Action search in GRC v10
Hi Everyone,
We used to have search functionality in previous versions of GRC, where if you want to look up certain transaction to see which functions has it? It was possible up until v5.3, but this seems to be missing in GRCv10, please correct me if I am wrong.
If this functionality exists can someone please guide how to search for a particular transaction in all functions or selected group of fucntions.
thanks in advance
Kev
Hi Everyone,
We used to have search functionality in previous versions of GRC, where if you want to look up certain transaction to see which functions has it? It was possible up until v5.3, but this seems to be missing in GRCv10, please correct me if I am wrong.
If this functionality exists can someone please guide how to search for a particular transaction in all functions or selected group of fucntions.
thanks in advance
Kev
Similar Messages
-
WebServices in GRC v10.0
Hi all,
I have three questions to WebServices regarding SAP GRC v10.0:
1. Is it possible with v10 to check permissions via WebServices (SAPGRC_AC_IDM_*) only with the RAR component? In v5.3 it was only possible, if CUP was installed too.
2. Contain the WebService SAPGRC_AC_IDM_RISKANALYSIS in v10 a analysis of critical permissions? In v5.3 only SoDs and critical actions was checked.
3. What is the task of the parameter includeCrossSystemsAnalysis of the WebService VirsaCCRiskAnalysisService in v10? In v5.3 the value of this WebService has no impact to the SoD check (it SHOULD be:
includeCrossSystemsAnalysis == true ==> cross system SoD check
includeCrossSystemsAnalysis == false ==> single system SoD check
But doesn't matter what's the value of the parameter. There is always a cross system check. Has this changed in v10.0?
Regards
PeterHi Peter,
AFAIK the web services have not yet been published.
If you had the web service return violations without the requirement for CUP, what would you do with that information?
I hear that question a lot, I would really like to understand the ideas behind it.
To one of your other questions: cross system check is only possible for dedicated cross system risks. If there are no such risks defined, this will not yield any results no matter what the value of the parameter is.
Thanks,
Frank. -
Good day,
OK, it seems that I am missing something with GRC 10. We are upgrading from CC4.0 to GRC 10. I believe I have everything configured through SPRO correctly. I can run a risk analysis on end users and I get results. I am now at the point where I put the mitigations into the system but I have seem to run into a snag. When I go to master data > Mitigation, I start to fill in the information but when I try to add a AC Owner I get "No Results Found".
I have tried adding a Owner to a risk and then going back, I have also added a user under "Access Management" tab with "Access Control Owners". I have reviewed almost every node in SPRO and I can not seem to find where I am missing something.
I am sure it is simple since I can not find any documentation on this almost anywhere. We are currently running GRC v10 SP5. We are only planning to use the RAR (5.3 term) portion of AC not the other part (Example: Risk Terminator). Please let me know if there is a simple solution to get a user populated in the AC Owner tab.
Kind Regards,
PaulSome of the GRC Roles ..
SAP_GRAC_ACCESS_APPROVER Role for Access Request Approver
SAP_GRAC_ACCESS_REQUESTER Role for End user
SAP_GRAC_ACCESS_REQUEST_ADMIN Role for Access Request Administrator
SAP_GRAC_ALERTS Generate, clear and delete SOD Alerts
SAP_GRAC_ALL Super Admin for AC
SAP_GRAC_BASE Base Role for all Access Control Users.
SAP_GRAC_CONTROL_APPROVER Create AC MIT control, approve, assign, alert and perform Risk analysis
SAP_GRAC_CONTROL_MONITOR Ability to assign MIT control to Risk and perform risk analysis
SAP_GRAC_CONTROL_OWNER Create AC MIT control.
SAP_GRAC_DISPLAY_ALL Display Access To All AC Objects.
SAP_GRAC_END_USER End User as a GRC Guest
SAP_GRAC_FUNCTION_APPROVER Approve Function for Workflow
SAP_GRAC_NWBC View Access Control Information Architecture.
SAP_GRAC_REPORTS Ability to run all AC reports.
