Alert Rule Setting via Tcode

Similar Messages

• How to Unset Alert Thresholds Set via DBMS_SERVER_ALERT.SET_THRESHOLD

  Hi Folks,
  Can some one suggest the working steps to un set the DBMS_SERVER_ALERT
  Regards

  790072 wrote:
  Thanks for the quick reply ..
  I am just not sure of the values set for the parameters ,
  how can i look at the values set for the DBMS_SERVER_ALERT.SET_THRESHOLD
  so that i can revert back after i unset with NULL values .
  any suggestion is highly apprciated .
  Regards
  GET_THRESHOLD Procedure
  This procedure gets the current threshold settings for the specified metric.
  Syntax
  DBMS_SERVER_ALERT.GET_THRESHOLD(
     metrics_id               IN   BINARY_INTEGER,
     warning_operator         OUT  BINARY_INTEGER,
     warning_value            OUT  VARCHAR2,
     critical_operator        OUT  BINARY_INTEGER,
     critical_value           OUT  VARCHAR2,
     observation_period       OUT  BINARY_INTEGER,
     consecutive_occurrences  OUT  BINARY_INTEGER,
     instance_name            IN   VARCHAR2,
     object_type              IN   BINARY_INTEGER,
     object_name              IN   VARCHAR2);
  Parameters
  Table 129-6 GET_THRESHOLD Procedure Parameters
  Parameter     Description
  metrics_id
  The internal name of the metric. See "Supported Metrics".
  warning_operator
  The operator for the compa3ring the actual value with the warning threshold.
  warning_value
  The warning threshold value.
  critical_operator
  The operator for the comparing the actual value with the critical threshold.
  critical_value
  The critical threshold value.
  observation_period
  The period at which the metric values are computed and verified against the threshold setting.
  consecutive_occurrences
  The number of observation periods the metric value should violate the threshold value before the alert is issued.
  instance_name
  The name of the instance for which the threshold is set. This is NULL for database-wide alerts. In cases in which this parameter is not NULL, this should be set to one of the INSTANCE_NAME values found in the GV$INSTANCE View.
  object_type
  Either OBJECT_TYPE_SYSTEM or OBJECT_TYPE_SERVICE.
  object_name
  The name of the object.
  Usage Notes
  Note that this subprogram does not check if the value of the instance_name parameter is meaningful or valid.

• BAM getting random timeouts calling BPEL web service as alert rule

  I have a BAM alert rule set up to call a BPEL process (web service call basically). This is part of our custom error notification and escalation solution.
  In production I randomly see timeouts in the BAM event engine logs where the web service call has timed out. On the BPEL side these processes never show as being invoked, nor are they in manual recovery.
  This only happens at random times, although usually in "clumps" lasting a few minutes. The rest of the time this has been fairly reliable.
  Any help from the BAM experts would be appreciated. I would open an SR on this, but I have found support to literally take days/weeks to get back to me on BAM issues -- and this particular issue does not seem to be reliably reproduceable.
  Here is the event engine log message:
  2008-01-31 14:46:35,303 [ActionThreadPool (dynamic 11309)] ERROR - EventEngine Action exception: EEInstEv218067 EEInstAct218066 Rule Id: 1 exception: The operation has timed-out. (http://mcsbpel:8888/orabpel/MAEF/svcMaefErrorAlert/1.0)
  2008-01-31 14:46:35,303 [ActionThreadPool (dynamic 11304)] ERROR - EventEngine Action exception: EEInstEv218066 EEInstAct218065 Rule Id: 1 exception: The operation has timed-out. (http://mcsbpel:8888/orabpel/MAEF/svcMaefErrorAlert/1.0)
  2008-01-31 14:46:35,303 [ActionThreadPool (dynamic 11309)] WARN - EventEngine Exception stack trace: at Oracle.BAM.Middleware.EventEngine.ExternalActions.WebServiceCaller.TakeAction(Hashtable oParameters, String strDataObject, Hashtable oDataValues, Hashtable oDataTypes)
  at Oracle.BAM.EventEngine.Actions.TakeExternalAction.TakeAction(String strSysIterID, Hashtable oParameters, String strDatasetName, XmlDocument xmlSchemaDoc, IDictionary intDataDictionary)
  at Oracle.BAM.EventEngine.Actions.ActionProcessor.ExternalAction(ActionQueueItem oActionQueueItem)
  at Oracle.BAM.EventEngine.Actions.ActionProcessor.ActionHandler(Object state, DateTime requestEnqueueTime)
  2008-01-31 14:46:35,303 [ActionThreadPool (dynamic 11304)] WARN - EventEngine Exception stack trace: at Oracle.BAM.Middleware.EventEngine.ExternalActions.WebServiceCaller.TakeAction(Hashtable oParameters, String strDataObject, Hashtable oDataValues, Hashtable oDataTypes)
  at Oracle.BAM.EventEngine.Actions.TakeExternalAction.TakeAction(String strSysIterID, Hashtable oParameters, String strDatasetName, XmlDocument xmlSchemaDoc, IDictionary intDataDictionary)
  at Oracle.BAM.EventEngine.Actions.ActionProcessor.ExternalAction(ActionQueueItem oActionQueueItem)
  at Oracle.BAM.EventEngine.Actions.ActionProcessor.ActionHandler(Object state, DateTime requestEnqueueTime)

