Skip to Content
avatar image
Former Member

SAP GRC 10.0 Offline Risk Analysis

Hi,

We know that we can do "Offline Risk Analysis" in SAP GRC Aceess Control 5.3, by uploading text files in data extraction tab. Now the question is, how the offline risk takes place in SAP GRC AC 10.0, how we upload the data and what format it should be?? Can anyone please help me on this?

Regards,

Sandeep

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • May 25, 2011 at 09:31 AM

    Hi Sandeep,

    AC 10.0 is currently in ramp-up therefore I would suggest you trigger your request through your ramp-up coach.

    But high level it's this way:

    Plugin system has programs to

    1. Download User, User Actions, User Permissions(ony SAP system, for Non SAP custom programs are required)

    2. Download Role, Role Actions, Action Permissions(same as above)

    3. Download Profile, Profile Actions, Profiule Permissions (same as above)

    GRC Box

    1. Create a Logical connector in SM59

    2. in transaction File create connectors to each file downloaded from plugin system

    3. In connector settings associate all these files to the system created in SM59

    Now use the repository sync and authorization sync programs which would internally extract all data from the associated files

    GRAC_UPLOAD_RULES formats are exactly same as those of 5.3

    Best,

    Frank

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Frank,

      Thanks for the response,

      As mentioned by you on the programs in the plugin system, i could find below mentioned programs, but can you please mention which program is used to download what, i mean for User/Role/Profile action and permission files??

      /GRCPI/GRIA_DLOAD_AUTH_OBJS Download Authorization object

      /GRCPI/GRIA_DLOAD_ROLE_AU_OBJS Role Authorization Object

      /GRCPI/GRIA_DNLDROLES Download Roles

      /GRCPI/GRIA_DOWNLOAD_SAPOBJ Download objects

      /GRCPI/GRIA_R_DOWNLOAD_DESC Program /GRCPI/GRIA_R_DOWNLOAD_DESC

      /GRCPI/GRIA_R_DOWNLOAD_USRS Program /GRCPI/GRIA_R_DOWNLOAD_USRS

      /GRCPI/GRIA_ZVRAT_UPDWNLOAD updownload data

      Secondly, as you mentioned in FILE transaction do we need to place the file in Application server or will it pick this extracted files from local path? and for the non SAP system can we use same RRA template as we used for 5.3?

      Regards,

      Sandeep

      Edited by: Sandeep Poojary on May 25, 2011 11:49 AM

  • avatar image
    Former Member
    Jul 11, 2012 at 01:18 PM

    Hello,

    I have the same problem.

    I can answer which programs are needed to download information from the backend:

    SE38 >> /VIRSA/DLOAD_USRS

    Delimiter:blank

    C:\user.user.txt

    SE38 >> /VIRSA/DLOAD_AUTH_OBJS

    parameter A & F

    Delimiter:blank

    C\:user.action.txt

    /VIRSA/DLOAD_AUTH_OBJS

    parameter P & F

    Delimiter:blank

    C\:user.permission.txt

    /VIRSA/DLOAD_ROLES

    Delimiter:blank

    C\:role.role.txt

    /VIRSA/DLOAD_ROLE_AUTH_OBJS

    parameter A & F

    Delimiter:blank

    C\:role.action.txt

    /VIRSA/DLOAD_ROLE_AUTH_OBJS

    parameter P & F

    Delimiter:blank

    C\:role.permission.txt

    /VIRSA/ZCC_DOWNLOAD_DESC

    C\:text.txt

    /VIRSA/ZCC_DOWNLOAD_SAPOBJ

    C:\auth.txt

    Unfortunately, whereas within GRC 5.3 the upload was managed via Front end, GRC 10.0 does not seem to offer this functionality. Please correct me if I am wrong.

    I also need a way how to implement offline risk analysis in GRC 10.0, not simply covered by the Config Setting "Enable Offline Risk Anaylsis" but instead requiring us to enable an UPLOAD of all relevant information for Risk Analysis. Thus, we want to be able to analyse Roles without actually having a physical connection to the System that contains these Roles.

    Best Regards.,

    Adrian

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Diego I. Yaryura

      Hi Diego,

      I don't know why, but the upload doesn't work on our side. I copied the plugin-download files and filled in with new role values, actions and permissions. But when I try to sync with Repository_Object_Sync in the System I cannot fill in any value in GRACOBJECTAUTH.

      Thanks for your help.

      Regards,

      Manuela