SAP_GRAC_RISK_ANALYSIS Ability to Perform Risk Analysis
SAP_GRAC_RISK_OWNER Risk maintainence And Risk Analysis
SAP_GRAC_ROLE_MGMT_ADMIN Role Management Admin
SAP_GRAC_ROLE_MGMT_DESINGER Role Management Designer
SAP_GRAC_ROLE_MGMT_ROLE_OWNER Role Owner
SAP_GRAC_ROLE_MGMT_USER Role Management Business User
SAP_GRAC_SUPER_USER_MGMT_USER Super User Firefighter
SAP_GRAC_SUPER_USER_MGMT_ADMIN Super User Administrator Role
SAP_GRAC_SUPER_USER_MGMT_CNTLR Super User Controller Role
SAP_GRC_MSMP_WF_ADMIN_ALL MSMP Overall Administrator
SAP_GRC_MSMP_WF_CONFIG_ALL MSMP Overall Configurator
SAP_GRAC_RULE_SETUP Ability to define Access Rules
SAP_GRAC_SETUP Ability to setup Access Control
SAP_GRC_FN_BASE GRC - Base role to run applications
Hope it helps ..
Vikas -
Hi,
I need some information about implementing integration with SAP GRC v10 and SoD. Does anyone of you has any experience in that configuration?
We have only base information in SAP UM Connector doc and on metalink either. Dooes anyone work with SAP GRC v10 and OIM 11g?
best
mpSee if this helps:
http://www.oracle.com/technetwork/testcontent/oimconnectordatasheet-saperp-134222.pdf
regards,
GP -
Setting to Retain User Action Logs in GRC 10.0
Is there a setting to retain the User Action logs in SAP GRC 10 System for x number of Days. Is it dependent on the ST03N Log settings
Hi Selva,
For this you need to schedule the action usage job. Once you schedule this job you can view the logs in Reports and Analytica tab under Security Link->Action Usage by user,role and profile.
Hope this helps.
Regards,
Neeraj -
Hello All,
Currently we are in GRC 5.3 SP13.We are planning to migrate to GRC 10 with PLUGIN level 7.We are in process of upgrading GRC 5.3 to Sp16 before migrating to GRC AC 10.As per the note 1655924 and 1662113,we find that GRC PLUGIN is compatible with GRC 5.3 RTA's.
Can you please confirm upto which RTA Level GRC 5.3 RTA is compatible with GRC 10 PLUGIN 7.
Thanks,
JagatHi Jagat,
I don't think there is a hard dependency between the RTA VIRSA* and GRCPI* Plugin as each have a completely separate code base.
The dependency is really on the GRC 5.3 system so that the export utility can extract the data in the correct format and load into GRC 10.0 correctly (GRCFND_A).
Regards, Simon -
GRC V10 SPM: login notification
Hi experts,
we created a lot of Z-objects via SE61 (saved+activated). As well we mapped the MSMP-objects. Everythings fine and work well. We transported every object to the PRD and all Z-objects for MSMP where used. But the login-notification is not a relevant MSMP-event. So where is it possible to change the SAP-object to our Z-object for the login notification of the SPM?
I cannot find the relevant configuration setting in SPRO. Any ideas?
I am talking about the objects: GRAC_SPM_NOTIFICATION + GRAC_SPM_LOG_NOTIFICATION which are used for the login notification events.
Thanks,
AlexaHI Alexa
You will need to configure the custom notification message in the IMG
Path: Governance, Risk and Compliance > Access Control > Workflow for Access Control > Maintain Custom Notification Messages
Screen shot below is the example you will need for the FF Login Notification Event
The Document Object is the SE61 custom message you created
Note, if you are implemented decentralised FF then you will need to configure this message in the plug-in configuration via IMG path:
Governance, Risk and Compliance (Plug-In) > Access Control > Maintain Custom Notification Messages for Emergency Access (Plug-In)
The program looks for this configuration first based on the message class before using the SAP standard as default.
The message classes you need to create entries for can be found by searching in the matchcode
0AC_SPM_INSTRUCTION 000 SPM workflow instruction
0AC_SPM_LOG_NOTIFY 000 SPM Log notification
0AC_SPM_NOTIFICATION 000 SPM Login Notification -
Hi,
we generated our own brfplus agent. But how is it possible to add more than one user ID to a rule result? We want to inform a group of userIDs.
We don´t want to use MSMP Approver GroupID for the scenario, because we have to make flexible approver results regarding the request details.
Any ideas?
Thanks for your help.
AlexaHi Alexa,
I'm theorising here but you should be able to have a separate decision table which actually lists the user IDs out and reports them into a new result key.
This would effectively be your CAD (in 5.3 terminology). You can then make your original decision table reference that new decision table to find the appropriate result (a list of User IDs rather than just a single entry). Alternatively, you could play with the other types of expressions (e.g. boolean formula etc) to directly work through the logic.
This could quickly end up being a complex over-engineered solution to a potentially simple problem so whilst it may be possible, I'm still not sure I'd go for it. I'd really look back at the core requirement and see whether it would be possible to manage with the direct users mapped or approvers group.