  I should note that both BPEL and BAM are at version 10.1.3.1

• Set JArray values with invalid key value: "LastUpdatedTime" on new alert rule creation

  Hey all!
  I'm trying to create a new alert rule using version 0.9.11 of the Monitoring Library and am getting this error on alertsClient.rules.CreateOrUpdate:
  "Set JArray values with invalid key value: "LastUpdatedTime". Array position index expected."
  That's interesting because LastUpdatedTime is a DateTime object, and whether I set it or I don't, if I set a breakpoint, it does set itself correctly, but the API appears to be expecting a JSON hash?
  I've tested alertsClient and I'm able to get existing alerts (also metrics with metrics client), so I don't believe it's an access issue.
  Any ideas?
  The full code I'm using for the test (borrowed virtually verbatim from the Cloud Cover video
  here): 
  Rule newRule = new Rule
      Name = "CPU Over 90%",
      Id = Guid.NewGuid().ToString(),
      Description = "CPU Has been over 90% for 5 minutes",
      IsEnabled = true,
      LastUpdatedTime = DateTime.Now,
      Condition = new ThresholdRuleCondition
          Operator = Microsoft.WindowsAzure.Management.Monitoring.Alerts.Models.ConditionOperator.GreaterThan,
          Threshold = 90,
          WindowSize = TimeSpan.FromMinutes(5),
          DataSource = new RuleMetricDataSource
              MetricName = "Percentage CPU",
              ResourceId = "",
              MetricNamespace = ResourceIdBuilder.BuildCloudServiceResourceId(<cloudservicename>, <deploymentname>)
  RuleAction action = new RuleEmailAction
      SendToServiceOwners = true,
  newRule.Actions.Add(action);
  OperationResponse alertResponse = alertsClient.Rules.CreateOrUpdate(new
  RuleCreateOrUpdateParameters { Rule = newRule });
  Console.WriteLine("Create alert rule response: " + alertResponse.StatusCode);

  Hi Greg,
  Thanks for your post!
  Error "JArray" has been fixed in the latest nugget package.
  Refer to:
  http://www.nuget.org/packages/Microsoft.WindowsAzure.Management.Monitoring/
  Hope this helps!
  Regards,
  Sadiqh

• Setting alert rule in RWB

  Hi Experts,
  i am working on ccms alerts. am done with the alert configurations now. Am at the final stage -ALERT RULE. now i want to receive alerts for all channels except for one particular sender and receiver service. please let me know how do i exclude this. Like if i give " * " in all the condition, everything will be included. Do i have to specify not equal to SENDER1_BS something like that?
  thanks.
  kanan

  hi all , please respond on how to exclude particular Buss Service in the Alert Rule "Condition". I am setting alert only for channels.
  thanks.
  kanan

• What can be monitored using Alert rule via Runtime workbench? Help!

