Business unit in mitigation control and business process in rule architect
Dear Friends
Can any one please tell me the difference between business unit configuration in mitigation control and business process in rule architect.
If they are same, why we are configuring the same two times.
full points awarded for good answer.
Thanks and Regards
A.Rama Krishna.
Edited by: Ramakrishna Ailanani on Nov 25, 2008 10:02 AM
Hello Ailanani,
The use for these entities solely depends on the business and has to be decided between the implementors and the BPOs. This can vary a lot from organization to organization and thus cant be generally stated.
Also, as this would be an integral part of the implementation, would advice you to be sure and clear once you define them or take help from some GRC AC consultants who can guide you on the same. Without a clear definition of the BPs and the BU's you may end up putting a lot of time, money and resource for a thing which probably you might have to reverse later.
Regards,
Hersh.
Similar Messages
-
We want to order adobe forms central for a small business unit 3 persons - Price and download?
thank you for further information
Forms central is a service, so I'm not sure what you are actualyl asking. Each user would require to register separately, anyway...
Mylenium -
Business process and business unit in compliance calibrator
Dear Experts,
Can any one please tell me the use of business process in rule architect and business unit in mitigation control.
Thanks and Regards
A.Rama KrishnaDear Rama,
Basically business processes are the actual day to day processes any oraganisation carries out. When we have to group tcodes / functions for rule creation , we group them according to a business process so that we can easily relate them to each other within the business process. Eg : Procure to Pay.
So the rules have to be created such that in this process there are no SOD violations in the access given to users. Thus it makes risk analysis more logical and simple for analysis.
Thanks,
Yajuvendra Sonalkar -
I have created a Child Business Unit that has a Parent Business Unit. The Child Business Unit has a team associated with it. The team has members that are all in the Business Unit.
I have restricted access in the security role so that Read access on Entity A is set to Business Unit.
My problem is that when a User from the Busines Unit I have created views the entity they can Read records of people in the Parent Business Unit but I only want them to see records for the Child Business Unit which they are a member of.
Anyone know how to resolve this?
Thanks.If the issue is with a user from the child BU seeing records in the parent business unit, it is likely a security role issue and you may wan to check the users' security role. In CRM, if more than one security role is being compared (and in this case there
are at least 2, 1 with the team, and the other with the user record) the role with the highest privileges will be taken. Not the most restrictive as some people may think. So my guess is that the user security role has org level read privileges.
You may also consider checking of there is any sharing being done with the record in the child business unit. A user could have easily shared a large chunk of records with one or more users in the parent business unit. If this is the case, you
will need to unshared them one at a time which is time consuming. You may also find a third party tool on Codeplex that will do the unsharing or you may be able to create a console app if you have someone with coding skills.
If the issue is with user seeing related records to the entity, such as seeing emails (that they shouldn't see) of others related to the an account record (that they are allowed to see) for example, this could be the result of inheritance.
I have seen this before going back to CRM 4.0. There is an older document for CRM 4.0 that covers this in depth. I don't have it on hand, I haven't reviewed it in at least 2 years, and I'm not sure if they have anything updated for the
newer versions. Not sure it this applies, since it sounds like the issue is with lower business units seeing parent BU records.
Jason Peterson -
Mitigation Monitor does not appear in Mitigation Controls section
In GRC RAR in the u201CMitigationu201D tab, I added a new Mitigation Monitor in the u201CAdministratorsu201D section and a new Mitigating Control. When I try to add the new monitor in the u201CMonitorsu201D tab within the u201CMitigation Controlsu201D section, the new monitor does not appear as an option. Iu2019m pretty sure I have every bit of authorization possible, so I donu2019t think this is an auth issue. I do not have any users assigned to the new mitigation control, so that isnu2019t the problem either.Is there a trick to getting my new monitor to show up? Thank you!
You also are required to first add the users to a Business Unit: Mitigation - Business Units - Search
Edit the business unit associated with the Mitigating control that you created and add the users.
Go back to the mitigating control and you should not see the users that you associated with the Business Unit.
-J -
Which infocube should I use for Controlling and Inventory?
Hi all,
I have several questions regarding Controlling and Supply chain management infocubes:
1. We need cost reports for the material ledger in order to meet the Brazilian compliance. I have found two infocubes:
CO-PC: Cost Object Controlling (0PC_C01)
CO-PC: Actual Costing / Material Ledger Costs (0COPC_C02)
What Infocube will help me to create a query that will meet our requirements? Which one is better?
2. We need a cost Center summary report, Expenses analysis, by product, cost center, business unit, region, plant, etc. and Expenses period comparison report. Which infocube will provide me that information for those reports, the CO-OM-CCA: Statistical Key Figures (0CCA_C03) or CO-OM-CCA: Costs and Allocations (0CCA_C11)?
