Skip to Content

Empty Result in Access Risk Analysis

Oct 12, 2016 at 08:11 AM


avatar image

Dear Gurus,

I just installed SAP GRC 10.1 for Access Control only, mainly to check risk analysis (SoD review) on SAP ECC 6.0. I installed the SAP Access Control on SAP Netweaver 7.4 SP 8 with GRCFND_A on version 1100 SP Level 13. The SAP ECC System has two clients: ERP and HR, therefore I installed GRC Plugin: GRCPINW on version V1100_700 SP Level 14 and GRCPIERP on version V1100_700 SP Level 13.

On the NWBC, I want to perform Access Risk Analysis on Access Management -> Role Level, however the result is empty. I was able to check the roles under F4 search. I also checked entries for GRACRLCONN (roles) and GRACACTRULE (action rules), both tables are filled with roles from SAP ECC (GRACRLCONN) and action rules (GRACACTRULE)

I already performed these steps:

SAP Access Control 10.1 Installation Guide

-Activate Application on Client

Activate GRC-AC only

-Activate SAP Service

Activate all service under /sap/public,/sap/bc/sap/grc

-Configuring SAP Netweaver Gateway

-Maintaining Plug-in Setting.

I Installed the plugin on the SAP ECC, maintain its user exit for plug-in system and plug-in condiguration settings

-Activate BC Sets

I Activated BC sets for SAP Access Control only. I activated using TCode SCPR20, however I'm not really sure that all BC Sets I activated was using expert mode. DO I have to reactivate again? If I check on table SCPRACTP, all BC sets for SAP Access Control have been activated

AC 10.0 Post Installation

-Create User in SAP Access Control system, with roles SAP_GRAC*,SAP_GRC*

-Create Connector for both ERP and HR client

-Maintain COnnector and Connection Types

I maintained connector for both ERP and HR client and mapped it into Connector Group (SAP_BAS_LG,SAP_HR_LG,SAP_NHR_LG,SAP_R3_LG)

-Maintain Connector Setting

AC 10.1 Pre-Implementation From Post-Installation to First Risk Analysis

-Maintain Configuration Parameter

-Maintain Connection Setting

-Generate Rules


After these step, I check the Role Search on NWBC and the result was empty.

I also perform configuration on these items as well:

-Maintain Mapping for Actions and Connector Groups

-Maintain Plug-in Setting

-Execute Batch Risk Analysis

Any feedback will be greatly appreciated.




This questions has been posted on scn before migration, since the post on scn can not be edited again and the issue hasn't solved yet, I post again here.


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Best Answer
Kris Adrianto Nov 02, 2016 at 07:38 AM

Hi Alessandro,

The result table is just empty. There is no message "no rules selected" or "no violations found".

But after I add the access control owner on NWBC -> Setup -> Access Owners -> Access Control Owners, I was able to show the result.



10 |10000 characters needed characters left characters exceeded
Alessandro Banzer
Oct 18, 2016 at 09:48 AM


how does the result look like? Does it say "No rules selected" or "No Violations found"?

Thanks, Alessandro

10 |10000 characters needed characters left characters exceeded
Yashasvi Sanvaliya Oct 27, 2016 at 09:02 AM

Hello Kris,

Is the risk analysis result completely empty ?

Or there is one of the two mentioned message appears as mentioned my Alessandro?

Kind regards,


10 |10000 characters needed characters left characters exceeded
Prasant Kumar Paichha Nov 17, 2016 at 02:18 AM


Would be great if you can attached result screen and the steps you performing?



10 |10000 characters needed characters left characters exceeded