cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No Risks analysis result found at role/user level..

Go to solution
former_member204204
Active Participant

on ‎01-24-2014 8:52 AM

0 Kudos

Hi Experts,

I have done all the Post-installation steps for GRC10 AC SP13 in our current GRC-Development system below is the snapshot which we have done till now.

CONFIGURATION IN IMG

Integration Framework

  • Create Connectors
  • Maintain Connectors and Connection Types - 
    • Connection type definition - there is a connection type entry for SAP
    • Define Connectors -added the Connector and mapped it to connector type SAP with Logical Port max number of background work process.
    • Define Connector Groups - The Connector Group SAP_R3_LG 
      • Assign Connector Groups to Group  Types - Connector Group SAP_R3_LG has Logical Group Mapped
      • Assign Connectors to Connector Groups - Connector is mapped to Connector group for Connection Type SAP
  • Maintain Connection Settings - For Scenario: AUTH- added  the Scenario-Connector Link to target Connector for Connection Type SAP

    

Access Controls Configuration relating to Connectors

  • Maintain Connector Settings 
  • Target Connector (RFC Connection) has Application Type 01 for SAP.
  • Maintain Mapping for Actions and Connector Groups: 
    • Connection group entry for SAP_R3_LG marked as Active and mapped to Application 001 - SAP
    • Assign default connector to connector group:
      • Maintain Connector Group Status: Connection Group SAP_R3_LG should be active for Application Type 001 (SAP)
      • Assign default connector to connector group: SAP_R3_LG group has your target connectors mapped for Action 0002 - Role Risk Analysis

Maintained Configuration Settings

-->Generated Rule Sets in SPRO(also did in NWBC)

-->Sync Jobs   

     --Auth Sync

    --Repository Sync

    --Action Usage Sync

    --Role Usage Sync

All the jobs ended successfully without reporting any issues.

Also checked the below tables and everything is updated

GRACACTPERMSYS

GRACUSERCONN

GRACRLCONN

GRACACTRULE

After all this steps when i ran the risk analysis for the first time i didn't got any results.

Then i tried to search the roles by giving the inputs in the risk analysis at role level and then i found that there are no roles in the selection criteria

Iam able to see the Users when iam running through User level but no result.

But all the jobs were successful and also i can find the entries in the GRC table.

Please suggest your thoughts on this and let me know the inputs and were i went wrong.

Thanks,

Neeraj

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member204204
Active Participant
‎01-28-2014 10:21 AM
0 Kudos

Hi All,

Just wanted to update that the current Support pack is 12 not 13 sorry for the confusion.

Thanks,

Neeraj

Show replies
Show replies
former_member192837
Participant
‎01-28-2014 12:48 PM
0 Kudos

Hi,

Please check if you have generated the rules.

Completed the Repository object Sync.

and Check below parameters

Risk Analysis 1024  "*"    Default risk level for risk analysis

Risk Analysis 1036 "YES"    Show All Objects in Risk Analysis

Regards

Dilip

former_member204204
Active Participant
‎01-28-2014 1:03 PM
0 Kudos

HI Dilip,

Rules are generated and the same can be seen in the table GRACACTRULE.

Completed the Repository object sync.

As we are running the risk analysis for only high level so maintained the parameter 1024-HIgh

Parameter-1036 is also maintained as yes.

Thanks,

Neeraj

former_member192837
Participant
‎01-28-2014 1:12 PM
0 Kudos

Hi,

Check parameter 1052 also Spool File Location that should be a  shared directory on server side.

i seen you have maintained zrisk.

Regards

Dilip

former_member204204
Active Participant
‎01-28-2014 1:19 PM
0 Kudos

HI Dilip,

Sorry but later i have changed that, in parameter 1052 i have maintained the server directory.

As Iam not in office now so cant show the settings.

Thanks,

Neeraj

former_member192837
Participant
‎02-06-2014 4:32 AM
0 Kudos

have tried with creating connector in uppercase.

neerajmanocha
Product and Topic Expert
Product and Topic Expert
‎02-06-2014 4:39 AM
0 Kudos

Hi Neeraj,

As your connector has upper / lower characters and application tries to convert connector into upper case all the times, due to that data is not getting searched from GRC tables.

For user risk analysis, you need to maintain parameter "1022 - Connector for which Object Ids may be maintained case sensitive" with your exact connector id.

For Role level risk analysis, this will not be working. YOu have to convert your connector into upper case.


This is not only for role level risk analysis, upper case connector will help you in all the stages of GRC application. Most of the areas, connector name gets converted into Upper case. So creating a new connector with upper case will resolve your all future issues as well.

