cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best practice for the Update of SAP GRC CC Rule Set

Former Member

on ‎09-11-2008 10:42 AM

0 Kudos

Hi GRC experts,

We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.

Which is a best practice for accomplish our goal?

Many thanks in advance. Best regards,

Imanol

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (13)

Answers (13)

Former Member
‎10-09-2008 5:07 AM
0 Kudos

Gents,

This is exactly the problem we're experiencing at the moment. We've loaded up some rules in a non-production environment for the sake of testing and now wish to load up our own ruleset but with some of the same function IDs.

We wish to delete all the standard tables and start again.

Could you please provide more detail about these files and/or the script from SAP?

Regards

Amir

Show replies
Show replies
Former Member
‎03-11-2009 12:20 PM
0 Kudos

Hi Simon and Amir

My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?

I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,

Connie

Former Member
‎09-15-2008 9:45 AM
0 Kudos

Hi again Simon,

We did get the script and apart from deleting FUNCACT and FUNCPRM there is not remove for the rest of Rule set tables (BUSPRC, BUSPRCT, RISK, FUNC, RULESET, RULESETT etc)

Besides that, if a use such script for the purposes of removing current RuleSet, there will be much more things removed from the system. ¿?

Best regards,

Imanol

Show replies
Show replies
Former Member
‎09-15-2008 9:49 AM
0 Kudos

Hi Imanol

I have set you the file via email.

regards

Simon

Former Member
‎09-12-2008 2:28 PM
0 Kudos

Yes I have used it on several occasions. Essentially it is uploading blank ruleset file.

Show replies
Show replies
Former Member
‎09-12-2008 2:26 PM
0 Kudos

Simon,

Have you ever executed such script?

Regards,

Imanol

Show replies
Show replies
Former Member
‎09-11-2008 11:36 AM
0 Kudos

You do not do anything to the database tables.

You obtain the script from SAP Support to delete the ruleset to perform this function.

Show replies
Show replies
Former Member
‎09-11-2008 11:34 AM
0 Kudos

Hi again,

If we go for the option to remove all rule set and rules generated at the DB level. Which are all the tables we should remove to be sure all data is removed but DB consistency is maintained?

Thanks in advace. Best regards,

Imanol

Show replies
Show replies
Former Member
‎09-11-2008 11:32 AM
0 Kudos

whichever you find easiest

Show replies
Show replies
Former Member
‎09-11-2008 11:29 AM
0 Kudos

Hi again Simon,

When you mention delete the existing Rule Set. Do you mean to delete it at DB level or from CC application?

Best regards,

Imanol

Show replies
Show replies
Former Member
‎09-11-2008 11:24 AM
0 Kudos

If you upload files with the same risk ids andf function ids as existing rulesets then the new risks will be rejected and the new functions will overwrite the existing ones, therefore you will create lots of issues.

Therefore in your case delete the existing ruleset out and create a replacement if you want to use the same names for functions,risk etc

Show replies
Show replies
Former Member
‎09-11-2008 11:18 AM
0 Kudos

Hi again Simon,

The thing is that we did already upload custom Rule Set files (Business Processes, Functions, Function-Action, Function-Permission etc) linked to a custom RuleSet.

Such Ruleset is the one we want to modify extensively.

Do you suggest to overwrite the existing RuleSet by upaloading the new one? Our concern here is if the data is accurately updated into DB.

Best regards,

Imanol

Show replies
Show replies
Former Member
‎09-11-2008 11:13 AM
0 Kudos

Create your custom ruleset using unique Function & Risk IDs, that differ from the SAP standard ones, otherwise you will run into problems of functions overwriting and riks not overwriting.

It is also best to have a new Ruleset name so there is no confusion.

Show replies
Show replies
Former Member
‎09-11-2008 11:10 AM
0 Kudos

Hi Simon,

Are you sure existing rule set is properly updated at Database level. Will the existing rules be properly updated also?

Many thanks. Regards,

Imanol

Show replies
Show replies
Former Member
‎09-11-2008 10:44 AM
0 Kudos

Create a set of upload files using Excel or Notepad

Show replies
Show replies
Former Member
‎03-11-2009 12:19 PM
0 Kudos

Hi Simon and Amir

My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?

I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,

Connie

Ask a Question