on 09-11-2008 10:42 AM
Hi GRC experts,
We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
Which is a best practice for accomplish our goal?
Many thanks in advance. Best regards,
Imanol
Gents,
This is exactly the problem we're experiencing at the moment. We've loaded up some rules in a non-production environment for the sake of testing and now wish to load up our own ruleset but with some of the same function IDs.
We wish to delete all the standard tables and start again.
Could you please provide more detail about these files and/or the script from SAP?
Regards
Amir
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Simon and Amir
My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
Connie
Hi again Simon,
We did get the script and apart from deleting FUNCACT and FUNCPRM there is not remove for the rest of Rule set tables (BUSPRC, BUSPRCT, RISK, FUNC, RULESET, RULESETT etc)
Besides that, if a use such script for the purposes of removing current RuleSet, there will be much more things removed from the system. ¿?
Best regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Yes I have used it on several occasions. Essentially it is uploading blank ruleset file.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Simon,
Have you ever executed such script?
Regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You do not do anything to the database tables.
You obtain the script from SAP Support to delete the ruleset to perform this function.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi again,
If we go for the option to remove all rule set and rules generated at the DB level. Which are all the tables we should remove to be sure all data is removed but DB consistency is maintained?
Thanks in advace. Best regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
whichever you find easiest
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi again Simon,
When you mention delete the existing Rule Set. Do you mean to delete it at DB level or from CC application?
Best regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
If you upload files with the same risk ids andf function ids as existing rulesets then the new risks will be rejected and the new functions will overwrite the existing ones, therefore you will create lots of issues.
Therefore in your case delete the existing ruleset out and create a replacement if you want to use the same names for functions,risk etc
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi again Simon,
The thing is that we did already upload custom Rule Set files (Business Processes, Functions, Function-Action, Function-Permission etc) linked to a custom RuleSet.
Such Ruleset is the one we want to modify extensively.
Do you suggest to overwrite the existing RuleSet by upaloading the new one? Our concern here is if the data is accurately updated into DB.
Best regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Create your custom ruleset using unique Function & Risk IDs, that differ from the SAP standard ones, otherwise you will run into problems of functions overwriting and riks not overwriting.
It is also best to have a new Ruleset name so there is no confusion.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Simon,
Are you sure existing rule set is properly updated at Database level. Will the existing rules be properly updated also?
Many thanks. Regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Create a set of upload files using Excel or Notepad
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Simon and Amir
My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
Connie
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.