Skip to Content
author's profile photo Former Member
Former Member

GRC Access Control 5.3 - RAR Risk Analysis in offline mode

Hi expert,

I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?

Best Regards!

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

3 Answers

  • author's profile photo Former Member
    Former Member
    Posted on Oct 22, 2010 at 04:37 AM

    can you please elaborate what is 'problem'?

    regards,

    Surpreet

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      hi,

      per documentation profile or single role and composite role can be duplicate

      they ARE NOT UNIQUE records.

      UNIQUE record is COMBINATION of THREE field, so I expect ONE TCODE PER SINGLE ROLE........

      hope you get my point.......

      regards,

      Surpreet

  • author's profile photo Former Member
    Former Member
    Posted on Oct 27, 2010 at 05:55 PM

    I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:

    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1

    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2

    .....

    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN

    Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:

    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3

    Hope I explained myself. Thanks for your help.

    Add a comment
    10|10000 characters needed characters exceeded

    • Former Member

      ".......we can't make multiple records for each userid/role combination,............."

      Yes you CAN. this is what documentation is saying .

      you can have multiple records for "user id & role " combination, however third one i.e. TCODE had to be different

      if TCODE is again repeated then........ it is issue.......

      please contact SAP, that will be best.

      sorry ........ 😔

      regards,

      Surpreet

  • author's profile photo Former Member
    Former Member
    Posted on Oct 28, 2010 at 10:33 AM

    Hi all,

    I can let you know that we implemented offline risk analysis approach for a huge customer in Spain using this approach for both SAP systems and non SAP system in 2008. Around 16 systems in scope.

    It was hard, very hard but the implementation was successfull and they are running it currently with success.

    Kind regards,

    Imanol

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.