3. What infocube will be needed to generate an inventory report (raw material, semi and finished goods)? Is it the Material Stocks/Movements (as of 3.0B) 0IC_C03?
Can I get an inventory report from the Purchasing data (0PUR_C01) infocube?
Thanks a lot
VicHi
1)you need to check the requiered characteristics are available or not from these data sources which supply data to the above said cubes,,2
2)0CCA_C11
3)0IC_C03
You cann't get the inventory report from the purchasing data(purchasing data always talks about the vendor supplying inventory,it never talks about the production inventory)
Hope it helps
Thanks
Teja -
Error while uploading mitigation controls
Dear All,
While uploading the mitigation controls i am facing with the below error. Can you please help me in resolving this error.
Error in table dataVIRSA_CC_MITUSER
SQL:=>Insert into VIRSA_CC_MITMON(MITREFNO,MONITORID) Values(?,?)
Record::Line Number :21 : D VIRSA_CC_MITMON TESTC1 TEST1
Below is the text file which i am uploading into the RAR for test purposes
M VIRSA_CC_ADMIN USERID NAME EMAILID ROLEID
D VIRSA_CC_ADMIN TEST1 TEST1 test M
M VIRSA_CC_BUSUNIT BUSID
D VIRSA_CC_BUSUNIT TH
M VIRSA_CC_BUSUNITT BUSID LANG DESCN
D VIRSA_CC_BUSUNITT TH EN Thailand
M VIRSA_CC_BUAPPVR BUSID APPROVERID
D VIRSA_CC_BUAPPVR TH TEST1
M VIRSA_CC_BUMONITOR BUSID MONITORID
D VIRSA_CC_BUMONITOR TH TEST1
M VIRSA_CC_MITREF MITREFNO BUSID APPROVERID
D VIRSA_CC_MITREF TESTC1 TH TEST1
M VIRSA_CC_MITREFT MITREFNO LANG DESCN
D VIRSA_CC_MITREFT TESTC1 EN Test mitigation control
M VIRSA_CC_MITRISK MITREFNO RISKID
D VIRSA_CC_MITRISK TESTC1 F006*
M VIRSA_CC_MITMON MITREFNO MONITORID
D VIRSA_CC_MITMON TESTC1 TEST1
M VIRSA_CC_MITRPT MITREFNO ACTIONS VSYSKEY MONITORID FREQUENCY
M VIRSA_CC_MITUSER MITREFNO RISKID USERID VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITROLE MITREFNO RISKID ROLEID VALIDFROM VALIDTO MONITORID STATUS
D VIRSA_CC_MITROLE TESTC1 F006* Z1.*.ASST-SC-FINC-MGR 6/9/2010 7/25/2010 TEST1 0
M VIRSA_CC_MITHROBJ MITREFNO RISKID HROBJ HROBJTYP VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITPROF MITREFNO RISKID PROFILE VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITUSRORG MITREFNO RISKID USERID ORGRULEID VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_DETDESC OBJECT_TYPE OBJECT_ID LANG DETAIL_DESCN
D VIRSA_CC_DETDESC MIT TESTC1 EN Test Mitigation control
We are not mitigating users now. Only roles are getting mitigated and hence we have not provided any values to the MIT USER table.
Thanks and Best Regard,
Srihari.KDear Varun,
Thanks for your reply. It helped me a lot. But however i am facing the following issue while uploading the mitigation controls
After exporting the mitigation file from RAR, we opened the text file in a spreadsheet format and added few lines to the file and saved in the same text format or in UTF-8 format also
After uploading the same into RAR again after changes we are facing similar errors mentioned in above query.
But when we add lines directly in the wordpad and upload the file then it is successful.
We have to add so many mitigation controls and roles to be assigned for which excel would be easy way to dump.
Is there anything wrong we are doing here in editing and converting the files.
Thanks and Best Regards,
Srihari.K -
Hi all,
We have configured Mitigation Controls and mitigated some of the users. We have the following queries in this regard:
a) When we run the SoD anlaysis for that particular user we could able to see only half description of the Mitigation Control.
Is there any limitation for the space or the parameters for the Mitigation Control Description.We are unable to see the entire description of the Mitigation Control (If the mitigation control is more than 7-8 lines) in the Detailed Report screen as well. Even after downloading into a spreadsheet also we are getting only the part of the mitigation control and not the entire description of the mitigation control
b) A risk ID can be addressed by 2 or 3 mitigation controls. In this scenario,we have assigned 2-3 mitigation controls to one Mitigated user for mitigation. When we run SoD analysis we could able to see only the latest mitigation control assigned to the user in the report format (say out of 3 assigned only the 3rd one assigned is being shown).
