HI Faizel/Luis,

Genrally we get this error when the rules are not generated properily.Please check the if the entries

for the  system MEDCLNT120 exist in the GRACACTRULE table in SE16.If the table contains very few entries or no entries at all.Please re-upload and regenerate the rules again.

Thanks and Regards

Japneet Singh

Hi Japneet

the GRACACTRULE table in SE16 have 830.000 entries, anyway you recommend loading the rules again?

Best regards

HI Luis,

830,000 is a good number.

There are couple of things that i need to know

1).Have you run a full batch risk analysis job before running the user violation report.Please run a full batch risk analysis job and then test the sceanrio again.

2).Are you getting the results when you perform the Ad-hoc(Real time) risk analysis for the same user?

Thanks

Japneet 

Hi Japneet:

1)i have run a full batch risk analysis, but with errors, we are reviewing the errors

2)despite the error of point 1, however I am getting results

thank you in advance

Hi Luis,

It is good to hear that you are finally getting the results after executing the batch risk analysis job.I would suggest you to run a full batch risk sync job oncce or twice a month and run an incremental sync job everyday.

For error related to the batch risk analysis,Are you getting any dump ?

Please review the job logs and let us know the exact error.

Thanks

Japneet

Japneet :

I attached the error, we thought there was a problem with RFC user permissions. but , permission are correctly granted.

Best regards

Quick question gurus,

I am running the ad hoc user risk analysis and it's working for some users and not working for other users. For the non-working users, I am not getting any results at all. when I run the analysis at the permission level. We are on SP10. All rules have been generated and all jobs have been schdueled. I also ran it by including mitigated risks for just one risk. Any ideas on what could be  possibly wrong. We are doing a migration from Virsa to GRC 10 and just trying to validate/compare the user analysis results we got from Virsa to GRC 10. Virsa shows the user's violations but AC 10 is coming up BLANK for this user but I see that this user's riks are gnerated when I go to GRACACTRULE and also in NWBC. All the batch jobs and synchm jobs were sucessfully completeed as well. Any ideas?

This is very urgent for me...I will appreciate if anyone has a feedback.

My second question is unrelated. Currently we have only ONE ruleset - our customized ruleset that we migrated from our Virsa system.  When you go into GRC NWBC. our permissions and rules are pointing at our physical connector which was created in Sm59 but my question is 1) should we create a custom connector group for this connector and assign the connector to the custom connector group? or should we assign it to the SAP_BAS_LG connector group? or SAP NHR_LG connector group? Why or why not? What does the connector group control or impact:?

2) We would like to house our custom rules as described above and GLOBAL rules as well in AC 10. Should we create another physical connector for our global rules ? or should we use the same connector that we used in  (1) above for the custom rules but assign the connector to a different connector group e.g SAP_BAS_LG and SAP_NHR_LG.

Bascially, we have one ECC system that needs to be connected to our GRC 10 system and would like to set up our custom rules and our GLOBAL rules to both be pointing at the ECC back end system. How do we accomplish this while setting up the connectors and connector groups. Also , while uploading the rules, should we upload the rules against the physical systems(connectors) or against the logical groups?  What's the impact of the logical group? In simple english, what does logical group and generating the rules mean? and what is the difference bretween SOD_LOG and SOD_CROSS? which should we be using:?