Business unit in mitigation control and business process in rule architect

Similar Messages

• We want to order adobe forms central for a small business unit 3 persons - Price and download?

  thank you for further information

  Forms central is a service, so I'm not sure what you are actualyl asking. Each user would require to register separately, anyway...
  Mylenium

• Business process and business unit in compliance calibrator

  Dear Experts,
  Can any one please tell me the use of business process in rule architect and business unit in mitigation control.
  Thanks and Regards
  A.Rama Krishna

  Dear Rama,
  Basically business processes are the actual day to day processes any oraganisation carries out. When we have to group tcodes / functions for rule creation , we group them according to a business process so that we can easily relate them to each other within the business process. Eg : Procure to Pay.
  So the rules have to be created such that in this process there are no SOD violations in the access given to users. Thus it makes risk analysis more logical and simple for analysis.
  Thanks,
  Yajuvendra Sonalkar

• Business Unit Security Access

  I have created a Child Business Unit that has a Parent Business Unit. The Child Business Unit has a team associated with it. The team has members that are all in the Business Unit.
  I have restricted access in the security role so that Read access on Entity A is set to Business Unit.
  My problem is that when a User from the Busines Unit I have created views the entity they can Read records of people in the Parent Business Unit but I only want them to see records for the Child Business Unit which they are a member of.
  Anyone know how to resolve this?
  Thanks.

  If the issue is with a user from the child BU seeing records in the parent business unit, it is likely a security role issue and you may wan to check the users' security role. In CRM, if more than one security role is being compared (and in this case there
  are at least 2, 1 with the team, and the other with the user record) the role with the highest privileges will be taken. Not the most restrictive as some people may think. So my guess is that the user security role has org level read privileges.
  You may also consider checking of there is any sharing being done with the record in the child business unit.  A user could have easily shared a large chunk of records with one or more users in the parent business unit.  If this is the case, you
  will need to unshared them one at a time which is time consuming.  You may also find a third party tool on Codeplex that will do the unsharing or you may be able to create a console app if you have someone with coding skills.
  If the issue is with user seeing related records to the entity, such as seeing emails (that they shouldn't see) of others related to the an account record  (that they are allowed to see) for example, this could be the result of inheritance. 
  I have seen this before going back to CRM 4.0.  There is an older document for CRM 4.0 that covers this in depth.  I don't have it on hand, I haven't reviewed it in at least 2 years, and I'm not sure if they have anything updated for the
  newer versions.  Not sure it this applies, since it sounds like the issue is with lower business units seeing parent BU records.
  Jason Peterson

• Mitigation Monitor does not appear in Mitigation Controls section

  In GRC RAR in the u201CMitigationu201D tab, I added a new Mitigation Monitor in the u201CAdministratorsu201D section and a new Mitigating Control. When I try to add the new monitor in the u201CMonitorsu201D tab within the u201CMitigation Controlsu201D section, the new monitor does not appear as an option. Iu2019m pretty sure I have every bit of authorization possible, so I donu2019t think this is an auth issue. I do not have any users assigned to the new mitigation control, so that isnu2019t the problem either.Is there a trick to getting my new monitor to show up? Thank you!

  You also are required to first add the users to a Business Unit: Mitigation - Business Units - Search
  Edit the business unit associated with the Mitigating control that you created and add the users.
  Go back to the mitigating control and you should not see the users that you associated with the Business Unit.
  -J

• Which infocube should I use for Controlling and Inventory?

  Hi all,
  I have several questions regarding Controlling and Supply chain management infocubes:
  1. We need cost reports for the material ledger in order to meet the Brazilian compliance. I have found two infocubes:
  •CO-PC: Cost Object Controlling (0PC_C01)
  •CO-PC: Actual Costing / Material Ledger – Costs (0COPC_C02)
  What Infocube will help me to create a query that will meet our requirements? Which one is better?
  2.  We need a cost Center summary report, Expenses analysis, by product, cost center, business unit, region, plant, etc. and Expenses period comparison report. Which infocube will provide me that information for those reports, the CO-OM-CCA: Statistical Key Figures (0CCA_C03) or CO-OM-CCA: Costs and Allocations (0CCA_C11)?
  3. What infocube will be needed to generate an inventory report (raw material, semi and finished goods)? Is it the Material Stocks/Movements (as of 3.0B) 0IC_C03?
  Can I get an inventory report from the Purchasing data (0PUR_C01) infocube?
  Thanks a lot
  Vic

