cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

CC Risk Analysis.

Go to solution
Former Member

on ‎12-08-2008 3:27 PM

0 Kudos

Hi,

I am having problem in doing risk analysis in CC. I have created required JCO connection to backend system.

When i run the risk analysis on a particular system. Job show status is completed, but i get message "No match/conflict found". This is not at all possible.

When go through the log, i find one line saying "FINEST: No action rules for * "

I am not able to crack this problem.

Please suggest.

Thanks & Regards,

Pravin

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-09-2008 1:47 PM
0 Kudos

Hi Iliya,

Thanks for the steps. I was able to upload actions & permissions for particular system, but its overwriting my earlier system. So just want to understand, whether we can have risk analysis done for only one system at a time.

Cant we have actions & permissions for multiple systems.

So now after upload i am able to do risk analysis for new system, but the earlier system is disconnected.

Please suggest.

Thanks,

Pravin

Show replies
Show replies
Former Member
‎12-09-2008 2:11 PM
0 Kudos

Hi,

it is possible to have funcitons against multiple systems. I would have expected it to overwrite tables only if you upload the other files - functions BP and functions file, but loading only the funct act. and func permission file against another connected (for which we don`t have entries in the tables yet) should have worked just fine in your case. I did this before, maybe we`re missing something.

Are you sure you loaded only those files and not other files?

There`s one other way to do this but you have to be aware what`s already in the tables.

There are two tables that have to be edited. VIRSA_CC_FUNCACT and VIRSA_CC_FUNCPRM.

You can download those tables, see the structure and add the entries for the missing systems, then upload them again. This method though, requres a lot endeavour and precision. Maybe it`ll be better to just load everything again from the beggining and this time not to miss to load the functions against all systems. If you go for this you might hit the problem of entries that are already in the system and the new upload won`t work because of that. Then you can erase the content of all tables (DB guys know how to do it) and then load everything from scratch.

Your choice depends on where you are with the implementation.

I hope that helps.

Regards,

Iliya

Answers (5)

Answers (5)

Former Member
‎12-09-2008 2:28 PM
0 Kudos

Hi lliya,

You are right, by mistake i uploaded the the BP functions text file before uploading the actions & permissions for the new system.

But now i have created a logical system and attached all the physical systems to this logical system & uploaded the actions & permissions against this system.

Thanks a ton lliya, i have got clarity on this process.

Thanks,

Pravin

Show replies
Show replies
Former Member
‎12-09-2008 11:59 AM
0 Kudos

Hi lliya,

Yes the problem is with the functions not loaded in that particular system.

Please guide.

Thanks,

Pravin

Show replies
Show replies
Former Member
‎12-09-2008 12:11 PM
0 Kudos

Hi Pravin,

if you are able to run risk analysis against other systems that means that you have successfuly loaded the functions against those systems. It also means that you have loaded the other text files (risks, business processes, etc) I also assume that you are doing initiall installation and not migration of data from DEV to PRD. In this case you are most probably loading the text files provided by SAP with standard risks, functions, transaction codes. Depending on what type of system you are lacking the functions, please upload the respective text files with functions - from the configuration tab ->rule upload -> function authroziation. For example if you want to activate analysis for R/3 (ERP) system - upload the standard R3_function_action.txt and R3_function_permission.txt files for your trouble system.

Then regenerate all the rules from the last node "Generate Rule" on the Rule upload option in the Confriguration tab. (two nodes below where you are loading the text files).

Then try to run analysis against this system for object (user, role) that will surely trip on some risk.

Goodluck.

Iliya

Former Member
‎12-08-2008 4:11 PM
0 Kudos

Hi lliya,

Will you please guide me about this. Actually i am very new to CC & trying to get hook of it. But i need to resolve this problem on priorty basis.

Thanks in Advance.

Regards,

Pravin

Show replies
Show replies
Former Member
‎12-09-2008 5:41 AM
0 Kudos

Hi Pravin,

To get risk analysis done, we need to perform these steps -

1. Create Jco connectors(one metadata and one model data) for each backend system (RTAs are a must) in GRC system.

2. Create connectos in Risk Analysis and Remediation for each backend system.

3. Full Sync user/Role/Profile for each new system.

4. Full batch risk analysis for User/Role/Profile with action and permission level.

5. Critical action and permission analysis and management report.

If all these jobs are completed for new system ,then you will see the risks/violations against ruleset.Let me know if it helps.

Regards,

Sabita

Former Member
‎12-09-2008 7:02 AM
0 Kudos

Hi Pravin,

please first make sure that really this is the problem - functions are not loaded against that system. You need to confirm this before we go any further. Look in my previous post how to do that.

Regards,

Iliya

Former Member
‎12-08-2008 3:55 PM
0 Kudos

Hi Iliya,

I am using this CC instance for multiple backend systems. I am using Global rule set. Risk analysis is working for one backend system and its not working for another.

Do you have any idea about this line in cc log saying "FINEST: No action rules for *".

Thanks,

Pravin

Show replies
Show replies
Former Member
‎12-08-2008 4:01 PM
0 Kudos

Hi Pravin,

then most probably you don`t have the functions loaded against this trouble system. I don`t think this is problem with the connection, the error message would be different. This message clearly states that you don`t have rules generated. Please check some relevant function (if you are analyzing R/3 system - check some of the FI functions) if it is loaded against that system. When you open the function you should see tcodes loaded against that system, if you don`t see them - that means you haven`t loaded the functions against the system. If you don`t have functions, then you don`t have rules generated against the system.

Regards,

Iliya

Former Member
‎12-08-2008 3:46 PM
0 Kudos

Hi Pravin,

did you generate the action and permission rules? If this is new installation after you upload the text files you have to generate the rules, otherwise they system has nothing to analyse against.

Regards,

Iliya

Show replies
Show replies
Ask a Question