  Hi Experts,
          In the alert configuration in XI runtime workbench, there is something called Alert Rule. Under Alert Rule there are options where we can give sender/receiver interfaces, channel, etc.
  What exactly we can monitor using this option?
  If my receiver is another SAP R/3 system then using this can I send alert when the SAP R/3 is down?
  Similary if my sender is also SAP R/3 then can I monitor if this system is down?
  What more can we monitor with this?
  Kindly help!
  Thanks
  Gopal

  Hi,
  Alert rule is not at all used for monitoring directly. it can act as a filter for your alert category. so first you must have created an alert category.
  you can specify the sender/receiver party,service,interface and namespace in a alert rule after choosing a alert category.
  you can also specify where you are expecting an error like integration engine or adapter engine
  if you define an alert category with an alert rule, no restrictions then you will get all alerts for all sort of errors from all of your interfaces.
  so by specifying an alert rule you are restricting an alert category that you created to a particular sender service or namespce etc..
  to get step by step idea of how to create alerts see the below blogs
  /people/michal.krawczyk2/blog/2005/09/09/xi-alerts--step-by-step
  /people/michal.krawczyk2/blog/2005/09/09/xi-alerts--troubleshooting-guide
  kind regards
  francis

• Allowing jnlp via deployment rule set

  Hello,
  In our network, we use a deployment rule set to only allow applets that we deem necessary, and all others are blocked.  This has been working fine.  However recently I've been asked to add a website to the allowed list.  This website downloads a jnlp file, then launches the jnlp locally, and is blocked every time.  Now I'm not that well versed in java applets.  But I've added the website address that this applet calls too, and have had no luck with this running.  Everything I've tried has not worked.
  This is a snippet of the ruleset.xml
  <rule>
  <id location="http://elm.elluminate.com:80/" /> <!-- Assessor Online Class -->
  <action permission="run" />
  </rule>
  The java console has not been helpful, as the application is blocked before java even starts...after the jnlp verifies, it blocks the application due to the ruleset.  How can i set this ruleset up so that this jnlp is allowed to run?

  Hello,
  To allow a local jnlp to run without any prompts using Deployment Rule Sets, you can use a rule to allow all the applets signed with a specific certitificate:
  <rule>
          <id>
               <certificate hash="794F53C746E2AA77D84B843BE942CAB4309F258FD946D62A6C4CCEAB8E1DB2C6" />
          </id>
          <action permission="run" />
  </rule>   
  You can get your certificate hash in SHA-256 from the signed jar file following this doc:
  http://docs.oracle.com/javase/8/docs/technotes/guides/jweb/security/deployment_rules.html#gethash

• Access to update the GRC rule set is limited

  Hello - What is the process (tcode) to see who has access to update the GRC rule set?
  Thanks!

  Hi Sam,
     What is the version of your RAR (CC)? If it is CC 4.0 then you enter the product via tcode and go to rule architect to make changes. If you have CC 5.X then you go through the web browser and go to Rule architect to make changes to the rule set.
  The process to change a rule set is as below:
  1) Creats Function
  2) Create risk
  3) Create Rule
  Regards,
  Alpesh

• RAR: Global Rule set

  Hi,
  I am wondering if the latest global rule set contains the tcodes, authorization objects and values based on the latest version of SAP? If yes, can this global rule set be applicable for SAP version 4.7 ?
  Thanks,
  Debbie

  Hello Rajesh,
  Hope this information from SAP helps you.RAR Rule Update - Documentation
  It is not possible to programmatically send out updates to the default ruleset (i.e. via transports or STMS). 
  This is because rule uploads only overwrite and not append.  As every company should have made changes to their ruleset, SAP cannot send out rule updates as this would overwrite the customization done by each company
  Since the SAP acquisition of Virsa, there have been seven updates to the supplied ruleset which are described in detail in SAP notes below.
  1061380 u2013 Q2 2006
  1035070 u2013 Q1 2007
  1083611 u2013 Q3 2007
  1173980 u2013 Q2 2008
  1326497 u2013 Q2 2009
  1446680 u2013 Q2 2010
  1604722 u2013 Q3 2011
  These notes provide a company a detailed Word document that summarizes the changes made. 
  The company must go through these changes to evaluate if they agree with the SAP supplied change. 
  If they agree, the company will have to make the change manually via the Rule Architect.
  To get more details, please refer to note#986996
  Regards,
  Renuka

