Blank values in RAR Rules - RAR (SAP GRC AC 5.3)

Similar Messages

• Rule converstion from Approva to SAP GRC AC RAR 5.3

  Hello All,
  We have rule files of approva in XML format , please let me know is there any short cut mettod or process to change it into SAP GRC Rule files
  Please help me on this.....
  Thanks in advance
  Jagat

  Jagat,
  the import file structure is documented in the appendix of the configuration guide.
  Now all you need is a PERL or XML style sheet wizard to make one into another (or the ability to generate a flat file download you can work with in Excel).
  Frank.

• Allowed variables in SAP GRC RAR messages

  Hi experts,
  I'm using SAP GRC AC 5.3.
  In RAR, I want to configure message 0269 in cc_messages.txt file in order to change text including the description of the mitigation control.
  Does anybody knows what's is this variable name ? Or even, where can I find a list of allowed variables for insertion in messages ?
  Thanks,
  Roque.

  Roquevalder,
  I understand your question now. I see the message you are talking about:
  VIRSA_CC_MSG     0269     EN     error     The mitigating control was updated by #_!USERID#_! on #_!DATE#_! at #_!TIME#_!. This email serves a notification that you have been #_!STATUSCHANGED#_! as the monitor for : #_!LINESEP#_! #_!LINESEP#_! #_!LINESEP#_! #_!CONTROLIDTEXT#_! #_!CONTROLID#_! #_!LINESEP#_! #_!HROBJTYPELINE#_! #_!LINESEP#_! #_!OBJECTTYPE#_! #_!OBJECTID#_! #_!LINESEP#_! #_!ORGRULELINE#_! #_!LINESEP#_! #_!RISKIDTEXT#_! #_!RISKID#_! #_!LINESEP#_! #_!LINESEP#_! #_!MONTEXT#_! #_!MONITOR#_! #_!LINESEP#_! #_!LINESEP#_! #_!VALIDFROMTEXT#_! #_!VALIDFROM#_! #_!VALIDTOTEXT#_! #_!VALIDTO#_! #_!LINESEP#_! #_!LINESEP#_! #_!STATUSTEXT#_! #_!STATUS#_!
  But at the end of the file you have something like this:
  D     VIRSA_CC_MSGPRMS     0269     EN     CONTROLIDTEXT     CONTROLIDTEXT
  D     VIRSA_CC_MSGPRMS     0269     EN     CONTROLID     CONTROLID
  D     VIRSA_CC_MSGPRMS     0269     EN     HROBJTYPELINE     HROBJTYPELINE
  D     VIRSA_CC_MSGPRMS     0269     EN     ORGRULELINE     ORGRULELINE
  D     VIRSA_CC_MSGPRMS     0269     EN     RISKIDTEXT     RISKIDTEXT
  I guess if you want to add a value in the message you have also to define it at the tail of the file.
  My advice is to open a OSS message to ask for this functionality. You shouldn´t change it manually. Take into account that this file must be uploaded each time you update your GRC java components. So, if you make a custom change, you have to repeat that change every time you update. So I think you should ask SAP for this. They will probably include this field in next patches.
  Regards,
  Diego.

• Create user in SAP GRC AC 5.3 for each module (RAR, CUP, SPM, ERM).

  Hello,
  I have a doubt.
  The users of the modules of the SAP GRC AC 5.3 have to created in the UME of the EP Core, is that right?? And thet add the roles of each user for each module (RAR, CUP, SPM, ERM), is that right?
  Best Regards.
  Pablo Mortera.

  Hi Pablo,
  To access GRC AC 5.3 you can create one UME user and assign different roles related to four GRC component.
  Or you can create different GRC user and assign respective components roles.
  The example of GRC Admin role are.
  AEADMIN
  READMIN
  VIRSA_CC_ADMINISTRATOR
  regards,
  Sudip,

• SAP GRC AC 5.3 RAR Background jobs are cancelled

  Hi Experts,
  we have newly implemented theS AP GRC AC 5.3 RAR  Help me in troubleshooting the Background jobs cancellation in SAP GRC AC5.3 RAR.. we have reported this issue to customersupport they asked us to upgrade the front end  patch level to Sp15, even we upgraded still i have the same problem.. later we upgraded the backend patch  according to the SAP Note. still the problem is not resolved.
  Latest recommendation they are asking us to uninstall the SMD agent.. and also my java control.exe is showing yellow color
  help me how to resolve the issue.??
  Edited by: n.s.k mohan on May 10, 2011 6:21 AM

  Hi,
  Could you please first change RAR log settings to Java logger then take a restart of the system. After that log for your background will start coming in RAR. Then schedule the job if it fails then paste background job log here.
  Also, in future, please raise GRC related issue in GRC forum so that you can get more replies.
  Thanks
  Sunny

