appears in the table with one of the following statuses:

Planning: The job is either currently working on the request or the job is scheduled to start at a later time.

Completed: The job has completed.

Terminated: The job was terminated by the administrator.


Page 14

© 2011 SAP AG

Error: An error was detected with the job.

4.5 Performing Request Review

This step is only required if you have enabled the Admin Review option.

The administrator reviews the requests to ensure completeness and accuracy of the request information

prior to sending to Reviewers.

The procedure is as follows:

1) Go to Access Management Compliance Certification Review Request Review.

2) On the Request Review screen, search for the SoD Review requests by selecting the SoD Risk

Review Workflow and then review the data to confirm the Reviewer and Coordinator information

is accurate.

3) This is an intermediate stage (since YES was selected for the Admin Review) where all the

requests come for the Administrator to work on them prior to being generated.

4) On this screen you can enter information about the reviewer to the requests if not available.


Page 15

© 2011 SAP AG

5) To enter Reviewer data, select the Request and choose the Change Reviewers pushbutton.

6) Select Reviewers and Coordinators from the list.

7) An Administrator can also cancel the request if SoD Reviews are not required or if there is

incorrect data.


Page 16

© 2011 SAP AG

4.6 Update Workflow Job

This step is only required if you have enabled Admin Review and the Admin Review has been completed.

Execute the SoD Review Update Workflow Job to push the workflow tasks to the Reviewers.

The steps required to schedule the update workflow job are as follows:

1) Go to Access Management SchedulingBackground Scheduler.

2) Click Background scheduler.

3) The Schedule-Access Management Screen will appear.

4) Choose Create to create a new request for Update Workflow.

5) The Create Schedule screen will appear.

6) Enter Schedule Name.

7) Select Schedule Activity from the dropdown list. For SoD Requests, select Update Workflow

for SoD Request.

8) Choose Finish.

9) Go to Request Review, and check the status of the request if it has been completed.

10) After completing all of the above mentioned steps, the request(s) will now come to the Reviewer’s

Work Inbox (or Outlook) to work on it.


Page 17

© 2011 SAP AG

To open or work on an SoD Request:

• In the Reviewer’s Work Inbox, select the request you want to open by clicking on the selected

request.

• You will see an SoD Review Screen with the Request Number that you selected.

• Since YES was selected for Actual removal of Roles during the configuration process, the

ACTUAL REMOVAL pushbutton appears on the screen.

• If NO was selected, then the PROPOSE REMOVAL pushbutton appears instead.

• By selecting Risk and then choosing the Actual Removal pushbutton, you can remove the actual

role associated with this Risk.


Page 18

© 2011 SAP AG

• By choosing the Propose Removal pushbutton you can only propose the removal, no actual

removal is done on any roles.

• Choose Submit to complete the Review process.

5. Workflow Configuration

This section describes the workflow configurations required for the SoD Review access request

approval process.

Steps to manage the workflow for the SoD ReviewRequest:

1) Click SAP Reference IMG button.

2) Go to Governance, Risk and Compliance Access Control Workflow for Access

Control Maintain MSMP Workflows.

3) The MSMP Workflow Configuration screen will appear.

4) Select SAP_GRAC_SOD_RISK_REVIEW.

When you start this activity, a configuration screen appears displaying seven steps to take in the

order shown.

5) Select DISPLAY/CHANGE to change any fields on this screen.

6) Select the Enable Escalation check box to enable the escalation.

7) Enter an Escalation Date.

8) In the Escape Conditions section, maintain the Escape Routing, Escape Path, and Escape Stage.


Page 19

© 2011 SAP AG

9) When done, choose NEXT to continue to the MAINTAIN RULES screen.

10) In this screen, you can maintain rules for your request. You can configure Function Module rules,

BRF plus rules, ABAP class-based rules, and BRF plus flat rules.

11) The rules can be one of the following types:

Initiator Rule: To check which path your request will take

Routing Rule: To direct your request to take a detour

Agent Rule: To check for agents (Reviewers) for the request in a particular stage

Notification Rule: Used for notification purposes only


Page 20

© 2011 SAP AG

12) Select the NEXT pushbutton and the MAINTAIN AGENTS screen appears. You can define

agents for workflow stages, either for notification or approval.

13) The possible agent types are:

Directly Mapped Users A group of users created within the workflow configuration PFCG Roles All users who have specified PFCG role assignments PFCG User Group All users who are part of the specified PFCG group GRC API Rules All users returned by the configured rule for agents


Page 21

© 2011 SAP AG

14) Once the agents are maintained, choose the NEXT pushbutton to maintain the VARIABLES AND

TEMPLATES.

15) In this screen, you can maintain custom notification templates as well as their variables and

reminders.

16) Choose the NEXT pushbutton to go to the MAINTAIN PATHS screen. a. In this screen, you can maintain workflow approval paths and their stages. All stages for

a selected path are shown in the Maintain Stages table.