  Hi
  1)you need to check the requiered characteristics are available or not from these data sources which supply data to the above said cubes,,2
  2)0CCA_C11
  3)0IC_C03
  You cann't get the inventory report from the purchasing data(purchasing data always talks about the vendor supplying inventory,it never talks about the production inventory)
  Hope it helps
  Thanks
  Teja

• Error while uploading mitigation controls

  Dear All,
  While uploading the mitigation controls i am facing with the below error. Can you please help me in resolving this error.
  Error in table dataVIRSA_CC_MITUSER
  SQL:=>Insert into  VIRSA_CC_MITMON(MITREFNO,MONITORID) Values(?,?)
  Record::Line Number :21 : D VIRSA_CC_MITMON TESTC1 TEST1
  Below is the text file which i am uploading into the RAR for test purposes
  M     VIRSA_CC_ADMIN     USERID     NAME     EMAILID     ROLEID               
  D     VIRSA_CC_ADMIN     TEST1     TEST1     test     M          
  M     VIRSA_CC_BUSUNIT     BUSID                              
  D     VIRSA_CC_BUSUNIT     TH                              
  M     VIRSA_CC_BUSUNITT     BUSID     LANG     DESCN                    
  D     VIRSA_CC_BUSUNITT     TH     EN     Thailand                    
  M     VIRSA_CC_BUAPPVR     BUSID     APPROVERID                    
  D     VIRSA_CC_BUAPPVR     TH     TEST1                         
  M     VIRSA_CC_BUMONITOR     BUSID     MONITORID                         
  D     VIRSA_CC_BUMONITOR     TH     TEST1                         
  M     VIRSA_CC_MITREF     MITREFNO     BUSID     APPROVERID               
  D     VIRSA_CC_MITREF     TESTC1     TH     TEST1                    
  M     VIRSA_CC_MITREFT     MITREFNO     LANG     DESCN                    
  D     VIRSA_CC_MITREFT     TESTC1     EN     Test mitigation control               
  M     VIRSA_CC_MITRISK     MITREFNO     RISKID                         
  D     VIRSA_CC_MITRISK     TESTC1     F006*                         
  M     VIRSA_CC_MITMON     MITREFNO     MONITORID                         
  D     VIRSA_CC_MITMON     TESTC1     TEST1                         
  M     VIRSA_CC_MITRPT     MITREFNO     ACTIONS     VSYSKEY     MONITORID     FREQUENCY          
  M     VIRSA_CC_MITUSER     MITREFNO     RISKID     USERID     VALIDFROM     VALIDTO     MONITORID     STATUS
  M     VIRSA_CC_MITROLE     MITREFNO     RISKID     ROLEID     VALIDFROM     VALIDTO     MONITORID     STATUS
  D     VIRSA_CC_MITROLE     TESTC1     F006*     Z1.*.ASST-SC-FINC-MGR     6/9/2010     7/25/2010     TEST1     0     
  M     VIRSA_CC_MITHROBJ     MITREFNO     RISKID     HROBJ     HROBJTYP     VALIDFROM     VALIDTO     MONITORID     STATUS
  M     VIRSA_CC_MITPROF     MITREFNO     RISKID     PROFILE     VALIDFROM     VALIDTO     MONITORID     STATUS
  M     VIRSA_CC_MITUSRORG     MITREFNO     RISKID     USERID     ORGRULEID     VALIDFROM     VALIDTO     MONITORID     STATUS
  M     VIRSA_CC_DETDESC     OBJECT_TYPE     OBJECT_ID     LANG     DETAIL_DESCN     
  D     VIRSA_CC_DETDESC     MIT     TESTC1     EN     Test Mitigation control                    
  We are not mitigating users now. Only roles are getting mitigated and hence we have not provided any values to the MIT USER table.
  Thanks and Best Regard,
  Srihari.K

  Dear Varun,
  Thanks for your reply. It helped me a lot. But however i am facing the following issue while uploading the mitigation controls
  After exporting the mitigation file from RAR, we opened the text file in a spreadsheet format and added few lines to the file and saved in the same text format or in UTF-8 format also
  After uploading the same into RAR again after changes we are facing similar errors mentioned in above query.
  But when we add lines  directly in the wordpad and upload the file then it is successful.
  We have to add so many mitigation controls and roles to be assigned for which excel would be easy way to dump.
  Is there anything wrong we  are doing here in editing and converting the files.
  Thanks and Best Regards,
  Srihari.K

