Access Control 5.3 RAR - BW Reporting 0GCC_UPV

Similar Messages

• GRC Access Controls v5.3 RAR Batch Job Risk Analysis Incr Analysis

  Hi All!
  re: GRC Access Controls v5.3 RAR Batch Job Risk Analysis Incr Analysis
  Can anyone list or direct me to a help link that has the progress list of processes that are contained in this batch job?
  Thanks!

  Hi All,
  I have answered my own question. The processes are:
  User Permission Analysis
  Profile Action Analysis
  Role Action Analysis
  User Action Analysis
  Role Permission Analysis
  -john

• Access Control 5.3 - RAR

  Hi Experts,
  Help needed. I am a newbie with GRC.
  I have executed the background jobs for RAR:
  - roles/profiles/users sync
  - batch risk analysis
  - mgt rpt
  all full sync and with * values
  Once completed, the infor was updated in the informer tab under mgt view.
  Question 1: What is puzzling me is, though i have setup the rule architect with critical roles and profiles (SAP* roles & S profiles) and under config tab to ignore critical roles and profiles (set to YES). Why is the mgt view->risk violations still showing me IDs assigned with SAP_ALL? This is definitely not a good place for top mgt to view the report since it is not reflecting the "accurate" situation of the system. Right?
  Is risk analysis->user analysis, role analysis the "right" place for top mgt to view the reports then? Please advice.
  Question 2:
  When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
  Thanks.

  Hi Annie,
  For your first question check this thread -
  GRC 5.3 Zero Violations & unable to exclude critical profiles
  Question 2:
  When I change the background job parameters for Batch Risk Analysis with specific usergroup and specific role range, why it doesnt reflect in the mgt view->risk violations? it still show me all the users in the systems and not the range of users that i specified.
  As per my uderstanding mgt-risk violation will show you the results based upon the selected criteria in the view and not based upon the background job you selected. Once Full Batch Risk Analysis is done, the data is there in GRC database. After that it keeps syncing each time you run a new batch risk analysis and adds any new changes.
  Showing in mgmt report is based upon what you select to see.
  Regards,
  Sabita

• GRC Access Control 5.3 - RAR Risk Analysis in offline mode

  Hi expert,
  I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
  Best Regards!

  I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
  Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
  Hope I explained myself. Thanks for your help.

• ACCESS CONTROLS -  UME ROLES (RAR)

  Hello Experts!
  i was wondering if you could help me. Is there a way to create/modify a role with the activity to assign Custom User Groups in RAR?
  I checked the actions that exist for VIRSA.CC and didnt found any relevant actions.
  I dont want to give authorization for all the actions in the Configuration tab but only for creating Custom User groups.
  Thanks in advance!
  david

  hello Frank,
  I want to give the authorization to our service desk, to create Custom User Groups over RAR> Configuration>Custom User Groups.
  But i searched the actions over the UME and i couldnt find about custom groups.
  I didnt want to give the authorization for the configuration tab.
  Thanks
  david

• Reporting on Access Control 5.3 with SAP BO 4.0

  Hello All,
  I have to develop WebI reports on Access Control 5.3 data. Are there any direct connectivity options available in IDT for Access Control 5.3 or Do I have to go through Oracle database connectivity as Access control 5.3 backend database is Oracle? And also for authorization data I have to connect to ERP system.
  Any help that you can provide will be greatly appreciated.
  Thanks and Regards,
  Aashutosh

  Hi,
  Generally speaking,  i believe GRC 10  is more closely aligned to BI4.0 in terms of product releases.
  However, to the best of my knowledge, there's no direct connector from BI semantic layer (IDT/UDT) specifically for GRC.
  I believe there is a web-based UI (dynpro) for dashboard-like analysis of the compliance topology, but that's it:
  http://help.sap.com/saphelp_grcac10/helpdata/en/16/7a5f2e29744e078f9305017fee2fc2/frameset.htm
  You may want to contact the GRC forum to confirm.
  Regards
  H

• After install Crystal Report Server 2011, can not access control tools

  Afte install Crystal Report Server 2011, can not access control tools from web or from application.
  My server OS is Windows 2008 R2 SP1. I follow the default setting. How to fix it?
  Error message is above.