Simon -
GRC V10: BRFplus rule transport
Hi experts,
how is it possible to transport a brfplus rule.
we generate a function module via SE37 and afterwards the rule. Are the decision table and all brfplus rule settings in the transport of the function module?
Or should I transport the rule as well via brfplus? But there the "Transport" button is greyed-out, because of local object.
But the generated rule has still a local package in the settings, although the function module was assigned to a customer-package. As well I found a note 1624157, but this note doesn't work.
Any ideas?
Thanks a lot.
AlexaHi Alexa,
Yes brfplus rules will be transported along with function module, no need to transport separately.
First create the function module and assign to to customer package with transport request and dont forget to activate it. Once this is done select "Define Wofkflow-Related MSMP Rules" from SPRO -> Access Control -> Workflow for Access Control.
There select correct process id, rule type, rule kind, Rule id and in Application/Func. Group Name insert the function module which you have created and execute it.
Let me know if it fixes your issue.
Thanks,
Soman -
GRC 10.0: Access Request Creation - LDAP user advanced search not working
Dear Experts,
We are implementing SAP GRC Access Control and we have an issue in Access Request Creation. If we put the user name in “User” field and press intro, the user details are updated, but if we want to make an "Advanced search" the user is not found and the application give us the following message: “No records found for the search criteria entered.”
Scenario 1: If we put the user name in “User” field and press intro, the user details are updated:
Scenario 2: If we want to make an "Advanced search" the user is not found and the application give us the following message: “No records found for the search criteria entered.”
We are using the Active Directory as Data Source.
Thanks and Regards.Hi Jose,
Try maintaning the parameter 2050 as YES and check once.
Kindly, also make refer to the below list of SAP notes:
1757906 - GRC 10.0 - LDAP user search does not work in NWBC
1745370 - LDAP search in GRC does not work anonymously
1718242- UAM: User search not working in Access Request.
Regards,
Neeraj Agarwal -
Request Administration in GRC 10.
Dear GRC Experts,
Currently, my GRC system in I have two issues in GRC AC 10 (SP 10), for which I couldn't find an answer here. Help me if you have encountered the same and solved it.
1. When we search the request, we are not able to see the approver there with whom request is pending.
- We have created a BRF+ initiator and agents. we rechecked again to make sure that we have not skipped any step.
- Even the version generation was without any error).
- Also made sure that the Approver of the request has the correct GRC R/3 Role assigned.
2. When we go to Access Request Administration, there we can't find where the request is pending, we are not able to approve any request with admin rights. In the other action there no drop down is available or no approve or submit. It has only "other Actions" as the option and it has only 'return' which prompts to return at any stage.
- I have assigned all the admin / super user roles to the administrator, but still he is not able to see perform any activity, apart from cancel instance.
3. We have selected the functional area during the request, however we are not able to see post submission of the request. The administrator is not able to see the functional area selected. I have also checked in the user detail tab but could not find it.
Please advise.
Look forward to hear from you.
Regards,
Sahil.
Message was edited by: Sahil BhanushaliHi Sahil,
I have migrated to GRC V10 2 months ago and also have been struggling against issues with Request with no approver found and that could not be redirected in Administration.
I have reviewed all my Decision Tables - Table Settings - and marked "Return initial value if no match is found". With this flag, I could define a Escape Route for Approver Not Found and set up a PATH with one stage for which a BRF+ rule find the proper GRC Support Team to be the approver.
In my case I have some people designed by Company pattern [NA_*] for North America, [SA_*] for South America an so on...
With that, I am now receiving the requests with no approver and use Administration to fix information in the request and then Return to the proper path. I can also you manual Forwards with return to involve proper managers.
Hope this can help you.
Vaner -
How to transport a permission deletion in GRC AC 10
I am trying to modify our rule set and need to transport a permission/action deletion. I have spent hours searching for an answer to this today and this is my last hope.
When I transport the ruleset after making the deletion, it doesn't leave the rule set in our QA system.
I did find something on the SAP Idea Place that the current workaround is to change the request and ensure that you replace all of the entries on GRACFUNCACT and GRACFUNCPRM to 1 entry = "cliento" + "*".
I've opened my transport to make the changes, but I want to make sure I'm doing it correctly.
Can anyone elaborate on this? Any help is greatly appreciated.Hi Prashant,
Refer : Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki
Also search on GRC community there is lot of material available.