• Query on Mitigation Control

  Hi all,
  We have configured Mitigation Controls and mitigated some of the users. We have the following queries in this regard:
  a) When we run the SoD anlaysis for that particular user we could able to see only half description of the Mitigation Control.
  Is there any limitation for the space or the parameters for the Mitigation Control Description.We are unable to see the entire description of the Mitigation Control (If the mitigation control is more than 7-8 lines) in the Detailed Report screen as well. Even after downloading into a spreadsheet also we are getting only the part of the mitigation control and not the entire description of the mitigation control
  b) A risk ID can be addressed by 2 or 3 mitigation controls. In this scenario,we have assigned 2-3 mitigation controls to one Mitigated user for mitigation. When we run SoD analysis we could able to see only the latest mitigation control assigned to the user in the report format (say out of 3 assigned only the 3rd one assigned is being shown).
  But when we did a search for Mitigation controls with  the Risk ID & User ID combination then it is throwing all the 3 mitigation controls. But the same is not shown in SoD violations reports
  Is there anything to do with the parameters set up or at the configuration side to resolve this.
  Please provide the procedure also in case of any changes to be made at configuration level.
  Thanks and Best Regards,
  Sri

  Hi Vit,
  Thanks for your reply. We crosschecked and you are correct that the space limitation is only for 132 characters in this table.
  Is there a way to get the mitigation control whole description or do we need to stick to this limitation itself.
  Also, when we did a search for Mitigation Control it gives only Mit.ID, Mit Control Desc, BU and Management approver. Whether there are any tables (from SAP Backend) or reports where we can get the Risk Ids including the above addressed by the mitigation controls.
  Thanks and Best Regards,
  Sri

• Significance of Monitor in Mitigation control

  Can any body help me understand what does Monitor does in Mitigation control and what does the statement mean below:
  "When creating a mitigation control, need to define the Action, Monitor ID, and
  Frequency. If the monitor does not execute the action within the set frequency, then an alert
  is generated"
  Thanks,
  Abhimanu

  Hello Abhimanyu,
  1. Can any body help me understand what does Monitor does in Mitigation control:
  The role of Monitor is to see whether everything that was risky from the access being mitigated is fine or not. That is, he/she would see to it that the user who has been given extra excess or conflicting access has not misused it. Every Mitigatin control, for this purpose has a Monitor attached to it who does this job.
  2. what does the statement mean below:
  "When creating a mitigation control, need to define the Action, Monitor ID, and
  Frequency. If the monitor does not execute the action within the set frequency, then an alert
  is generated"
  I guess this is also covered in the explanation for point 1 and the post above from Margaret. In case not, please let us know.
  Regards,
  Hersh.
  http://www.linkedin.com/in/hersh13
  Edited by: HERSH GUPTA on May 7, 2009 10:43 AM

• CC: Entering Mitigation Controls

  Hi ,
  I am entering mitigation controls in CC and am noticing 2 issues
  1) I cannot blanket mitigate a selection of users. Blanket mitigation only seems to apply if I want to mitigate all users. Is there any way to add 10 select users to a mitigation control by selecting the 10 users, rather than having to specify risk, validity dates etc. for all 10?
  2) I have noticed in SAP documentation that * should be entered after the risk ID e,g, P005*. Why should this be entered. This does not default when setting up the mitigation control and if I forget to do it, I have to delete the mitigation entry for the user and recreate. Can anybody advise why * must be entered and if there is a way to default *
  Thanks,
  Gary

  Gary,
  1)  No there is no way to select 10 individual users without creating a line item for each one.  Unless they all get the access from the same Role.  If that was the case you could just create the mitigating control for that role and anyone that would have the conflict via that Role would not appear in your risk reports.
  2)  The reason you have to enter * in the mitigating controls is so that all risk ID's are mitigated by your rule.  For example short risk ID P033 is made up of multiple long risk ID's based on each transactional combination i.e. P03300101 for ME21,ME51, P03300201 for ME21N,ME51, P03300301 for ME22,ME51, P03300401 for ME22N,ME51.
  So to cover all possible transaction combinations with a mitigating control you need to enter it for P033*.  This would also allow you to enter a mitigating control for only long risk id P03300101 it your mitigating control only covered users with access to ME21 and ME51.
  Hope that helps.
  Matt.

