Skip to Content
0

Empty Result in Access Risk Analysis

Oct 12, 2016 at 08:11 AM

139

avatar image
Former Member

Dear Gurus,

I just installed SAP GRC 10.1 for Access Control only, mainly to check risk analysis (SoD review) on SAP ECC 6.0. I installed the SAP Access Control on SAP Netweaver 7.4 SP 8 with GRCFND_A on version 1100 SP Level 13. The SAP ECC System has two clients: ERP and HR, therefore I installed GRC Plugin: GRCPINW on version V1100_700 SP Level 14 and GRCPIERP on version V1100_700 SP Level 13.

On the NWBC, I want to perform Access Risk Analysis on Access Management -> Role Level, however the result is empty. I was able to check the roles under F4 search. I also checked entries for GRACRLCONN (roles) and GRACACTRULE (action rules), both tables are filled with roles from SAP ECC (GRACRLCONN) and action rules (GRACACTRULE)

I already performed these steps:

SAP Access Control 10.1 Installation Guide

-Activate Application on Client

Activate GRC-AC only

-Activate SAP Service

Activate all service under /sap/public,/sap/bc/sap/grc

-Configuring SAP Netweaver Gateway

-Maintaining Plug-in Setting.

I Installed the plugin on the SAP ECC, maintain its user exit for plug-in system and plug-in condiguration settings

-Activate BC Sets

I Activated BC sets for SAP Access Control only. I activated using TCode SCPR20, however I'm not really sure that all BC Sets I activated was using expert mode. DO I have to reactivate again? If I check on table SCPRACTP, all BC sets for SAP Access Control have been activated

AC 10.0 Post Installation

-Create User in SAP Access Control system, with roles SAP_GRAC*,SAP_GRC*

-Create Connector for both ERP and HR client

-Maintain COnnector and Connection Types

I maintained connector for both ERP and HR client and mapped it into Connector Group (SAP_BAS_LG,SAP_HR_LG,SAP_NHR_LG,SAP_R3_LG)

-Maintain Connector Setting

AC 10.1 Pre-Implementation From Post-Installation to First Risk Analysis

-Maintain Configuration Parameter

-Maintain Connection Setting

-Generate Rules

-Run Job GRAC_PFCG_AUTHORIZATION_SYNC and GRAC_OBJECT_REPOSITORY_SYNC

After these step, I check the Role Search on NWBC and the result was empty.

I also perform configuration on these items as well:

-Maintain Mapping for Actions and Connector Groups

-Maintain Plug-in Setting

-Execute Batch Risk Analysis

Any feedback will be greatly appreciated.

Thanks,

Kris

------

This questions has been posted on scn before migration, since the post on scn can not be edited again and the issue hasn't solved yet, I post again here.

-----

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

4 Answers

Best Answer
avatar image
Former Member Nov 02, 2016 at 07:38 AM
0

Hi Alessandro,

The result table is just empty. There is no message "no rules selected" or "no violations found".

But after I add the access control owner on NWBC -> Setup -> Access Owners -> Access Control Owners, I was able to show the result.

Thanks,

Kris

Share
10 |10000 characters needed characters left characters exceeded
Alessandro Banzer Oct 18, 2016 at 09:48 AM
0

Kris,

how does the result look like? Does it say "No rules selected" or "No Violations found"?

Thanks, Alessandro

Share
10 |10000 characters needed characters left characters exceeded
Yashasvi Sanvaliya Oct 27, 2016 at 09:02 AM
0

Hello Kris,

Is the risk analysis result completely empty ?

Or there is one of the two mentioned message appears as mentioned my Alessandro?

Kind regards,

Yashasvi

Share
10 |10000 characters needed characters left characters exceeded
Prasant Kumar Paichha Nov 17, 2016 at 02:18 AM
0

Hello,

Would be great if you can attached result screen and the steps you performing?

regards,

Prasant

Share
10 |10000 characters needed characters left characters exceeded