cancel
Showing results for 
Search instead for 
Did you mean: 

GRC 10: User Risk Analysis shows no results

former_member184114
Active Contributor
0 Kudos

Hi All,

I was trying to do the user risk analysis. In this regard, I did the following things:

1. Followed the document AC 10. Pre-Implementation From Post-Installation to first Risk Analysis"

2. Created a test user in the back end system

3. Created 2 roles: ZSU01 and ZPFCG containing Tcodes SU01 and PFCG respectively.

4. Assigned the above roles to test user.

5. Scheduled the background jobs on daily basis for synchrozing data with back end system.

6. Run a User Risk Analysis

However, on Multiple Selection screen, it does not display anything!!!

I am not sure it the analysis is completed. No results are displayed.

Can any one help me?

Regards,

Faisal

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Faisal,

Please check and confirm if you have generated the Rules.

To check if the rules generated:

NWBC-->Rule Setup--> Generated Rules--> Access Rule Summary

Or

NWBC-->Reports & Analytics-->Access Rule Library.

Regards,

Ajesh.

former_member184114
Active Contributor
0 Kudos

Hi Ajesh,

Thanks for your reply and I am extremely sorry for replying very lately

Now I have generated the rules from the location you have shown. Earlier, I had generated them from GRC system via SPRO. However, this was not generated properly it seems.

Thanks once again for guiding me in a proper direction.

Regards,

Faisal

Former Member
0 Kudos

Good that the problem is solved

Regards,

Ajesh.

Answers (2)

Answers (2)

Former Member
0 Kudos

It's probably worth pointing out that you should have "Critical Actions" selected as the risk analysis type for the example above, as it is likely SU01 and PFCG are classified as Critical Actions within the Rule Set.

I am guessing you performed a risk analysis for "SOD" risks.

Good luck.

former_member184114
Active Contributor
0 Kudos

Kaushal,

Thanks for your reply.

I did analysis for "Critical Actions" only. However, it is of no user. I pasted the screen shot above for the same.

Regards,

Faisal

Former Member
0 Kudos

As Kevin asked earlier, could you show us a screenshot of your Selection Criteria?

kevin_tucholke1
Contributor
0 Kudos

Faisal,

What Support Pack of AC10 are you on?  If you are previous to SP07, you need to REMOVE the RISK LEVEL line as it defaults to CRITICAL or to what ever you have entered into 1024 (hence why I wanted your Selection Screen) if you want to get ALL Risks.  After SP07, then you have the abiltiy to select * as the default risk level in parameter 1024. 

thanks.

Kevin

former_member184114
Active Contributor
0 Kudos

Hi Kevin,

Sorry for delay in my response.

I am at SP7 and please see below screen shot for 1024 settings:

Please suggest.

Regards,

Faisal

kevin_tucholke1
Contributor
0 Kudos

Faisal:

Ok, just needed to make sure.  Now, can you re-run your analysis, but take a screen shot of the screen where you are making you selections.  I would suggest that you mark each box in TYPE (Action, Permission, Critical Action, Critial Permission, Critical Role/Profile) and see if anything shows up for any of the types.  At a minimum, you should get this at the Action Level for risk B019 if you are using delivered rule set.

Also, as Ajesh said, confirm that you have generated the rules.

Thanks,

Kevin

former_member184114
Active Contributor
0 Kudos

Hi Kevin,

Thanks for your reply.

Please see below for the selection criteria I am mentioning:

This did not give me good result either. See below:

Any suggestion?

Regards,

Faisal

Former Member
0 Kudos

Hi Faisal,

As I have mentioned above, have you checked if the rules are generated?

Regards,

Ajesh.

former_member184114
Active Contributor
0 Kudos

Ajesh,

Sorry for delay in response.

Yes, I have already generated the rule set.

Regards,

Faisal

Former Member
0 Kudos

Hi Faisal,

Try running Risk analysis on a high access role (like developer role) and see if it generates risk. This will confirm if risk analysis is working or not.

Regards,

Ajesh.

former_member184114
Active Contributor
0 Kudos

Ajesh,

Thanks for your reply.

May you help me in defining my own rules in the system? This will help me in identifying if this is properly pointing out to correct SOD rule.

Regards,

faial

Former Member
0 Kudos

Hi Faisal,

Can you run the following two steps again and then run the risk analysis.

SPRO-->Common Component Settings-->Integration Frame work-->Maintain Connectors and Connection Types-->Define Conn Groups--> Here assign ERP System to SAP_BAS_LG, SAP_ECC_LG, SAP_HR_LG..

Then...
SPRO-->GRC-->AC-->ARA-->SOD Rules--> Generate SOD Rules

If possible give a screenshot of your risk library after this.

Regards,
Ajesh.

former_member184114
Active Contributor
0 Kudos

Can anybody help me?

Regards,

Faisal

kevin_tucholke1
Contributor
0 Kudos

Faisal:  What Multiple Selection screen are you referring to?

former_member184114
Active Contributor
0 Kudos

Kevin,

After running the analysis, I get a new web page as shown below:

In the above screen, nothing is shown

Regards,

Faisal