Thanks Alpesh.

Can you please let me know the steps to get the system updated to SU24, instead of going through the tedious process of manually creating the tab limited file and then uploading it into RAR.

Thanks once again.

Thanks Frank for this valuable information.

In your ERP system, schedule the two jobs (daily/weekly) and write the files to the application server.

Question 1: What parameters should I give to the two jobs to write to the files on application server?

Question 2: Can I use the filesystem as /usr/sap/trans/eps/in or any other filesystem?

In GRC, you can also do the import as a scheduled background job, which then accesses the files created in the previous step (provided the file system is accessible from GRC).

Question 3: Should I use RAR for importing the files from filesystem, created in above step, as a scheduled background job?

Thanks!

Hi guys

What background jobs to be schedulled? what is the name of job ?

Parveen

You can schedule SU24 object using the below path

configuration -> upload objects -> text objects.

Once you fill in the system and path to the server file (not local file) then click on the background button. Yes you can mention /usr/..... path to the file.

Hi all,

I did follow the suggested steps by Frank, scheduled jobs on ECC and uploaded the files in RAR. However, the permissions in GRC have not been updated with the values from ECC files, even though the status of the jobs are successfully completed. Any thoughts / suggestions?

Thanks,

Gustavo

Hi,

To get the backend system updated to SU24 , you need to use Trans SU25 to initially fill the customer Tables USOBT_C.

- execute SU25

- Choose step 1 (To initially fill the customer table only if you have not used the PFCG before)

thanks,

Farah

Edited by: Farah Laman on Sep 16, 2009 3:33 PM

Hello Frank,

ok, I just see there is the possibility to upload server files, too. Seems I was too blind last time I looked in there.

Question answered (by myself)

to automate the upload of the SU24 data extract, which upload interface in the configuration tab do I have to use?

As per now, I know the sequence of steps to do is:

1. Create file (automated via batch job) from SU24 (report /VIRSA/ZCC_DOWNLOAD_SAPOBJ)

2. convert to UTF-8 format (how can this be automated?)

3. upload periodically into RAR via background job (from AIX based file system !)

Maybe you or anyone else can help me here.

Thanks

Thomas

Edited by: Thomas Schaeflein on Sep 23, 2009 3:30 PM

Abdul,

SU24 is used by GRC CC to define the authorization objects it should analyse in order to determine whether a certain access is granted to a user.

The system considered that if you are maintaining SU24 then all auth objects set to check are in fact required by a transaction in order to execute the functionality within it. GRC uses su24 as your default mapping of auth objects and field values to tcodes.

If you dont maintain su24 regularly when modifying security then you can still upload the SU24 data, however, there is a higher likelihood you will have false positives in your results. The end result is that your implementation team will have to invest more time in adjusting the rule book to increase the accuracy of the analysis results.

I hope this helps.