Page 22

© 2011 SAP AG

b. Select a path and choose the ADD or MODIFY pushbuttons to define the path stages. c. In the Maintain Stages table, choose the MODIFY TASK SETTINGS pushbutton to

change the stage settings.

i. In the Approval Type column, select All Approvers or Any One Approver from the dropdown list. This determines if all approvers or any one approver is required to approve the stage.

ii. If you choose Yes for Escalation, specify the escalation setting by entering the idle time in minutes. Idle time is the amount of time by which, if the stage is not approved or rejected, the task is either sent to the specified agent or the workflow moves to the next stage.

15) Choose the NEXT pushbutton to go to the Maintain Route Mappping screen. In this step you can maintain route mappings between the initiator rules result and the actual path for the result.


Page 23

© 2011 SAP AG

16) Choose the NEXT pushbutton to go to the GENERATE VERSIONS screen.

In this step you can save, simulate, and generate new versions from the changed workflow for the SoD Review process.

Choose SAVE, to only save a configuration without generating a new version or without simulating validation of changes made to the configuration.

Choose SAVE/SIMULATE to save a configuration and to simulate changes to a configuration. In this case, the application displays all entities modified since the previous version was generated.

Choose ACTIVATE to activate the new version of a configuration for a selected process. After taking this step, any new workflow instances of the process will use the newly generated version.

17) Changes to the Workflow will not be reflected in any requests generated prior to the change. Only those requests generated after the changes will reflect the changes.


Page 24

© 2011 SAP AG

6. Reviewing SoD Review Requests

After you update the request workflow, the request follows the workflow path and is routed to the

appropriate reviewer.

6.1 Managing SoD Review Requests

After a request is generated, it is sent to the reviewer’s Work Inbox and can be accessed by performing

the following steps:

1. Log on to the frontend GRC Access Control 10.0 system.

2. Navigate to My Home Work Inbox Work Inbox and select the request for which action is required.


Page 25

© 2011 SAP AG

3. You can also display requests by using the Search Request quick link.

Alternatively, navigate to Access Management Access Request Administration Search

Requests.


Page 26

© 2011 SAP AG

6.2 Managing Rejections

The line items that are rejected by an approver can be accessed and reworked from the Managing

Rejections screen. The procedure is as follows:

1. Log on to the frontend GRC Access Control 10.0 system.

2. Navigate to Access Management Compliance Certification Reviews Manage Rejections. The Manage Rejections screen appears.

3. Specify the search criteria and choose the Search pushbutton. The rejected users appear in the Result table.

4. Select the corresponding rejection and choose the Generate Requests pushbutton.

5. This marks the request for inclusion in a new SoD Review request when the SoD Review Process Rejected background job is executed.

7. Comments and Feedback

Your feedback is very valuable and will enable us to improve our documents. Please take a few moments

to complete our feedback form. Any information you submit will be kept confidential.

You can access the feedback form at:

http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d

http://www.surveymonkey.com/s.aspx?sm=stdoYUlaABrbKUBpE95Y9g_3d_3d


Page 27

© 2011 SAP AG

8. Copyright

© 2011 SAP AG. All rights reserved.

No part of this publication may be reproduced or transmitted in any form or for any purpose without the

express permission of SAP AG. The information contained herein may be changed without prior notice.

Some software products marketed by SAP AG and its distributors contain proprietary software

components of other software vendors.

Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation.

IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z,

System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390,

OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+,

POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System

Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA,

AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks

of IBM Corporation.

Linux is the registered trademark of Linus Torvalds in the U.S. and other countries.

Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks

of Adobe Systems Incorporated in the United States and/or other countries.

Oracle is a registered trademark of Oracle Corporation.

UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group.

Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or

registered trademarks of Citrix Systems, Inc.

HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web

Consortium, Massachusetts Institute of Technology.

Java is a registered trademark of Sun Microsystems, Inc.

JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology

invented and implemented by Netscape.

SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP BusinessObjects Explorer, StreamWork,

and other SAP products and services mentioned herein as well as their respective logos are trademarks

or registered trademarks of SAP AG in Germany and other countries.

Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions,

Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well

as their respective logos are trademarks or registered trademarks of Business Objects Software Ltd.

Business Objects is an SAP company.

Sybase and Adaptive Server, iAnywhere, Sybase 365, SQL Anywhere, and other Sybase products and

services mentioned herein as well as their respective logos are trademarks or registered trademarks of

Sybase, Inc. Sybase is an SAP company.

All other product and service names mentioned are the trademarks of their respective companies. Data

contained in this document serves informational purposes only. National product specifications may vary.

These materials are subject to change without notice. These materials are provided by SAP AG and its

affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of

any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only

warranties for SAP Group products and services are those that are set forth in the express warranty


Page 28

© 2011 SAP AG

statements accompanying such products and services, if any. Nothing herein should be construed as

constituting an additional warranty.

Documents

SAP GRC SOD