• Mitigation controls assignation to users in RAR

  Hi,
  While assigning mitigation control to the users (RAR>Mitigation> Mitigated Users-->Add), it is only possible to assign 1 user at a time...Would it be possible to assign more than 1 user through multiple selection
  Thanks
  Abhijeet

  Abhijeet,
  From that path, you cannot assign multiple users at once however, if authorised, you can upload mitigation controls and within the upload files, you can upload users assigned to them.
  Simon

• Mitigating Controls Headache

  Hi guys, i've been able to finally get the alerts generation and email sending working.
  However i'm having problems with the mitigating controls report.
  I've created a few Mitigation Controls and also stated under the 'reports' section that Monitor X should run Report Z in a frequency of 1 day. However even after a few days the mitigating controls report is showing nothing.
  Is there something wrong with my setup? If i created a control again Risk AA, do i need to explicitly execute the conflicts relating to Risk AA or is it assumed that even if i do not, the system is still expecting Monitor X to run report Z everyday ?

  First, as you probably know, the recording of any info on the Reports Tab of the Mitigating Control screen is completely optional. Even if information is recorded, it has nothing to do with the Mitigating Controls reports available within Informer.
  If report information is recorded, this is done either purely for documentation purposes or to set the stage for the generation of a "Mitigating Monitor" Alert. This type of alert will be generated if the designated monitor does not execute the designated SAP "report" transaction within the timeframe specified.
  Like any other type of alert, generation requires execution of the Alert Generation background job.

• Reduplicative mitigation controls

  Hi There,
  In RAR of GRC 5.3, there are many reduplicative mitigation controls. I tried to delete duplications, it seems like if I delete one of them, I will delete all of them. Could you please advise how to delete reduplicative mitigation controls and just keep one of them? And I also want to know why there are many reduplicative mitigation controls in our GRC. Thanks.
  Thank you for any information or suggestion!
  Regards,
  Sophie W

  Hi Sophie,
  You can check following
  Check if mitigation to user assignment table has duplicates or it is only display error.
  Check if they are exactly same in all details or there is a difference.
  This will help you to focus in specific direction for troubleshooting.
  BR,
  Mangesh

• Mitigating Controls in GRC10

  Hi,
  Is their a way we can maintain and update mitigating controls on GRC (GUI) back-end.UI can't be able to find those i created and migrated. Any ideas?
  Regards, Melvin

  Hi,
  REF CALL # : 968707 / 2011
  I created mitigating controls and imported the old mitigating controls from GRC 5.3.
  When I go to the mitigating controls on the UI no mitigating controls appear when opening the page. When I do a drop down (drill) on the TAB (SETUP) Work Centre  Link - Mitigating Control
  When drilling down on Mitigating Control IDu2019s
  The only two displayed is the ones I created on the UI. When I import the GRC5.3 mitigating controls I get the following
  message on the import tool within GRC10 back-end
  --Start Loading File - Scenario of 5.3 Mitigation - Migration
  sapvirdevexport53/BUNITdata.dat
  Mitigation Control EA:BS001 already exists
  Mitigation Control EA:BU001 already exists
  Mitigation Control SOLMAN99 already exists
  --File loaded successfully
  The migration document refers to the following steps and this was followed
  Why is the screen empty when going into the mitigating control link on the  UI - Another strange phenomenon is when I run the mitigating report from report and analytics the mitigating control comes up blank.
  When in the report and analytic work centre, and running the mitigation control report - -> I drill down on the Control ID and get the blank screen.
  This is why im asking can I look at mitigating controls not from ECC but GRC back-end system and maintain it from their
  Regards, Melvin

• Difference between Business service, Business system and Business process

  Hi,
  Can anyone tell me the difference between Business service, Business system and Business process?
  Thanks,
  Harikumar. S

  Hi,
  <b>Business system</b>
  It is a logical system from a business point of view.
  One or more logical systems that belong together from a business point of view is called a group of Business system group. A business system group represents a unit within a company or organization that can be defined according to legal, economic, administrative or geographic factors.
  The objects in a business system group are uniquely identified by a uniform numbering system.
  <b>Business process</b>
  Business procedure within an enterprise that uses resources and can involve activites from a number of different cost centers in a controlling area.
  When executing a business process, activities can be utilized for several cost centers of a controlling area.
  <b>Business service</b>
  It’s a third party system.
  All these belong to a Business Scenario which is
  Description of the flow of business processes according to a business typology. A business scenario represents a template for a business process, which runs within a particular area of a company process. All processes required to completely process the task are listed in chronological order in the scenario. Business scenarios can be described graphically, in either aggregated or detailed form (EPC). Example: Direct sale to industrial recipient
  <b>**DO REWARD POINTS IF THIS IS HELPFUL FOR YOU**</b>
  Regards
  AK