- SAP Community
- Products and Technology
- Additional Q&A
- GRC Access Control 5.3 - RAR Risk Analysis in offl...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC Access Control 5.3 - RAR Risk Analysis in offline mode
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 10-21-2010 5:30 PM
Hi expert,
I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
Best Regards!
Accepted Solutions (0)
Answers (3)
Answers (3)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi all,
I can let you know that we implemented offline risk analysis approach for a huge customer in Spain using this approach for both SAP systems and non SAP system in 2008. Around 16 systems in scope.
It was hard, very hard but the implementation was successfull and they are running it currently with success.
Kind regards,
Imanol
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
.....
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
Hope I explained myself. Thanks for your help.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
".......we can't make multiple records for each userid/role combination,............."
Yes you CAN. this is what documentation is saying .
you can have multiple records for "user id & role " combination, however third one i.e. TCODE had to be different
if TCODE is again repeated then........ it is issue.......
please contact SAP, that will be best.
sorry ........
regards,
Surpreet
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
can you please elaborate what is 'problem'?
regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Surpreet,
The Problem is: the join of IDUSER, ROLE, ACTIONFROM field must be unique. When a simple role have asociate to many composite roles, this key will be duplicated. For the moment, we're taking only first composite role asociate to this simple role, but the information is not complete.
How we can associate each simple role that belonging to many composite roles without having conflict to duplicate this join?
Best Regards!
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Arias,
you are first customer i know is using offline analysis ..........
well i think you missed below line
"u201CUSERIDu201D (User ID) and u201CROLESu201D (Role) fields can have multiple values but the combination of
USERID/ROLE/ACTIONFROM/ACTIONTO (UserID/Role/ActionFrom/ActionTo) fields should be unique."
which is among impotant points to be noted.
hope that helps.
regards,
Surpreet
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Consume Ariba APIs using Postman in Technology Blogs by SAP
- Enhanced Data Analysis of Fitness Data using HANA Vector Engine, Datasphere and SAP Analytics Cloud in Technology Blogs by SAP
- Futuristic Aerospace or Defense BTP Data Mesh Layer using Collibra, Next Labs ABAC/DAM, IAG and GRC in Enterprise Resource Planning Blogs by Members
- SAP Secure Login Service for SAP GUI Now Supports Custom Certificate Authorities on AWS in Technology Blogs by SAP
- Payment Batch Configurations SAP BCM - S4HANA in Financial Management Blogs by Members
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.