But when we did a search for Mitigation controls with the Risk ID & User ID combination then it is throwing all the 3 mitigation controls. But the same is not shown in SoD violations reports
Is there anything to do with the parameters set up or at the configuration side to resolve this.
Please provide the procedure also in case of any changes to be made at configuration level.
Thanks and Best Regards,
SriHi Vit,
Thanks for your reply. We crosschecked and you are correct that the space limitation is only for 132 characters in this table.
Is there a way to get the mitigation control whole description or do we need to stick to this limitation itself.
Also, when we did a search for Mitigation Control it gives only Mit.ID, Mit Control Desc, BU and Management approver. Whether there are any tables (from SAP Backend) or reports where we can get the Risk Ids including the above addressed by the mitigation controls.
Thanks and Best Regards,
Sri -
Significance of Monitor in Mitigation control
Can any body help me understand what does Monitor does in Mitigation control and what does the statement mean below:
"When creating a mitigation control, need to define the Action, Monitor ID, and
Frequency. If the monitor does not execute the action within the set frequency, then an alert
is generated"
Thanks,
AbhimanuHello Abhimanyu,
1. Can any body help me understand what does Monitor does in Mitigation control:
The role of Monitor is to see whether everything that was risky from the access being mitigated is fine or not. That is, he/she would see to it that the user who has been given extra excess or conflicting access has not misused it. Every Mitigatin control, for this purpose has a Monitor attached to it who does this job.
2. what does the statement mean below:
"When creating a mitigation control, need to define the Action, Monitor ID, and
Frequency. If the monitor does not execute the action within the set frequency, then an alert
is generated"
I guess this is also covered in the explanation for point 1 and the post above from Margaret. In case not, please let us know.
Regards,
Hersh.
http://www.linkedin.com/in/hersh13
Edited by: HERSH GUPTA on May 7, 2009 10:43 AM -
CC: Entering Mitigation Controls
Hi ,
I am entering mitigation controls in CC and am noticing 2 issues
1) I cannot blanket mitigate a selection of users. Blanket mitigation only seems to apply if I want to mitigate all users. Is there any way to add 10 select users to a mitigation control by selecting the 10 users, rather than having to specify risk, validity dates etc. for all 10?
2) I have noticed in SAP documentation that * should be entered after the risk ID e,g, P005*. Why should this be entered. This does not default when setting up the mitigation control and if I forget to do it, I have to delete the mitigation entry for the user and recreate. Can anybody advise why * must be entered and if there is a way to default *
Thanks,
GaryGary,
1) No there is no way to select 10 individual users without creating a line item for each one. Unless they all get the access from the same Role. If that was the case you could just create the mitigating control for that role and anyone that would have the conflict via that Role would not appear in your risk reports.
2) The reason you have to enter * in the mitigating controls is so that all risk ID's are mitigated by your rule. For example short risk ID P033 is made up of multiple long risk ID's based on each transactional combination i.e. P03300101 for ME21,ME51, P03300201 for ME21N,ME51, P03300301 for ME22,ME51, P03300401 for ME22N,ME51.
So to cover all possible transaction combinations with a mitigating control you need to enter it for P033*. This would also allow you to enter a mitigating control for only long risk id P03300101 it your mitigating control only covered users with access to ME21 and ME51.
Hope that helps.
Matt. -
Mitigation controls assignation to users in RAR
Hi,
While assigning mitigation control to the users (RAR>Mitigation> Mitigated Users-->Add), it is only possible to assign 1 user at a time...Would it be possible to assign more than 1 user through multiple selection
Thanks
AbhijeetAbhijeet,
From that path, you cannot assign multiple users at once however, if authorised, you can upload mitigation controls and within the upload files, you can upload users assigned to them.
Simon -
Hi guys, i've been able to finally get the alerts generation and email sending working.
However i'm having problems with the mitigating controls report.
I've created a few Mitigation Controls and also stated under the 'reports' section that Monitor X should run Report Z in a frequency of 1 day. However even after a few days the mitigating controls report is showing nothing.
Is there something wrong with my setup? If i created a control again Risk AA, do i need to explicitly execute the conflicts relating to Risk AA or is it assumed that even if i do not, the system is still expecting Monitor X to run report Z everyday ?First, as you probably know, the recording of any info on the Reports Tab of the Mitigating Control screen is completely optional. Even if information is recorded, it has nothing to do with the Mitigating Controls reports available within Informer.
