on 05-01-2013 12:42 PM
Hello,
i configured my system accoring the configuration guides.
But when I start e.g. Access Risk Analysis for User Level/Role Level/Profile Level... no output data will be displayed!?
i ran all the Sync Jobs and SLG1 doesn't give me any errors.
FF and PSS both works fine.
FYI: Also in Business Role Management (BRM) no roles are displayed... maybe these two issues could be caused by the same problem?!
Thank you in advance
regards
Edgar
Hi Edgar
For the ruleset - are you using the SAP standard as delivered in the BC Sets? If so, after activating them, did you generate them.?
also, which SP are you on as there have been a few notes recently relating to No Violations displaying such as below:
Note 1824956 - User Analysis Report shows "No violations"
Note 1817251 - User Analysis Report shows "No violations" |
On you FYI comment about the BRM with NO roles are displaying....
For both issues- have you competed Maintain Connection Settings in the Integration Framework for ROLEMG, PROV, AUTH and SUPGM?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen,
thanks for your helpfull response!
Yes, i use the pre-delivered BC Sets/rulesets.
Yes, after activation, I generated the SoD Rules in Governance, Risk and Compliance > Access Risk Analysis > SoD Rules > Generate SoD Rules (slide 13 of AC 10.0 Pre-Implementation From Post-Installation to First Risk Analysis.pdf), if u mean that.
I am running GRC on SP12. so Note 1817251 is already implemented.
Now I have implemented Note 182456.
But still NO Risk Analysis result in Access Management > Access Risk Analysis > User/Role/Profile Level (screenshot)
accorind to my BRM issue:
I didn't know that I have to import all the roles first... and thought a sync would be enough.
Now i imported the roles from my backend systems and now they show up in BRM 🙂 thank you!
Any other suggestions for my RAR issue?
Thanks in advance
Hi
Other things to check
Configuration parameters for risk analysis - see of you are excluding any users (eg locked)
Look at the functions in the rule set for the connector group they are against and check to see if your connectors are in the same group?
Rerun your full object synch since importing roles
Sorry messaging from phone so can't provide steps
Hi Colleen,
I found something weird. Maybe i just dont get the sense of the filed "System" (in Function/Action details) or there is something wrong.
In the screenshot u can see, that my 2 backend System "GRC->..." are available in the dropdown list.
The Functions are NOT assigned to them, they are assigned e.g. to SAP R3.
Just for understanding... should the Action assigned to my backend system oder only to e.g. SAP R3 (and my backend system to the group SAP r3).
Because I think, my backend system should be visible in this dropdown list, do they?
I dont know, where i customized this, so they are visible in the dropdown list...
Hi Colleen,
I am running the ad hoc user risk analysis and it's working for some users and not working for other users. For the non-working users, I am not getting any results at all. when I run the analysis at the permission level/action . We are on SP10. All rules have been generated and all jobs have been schdueled. I also ran it by including mitigated risks for just one risk. Any ideas on what could be possibly wrong. We are doing a migration from Virsa to GRC 10 and just trying to validate/compare the user analysis results we got from Virsa to GRC 10. Virsa shows the user's violations but AC 10 is coming up BLANK for this user but I see that this user's riks are gnerated when I go to GRACACTRULE and also in NWBC. All the batch jobs and synchm jobs were sucessfully completeed as well. Any ideas?
This is very urgent for me...I will appreciate if anyone has a feedback.
My second question is unrelated. Currently we have only ONE ruleset - our customized ruleset that we migrated from our Virsa system. When you go into GRC NWBC. our permissions and rules are pointing at our physical connector which was created in Sm59 but my question is 1) should we create a custom connector group for this connector and assign the connector to the custom connector group? or should we assign it to the SAP_BAS_LG connector group? or SAP NHR_LG connector group? Why or why not? What does the connector group control or impact:?
2) We would like to house our custom rules as described above and GLOBAL rules as well in AC 10. Should we create another physical connector for our global rules ? or should we use the same connector that we used in (1) above for the custom rules but assign the connector to a different connector group e.g SAP_BAS_LG and SAP_NHR_LG.
Hi Rajesh
Have you looked at which users fail and why? Configuration parameters can exclude objects
Secondly, when you run the report do not have an blank fields - remove them if you don't use them.
for the comparison - also check that your Ruleset - Risks and Functions are the same and are generated.
In mentioning SP10, did you look at the notes?
Note 1824956 - User Analysis Report shows "No violations"
Note 1817251 - User Analysis Report shows "No violations"
Anything else, I recommend a new thread and post some pictures and steps of what you have attempted to do.
Hi,
I see that you have selected as * for Custom group. Kindly check if there is any custom group is maintained in GRC box, if not I woul drequest you to remove the Custom group field from selction criteria or keep it blank instead of * . This is because * is not valid enrty for custom group.
Kindly try running the risk analysis after making the above correction.
let me know if you are successfull
Regards,
Prashant Kumar
Hi Colleen
I am trying to upload the custom rulebook .I have modified all the 9 files and kept only Z Risks with Z functions.
When I run execute button for upload it stucks at the Risk file giving an error message "Cannot Interpret the data in the file".Also what are these codes denotes in that file.
Regards
Pradeep
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.