  Is Tomcat started?  On your Start menu you should have an option to get to "Tomcat  Configuration" or, under the CRS menu you can run the "Central Configuration Manager" to start Tomcat.
  What URL are you using to connect to the web app?  By default Tomcat runs on port 8080 so your URL should look something like this:  "http://<servername>:8080/BOE/CMC" or "http://<servername>:8080/BOE/BI".
  If Tomcat is running and you're trying to access it from another computer, check to see if the Windows Firewall is turned on for the server - if it is, turn it off for "Domain" access.
  If Tomcat won't start, go to the folder where Tomcat is installed and then look in the "logs" folder.  There should be a file called "stderr.log" which you can open in Notepad to see what types of errors might be occurring (you can ignore any errors having to do with "persisted sessions".)  If there are other errors, post in the BI Platform space to get assistance.
  -Dell

• Cannot display Access Control Rules page --- BUG REPORT

  iWS 4.1sp9 on Linux Admin GUI cannot display Access Control Rules page for Netscape browsers 4.7 and 6.2 or for IE 4.
  It does work for IE 5.5 (running this in Vmware).
  I'm reporting this bug here as I can't see anywhere else to put it.

  It could be a firmware bug, or it could be something else bugging out. If the router hasn't been factory reset and it's been through a few firmware upgrades, try resetting it to factory defaults. Take note of any custom settings you have, so you can go in and manually re-configure the router. I would avoid importing a backed up config file in case the config turns out to be the problem, but it doesn't hurt to download a copy of your config now.
  Give that a try. Others might have some more ideas.
  ========
  The first to bring me 1Gbps Fiber for $30/m wins!

• Custom GRC  access control reports

  Hi,
  Is it possible to have custom reports for access control?  Specifically we are looking at developing reports based on roles and users for compliance calibrator (risk analysis and remidiation). 
  Thanks.

  Hi Clark,
  Just go through with the following document......
  http://www.sdn.sap.com/irj/bpx/index?rid=/library/uuid/706f48c6-9694-2c10-319f-c379570dc988&overridelayout=true
  You will come to know all the new features about custom reports.
  Regards,
  Mohit

• Change in Access Control components on the Service Marketplace

  Hello GRC community:
  We would like to inform you that as of yesterday (5/30) the Access Control components for support messages/SAP Notes have been changed (they have actually been replaced so all messages/notes logged under the old component will be moved/replaced to the new).
  The main 4 components are now:
  New: GRC-SAC-ARA     Access Risk Management
  Old: GRC-SAC-SCC          Risk Analysis & Remediation (formerly Compliance Calibrator) 
  New: GRC-SAC-ARQ     Access Request
  Old: GRC-SAC-SAE          Compliant User Provisoning (formerly  Virsa Access Enforcer) 
  New: GRC-SAC-EAM     Emergency Access Management
  Old: GRC-SAC-SFF          Superuser Privilege Management (formerly Virsa Firefighter) 
  New: GRC-SAC-BRM     Business Role Management
  Old: GRC-SAC-SRE          Enterprise Role Management (formerly Virsa Role Expert)
  There are also NEW components specific to areas of functionality. If you are not sure of what component to log your message under, please use the main components above.
  GRC-SAC-ADS          Directory Services
  GRC-SAC-BI             Access Control BW
  GRC-SAC-CONF       Configuration
  GRC-SAC-DAS          Dashboard
  GRC-SAC-REP          Repository
  GRC-SAC-RPT          Reporting
  GRC-SAC-UAR          User Access Review
  GRC-SAC-UPG          Installation & Upgrade
  GRC-SAC-WF           Workflow
  Ramelyn Paredes
  AGS Primary Support