BR,
Mangesh -
No Pop-Up Window Opening in GRC AC 10.0 the First Time
Hi Community,
We are encountering a weird issue with GRC AC 10.0 and IE8. After logging in to NWBC and the clicking for the first time on my inbox hyperlink or a report hyperlink, the screen freezes and no pop-up appears. I have to hit the browser back button to go back to the NWBC screen and then when clicking on my inbox or the report hyperlink a second time, the pop-up with my inbox or the report selection criteria screen appears. Has anyone come across a similar issue? Cannot seem to find in on SCN or SAP Note search. Thanks!Hi Joerg
did you see NWBC Web GRC v10 WSOD
The comments in there imply it's an issue with IE8. Have you been able to try a different browser? There is a reference to specific IE8 note
Regards
Colleen -
Search button is non responsive in Safari and no pop up window appearing
When trying to search for a product in a page on safari, when trying to press the search button is non responsive.
Before the iOS7 update I would press the search button and a pop up window would appear.
This no longer happens, any help with this would be fanatstic - Thank youHi Joerg
did you see NWBC Web GRC v10 WSOD
The comments in there imply it's an issue with IE8. Have you been able to try a different browser? There is a reference to specific IE8 note
Regards
Colleen -
Error message when I run searches on my website (PHP/MySQL help)
Hey guys, can someone tell me why this is happening in my PHP? I run a search on my website and get this error message ye sI filled the hostname, username and password)
Results for
PHP Error Message
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/a8295382/public_html/Search Results.php on line 233
Couldn't execute query
Here is my PHP code:
<?php
$hostname_logon = "host" ;
$database_logon = "hostname" ;
$username_logon = username" ;
$password_logon = "password" ;
//open database connection
$connections = mysql_connect($hostname_logon, $username_logon, $password_logon) or die ( "Unabale to connect to the database" );
//select database
mysql_select_db($database_logon) or die ( "Unable to select database!" );
//specify how many results to display per page
$limit = 15;
//get the search variable from URL
$var = mysql_real_escape_string(@$_REQUEST['q']);
//get pagination
$s = mysql_real_escape_string($_REQUEST['s']);
//set keyword character limit
if(strlen($var) < 3){
$resultmsg = "<p>Search Error</p><p>Keywords with less then three characters are omitted...</p>" ;
//trim whitespace from the stored variable
$trimmed = trim($var);
$trimmed1 = trim($var);
//separate key-phrases into keywords
$trimmed_array = explode(" ",$trimmed);
$trimmed_array1 = explode(" ",$trimmed1);
// check for an empty string and display a message.
if ($trimmed == "") {
$resultmsg = "<p>Search Error</p><p>Please enter a search...</p>" ;
// check for a search parameter
if (!isset($var)){
$resultmsg = "<p>Search Error</p><p>We don't seem to have a search parameter! </p>" ;
// Build SQL Query for each keyword entered
foreach ($trimmed_array as $trimm){
// EDIT HERE and specify your table and field names for the SQL query
// MySQL "MATCH" is used for full-text searching. Please visit mysql for details.
$query = "SELECT * , MATCH (field1, field2) AGAINST ('".$trimm."') AS score FROM table_name WHERE MATCH (field1, field2) AGAINST ('+".$trimm."') ORDER BY score DESC";
// Execute the query to get number of rows that contain search kewords
$numresults=mysql_query ($query);
$row_num_links_main =mysql_num_rows ($numresults);
//If MATCH query doesn't return any results due to how it works do a search using LIKE
if($row_num_links_main < 1){
$query = "SELECT * FROM table_name WHERE field1 LIKE '%$trimm%' OR field2 LIKE '%$trimm%' ORDER BY field3 DESC";
$numresults=mysql_query ($query);
$row_num_links_main1 =mysql_num_rows ($numresults);
// next determine if 's' has been passed to script, if not use 0.
// 's' is a variable that gets set as we navigate the search result pages.
if (empty($s)) {
$s=0;
// now let's get results.
$query .= " LIMIT $s,$limit" ;
$numresults = mysql_query ($query) or die ( "Couldn't execute query" );
$row= mysql_fetch_array ($numresults);
//store record id of every item that contains the keyword in the array we need to do this to avoid display of duplicate search result.
