Convert from Compliance Calibrator 4.0 to Risk Analysis and Remediation 5.2

Similar Messages

• Need to exclude certain risks in Risk Analysis and Remediation (5.2)

  Hello Experts,
  My requirement is I need to exclude certain unwanted risks whenever I execute the simulation for a user or an SAP role. We had this provision in the ABAP version of compliance calibrator 4.0. But we are not able to do the same in the upgraded 5.2 risk analysis and remediation.
  Can anyone please provide a solution to this problem or some workaround. Thanks in advance.
  Best Regds,
  Suyog Chakot...

  Hi,
  there are several options:
  - you can disable single risks in rule architect.
  - you can create a seond rule set that only checks the roles you want to check on
  - you can mitigate certain roles or users to exclude them from analysis
  The options are all there - depends on what exactly you want to do.
  Frank.

• Cannot find CCRTAWS at Access Control Risk Analysis and Remediation?

  I am looking for the Web service CCRTAWS  in Access Control Risk Analysis and Remediation.
  But I cannot find it.
  Could you help? Thanks a lot!

  Ashley,
     Go to main page of WAS (Web application server) where AC 5.3 is installed. It would be
  http://(servername):(port)/index.html [Replace servername and port with the actual servername and port number]
  Click on Web service navigator (First link on right side). This link will show you all the web services installed. Search for CCRTAWS. I can see it in my AC installation.
  Regards,
  Alpesh

• Stopping Background job in Risk Analysis and Remediation

  Hi,
  We have scheduled background job for Batch Risk Analysis in CC 5.3. Later we have terminated that job for some reasons. But that terminated job status is showing as Stopping from past 3 days. How we can cancel that job?
  We have restated the J2E server but the job is still running. Please suggest me how we can stop that job immediately.
  Regards,
  KKRao.
  Edited by: KKRao_2020 on May 12, 2009 9:14 AM

  Hi,
  If you have access to oracle backend then I can tell an work arround for this issue,
  when the job is in stoping status then you can delete an entry from VIRSA_CC_JOBHST table.
  The command is
  SQL> delete from  VIRSA_CC_JOBHST where jobid=your jobid and status=3;
  After running this command the job in the RAR will show aborted status then the delete button will be enabled and if you want then you can delete that job from RAR screen.
  Regards,
  Sudip.

• Risk Analysis and Remediation Mitigating Control Monitoring Alerts

  Hello,
  We have configured an alert for a Mitigating Control.  The Monitor must execute the report every day (report frequency = 1) or an alert email is sent to the Risk Owner.
  The Risk Owner recieves the Alert email and the Alert is logged on the Alerts tab only for the first two days after the report is not executed by the Monitor.  Is there a setting somewhere that controls why the alert is not generated after two days?
  thanks
  Tammi

  Correction.
  The email is only sent for 2 days.  The alert is logged on the Alert Monitor tab every day.

• Custom Tabs in Risk Analysis and Remediation

  In the configuration Tab of the RAR, one has the ability to add 3 custom tabs. These custom tabs appear to the right of the Configuration Tab. The name which brings up the tab is appended at the end of the url as mentioned in the configuration guide. For example if you append "CCdebugger" the Debugger tab is appended.
  Does anyone know what other tabs can be added and how does go about finding the names of the tabs that can be appended like the one example shown above? The configuration guide does not provide any list of tabs that can be attached in this way. (Granted the maximum at a time is 3).
  Would appreciate your help and input on this.
  Thanks

  Hello Arun,
  You can add in custom tabs any webservice (webservices urls can be found in UME Web Services Navigator) or any other link even external (as a webmail or a google search bar!).
  You are free to configure your custom tabs according to your needs, but do keep in mind that custom tabs are common to all users!
  For information here are 3 tabs we have chosen to configure:
  debug mode : .../webdynpro/dispatcher/sap.com/grc~ccappcomp/BgJobStart?debug=1
  CC Background deamon : .../sap/CCBgStatus.jsp
  Thread follow up : .../sap/CCADStatus.jsp
  Hope this helps,
  Kind regards,
  Sophie Planchais
  Edited by: Sophie Planchais on Sep 3, 2008 1:52 PM

• I keep losing my Selection arrow functionalities on documents I've converted from CS2 to CS6. I reinstall preferences and it works for a few minutes but all is lost again. What to do?

  I keep losing my Selection arrow functionalities on documents I've converted from CS2 to CS6. I reinstall preferences and it works for a few minutes but all is lost again. What to do?

  What OS?
  Id you still have CS2 installed someplace, export the original files as .inx (InDesign Interchange) and convert that instead of the .indd.