• Want to delete Rows from SAP Query which have u20180u2019 or blank values

  Hi Experts,
  I have made one sap-query,  in that I have added some additional fields, after that I am getting some blank or u20180u2019 values in some rows, can anyone tell me how to delete those rows which have u20180u2019 or blank values.
  Regards
  Mahadev Roy

  Hi mahadev
  You must be fetching data from SQ02 in some internal table.Delete values from that internal table.
  Also as you are fetching records from SQ02 then in the select statement you can put this condition of '0' and blank
  so that you will get appropriate result.
  Thanks
  Khushboo

• For GRC 5.3 can I use the SAP GRC 5.2 rule set

  We are going for an upgrade to GRC 5.3,  I have a small concern here....
  Can I use the same ruleset what I used in GRC 5.2 to SAP GRC5.3 ...?
  because when I checked ruleset at permission level in GRC 5.2 it displays first object of an action from one function conflicting with first object of an action from another function, where as in GRC 5.3 it displays all objects of an action from one function vs all objects of an action from another function....
  How will it impact analysis in GRC 5.3 with old rule set...?
  appreciate your response & thanks in advance.

  Hi,
  Here you will find the documentation to get Upgrade/Configuration Guides.
  [https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&]
  SAP BusinessObjects Governance --> Access Control ---> SAP GRC Access Control 5.3
  There you will find a Upgrade guideline.
  Cheers,
  Martin

• Not able to upload SAP GRC 5.2 rules

  Hi All,
  We are in the process of performing the Post Installation steps of SAP GRC CC 5.2
  While we are trying to import rule set the system is creating/scheduling a background job. In the log there is a warning regarding the URL  
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  Pls guide us as to how to import standard SAP rulesets witout getting above warning message.
  Also I dont understand why the background job is triggered when i am still trying to import the rules.
  Regards,
  Kiran Kandepalli.

  Hi Kiran,
     This is a common issue in GRC AC 5.2. Please follow the pre-implementation guide thoroughly which will take care of this issue. Look at the last section in the guide. Here is the link:
  https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0079de64-f5f1-2910-3688-b16619da82fb
  If this does not help, please follow OSS note # 999785 and 1176262.
  Regards,
  Alpesh

• Upload of SU24 Auth. objects in SAP GRC AC 5.3

  Hello,
  We are in process of SAP GRC AC 5.3 implementation, and our SAP System is not updated to SU24 (Authorization objects), in which USOBT_C is populated.
  In GRC AC 5.3 Pre-implementation checklist, it is mentioned about the above, being necessary.
  If the SAP System is not updated to SU24, then what is the other way, to upload authorization objects in RAR Post-Install Steps, after we have already completed SAP GRC Tools ( all the SCA files) install and backend RTA installation?
  Thanks!

  hi
  1. Create file (automated via batch job) from SU24 (report /VIRSA/ZCC_DOWNLOAD_SAPOBJ)
  ==> SA38 --> Background --> create a variant where you fill out the value for the server + filename (no extension needed for filename) --> schedule periodically
  2. convert to UTF-8 format (how can this be automated?)
  --> not necessary ; in my system it is UTF-8 by default
  3. upload periodically into RAR via background job (from AIX based file system !)
  --> configuration tab --> upload objects --> permission --> choose system --> leave local file blank and fill out server location (drive letter) --> click background and schedule the job daily. This is not a heavy job, therefore daily.
  Sam Szafranski
  Senior Consultant
  axl & trax

• Migarting from Approva to SAP GRC AC 5.3

  Hello All,
  One of our client using Approva applications now they are planning to move to SAP GRC Access Controls 5.3, so kindly help me or guide he how I proceed.
  Key doubts u2013
  1-How we upload rules in RAR, because we downloaded the rules from Approva.
  2-Creation of mitigation controls etc.
  It would be great if some share some documents related to above.
  Thanks,
  Jagat