If report information is recorded, this is done either purely for documentation purposes or to set the stage for the generation of a "Mitigating Monitor" Alert. This type of alert will be generated if the designated monitor does not execute the designated SAP "report" transaction within the timeframe specified.
Like any other type of alert, generation requires execution of the Alert Generation background job. -
Reduplicative mitigation controls
Hi There,
In RAR of GRC 5.3, there are many reduplicative mitigation controls. I tried to delete duplications, it seems like if I delete one of them, I will delete all of them. Could you please advise how to delete reduplicative mitigation controls and just keep one of them? And I also want to know why there are many reduplicative mitigation controls in our GRC. Thanks.
Thank you for any information or suggestion!
Regards,
Sophie WHi Sophie,
You can check following
Check if mitigation to user assignment table has duplicates or it is only display error.
Check if they are exactly same in all details or there is a difference.
This will help you to focus in specific direction for troubleshooting.
BR,
Mangesh -
Hi,
Is their a way we can maintain and update mitigating controls on GRC (GUI) back-end.UI can't be able to find those i created and migrated. Any ideas?
Regards, MelvinHi,
REF CALL # : 968707 / 2011
I created mitigating controls and imported the old mitigating controls from GRC 5.3.
When I go to the mitigating controls on the UI no mitigating controls appear when opening the page. When I do a drop down (drill) on the TAB (SETUP) Work Centre  Link - Mitigating Control
When drilling down on Mitigating Control IDu2019s
The only two displayed is the ones I created on the UI. When I import the GRC5.3 mitigating controls I get the following
message on the import tool within GRC10 back-end
--Start Loading File - Scenario of 5.3 Mitigation - Migration
sapvirdevexport53/BUNITdata.dat
Mitigation Control EA:BS001 already exists
Mitigation Control EA:BU001 already exists
Mitigation Control SOLMAN99 already exists
--File loaded successfully
The migration document refers to the following steps and this was followed
Why is the screen empty when going into the mitigating control link on the UI - Another strange phenomenon is when I run the mitigating report from report and analytics the mitigating control comes up blank.
When in the report and analytic work centre, and running the mitigation control report - -> I drill down on the Control ID and get the blank screen.
This is why im asking can I look at mitigating controls not from ECC but GRC back-end system and maintain it from their
Regards, Melvin -
Difference between Business service, Business system and Business process
Hi,
Can anyone tell me the difference between Business service, Business system and Business process?
Thanks,
Harikumar. SHi,
<b>Business system</b>
It is a logical system from a business point of view.
One or more logical systems that belong together from a business point of view is called a group of Business system group. A business system group represents a unit within a company or organization that can be defined according to legal, economic, administrative or geographic factors.
The objects in a business system group are uniquely identified by a uniform numbering system.
<b>Business process</b>
Business procedure within an enterprise that uses resources and can involve activites from a number of different cost centers in a controlling area.
When executing a business process, activities can be utilized for several cost centers of a controlling area.
<b>Business service</b>
Its a third party system.
All these belong to a Business Scenario which is
Description of the flow of business processes according to a business typology. A business scenario represents a template for a business process, which runs within a particular area of a company process. All processes required to completely process the task are listed in chronological order in the scenario. Business scenarios can be described graphically, in either aggregated or detailed form (EPC). Example: Direct sale to industrial recipient
<b>**DO REWARD POINTS IF THIS IS HELPFUL FOR YOU**</b>
Regards
AK
Maybe you are looking for
-
Hi everyone I have EASYSIGN version 5 signmaking program installed on Windows XP and have been using it for a number of years without any problems untill know. Everytime I want to use the Compatibility to open Adobe illustrator cs2 on my Easysign I e
-
Auto refresh flash chart not working (APEX 3.1)
Hi All I followed the instructions on how to update auto refresh flash charts on the following page: http://www.inside-oracle-apex.com/2007/04/auto-refresh-flash-charts-in-apex-30.html Is there anything else that needs to be done? I dont get a 'last
-
CO27, MF60 with serial number
Hi Everyone, Does anybody know whether we can post goods issue for component with serial number using t-code CO27 and MF60... if can, how? I know MB1A and MB1B works with serial number. Best Regards, Bin
-
Financial reporting studio compatibility
Hi, We have two Hyperion projects( 1st team uses 11.1.1.3 and 2nd team uses 11.1.2.1) in the company . Now Financial reporting developer wants to create reports for both the projects using same FR studio. Please advice how to connect to Essbase 11.1.
-
Forms compilation Errors under Linux
Hello, I have a main form called Tbdoctrk.fmb. This forms compiles and runs perfectly through Oracle 9i iDS. When transfering the fmb file under Linux, and attempting to recompile using the f90genm.sh utility, I get the following compilation errors: