AC 5.3 RAR and Organizational rules

Similar Messages

• RAR Organizational Rules not showing/working on RAR 5.3_13.3

  Hello Guys,
  We are facing some problems during RAR Organizational Rules implementation. After creating our risk matrix (along with all functions) we start refining it with Org. Rules, accordingly to our company needs.
  Unfortunatelly, after doing some tests, we found out that all created organizational rules are not working. They simply do not show on our reports (Risk Analysis > Organizational Level section). Any advice on that? I already went through the "How-To Guides" and a few SAP Notes (987031) without succeed.
  As a business example, we have the need of certifying that a critical access (already mapped in a Critical Action Risk Type) is not a False Positive, checking also the organizational level for that specific activity (Company Code values) so, we are doing the following:
  1) In a given Auth. Obj, we are activating BUKRS field, with $BUKRS value;
  2) Created an Organization Rules.  (e.g Org. Rule Company01 with BUKRS = COMP, and tagged RISK ID RK01*)
  3) Re-generate/Update all risk rules
  4) Ran Organizational User Mapping Job
  5) Executed an Risk Analysis (Risk Analysis > Organizational Level section).
  The results of report are the same as a regular risk analysis. No Organizational Rule were found in our result (in Org. Rule Description columm) but just all users with ANY risk.
  Besides , the Org. Rule report ran the Risk analysis for ALL RISKS of our Matrix, not only for those mapped in our Org. Rule (RK01). Is this working properly? The organizational report should not only run a report for previously mapped risks ??? (in our business example, an report result with only users with Critical Access risk RK01 and with any Auth Obj with BUKRS Field value COMP!?)
  Can anyone help us on the error above?
  Thank you,
  Best Regards,
  Adam

  Hi Natasha,
  Reviewed the situation and suggest a work around. Just try whether the same is working or not.
  As mentioned the roles are assigned to HR positions of the users and not to user ids. In that case in RAR under configuration tab go to 'user mappings' where you can map user id with the organisation position for the respective users in the particular system.
  I suggest you can test it for one user and if works fine you can replicate for other users.
  regards,
  Jwalant

• Drop Off Library and Content Organizer Rules allow bypassing of destination permissions

  I had a test scenario where
  User Betty didn’t have permissions to a destination library (only I had permissions to it)
  Via the Content Organizer rule and the Drop Off library, Betty could send a document to a library where she didn’t have access.
  Anyone addressing this issue and how?  We just don't want people to be able to send things to a destination where they don't have access, but looks like the Content Organizer Rules impersonate some part of the move.
  What's odd is you can see the "CreatedBy" as Betty, but she can't go to the library and even see the moved document...permission is denied.

  Hi Bubberz1,
  This is the known and documented behavior of the content organizer. To prevent someone from using the content organizer in this way, you'd need to prevent them from having access to add documents in the drop off library in the first place, or else
  use some other process, such as workflows, to move the documents using the creator's permissions.

• SAP GRC AC: Organizational rules at Batch risks analysis and Dashboards

  Dear All.
  I would like to know GRC AC is able to consider the organizational rules defined (for example: risk only affected to Company, BUKRS 0001) at the Batch risks analysis and at the Dashboard. I already know that for the ad-hoc reporting you can filter by the Org.rules created but i would like to know if this filter is also able for the Batch risks analysis.
  Thanks and regards.

  Dear all.
  As per my knowledge this parameter only sets the flag of Consider Org.Rules at the filters. This is what the guide indicates:
  "Setting the value to YES automatically selects the Consider Org Rule checkbox on the Risk Violations tab of the Access Request and
  Role Maintenance screens."
  So how are you so sure about that indicating this flag to YES will take into consideration the org rules at the Dashboards?
  Regards

• Export and Deployment - Best Practices for RAR and CUP

  Hi Experts,
  I wanted to know what in your opinon is best practice for deployment for GRC for a 3 system landscape.
  We have a development landscape which connacts to all our environments - Dev-QA-Prod.
  Is it recommended to have just the production client connected to the prodiction boxes only and use Dev/ QA for other environments or is it a good idea to have Prod and QA in sync?
  In my opinion it looks like a good idea to have the same QA and PROD as it would make export easier.. Maybe I am worng..
  What according to you all is a good recommended practice here?
  Thanks,
  Chinmaya

  Hi Chinmaya,
  depends how many clusters you have in your landscape
  if it is something like 5 DEV box to connect 5 QAS boxes, so on
  then best practice will be to have separate DEV - QAS - PRD boxes for GRC  if money (h/w ) is no constraint for organization
  rather than later asking SAP for deletion scripts for deleting sandbox or dev connectors,
  best to have separate boxes for each
  also for future whenever you do rule changes in RAR and config changes in CUP, best to test in QAS first, as CUP will become very critical for your organization, post go-live
  and good part will be that management report will reflect true data for PRD only
  regards,
  Surpreet

