CC Org Rules usage

Similar Messages

• Org rules

  Hello There,
  We are using GRC 5.2  and I would like to know how to use org rules ?
  We have set up our authorization in SAP in  such fashion that the user has special role for the compnay code the combination of normal authorizations + compnay code role should give them enough access .
  example italian users have italian company code role and the user cannnot  have spanish company code access and via GRC we would like to know which italian users have access to other compnay codes?
  Does GRC help identifying this,can we create any rule ?
  Thanks for your help in advance .
  Regards
  Kev

  Hello Kevin,
  Following your scenario, I few comments to get the idea:
  1) An Italian user contains within his role authorizations Company Codes (BUKRS) permissions which value identifies such region (i.e 0001)
  2) A Spanish user contains within his role authorizations Company Codes (BUKRS) permissions which value identifies such region (i.e 0002)
  Are you trying to find out with GRC if and Italian user contains any company code permission with value different to 0001 (specific for Italy)? Am I right?
  Best regards,
     Imanol

• GRC AC ARA v10 SP13 - Org Rule Org Level Missing

  Hi Experts!
  Testing ARA Organization Rules soon and have noticed that one of my key Org Levels, $BUKRS, is missing. I have not yet used this functionality on this system. I am already doing the following:
  running the authorization sync job daily (we are in the middle of multiple project builds)
  checked the target systems USORG table for Org Level $BUKRS entry.
  active ruleset function has that Org Level $BUKRS entry and it appears on the Risk Analysis reports
  All other Org Levels are available to use except for this one. Any ideas!
  Thanks in advance.
  -john

  Alessandro,
  Ran both sync jobs again, but it is still not (see below). Checked the logs to be sure it completed.
  We do have two different ECC system connectors (One Production landscape, the other Project landscape), but both have the USORG table for Org Level $BUKRS entry.
  Any other ideas? Is there a GRC ARA GRAC* table I can update or check for this?
  Thanks,
  -john

• ORG Rules Set but Job Running without consider them

  Hi,
  I have a doubt. I have set Organizational Rules for the company i am working at. But i wanna run a job without consider Organizational Rules. I set the corresponding Parameter in its correspondig value and then i run the Background Job Risk Analysis.
  I have the following doubt: The Org values set in $(OrgField) in all the functions, when  i run this job, which value takes?? I assume that "*", is that ok?
  Kind Regards
  Isaac

  Solved

• Rule usage in Document template creation

  Dear all,
  In our scenerio,I am using document template(TS) creation step in WS.
  In this task I have created different word document templates.In my requirement based on the user, any one of the document template should come for creation.(not all the document templates).How can I do the config for that?Does it work,suppose the task is assigned with a Rule(The template is in creation mode)?

  Hi Srini,
  Use of background step indicates that it is additional step prior to your Document template. Do the processing what you were supposed to do in rule , get the required results from this step , store them in workfow container elements and Use them in your Document for template step.
  Regds,
  Akshay

• Business Rule:Usage of @ISMBR with User Prompts/ Variables+Loop Function

  Hi,
  currently facing a business rule user prompt - if-selection issue - not sure, if it's simply a bug or other ways how to solve it:
  depending on runtimeprompt [RTP_VERSIONS], either the 1st or 2nd part of the rule should get executed using a loop command.
  The special thing is, that you can choose several versions simultaniously in runtimeprompt : as soon, as Data Input is part of the selection, the 1st part of the if-section should apply and the 2nd loop executed (and other way round)
  this works if I select 1 Member in the user prompt, but does not work, if I select several members.
  according to the manual, @ismbr function is "true", if already 1 member is matching !
  I experiemented in addition to @ismbr with @list and @range and also with additional == "Data Input"
  any idea, which other command should apply ? any experience, if using user-variables with several member selections in if-sections is a problem ?
  of course I could simply create separate businessrules or restrict runtimeprompt to 1 value/ version - but inconvenient.
  we are on system 9.3
  Businessrule:
  VAR breakvar1=1; /*Controls Deletion of Budgetdata on Version Data Input */
  VAR breakvar2=1; /*Controls Deletion of ALL Data on selected Versions */
  FIX( "BegBalance",
  [RTP_SCENARIO],
  *[RTP_VERSIONS]*,
  "Local",
  +..... other dimensions+ )
  "HSP_InputValue"
  IF( *@ISMBR("Data Input")* AND not @ISMBR(&Scenario_1_curr))
  breakvar1=1;
  breakvar2=0;
  ELSEIF( not @ISMBR(&Scenario_1_curr))
  breakvar1=0;
  breakvar2=1;
  ENDIF;
  ENDFIX;
  SET UPDATECALC OFF;
  SET MSG SUMMARY;
  Loop(1,breakvar1) /* delete all accounts = all data */
  FIX( [RTP_SCENARIO],
  [RTP_VERSIONS],
  @IDESCENDANTS([RTP_PROJECT])
  CLEARBLOCK ALL;
  ENDFIX;
  ENDLOOP
  Loop(1,breakvar2) /* delete only budget accounts, not setupdata */
  FIX( [RTP_SCENARIO],
  [RTP_VERSIONS],
  @IDESCENDANTS([RTP_PROJECT]),
  *@IDESCENDANTS("Costs")*
  CLEARBLOCK ALL;
  ENDFIX;
  ENDLOOP
  Edited by: Rodian Abel on May 4, 2010 10:38 PM
  Edited by: Rodian Abel on May 4, 2010 10:43 PM