  Hello COmmunity,
  To Summarise in Short: New features introduced to V10.0 : GRC 10.0 is ABAP based, so extraction of data from users is fast & analysis as well.
  As usual, the names for the Access control tool has been changed
  A. Access Risk Analysis (RAR)
  1. USOBT & object information will be automatically updated with GRC rather than manual upload (earlier version)
  2. Mass Users can be imported from .CSV file for risk analysis, Role analysis etc.,
  3. Variant creation / reuse for any report analysis
  4. Option of having multiple rule sets & simulating users across multiple rule sets at same time
  5. Risk analysis for CUA, Composite roles
  6. Mitigation by system, risk id, mass mitigation for users, audit trail etc.,
  7. Risk analysis for HR objects
  B. Emergency Access Management (SPM)
  1. Mass reporting for all FF users, Ids, Executions
  2. Centrally maintained for all systems rather than individual ERPs.
  C. User Access Management (CUP)
  1. Customizable Access request forms
  2. HR based role assignment for position, org unit
  3. IDM integration using GRC Web services
  D. Business Role Management (ERM)
  1. Concept of Business role mapping for Technical roles.
  2. Audit Trails & PFCG Change history.
  Finally, the look, reporting format has been changed to provide additional information for analysis.
  More important - GRC V5.3 support is till 2015 & SAP has planned to push the customers to upgrade to 10.0. Eventually SAP is also planning to release GRC 11.0 by mid next year. So we have to wait & watch the show

• Access Control Lists on USB drive connected to AirPort Extreme

  I have a Seagate 320GB drive mounted in a NexStar 2 IDE drive enclosure and connected via USB to my AirPort Extreme Base Station, running version 7.4.1 firmware upgrade.
  Every time I restart the computer or unmount the network drive, an access control list appears to be written to the drive when there should be none, according to Disk Utility. I can tell when there are problems with the drive because the desktop icon turns from bright blue to grey-blue. I have to unmount the drive from the base station and connect it directly to the computer via firewire in order for Disk Utility to examine it. Generally, Disk Utility will report "Incorrect number of Access Control Lists (It should be 0 instead of (whatever number found) )
  Does anyone know why these Access Control Lists are appearing? Is there any easy way to locate them and remove them, other than disconnecting it from the base station and connecting to the computer?
  This problem happens with several different drives, in various NexStar 2 and NexStar 3 enclosures.

  Same problem for me, exept that it happends after copying a file to the drive. It don't happend if I just mount and unmount the disc. The same for all discs I have tryed.
  2009-03-04 12:59:30 +0100: Disk Utility started.
  2009-03-04 12:59:43 +0100: Verifying volume “UltramaxB”
  Starting verification tool: 2009-03-04 12:59:43 +0100
  2009-03-04 12:59:43 +0100: Checking Journaled HFS Plus volume.
  2009-03-04 12:59:43 +0100: Checking Extents Overflow file.
  2009-03-04 12:59:43 +0100: Checking Catalog file.
  2009-03-04 12:59:43 +0100: Checking multi-linked files.
  2009-03-04 12:59:43 +0100: Checking Catalog hierarchy.
  2009-03-04 12:59:43 +0100: Checking Extended Attributes file.
  2009-03-04 12:59:43 +0100: Incorrect number of Access Control Lists
  2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: 2009-03-04 12:59:43 +0100: (It should be 5427 instead of 5430)
  2009-03-04 12:59:43 +0100: Checking volume bitmap.
  2009-03-04 12:59:44 +0100: Checking volume information.
  2009-03-04 12:59:44 +0100: 2009-03-04 12:59:44 +0100: The volume UltramaxB needs to be repaired.
  2009-03-04 12:59:44 +0100: Error: Filesystem verify or repair failed.2009-03-04 12:59:44 +0100:
  2009-03-04 12:59:44 +0100: Disk Utility stopped verifying “UltramaxB” because the following error was encountered:
  Filesystem verify or repair failed.
  2009-03-04 12:59:44 +0100:

• How to use "access control - administrator" in SQL

  I have a report with checkboxes to select records for delete. Non administrators can only delete a subset of the records. So for some of the records I would like to hide the checkbox if the user is not an administrator. The checkboxes are created in the select statement.
  I would like to know if there is a function that I can use in SQL that will tell me if the current user is administrator or not. I'm using the access control list.
  Edited by: Rene W. on Mar 10, 2011 3:46 AM

  Just found the apex_access_control table in my schema.
  Guess I'll just use that.