• Open Interface for Approved Supplier Lists and Sourcing Rules

  Hi All,
  Is there an open interface or an API available for Appeoved Supplier Lists and Sourcing Rules.
  Thanks and Regards,
  MPH

  Hi sandeep,
  I prefer to use the API mentioned.
  However this is in Oracle Manufactirung and we dont use that module instead I want to define them in Oracle Purchasing.
  can I still do it in Purchasing using the same API.
  Further as per the document there are 3 entities
  01) Sourcing Rule/Bill of Distribution
  02) Receiving Organization
  03) Shipping Organization
  Do I need to define all 3 in order to make it work?
  Thanks and Regards,
  MPH

• Moving documents to other document library using content organizer rule

  Hi Team,<o:p></o:p>
  I have created a content organizer rule to move documents from one document library to another.<o:p></o:p>
  I have two document libraries say Doc A and Doc B, where Doc A is a source library (where I will upload the documents) and a folder Fol 1 in Doc B is a target destination (where document should
  be moved). I got to know from one of the other posts is, Doc A should be involved in any of the content organizer rules to be able to move documents to Doc B.<o:p></o:p>
  Right now, I have not created any content organizer rule to involve Doc A. And, a folder Fol1 in Doc B is a target destination for my content organizer rule.<o:p></o:p>
  1. I have uploaded a document in Doc A and by using "Send To" command, I have send it to Doc B. This document properties fulfills content organizer rule condition. But still it stays
  inside Doc B only, and not moved to folder Fol1 automatically (which is expected, I hope so)<o:p></o:p>
  2. Now if I again update the properties of the document, it will still be inside Doc B only and not moved inside Fol1 <o:p></o:p>
  3. I have opened Doc B in File explorer using "Open with Explorer" command and copied a document inside Doc B. Now after refreshing Doc B, even though the newly added document fulfills
  the content organizer rule condition, it is not moved inside Fol1 automatically (which it should, I suppose)<o:p></o:p>
  Can you please help me with the queries above?<o:p></o:p>
  Many thanks up-front for your help and support.<o:p></o:p>
  Just for an FYI: The rule which I created is to check whether the document title is not Empty. If it is
  not, condition will be true.<o:p></o:p>
  Thanks,
  Vikas Mishra
  Vikas Mishra

  try these link:
  https://support.office.com/en-us/article/Configure-the-Content-Organizer-to-route-documents-b0875658-69bc-4f48-addb-e3c5f01f2d9a?ui=en-US&rs=en-001&ad=US
  http://www.boostsolutions.com/blog/how-to-create-content-organizer-rules-in-sharepoint-2010/
  http://community.office365.com/en-us/f/154/t/255043.aspx
  http://community.office365.com/en-us/f/176/t/252790.aspx
  https://support.office.com/en-in/article/Create-Content-Organizer-rules-to-route-documents-1e4d37a3-635d-4764-b0fc-f7c5356c1900

• Incoming email settings for a dropoff library & content organizer rules in SharePoint 2013

  I have configured an incoming email setting for a drop off library,I need to save original email also.Following are the issues:
  1)Two attachments are getting uploaded for an email , Email(.eml file) as well as the attached file .I just want to save the email part as it is already containing the  attachment
  2)In Mozilla i can see the popup for for opening the .eml file while in IE it is directly opening in browser ,is it possible to show popup in IE?
  3)I want to write content organizer rules depending upon the email subject,but i m not able to find that column

  1)Two attachments are getting uploaded for an email , Email as well as the attachment.I just want to save the email part as it is already containing attachment
  Inder: When you set the incoming email, you get option to save only email and not attachment. check the incoming email settings on that library. 
  2)In Mozilla I can see the following popup when i click on the email,I want to have this functionality on internet explorer.
  Inder : You can do that
  http://office.microsoft.com/en-in/sharepoint-server-help/change-how-to-open-a-document-in-a-library-with-one-click-HA101729873.aspx
  Also enable below feature
  lick the gear icon to open Settings, and then click Site settings.
  Click Site collection features.
  Note If the Site collection features option isn't present, you must first click
  Go to top level site settings.
  Locate the Open Documents in Client Applications by Default feature in the list, and then click
  Activate.
  3)I want to write content organizer rules depending upon the email subject,but i m not able to find that column
  I assume, Email subject should by default become title of that document. Try title
  If this helped you resolve your issue, please mark it Answered

• Huge volume of records are routing to the remote user other than his position and organization records. Synchronization and DB initialization taking more time around 36 hours.

  Huge volume of records are routing to the remote user other than his position and organization records. Synchronization and DB initialization taking more time around 36 hours.
  Actual accounts & contacts need to be route around 2000 & 3000 but we have observed lakhs of records routing into local DB.
  We have verified all the Assignment Rules, Views.
  We ran docking object visibility rules and we have observed that some other accounts are routing due to Organization rule passing. (these records are not supposed to route).
  Version Siebel 7.7.2.12,
  OS Solaris.

  let me know what would be the reason that 1st million takes only 15 minuts and the time goes on increasing gradually with the increase of dataYes that's a little strange. I only can guess:
  1. You are in archivelog mode and the Archiver is not able to archive the redo logs fast enough
  2. You don't use Direct Load and DBWR ist not able to write the direty block to disk fast enough. You could create more DBWR processes in that case.
  3. Make a snapshot of v$system_event:
  create table begin as select * from v$system_event;After the import run
  create table end as select * from v$system_event;Now compare the values:
  select * from begin order by TIME_WAITED_MICRO descwith the values given you by
  select * from end order by TIME_WAITED_MICRO descSo you can look where your DB spent so much time waiting for something.
  Alternativly, you could start a 10046 trace on the loading session and use tkprof.
  Dim

• Content Organizer rule for incoming email in sharepoint 2013?

  I have create a content organizer rule for the drop off library for the  column "Name" and it is working fine except for incoming emails.The content organizer rule is not firing even after matching the subject with the "Name" of
  incoming email,Is this the limitation  of content organizer rule?

  http://www.coretekservices.com/2012/01/26/sharepoint-content-organizer-%25e2%2580%2593-emailing-your-drop-off-library-and-getting-it-to-work
  Central Administration > Monitoring > Review Job Definitions (under Timer Jobs) > Content Organizer Processing
  Also check below:
  http://tutorial.programming4.us/windows_server/SharePoint-2010---Content-Organizer-as-a-Document-Routing-Tool.aspx
  If this helped you resolve your issue, please mark it Answered

• Content Organizer Rule - route new doc to auto created folder

  I have set up a content organizer rule and used the "Automatically create a folder for each unique value of a property:" Check box.  The folders are created properly but I now want to set up a rule that will route documents
  to folders that have been automatically created.
  E.g. I have uploaded a document with a serial number of 100-150 and a folder has been automatically created.
  Now the user uploads a document and identifies the serial number the document as 100-150, I would like to route this new document to the folder that has already been created. 
  Note: There will be numerous folders created as users upload new documents with new serial numbers, so creating a rule for everyone would not work.

  Hi,
  In edit Content Organizer rule page, I see there is an option as Automatically create a folder for each unique value of a property:
  However, unlike the drop down used in the property based filters above, this drop down *only* contains properties that are required by your content type. 
  This is done to prevent adding folders that have no values for a property. 
  If you need to put similar documents to the same folder, you could consider making use of this feature.
  Regards,
  Rebecca Tu
  TechNet Community Support

• "Organizational Rules"

  HI:
  I am looking for anyone who has experience in developing the "Organizational Rules" in Compliance Calibrator 4.0 or 5.3.
  We have the basic rule set loaded, with some custom functions and risks.  However, we are the parent company of many subsidiaries, and while the one rule set analysis access from tcode and object perspective, we would like to add the extra layer of organizational rules in order to reduce false positives where access is combined, but for different org values.
  I am looking for "how to"....there doesn't seem to be a lot of information out there on this functionality.
  Thanks,
  Margaret

  HI:
  My original question was answered....however upon implementation of this (we are on version 4.0)....we have updated our functions, and updated the org rules table...and generally the analysis works.  The SoD report when you just run a user analysis is no longer showing a false positive.
  However, when we use the populate the Org Rules field with our Org Rule that we want to analyze against, we get a "No users match the selection criteria" error popup.
  Is there any fix out there for this?  User is valid...it only happens when you populate the Org Rules field in the analysis screen.  I couldn't find anything on OSS.
  Thanks,
  Margaret