  Hi Jagat,
  Once your GRC system is configured. You have to follow the following steps:
  1. Create system connector
  2. Define Master User Source
  3. Upload text & authorization objects. (Follow the AC53 Configuration guide to download these files from backend)
  4. Now as Frank has suggested you have to convert the downloaded Apporava files to .txt files. There are 9 .txt files you have to create:
  1. Business Process
  BusinessProcessId (CHAR 4)     LANGUAGE  (CHAR 2)     DESCRIPTION LANGUAGE  (CHAR 120)
  *fileds are TAB seperated
  2. Function
  FUNCTION ID (CHAR 8)     LANGUAGE  (CHAR 2)     DESCRIPTION LANGUAGE  (CHAR 120)     FUNCTION SCOPE (CHAR 1 (S:Single System, C: Cross System))
  3. Function-Business Process
  FUNCTION ID (CHAR 8)     BusinessProcessId (CHAR 4)
  4. Function-Action
  FUNCTION ID (CHAR 8)    TRANSACTION(CHAR 20)     STATUS (NUMC 1 (0 or 1))
  5. Function-Permission
  FUNCTION ID (CHAR 8)     T-CODE (CHAR 20)     OBJECT(CHAR 10)     FIELD(CHAR 10)     FROM VALUE(CHAR 40)     TO VALUE(CHAR 40)     SEARCH TYPE(CHAR3 (AND,OR,NOT))       STATUS (NUMC 1 (0 or 1))       
  6. Rule Set
  RuleSetId (CHAR 8)     LANGUAGE  (CHAR 2)     DESCRIPTION (CHAR 132)
  7. Risk ID
  RISKID (CHAR 4)     FUNCTION_1_ID  (CHAR 8)     FUNCTION_2_ID  (CHAR 8)     FUNCTION_3_ID  (CHAR 8)     FUNCTION_4_ID  (CHAR 8)     FUNCTION_5_ID  (CHAR 8)     BusinessProcessId (CHAR 4)       PRIORITYDESCRIPTION (NUMC 1 (0=Medium
  1=High 2=Low 3=Critical))      STATUS (NUMC 1 (0 or 1))        RISKTYPE (CHAR 1 (1=SoD 2=Critical Action 3=Critical Permission))
  8. Risk Description
  RISKID (CHAR 4)       LANGUAGE  (CHAR 2)     RISKDESCRIPTION (CHAR 132)     DETAILDESCRIPTION (CHAR 1000)     CONTROLOBJECTIVE (CHAR 1000)
  9. RISK_RULESET
  RISKID (CHAR 4)       RuleSetId (CHAR 8)
  For more information on templates follow the configuration guide.
  Upload these files and generate the rules.
  Hope with this you will be able to continue.
  Thanks & Regards,
  Jitan

• SAP GRC AC 5.3 integrated with BW

  Hi all,
  Has anyone of you implemented integration between SAP GRC AC 5.3 and BW and develop custom reports?
  Thanks in advance. Regards,
     Imanol

  Imanol,
  There is documentation available for the integration.  You can find that here:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e05a9879-d204-2c10-54a9-ebc94eaddc4e?quicklink=index&overridelayout=true
  Also, there are numerous pre-delivered queries already developed.  However, if you wish to develop your own reports, then you will need a BW resource to do so.
  Pre-delivered queries:
  For RAR:
  Alert Detail Listing
  Alert Header Listing
  Critical Action Violations by User
  Critical Role Viols Analysis with Long Portal IDs
  Current User Permission Risk-Perm Violation Analysis Breakdowns
  Current User Permission Risk Violation Analysis Breakdowns
  Management Summary Total Listing
  Mitigated Users Analysis
  Risk Long Descriptions
  Risk-Rule Set Relationship Listing
  Role Permission Risk Violation Analysis
  Role (Portals) Permission Risk Violation Analysis
  Supplementary Rule Detail Listing
  Supplementary Rule Header Listing
  User Permission Risk Violation with Functions
  User Permission Risk Violation with Remediation by User
  User Permission Risk Violation with Remediation by User (Top 10)
  User Permission Violation with Remediation by Risk
  User Permission Violation with Remediation by Risk (Top 10)
  For CUP:
  Access Requests
  Risk Violations
  Role Provisioning
  Service Levels
  SOD Review
  User Access Review
  User Provisioning
  Thanks!
  Ankur
  SAP GRC RIG

• Migrate SAP GRC AC 5.3 SP13 (System A - System B)

  Hello all,
  currently we have setup 2 SAP GRC AC 5.3 SP13 SAP instances (DEV / PRD) for the customer's SAP ERP system landscape. Those systems also contain some customer business functionality.
  Because of business requirements the PRD Java Instance needs to be deleted and built up again from scratch with another WebAS Java Release Version (same SID, same Hardware, etc.).
  Our plan is now to setup a dedicated Java instance which will contain the PRD installation of SAP GRC AC (new SID, different hardware, etc.) to avoid similar problems in the future. Therefore we have to migrate all of the RAR data from the "old" Java instance to the newly setup Java system. We especially need to migrate all of the RAR analysis data (e.g. SoD violation analyses of previous months, etc.), otherwise we would loose all of this information when the "old" installation is deleted and built up again.
  I have checked all of the SAP documentation for SAP GRC AC 5.3 and only found these clues:
  In document "SAP GRC AC 5.3 Configuration Guide v3.16 - Chapter Utilities -> Export Utility / Import Utility" it only says
  something about exporting / importing rule sets, mititgating controls, etc. Can these tools also be used to export / import
  analysis data too ?
  In document "SAP GRC AC 5.3 Installation Guide v2.2 - Chapter Post-System Copy Configuration" it only says something about
  steps to be executed if the SAP GRC AC installation was done via system copy. But there is no information about migrating RAR analysis data.
  In document "SAP GRC AC 5.3 Operations Guide v2.1 - 7.2 Backup strategies" it says that in order to restore the system "you need to back up all tables with the following prefixes: VIRSA and VT". Can we simply do a backup of all of those tables, import
  them into the database of the new system and the use the export/import utility to move all of the configuration etc. from the old system to the new one ?
  Regards,
  Benjamin
  Edited by: Benjamin Schlotz on Jun 30, 2011 11:57 AM