Thanks & Regards

Neeraj Manocha

Answers (8)

Answers (8)

former_member204204
Active Participant
‎02-06-2014 6:52 AM
0 Kudos

Hi All,

Thanks for all your valuable inputs here, atlast SAP has provided a fix for this issue.

As the issue was with the connector naming convetion which was created in upper and lower case after creating a new connector with uppercase the issue got resolved.

Please check Neeraj Manocha reply for the detailed explanation regarding the connector issue.

Also i have raised a concern with SAP to provide a permanent fix for this as this is a potential risk which can be faced by others as well.

As Dilip was the first who has provided the hint for this issue marking his solution as correct.

Also like to thanks Neeraj Manocha for walking us through his detailed explanation.

Thanks,

Neeraj

Show replies
Show replies
naveen_alluru
Active Participant
‎01-27-2014 1:24 PM
0 Kudos

Hi Neeraj,

Upload roles. Authorisations are in sync but not roles.

Have you tried to run risk analysis on SAP_all profile at authorisation level of analysis? Let us know the result pls

Show replies
Show replies
former_member204204
Active Participant
‎01-28-2014 3:23 AM
0 Kudos

Hi Naveen,

Tried to run the risk analysis at profile level but still no luck.

One more weird thing what I am experiencing is when iam trying to search the profile/user from the search criteria by giving the system details I am not getting any result but when i am searching it without giving the system details then i am able to see the profile/user list in the drop down but for roles neither of the things is working.

Thanks,

Neeraj

naveen_alluru
Active Participant
‎01-27-2014 12:26 PM
0 Kudos

Neeraj,

Did the roles import and export ?

Have you done rule generation?

Show replies
Show replies
former_member204204
Active Participant
‎01-27-2014 1:11 PM
0 Kudos

Hi Naveen,

I have done the rule generation and the same is visible in the table GRACACTRULE.

No the roles are not importing also not able to find the roles in the risk analysis search criteria.

The users and profiles are visible but only roles are not appearing.

Thanks,

Neeraj

former_member193066
Active Contributor
‎01-27-2014 2:26 PM
0 Kudos

in risk analysis roles will be shown if sync jobs are successful.

Former Member
‎01-27-2014 12:05 PM
0 Kudos

Hi Neeraj,

implement this notes 1824956 and 1817251 and also rum batch risk analysis job.

for role import you have to check confirguration paramenters.

Regards,

Visu

Show replies
Show replies
former_member204204
Active Participant
‎01-28-2014 10:20 AM
0 Kudos

Hi Visu,

Implemented the SAP Note- 1824956 and also re-ran all the Sync jobs still no luck and the another note does not apply to our system.

Thanks,

Neeraj

former_member204204
Active Participant
‎01-27-2014 11:12 AM
0 Kudos

Thanks Guys for all your inputs, but still the issue is not resolved.

Please can someone provide any more suggestions.

Thanks,

Neeraj

Show replies
Show replies
AndrzejP
Active Participant
‎01-24-2014 12:23 PM
0 Kudos

Hi Neeraj,

try to apply this SAP Note:

1897975 - Role import does not show roles in the preview.

That should help.

Regards, Andrzej

Show replies
Show replies
Former Member
‎01-25-2014 9:46 AM
0 Kudos

Hi Neeraj,

Based on "Maintained Configuration Settings" screen you are not maintain Repository Path at 1052 and 3021 parameters.

Check in AL11-->Data Source--> Please check Repository Folders are available or Not.

If not Create Two folders in GRC Server and maintain Repository Path at 1052 and 3021 parameters.

It would be help to you.

Thanks,

Rajesh Srisailapu.

former_member204204
Active Participant
‎01-24-2014 11:23 AM
0 Kudos

Hi All,

I was just checking the slg1 logs and i found the below error is this something to worry about.

Thanks,

Neeraj

Show replies
Show replies
madhusap
Active Contributor
‎01-24-2014 10:16 AM
0 Kudos

Hi Neeraj,

In GRC 10 you need to upload the roles from backend system and maintain the role status as PRD to be able to available during access request creation.

So I doubt if that has to do something here also Check once and i am not sure though

Regards,

Madhu.

Show replies
Show replies
former_member204204
Active Participant
‎01-24-2014 11:04 AM
0 Kudos

Hi Madhu,

As of now we are only implementing ARA, ARM will be in our next scope.

I tried to import the roles also but it ended up in errors dont know if i have to provide all the details in the GRC 10 role import template as i only had role name and description so i have given the same and tried to import it but no luck.

Thanks,

Neeraj

Ask a Question