• ESYU: R12 - Order Management를 위한 Multi Org Access Control(MOAC) setup 방법

  Purpose
  Oracle Order Management - Version: 12.0 to 12.0
  Information in this document applies to any platform.
  R12의 Order Management에 대핸 Multi Org Access Control(MOAC) setup 방법에 대해 알아본다.
  Solution
  일반적인 MOAC Setup:
  1. HRMS에서 Security Profile을 정의:
  a. HRMS Management responsibility 선택
  b. HRMS Manager> Security> Profile로 이동
  c. Security Profile이 정의되어 있는지 확인 (OM responsibility 혹은 Site level로)
  d. 만일 아직 setup 되어져 있지 않다면 Operating Units를 입력
  e. 저장
  Note: 만일 위 d step과 같이 새로운 security profile을 생성하였다면 concurrent program 'Security List Maintenance'를 꼭 실행해야 한다.
  그렇지 않으면 multiple operating units가 OM forms의 LOV에 나타나지 않을 것이다.
  이 program은 multi-org access를 validating 하기 위해 사용하는 table에 data를 생성한다.
  Navigation: HRMS Management> HRMS Manager> Processes & Reports> Submit Process & Report> Security List Maintenance
  2. MO Profile Options setup:
  a. MO: Security Profile - 이 profile setting은 MOAC functionality를 활성화 한다.
  b. MO: Default Operating Unit - 이 Operating Unit는 OM forms과 report에서 default가 될 것이며, 이를 clear 하거나 변경하기 위해 LOV를 사용할 수 있다.
  Keep the MO profiles in sync:
  MO: Security Profile은 site와 responsibility level로 setting 할 수 있다.
  MO: Default Operating Unit은 site, responsibility, user level로 setting 할 수 있다.
  Application이 원하는대로 동작되지 않는것을 발견하면 이 profile options의 setting 값을 확인한다.
  3. OM setup:
  R12 upgrade 시 OM Profile에서 migrate 된 새로운 OM System Parameters를 확인:
  Order Management Super User> Setup> System Parameters> Values
  (See <<NOTE 393646.1>>-R12 Readiness Cheat Sheet: Migrated OM Profile Options)
  4. Form에서 hidden field 'Operatin Unit'를 활성화시키고 default folder로 저장:
  Sales Order and Order Organizer forms
  Quick Sales order and Organizer forms
  Sales Agreement forms
  Pricing and Availability form
  Other forms
  Note: Sales Order form에서 hidden field 'Operating Unit'를 'Show' 하기 전에 fotm안에 이 field를 위한 공간을 만들어 놓아야 한다.
  예를 들면 Customer Number field를 짧게 하거나 Operating Unit field로 이 field를 덮어씌울수 있다.
  Reference
  Note 393634.1

  Hi Larry,
  Have you considered adding the exec apps.mo_global.set_policy_context call to your connection's start-up script?
  Tools -> Preferences -> Database -> Filename for connection startup scriptNot the most flexible approach, so I'm not sure if it is appropriate for your application, but just a thought. You might create distinct connection names with different start-up scripts for each org_id.
  Regards,
  Gary
  SQL Developer Team

• "Assign Access Control" returns error for essbase apps in shared services

  Hello,
  I installed and configured Oracle EPM 11.1.2 (Foundation, Essbase, Planning, Reporting&Analysis):
  OS: Windows Server 2008 Sp2 (32bit)
  Default Installation with default ports,
  Installation of all components on the same server,
  no clustering
  EPM System Diagnostic says that everything is OK.
  Now I want to assign filter access for an essbase database in the Shared Services.
  Starting the menu item "Assign Access Control" in Shared Services returns the following error:
  Error 404--Not Found
  From RFC 2068 Hypertext Transfer Protocol -- HTTP/1.1:
  +10.4.5 404 Not Found+
  The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent.
  +....+
  Can anybody help ???
  best regards,
  Nicole

  Hello,
  here's what I found out so far:
  I get the error if I start the shared services console via the URL "http://servername:port/interop/index.jsp" and then select the "assign access control" for an essbase database.
  If I start the shared services console via the workspace everything works fine.
  Does anybody know what to do so that it also works if I start the shared services console via URL?
  best regards,
  Nicole

• "Assign access control" not appearing under Essbase in shared services

  Hi Everyone,
  Can anyone point out the reason behind this? This is leading to all sorts of problems. Configuration is as follows:
  App Server: Foundation, EAS, Planning, Reporting, Web Analysis, Workspace on Tomcat
  DB Server: Essbase and SQL Server
  Essbase is on Shared Services mode.
  This is actually very urgent. Would be grateful for any help.
  Thanks,
  Sayantan

  This has been posted in the essbase forum > "Assign access control" not appearing under Essbase in shared services
  Cheers
  John
  http://john-goodwin.blogspot.com/