  Hello Sunny, hello Frank,
  thanks for the quick replies.
  I did know about the SNOTE regarding the post migration steps, but the To-Do's Frank posted had some additional info in them.
  One question remains still open though:
  How to actually migrate all the GRC AC RAR data (incl. old analysis data) from System A to System B
  Our intended course of action would be:
  1. Deploy SAP GRC AC on System B (same Version, SP-level etc. as in System A)
  2. Export all VIRSA* and VT* tables from DB of System A, import them all in DB of system B
  3. Export all configuration, etc. from System A, import it into System B (using the export / import functionality within RAR)
  4. Do all the post-migration tasks described by you
  Would you agree with that course of action / know any pitfalls, etc ? We need to have all the "old" RAR analysis data from System A in System B after the migration because System A will be shutdown and deleted.
  Regards,
  Benjamin

• List of Issues/ problems in SAP GRC AC 5.3 Implementation

  Hello,
  Can anyone provide me with the list of most commonly occurring problems related to
  1- SAP GRC Suite Installation
  2- RAR Module implementation
  3- CUP Module implementation
  4- ERM Module implementation
  5- SPM Module implementation
  6- SAP PC 2.5 implementation
  7- SAP RT Module implementation
  8- SAP GRC Suite Upgradation.
  Thanks in advance!!!

  Hi Abdul,
  As such there are no issues in implemeting the AC modules.
  Just make sure that you undeploy previously installed SP before deploying the new Support packages.
  1. You have to upload the initial file (xml files) again in CUP and ERM. These files should be corresponding to latest support pack.
  2. upload the CC 53_Messages.txt file in RAR with every upgrade.
  Also restart the server after deploying any following the above steps.
  For RT you can follow the note 1225960, 1060673 and make sure to restart the server after configuring the SAP Adapter.
  Regards,
  shweta

• Mitigation in SAP GRC AC

  Hi all,
  Two questions regarding mitigation in SAP GRC AC:
  1)
  Reading through the forum, we have seen that if monitor does not execute the report (action) within the frequecny set and alert is generated. Are these alerts sent out to the mitigation controls' approvers automatically or need to be triggered by executing alerts generation with mitigation flags set?
  2)
  If WF  is set and appropriate configuration is set in RAR, approver activities in CUP are approval for mitigation control maintenance and mitigation control assignment. Is this correct?
  Thanks in advance. Best regards,
    Imanol

  Hi Imanol,
     Here is my response:
  1) Reading through the forum, we have seen that if monitor does not execute the report (action) within the frequecny set and alert is generated. Are these alerts sent out to the mitigation controls' approvers automatically or need to be triggered by executing alerts generation with mitigation flags set?
  You need to go to Alert Generation -> Select Generate Alert log, Control Monitoring under Action Monitoring and Alert notification.
  2) If WF is set and appropriate configuration is set in RAR, approver activities in CUP are approval for mitigation control maintenance and mitigation control assignment. Is this correct?
  Yes, that is correct.
  Regards,
  Alpesh

• SAP GRC Access Control 5.3 .TXT - where to upload it

  Hi Experts,
  can anyone please tell me, I have to deploy/upload the patch:
  SAP GRC Access Control 5.3 .TXT SP04
  As I am new to GRC, can somebody please tell me where I upload/deploy this file.
  Is it on the server at operating system level, or through the application in the Web Browser ?
  Thanks and regards,
  Petr.

  HI ,
  As sahad said that is the right way to extract the *.SAR files the syntax is given below .
  for unix : SAPCAR -xvf /<path>/<filename>
  windows : SAPCAR -xvf <volume>:\<path>\<filename>
  If you donot specify the path then it would get extracted in the path where you are right now means the same location where you the *.SAR file is present and then you can upload .
  Then you can login into RAR portal and then go to configuration tab then click on utilities which would be the last option and then click on import and give the file location.