• SAP GRC AC: Organizational rules at Batch risks analysis and Dashboards

  Dear All.
  I would like to know GRC AC is able to consider the organizational rules defined (for example: risk only affected to Company, BUKRS 0001) at the Batch risks analysis and at the Dashboard. I already know that for the ad-hoc reporting you can filter by the Org.rules created but i would like to know if this filter is also able for the Batch risks analysis.
  Thanks and regards.

  Dear all.
  As per my knowledge this parameter only sets the flag of Consider Org.Rules at the filters. This is what the guide indicates:
  "Setting the value to YES automatically selects the Consider Org Rule checkbox on the Risk Violations tab of the Access Request and
  Role Maintenance screens."
  So how are you so sure about that indicating this flag to YES will take into consideration the org rules at the Dashboards?
  Regards

• Why upgrade from Compliance Calibrator to GRC?

  Hello Experts- My company has yet to implement GRC 5.3. We already utilize SAP Compliance Calibrator by Virsa Systems 4.0, which works fine, so what would be the benefit of upgrading to GRC? Is it really necessary? Is it just to stay current? Also, is it true that GRC will be moving from Java back to an ABAP stack? If so, when is the new ABAP version of GRC set to be available?
  Thanks for your advice and opinions.

  Regarding the upgrade from 4.0 to 5.3 I concur with Alpesh and Varun.
  Regarding the upgrade to 10.0, current plans are for Ramp-up to be available in December 2010 with general release scheduled for mid 2011.
  According to the latest material from SAP, they are only supporting a migration path as follows:
  4.0 -->5.3 --> 10.0
  There is no supported upgrade path from 4.0 directly to 10.0.
  It should be noted that it is a significant change in architecture and therefore not a simple migration path. SAP are recommending an upgrade to 5.3 followed by a migration to 10.0 for the technical side of things.
  5.3 does still have some significant advantages over 4.0 and therefore is still an option. owever, if you wish to register your interest, SAP are seeking ramp up customers so I would suggest you contact your Consultants or account management within SAP to discuss the options if you are considering it.
  Simon

• Virsa CC Compliance Calibrator 5.2 Role Level Analysis Question

  Part 1
  I would like to know how to run a Role Level Analysis on all of our Role EXCEPT composite roles which all start with ZC:.
  Part 2
  I would also like to know why there is not a copy paste function. What if I have the names of 50 individual roles that I want to run a report on with all different naming conventions? Is there no way to paste these in? I know I can individual select these one at a time and add another add another etc. However if you have a lot of roles for one functional area I would reall y like to not have to type those in one at a time and one line at a time.
  Thanks to all for your help in advance.

  Hi Vince
  Unfortunatley there is no paste option in Netweaver , unlike the CC version 4.0 , not even in 5.3 I heard.
  Either you have run the risk analysis using ranges  where in you can say ZS00* to ZSZZ* ( by running this it should cover all the simple roles ,excluding the composite roles , provided your role naming convention is maintianed well)
  I know its quite annoying to key in each role , specailly when your naming convention is all over the place.
  you can key in the role names once and save variant for the next time to reuse it .
  probably you have noticed already there is custom user group in User analyis tabe ,i wonder why they havent  one in Role Anlysis , it would made a bit easier atleast.
  Regards
  Prem

• AC10 - Auto risk analysis and auto mitigation

  Hi,
  I was wondering if it is possible to
  - run an automatic risk analysis at the end of an approval stage of the workflow, the same way it is possible to configure at the time of request sending?
  - automatically put a mitigating control in the request for the risks found?
    In our case, there is only one mitigating control for each risk and the assignment of the control is an unnecessary manual task to perform. The mitigation assignment will be approved in a seperate WF by the mitigation owner.
  It seems there is no out of the box solution to this, so any alternative suggestions are welcome.
  Thanks,
  Daniela

  Hi Daniela,
  If I may give my opinion, I would probably break your question down into 2 parts.
  1) Auto Risk analysis at the end of a stage - Making "Risk Analysis Mandatory" at that stage is probably the method. Unfortunately this does mean clicking one or two buttons (so not fully automated). Think AC uses this method to ensure the reviewer is aware of the conflicts caused etc.
  2) Auto Mitigation - For a business access workflow in a 'Live' situation, this is probably not a good idea,  as analysing and making the decision on whether to proceed with the request should really be performed by an actual person responsible for that stage in the work flow e.g. Role Owner or Security Lead etc. You would not want to mitigate all risks automatically (if I have understood correctly that you have a mitigation per risk ID). In theory, an automated mitigation process would mitigate all risks without discrimination.
  On a side note, there is a configuration setting under SPRO for Access controls as follows
  "Risk Analysis- Access Request : Param ID 1072 - Mitigation of critical risk required before approving the request". By enabling this configuration, you could force a mitigating control to be applied to any user requesting Critical Access.
  Hope this helps.