• Modelling Individuals and Organizations

  I'm developing an application where a user can either act as an individual, or as a member of an organization, and I'm having some trouble modelling this so support the various systems.
  To explain the rules, users log in and peform actions, but these actions may be in their own name, or performed on behalf of their organization. An individual can only peform the former, while a member of an organization can act on their own behalf or on behalf of their organization. A user can only be a member of a single organization.
  And to clarify, an organization is a different beast than an individual. Primarily because it isn't a different type of individual, but instead a collection of individuals that operates as an independent identity in the system. It also supports a range of member-management functionality (payroll, for example) because of that. While it doesn't do anything itself, since it's members perform actions for it, it is the organization that is considered to have performed the action when the dust settles.
  So now much of the objects within the system can have a parent that is either an individual or an organization, and several UI screens apply to both scenarios equally, with very minor differences (sometimes with no difference at all).
  This leads to a host of implementation details. Let's say both individuals and organizations can buy widgets as one of many actions they both share. Now we must support the concept of widgets belonging to either an individual or an organization. Business logic must be able to handle both scenarios, ideally with minimal duplication, and persistence has to take into account that the parent relationship of widgets isn't bound to a single type, but one of two (individuals or orgs). Most of the systems in the application must deal with this issue.
  I know this is a very abstract question, but I'm at an abstract phase of the design. Has anyone dealt with this type of model, and what techniques have been used to architect it?
  Thanks to everyone in advance!

  I think you'll need some others. There's a
  many-to-many relationship between
  Individuals and Organizations. True enough. I already have an object representing the relationship and attributes related to it (date, role, etc).
  Can be complex. I've seen it done badly.
  I don't think Party is necessarily trivial, even
  if the idea is simple.Certainly isn't trivial. All sorts of new issues arrise. For example, with the proposed table layout, Parties, Individuals, and Organizations all have different ID's, and that needs to be reconciled.
  Situations arise where your working with a system that references Parties, but you want to access more detailed information about the Person or Organization, perhaps for display purposes. Now you have to figure out how to get the derived type with just a Party ID. Doable, but I'd prefer to avoid a blind search through the Person and Organization tables.
  What if the Party table referenced the sub-type? Perhaps a column that maps to an enum in code such as PartyType.Person and PartyType.Organization. Mappers like Hibernate could use this information to automatically create an object of the derived type when you load a Party.
  Anyone know of any open-source Java or .NET projects that solve these problems? I'd love to see code.

• Editor and Organizer Black

  I was almost finished with a video I have worked on for 4 days when the editor and organizer went black. The software keeps shutting down now. What do I do? By the way, the files all loaded. I just can't see them.

  Ruthi54
  Somehow that does not look like Premiere Elements 11 or 12. What version of Premiere Elements are you using and on what computer operating system is it running?
  If you are running Premiere Elements 10 and your computer uses a NVIDIA GeForce video card, then please read the Announcement at the top of this forum. If you are a Premiere Elements 10 NVIDIA users, then it is mostly likely that you will need to roll back the NVIDIA card version to continue to use your Premiere Elements 10. For your convenience, a copy/paste of the Announcement
  Announcement: Premiere Elements 10 NVIDIA Video Card Driver Roll Back
  Hide Details
  If you are a Premiere Elements 10 user whose Windows computer uses a NVIDIA GeForce video card and you are experiencing Premiere Elements 10 display and/or unexplained program behavior, then your first line of troubleshooting needs to be rolling back the video card driver version instead of assuring that it is up to date.
  Since October 2013 to the present, there have been a growing number of reports about display and unexplained workflow glitches specific to the Premiere Elements 10 user whose Windows computer has a NVIDIA GeForce video card. If this applies to you, then the “user to user” remedy is to roll back the NVIDIA GeForce video card driver as far as is necessary to get rid of the problems. The typical driver roll back has gone back as far as March – July 2013 in order to get a working Premiere Elements 10. Neither NVIDIA nor Adobe has taken any corrective action in this regard to date, and none is expected moving forward.
  Since October 2013, the following thread has tried to keep up with the Premiere Elements 10 NVIDIA reports
  http://forums.adobe.com/thread/1317675
  Older NVIDIA GeForce drivers can be found
  http://www.nvidia.com/Download/Find.aspx?lang=en-us
  A February 2014 overview of the situation as well as how to use the older NVIDIA GeForce drivers for the driver roll back can be found
  http://atr935.blogspot.com/2014/02/pe10-nvidia-video-card-roll-back.ht ml
  Please let us rule this factor in or out at the onset.
  Thank you.
  ATR
  Add On...Your screenshot shows some icons at the bottom of the screen that appear to have warning symbols. What do those icons represent?

• How to use Organization Rule?

  hi,expert
  how to use Organization Rule?
  I create Organization Rule, Organization level always display Plan Verion(PLVAR).
  how to Maintenance Organization in Organization Rule?
  please help me!
  thanks

  The Access Control HOWTO Wiki has an excellent document describing organizational rules and org level reporting:
  https://wiki.sdn.sap.com/wiki/display/BPX/Governance%2CRisk%2CandCompliance%28GRC%29How-ToGuides