on 09-12-2013 2:25 PM
I have loaded my Rolesets and Generated them but my risk are not associated to any roleset. I have double checked all of my connectors and
they appear correct as i had to do this in order to upload my rulesets.
Also when I go Into NWBC I do not have the Icon for Rule Set Maintenance, can someone tell me what access I need for this?
Thanks,
Claudia
Hi Claudia,
regarding missing link: following roles or (their copies) should grant you with access rights.
SAP_GRC_FN_ALL
SAP_GRC_FN_BASE
SAP_GRC_FN_BUSINESS_USER
SAP_GRC_NWBC
SAP_GRAC_RISK_OWNER
regarding missing assignment:
If you have loaded risks using upload program, your file for Risk Rule Set Relationship had probably incorrect format - unfortunately the program does not control anything. Try to check format and upload it again.
regards
Igor
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
So I choose to run a Risk Analysis at the Role level:
I entered the System, Role Type but I found a problem when it asked for the Role.
It could not find any Roles and I did bring these over from the other system. I have to assume that this is part of my promblem.I ran the GRAC_REPOSITORY_OBJECT_SYNC JOB that should have brought the Roles, Users and Profiles over but now that I look at the tables i don't see them.
This job ran for a long time, Should I assume this is a connector issue?
Hi Claudia,
after SoD rules set upload you should generate rules.
Then you should perform the first four sync jobs in SPRO -> Access Control -> Synchronization Jobs.
It could take several hours - depending on number of roles, users in satellite system and performance of GRC system. Check that all of them finished succesfully otherwise you missed some customizing.
Then you should be able to search for users/roles and execute on-line analysis.
Then perform execute batch risk analysis. Once finished you will be able to perform off-line analysis.
Check your customizing and settings with documentation placed here:
http://scn.sap.com/docs/DOC-8562
Also check that your connector is assigned to 4 integration scenarios relevant for AC. SPRO ->GRC-> Common Component Settings->Integration framework-> Maintain Connection Settings.
Regards
Igor
One more thing I think I might knw what the problem is I just need to talk this thru. I have set up connectores but my question is do i need to create a connector for the ruleset? For example my Ruleset is a custom Ruleset so do I need to create a connector for this and then make sure it's set up everywhere? Would this connector also be SAP?
please follow the doc and ensure all the setting are done.
http://scn.sap.com/docs/DOC-1564
Regards,
Prasant
I can run this screen exactly the way you show it on my account, however the problem I have is that I cannot see any of the other users or roles. Only the ones that have been created on this instance.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Claudio,
The Users/Roles/Profiles must exist in the repository tables in order to be available for selection in the
Risk analysis. Only the user available in the GRACUSERCONN table for the specific connector will be
available for selection. Same applies for the roles. If th User/Roles/Profiles does not exist in the repository data,Please run the repository object sync job for the specific connector. Once this is done you will be able to search and select all the user/roles etc.
Thanks & Regards
Japneet singh
Thank You this is very helpful information so that I can check to see if my users are at least there and all of them are listed here, I can see them all with their userid's and usergroups. This does not show their roles. I will try to run the repository obj sync job again and see if it makes a differrence.
Dear Claudia,
The tables GRACUSERCONN stores the users information only. For the role,Please check the table GRACRLCONN.
For more information,Please refer to the following link
http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=317950641
This is a Wiki document which contains all the information related to the repository tables.
I hope this will help.
Thanks & Regards
Japneet singh
You guys have been awesome with your help and my next question is does this ever stop? Will I get to a point where it will work 🙂
I now see all of my users and roles and I even ran a risk analysis on myself but I want to now mitigate the one risk
I have,
I have added my manager as the Mit control Owner and approver. But when I go to assign her in NWBC as a Risk owner it does not see her at all or anyone else. So once again I am stuck.
Thank You so much for all of your help as I would be lost without it.
Claudia Padovano wrote:
You guys have been awesome with your help and my next question is does this ever stop? Will I get to a point where it will work 🙂
Probably, eventually it will work. On time and on budget? It is possible. I have heard rumors that such a thing has happened. I have not personally seen it, but then again, this is only my 3rd GRC 10 project, and we seem to be implementing a(nother) particulary buggy SP(12).
Good luck!
Gretchen
regarding risk not associated to any ruleset.
please download it from spro>GRc>SOD> then check the file you can see if it is associated or not.
REgaqrds,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
assign yourself appropriate role .
probably give your self super access
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.