• Converting from Photoshop v.1 to a current version and retaining captions and tags

  I have Photoshop Version 1 running under Microsoft XP.  The computer  died.  I need to move my pictures and equally importantly the tags and  captions that have have been attached to the pictures.  I have  downloaded Photoshop Elements 9 and I have been told that they will not  support Version 1.  I can move the pictures without any difficulty, but  not the captions nor the tags.  I also downloaded Photoshop 3.0 starter  edition and the captions will come over, but not the tags.  I have all  the pictures, the catalog file and the thumb file backed up before the  computer crashed.  I do have access to another XP machine that I can  load the older Photoshop Version 1 and restore my pictures, then can I  can backup these files and imbed the captions and tags in the individual  pictures?  Your help and suggestions are appreciated.  Thank you.

  Uh, are you sure you have Photoshop v.1?
  The first version of Photoshop that ran on Windows was Photoshop 2.5.
  Are you talking about Photoshop Elements? This is the "Photoshop" forum...you'll want to post in the "Photoshop Elements" forum...

• Transports in Compliance Calibrator 5.2

  I have used the ABAP transport function (TMS, Transport Management System) to transfer rules, alerts, mitigating controls etc from Dev to QA and Prod in GRC CC 4.0 in the past and am looking for similar functionality in GRC's Netweaver version 5.2
  I understand the underlying technology differs significantly in the above releases.  I have found how to transfer rules using the "Utilities" function however this only allows download to text file, there doesn't seem to be functionality to transport directly from DEV to QAS and PRD.
  We are looking for an efficient, secure and reliable way of ensuring consistency between our GRC 'Risk Analysis and Remediation' clients.
  Thanks

  Hi Mark,
  unfortunately in this release there is no transport mechanism. The only way is to use the text file upload which you already know.
  From what you are saying I`m left with the impression you have separate CC instances that you use for risk analysis on users and for risk analysis on roles. Am I getting this right? If that is so, could you please share what is the reason for splitting the analyzed backends in two CC instances?
  Regards,
  Iliya

• Error Creating Request - Risk Analysis in CUP

  Initially, we had the issue of not being able to create requests in CUP. I read around and found out that I needed to go to Configuration > Risk analysis and change the "Perform Risk Analysis on Request" to No. I tested and I was able to create a request. This tells me that SOMETHING is wrong with the Risk Analysis in CUP. So since its a Risk Analysis error, I when into a requested and selected Run Risk Analysis and go the following error.
  "Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: java.lang.Exception: Incorrect content-type found 'text/html' "
  But before anything. I just want to verify if its an authorization error with our webserivces id. Any input?
  Thank you,

  1. In the CUP Configuration-> Risk Analysis.
  Under the section "Select Risk Analysis and Remediation Version"( or "Select Compliance Calibrator Version" for version below CUP 5.3) make sure that the following web service is given in the URI, if the "Version" selected is above 4.0.
  "http://<servername>:<portnumber>/VirsaCCRiskAnalysisService/Config1?wsdl&style=document"
                                                              In the server name and port number, enter the corresponding entries of the Compliance Calibrator (CC) or (Risk Analysis and Remediation (RAR)) server entries on which it is installed.
  The User given under this section should have the administrator access for the CUP and RAR.
  CUP is 5.3 and we have the correct URL. The user is given the following roles:
  AEADMIN
  CC_Administrator
  VIRSA_CC_ADMINISTRATOR
  Please review the attachment for the list of actions in these roles. Please let me know if there is an action that the webservice id should have. In the link below, be careful of all the download buttons. Choose the "Save file to your PC: click here" link and open the file. (not save)
  http://www.2shared.com/document/8dOC7v6E/actions.html
  2. Make sure that the user provided in the CUP connector has the access for connecting to RAR and it should also have the administrator rights of the RAR.
  Should the access be provided from the roles/actions from above?
  3. Make sure that the password of both the users given in the above points is not expired i.e. they have been reset in UME.
  You can check the same by once logging into the UME through that users. In case it asks for the password change, then the password is expired and you need to change the password and give the new password in the CUP.
  Should the password ever expire for this ID? I will double check on the password.
  4. The logon language of both the above users should be maintained in UME.
  I am not sure how to check this, please advise.
  5. Also check that the connector in the RAR is working and is able to connect to the backend SAP system.
  I tested the connection in CUP and connection was successful. How can I test the connection for RAR?
  Thank you in advance,
  Edited by: Eric Lau on May 17, 2010 6:41 PM

• Risk Analysis & Remediation

  What are the components of Risk Analysis & Remediation (Compliance Calibrator)?

  -- SOD online risk analysis
  -- Mitigation of conflicts
  -- Alert generation for conflicting tcodes executed
  -- Management report of violation in concerned system
  contact Reginal Implementation team of SAP, if you are planning to implement SAP GRC AC 5.3 in your organization.
  regards,
  Surpreet