• Regarding Defining Alert Rules

  Hi Everyone,
  I was trying to Configure Alerts.
  I had defined Alert category in Tcode:ALRTCATDEF. Add the Recepient
  Then I log on to RWB and choose *Alert configuration*
  I was trying to define Alert Rule, I had Given Description, selected Alert Category, But Add Rule and Change Rule Is Disabled. How to define the Rules.
  One more thing is, Under Conditions, We have option as Connected to Message, If I select Yes or No, I get error page saying " Access via 'NULL' object reference not possible"
  When I checked the same In ST22, I found "OBJECTS_OBJREF_NOT_ASSIGNED"
  Do I need to Configure anything else.
  I am finding Difficult in Defining Alert Rules. Any Help would be Appreciated.
  Regards,
  Varun
  Edited by: Varun on Dec 17, 2008 6:38 PM

  Issue Is solved when I changed the Cookies Settings, thus Add Rule Option Is Enabled
  Regards,
  Varun

• I have messages in mail that are color-coded as if by a rule, but I have no rules set. How can I correct this?

  The only rule that I ever had in Mail was the default one that color coded messages from Apple blue. I notice that some messages are color-coded brown and I have no rules set at al (hence no rule to turn off.)  Some of the messages are related to viewing online magazine, but not all.  How can I stop this?

  Hi. Thanks for your message.
  Well, I understand what you are trying to say but I thought it was easier to categorize in Apple Mail.
  On Entourage I just click twice on a sender address, record it on Address book and give it a colour that I previously defined as "Work", "Personal", "Customers", "Suppliers", "Friends" or whatever.
  As Apple Mail don't have Address Book as part of it but an outside feature it's very annoying. Of course I am used to use a software and I don't expect now Apple Mail do everything as Entourage but... as someone said it seems Apple Mail stopped in time. The recent version seems the first one ever issued. I hate the way Mail.app handles attachments by placing big chunky previews right in my email. I prefer them to be named attachments listed somewhere else, out of the content of my email. I don't if I can change this via terminal commands? Can you tell me if that is possible?
  I don't understand why Apple Mail have lots of plugins instead of a great improvment from the backstage.
  I use Apple computers since ever and I love this machines but sometimes I don't understand this lake of improvments.
  Take a look at this link:
  http://scottworldblog.wordpress.com/2009/10/12/microsoft-entourage-vs-apple-mail /
  Of course I don't agree 100% with him but some things are true...

• Do you trust the SAP standard rule set ?

  Hello all,
  I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
  As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
  1. what is your SAP release  ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
  2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
  Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point. 
  So, the best practice is :
  a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
  b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
  You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
  Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
  Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
  Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu.  But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
  Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA.  The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA.  That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional  auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
  Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
  Success !
  Sam

  Sam and everyone,
  Sam brings up some good points on the delivered ruleset.  Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point.  This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks.  I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
  I'll try to address each area that Sam brings up:
  1.  Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific.  We therefore provide rules with the lowest common denominator when it comes to auth object settings.
  The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
  The underlying assumption is that we want to ensure the rules do not have any false negatives.  This means that we purposely activate the fewest auth objects required in order to execute the transaction.
  If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
  Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
  2.  For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone.  This is why we deliver only the core auth objects in our rules and not all.  A example is ME21N. 
  If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain.  However, in the rules we only enable one of the object, M_BEST_BSA.  This is to prevent false negatives.
  3.  Sam is absolutely right that the delivered auth object settings for FB01 have a mistake.  The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK.  This was a manual error on my part.  I've added this to a listing to correct in future versions of the rules.
  4.  Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed.  See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
  1083611 Compliance Calibrator Rule Update Q3 2007
  1061380 Compliance Calibrator Rule Update Q2 2006
  1035070 Compliance Calibrator Rule Update Q1 2007
  1173980 Risk Analysis and Remediation Rule Update Q2 2008
  5.  SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved.  See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008.  A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
  6.  Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
  https://www.sdn.sap.com/irj/sdn/bpx-grc                                                                               
  Under Key Topics - Access Control; choose document below:
      o  GRC Access Control - Access Risk Management Guide   (PDF 268 KB) 
  The access risk management guide helps you set up and implement risk    
  identification and remediation with GRC Access Control.