do{
$adid_array[] = $row[ 'field_id' ];
}while( $row= mysql_fetch_array($numresults));
} //end foreach
//Display a message if no results found
if($row_num_links_main == 0 && $row_num_links_main1 == 0){
$resultmsg = "<p>Search results for: ". $trimmed."</p><p>Sorry, your search returned zero results</p>" ;
//delete duplicate record id's from the array. To do this we will use array_unique function
$tmparr = array_unique($adid_array);
$i=0;
foreach ($tmparr as $v) {
$newarr[$i] = $v;
$i++;
//total result
$row_num_links_main = $row_num_links_main + $row_num_links_main1;
// now you can display the results returned. But first we will display the search form on the top of the page
echo '<form action="search.php" method="get">
<div>
<input name="q" type="text" value="'.$q.'">
<input name="search" type="submit" value="Search">
</div>
</form>';
// display an error or, what the person searched
if( isset ($resultmsg)){
echo $resultmsg;
}else{
echo "<p>Search results for: <strong>" . $var."</strong></p>";
foreach($newarr as $value){
// EDIT HERE and specify your table and field unique ID for the SQL query
$query_value = "SELECT * FROM newsight_articles WHERE field_id = '".$value."'";
$num_value=mysql_query ($query_value);
$row_linkcat= mysql_fetch_array ($num_value);
$row_num_links= mysql_num_rows ($num_value);
//create summary of the long text. For example if the field2 is your full text grab only first 130 characters of it for the result
$introcontent = strip_tags($row_linkcat[ 'field2']);
$introcontent = substr($introcontent, 0, 130)."...";
//now let's make the keywods bold. To do that we will use preg_replace function.
//Replace field
$title = preg_replace ( "'($var)'si" , "<strong>\\1</strong>" , $row_linkcat[ 'field1' ] );
$desc = preg_replace ( "'($var)'si" , "<strong>\\1</strong>" , $introcontent);
$link = preg_replace ( "'($var)'si" , "<strong>\\1</strong>" , $row_linkcat[ 'field3' ] );
foreach($trimmed_array as $trimm){
if($trimm != 'b' ){
$title = preg_replace( "'($trimm)'si" , "<strong>\\1</strong>" , $title);
$desc = preg_replace( "'($trimm)'si" , "<strong>\\1</strong>" , $desc);
$link = preg_replace( "'($trimm)'si" , "<strong>\\1</strong>" , $link);
}//end highlight
}//end foreach $trimmed_array
//format and display search results
echo '<div class="search-result">';
echo '<div class="search-title">'.$title.'</div>';
echo '<div class="search-text">';
echo $desc;
echo '</div>';
echo '<div class="search-link">';
echo $link;
echo '</div>';
echo '</div>';
} //end foreach $newarr
if($row_num_links_main > $limit){
// next we need to do the links to other search result pages
if ($s >=1) { // do not display previous link if 's' is '0'
$prevs=($s-$limit);
echo '<div class="search_previous"><a href="'.$PHP_SELF.'?s='.$prevs.'&q='.$var.'">Previous</a>
</div>';
// check to see if last page
$slimit =$s+$limit;
if (!($slimit >= $row_num_links_main) && $row_num_links_main!=1) {
// not last page so display next link
$n=$s+$limit;
echo '<div class="search_next"><a href="'.$PHP_SELF.'?s='.$n.'&q='.$var.'">Next</a>
</div>';
}//end if $row_num_links_main > $limit
}//end if search result
?>
Anyone got any ideas as to why this is happening?
Also, I have not created any tables in my database... is this why it doesn't display any search results from my website?Sorry, but it doesn't help JTANNA.
What is your definition of "more efficiently"? If it's limitation of search results, branded search, and limitation of styling your results then google search is more efficient. Real developers rely on their own developments. For example: how can google search display results from a password-protected site? They can't.
best,
Shocker
Maybe you are looking for
-
Advice for a PC configuration upgrade for Adobe Creative Cloud, please?
Hi everyone, For the moment I have an old PC (bought in April 2008) and maybe if you eventually help me I could have a more powerful machine. I am asking you five questions at then end of this post, so if someone can reply it would help me and be gre
-
How can I print the calendar from my iPad?
How can I print the calendar from my iPad/iPhone 4? I would like each month on a separate 8 1/2 x 11 sheet of paper. Thanks!
-
Can a credit memo be posted with zero amount?
Can a credit memo be posted with zero amount? What would it mean, that the goods qty have been posted free of cost? Pls reply... Thanks, Swati.
-
A particular form hangs while saving in Oracle Apps 11.5.10.2
Hi Friends, I am using Oracle Apps 11.5.10.2 on Linux. In a custom Responsibilty ,In a particular form after entering the valuses when i give confirm button the application forms hangs for a long time without saving the values. Please let me know the
-
EREC: Differences between Delete Registration & Delete External Candidate
Hello Experts, I am new to E-Recruitment. Can you please suggest me what are the exact differences between Delete Registration & Delete External Candidate as the first one locks his profile & the second one deletes his profile except that I don't see