Skip to Content
avatar image
Former Member

Empty Result in Access Risk Analysis

Dear Gurus,

I just installed SAP GRC 10.1 for Access Control only, mainly to check risk analysis (SoD review) on SAP ECC 6.0. I installed the SAP Access Control on SAP Netweaver 7.4 SP 8 with GRCFND_A on version 1100 SP Level 13. The SAP ECC System has two clients: ERP and HR, therefore I installed GRC Plugin: GRCPINW on version V1100_700 SP Level 14 and GRCPIERP on version V1100_700 SP Level 13.

On the NWBC, I want to perform Access Risk Analysis on Access Management -> Role Level, however the result is empty. I was able to check the roles under F4 search. I also checked entries for GRACRLCONN (roles) and GRACACTRULE (action rules), both tables are filled with roles from SAP ECC (GRACRLCONN) and action rules (GRACACTRULE)

I already performed these steps:

SAP Access Control 10.1 Installation Guide

-Activate Application on Client

Activate GRC-AC only

-Activate SAP Service

Activate all service under /sap/public,/sap/bc/sap/grc

-Configuring SAP Netweaver Gateway

-Maintaining Plug-in Setting.

I Installed the plugin on the SAP ECC, maintain its user exit for plug-in system and plug-in condiguration settings

-Activate BC Sets

I Activated BC sets for SAP Access Control only. I activated using TCode SCPR20, however I'm not really sure that all BC Sets I activated was using expert mode. DO I have to reactivate again? If I check on table SCPRACTP, all BC sets for SAP Access Control have been activated

AC 10.0 Post Installation

-Create User in SAP Access Control system, with roles SAP_GRAC*,SAP_GRC*

-Create Connector for both ERP and HR client

-Maintain COnnector and Connection Types

I maintained connector for both ERP and HR client and mapped it into Connector Group (SAP_BAS_LG,SAP_HR_LG,SAP_NHR_LG,SAP_R3_LG)

-Maintain Connector Setting

AC 10.1 Pre-Implementation From Post-Installation to First Risk Analysis

-Maintain Configuration Parameter

-Maintain Connection Setting

-Generate Rules

-Run Job GRAC_PFCG_AUTHORIZATION_SYNC and GRAC_OBJECT_REPOSITORY_SYNC

After these step, I check the Role Search on NWBC and the result was empty.

I also perform configuration on these items as well:

-Maintain Mapping for Actions and Connector Groups

-Maintain Plug-in Setting

-Execute Batch Risk Analysis

Any feedback will be greatly appreciated.

Thanks,

Kris

------

This questions has been posted on scn before migration, since the post on scn can not be edited again and the issue hasn't solved yet, I post again here.

-----

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    avatar image
    Former Member
    Nov 02, 2016 at 07:38 AM

    Hi Alessandro,

    The result table is just empty. There is no message "no rules selected" or "no violations found".

    But after I add the access control owner on NWBC -> Setup -> Access Owners -> Access Control Owners, I was able to show the result.

    Thanks,

    Kris

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 18, 2016 at 09:48 AM

    Kris,

    how does the result look like? Does it say "No rules selected" or "No Violations found"?

    Thanks, Alessandro

    Add comment
    10|10000 characters needed characters exceeded

  • Oct 27, 2016 at 09:02 AM

    Hello Kris,

    Is the risk analysis result completely empty ?

    Or there is one of the two mentioned message appears as mentioned my Alessandro?

    Kind regards,

    Yashasvi

    Add comment
    10|10000 characters needed characters exceeded

  • Nov 17, 2016 at 02:18 AM

    Hello,

    Would be great if you can attached result screen and the steps you performing?

    regards,

    Prasant

    Add comment
    10|10000 characters needed characters exceeded