• Alerts not getting generated from Alert rules

  Hello
  I had a problem displaying Alert messages in Alert Inbox.I have created my category and I am raising the alert from BPM and thats working fine.But in some cases where I have define rules(via Alert Configuration in Runtime Workbench) for Alert Generation alerts are not getting raised.I am having the two background jobs running as per the documentation.
  I checked by creating a rule where sender was BPM and receiver is File and the alert should get generated when the Adapter fails(i gave wrond username for FTP server).
  Any idea what step might be missing?
  Thanks in advance.
  Regards
  Rajeev

  Hello Rajeev,
  have you checked in transaction ALRTDISP if the required alert has been created at all?
  If yes, then have a look at the receivers, if no then check the following things:
  - are your jobs running sucessfully?
  - does the alert get created when you execute SALRTPROC report manually?
  - are there old alerts of the same category not confirmed and flag surpress multiple alerts activated in the alert rule?
  Best regards
  Christine

• Need information on the new RAR Rule Architect/Rule Set functions

  Does anyone have any information on the new 5.3 functions listed under Rule Architect/Rule Sets, specifically the Compare function?
  My 5.3 Config manual mentions this area but doesn't describe anything about it.  I have a request from our user group and need to determine if this can fit that request.
  What they are looking for is an easy way to compare our RAR Rule Set with the latest SAP version (Q2 2010 is the most recent I believe).  Just from the screen shots, it looks like we could maybe use the Rule Sets functions for that.  Load the new SAP one into RAR as a separate ruleset and then run this Compare function.  However I haven't been able to find any documentation on this function, so I don't know if it really does what we are looking for.
  Thanks.

  Hi,
  the error 'NullPointerException ' is very common error in GRC.
  kindly search, you will find lots of threads and notes on thi.
  check you permission TXT file. It contain null value some where.
  especially check SD01 & SD02 tcodes.
  Also open permission file in word and check all TAB's and ENTER's in technical view.
  Regards,
  Surpreet

• Alert rules in Quality

  When I am trying to create the alert rules in quality of RWB it is throwing error code Error Code 10061: Connection refused.
  1. Do I required any authorizations in quality to define alert rules as I already had authorization for the transaction: SAP_ALM_CUSTOMIZER in quality.
  2. I want to configure the Email alerts to be send to recipients in quality also. I have done the required configuration in SCOT and SU01 for the dev system to receive mails. Do I have to need configure SCOTu2013SMTP port setting in quality also?

  Hi Praveen,
  > When I am trying to create the alert rules in quality of RWB it is throwing error code Error Code 10061: Connection refused.
  Check if the ECC system exists and the Technical system is configured properly.
  Check this link in 1st question
  http://wiki.sdn.sap.com/wiki/display/EP/TroubleshootingSAPJavaConnector%28JCo%29
  > 1. Do I required any authorizations in quality to define alert rules as I already had authorization for the transaction: SAP_ALM_CUSTOMIZER in quality.
  Normal roles is enough (what roles you have in the Dev system)
  > 2. I want to configure the Email alerts to be send to recipients in quality also. I have done the required configuration in SCOT and SU01 for the dev system to receive mails. Do I have to need configure SCOTu2013SMTP port setting in quality also?
  In the SCOT you hahe to give the Mail server IP address and port details.
  Regards
  Ramesh