on 10-25-2010 12:08 PM
Hello colleagues,
Recently I have started to work with RAR(CC) tightly. Some points are uncleared for me and I would very appreciated for some helps and advices.
We performed post-installation steps for RAR (uploaded SAPObjects, BP, Functions, Rules and so on). The first my question is reqarding daily support system.
1) May we upload own files with actions and permissions which made by concotenation of standard actions/permissions files with our actions/permissions files? Or we have to manage via RAR interface?
1.1 In case if we can upload own files, would it rewrite existing information or add missing information?
1.2 Why standard files(actions, permissions) content duplicated information? For example, tcode F.13 contains in action file and permission file. Would it be enough to include F.13 (tcode and auth. objects) only in permission file?
2) Regarding question #1, should we run rule generation reports every time after changing:
2.1 If we add new BP, Function
2.2 If we don't change BP, Functions, but add new transactions/permissions to Functions
3) Is it possible to perform risk analysis during run of Rule Generation job (config -> log. systems -> generate rules)?
4) How to restrict number of rules if we get message like this:
Risk: M014 has exceeded the maximum number of rules (46,655) that can be generated
Regards,
Artem Ivashkin
Artem
yes all your questions are related to rules.
request you to divide them in two part and create new thread ...
that will be very helpful
Regarding :
) May we upload own files with actions and permissions which made by concotenation of standard actions/permissions files with our actions/permissions files? Or we have to manage via RAR interface?
"yes you can upload your own files, by modifiying the standard rule file. However be very cautious, the rate of error is very high. And extra TAB or RETURN and your rules will not be generated"
1.1 In case if we can upload own files, would it rewrite existing information or add missing information?
"Yes it will overwrite existing data"
1.2 Why standard files(actions, permissions) content duplicated information? For example, tcode F.13 contains in action file and permission file. Would it be enough to include F.13 (tcode and auth. objects) only in permission file?
"that is must, the program which generate rules. First create rules at Action level and based on Action level, Persmission level rules are generated"
regards,
Surpreet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Artem,
2) Regarding question #1, should we run rule generation reports every time after changing:
2.1 If we add new BP, Function
I am not sure in this case. Probably NOT - because rules are generated as permutations and combinations of actions and permissions.
2.2 If we don't change BP, Functions, but add new transactions/permissions to Functions
We should generate the rules in this scenario
3) Is it possible to perform risk analysis during run of Rule Generation job (config -> log. systems -> generate rules)?
Technically, it is possible. However, performing risk analysis during this would not consider the new changes that arises from rule generation. Hence, not advisable.
Thanks
Qalid
Dear Mohammed,
Thank you for answer!
I should correct you in your phrase
I am not sure in this case. Probably NOT - because rules are generated as permutations and combinations of actions and permissions.
Rules, as I know, primaraly generates by file *_risks.txt which contains combination of functions. That's why I have doubts about running relevant reports in this case
But in other case (when add tcodes without changing BP, Functions) I think that we don't need to run reports.
Mohammed, thanks a lot, I appreciated to you for answer!
Regards,
Artem
Sorry Artem. Qalid is correct. In reality, rules are just permutaitons and combinations of tcodes and auth objects. Functions and BP act as containers for the tcodes/aut objects. When ever you add/remove/change tcodes/auth objects, you must generate rules. If you just change decription in BP/Function, you don't need to generate the rules. If you add new function and associate it with a risk then you will have to generate the rules.
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.