  I think he is saying he does want to allow the user to select more than one member.
  You mention you are using @ismbr and @list. I would say that should be the one that would work.
  For example if you wanted Version1 and Version2 and you hardcoded it. It would look like this
  If (@ismbr(@list(Version1,Version2))
  So using your Variable I expect you wrote it like this
  if (@ismbr(@list(variable)) and that it didn't work.
  @range is useful as it is cross dimensional and that isn't the case here. So if @list doesn't work than this is a bug/problem for your specific situation and will have to approach it differently.

• Subset rule usage..

  Hi Experts,
  Please help me out in this situation. I would like to implement subset rules on a CAPTURE process where i can ignore the transactions on a specific column value.
  Example: On table EMP i would like to ignore the transaction, when ever any insert/update/delete done on that table where JOB='MGR'.
  Can i use DML_CONDITION as ' JOB != 'MGR''' . I tried this this wouldn't help me. Please help me out.

  you can use sub set rules provinding your table has no long or lob/clob. If it is the case, then you have to create an context, attach it the capture and perform a switch to a condition that will be discarted by the propagtion process.
  There are example on this forum.

• Org Rule anlaysis when performing mitigation from risk analysis report do not mitigate the user from management summary report message!

  Hi,
  When in the User Level>Mitigation screen this comment appears  (*). When taking the path to  ‘summary’(a) or ‘detail’ (b) doesn't change when we select the button  MITIGATE RISK (**).  What was the intent of the below message?
  What is the intent of the message ?

  Hi Pranjal,
  please see note: http://service.sap.com/sap/support/notes/1972382
  Regards,
  Alessandro

• GRC 10: How to upload Org Level Rules in GRC 10?

  Hello Friends,
  we have implemented GRC 10 recently but missed to move org level rules from GRC 5.3 to 10. I don't see an option to load org rules in SPRO. Can you please let me know how can i load org rules from 5.3 to 10 with out disturbing the existing risks / functions? or is there an option to update tables directly for org rules?

  Hi Colleen Lee,
  Thank you for your response. Yes i see Master Data > Exception Access Rules > Organizational Rules and i am able to create org rules but i am trying to find an option to upload all at a time as we have around 50 org rules and have 2600 lines in it. creating manually will take so long and looking for alternate.
  Thanks & Regards 
  Pradeepthi

• Problem in Org determination rule

  hi all,
  i have postal codes assigned to the org model as attributes,(ie) the org unit is responsible for that postal code only, i have created org determination rule by selecting the postal code as an attribute, i have created bp in which i have mentioned one of the postal code which is in the org model,
  when i run transaction i need only the org unit to be picked and shown based on the postal code mentioned in the BP , now it is showing all the orgunits which i dont need,
  please suggest me what setting i have to do.
  its urgent

  Hi shalini,
  while simulating the rule in pfac, i am able to get the correct org unit for the pincode, while running the transaction my problem is still the same getting all org units in the pop up, i am sure i have correct org rule assigned to org profile and profile to transaction.
  to be clear, my requirement is, for a transaction type, i have defined prt functions "customer" and 'employee responsible' in UI interface setting of prt detr procedure. here the employee responsible should not be the user creating the transaction. this should be the org unit "sales group" which is having certain pincodes assigned in org model, the same value which is populated in sales group field should be populated in 'Emp responsilbe' field in UI of transaction type.
  here my first problem is i am getting all the org units for the selection when running the transaction, where user doesnt know which org unit should be selected for the customer belonging to the particular pincode.
  if i get value sales group field how can i get this value populated to Employee responsible field in UI
  suggest me how can i achieve this.
  ITS URGENT

• "Organizational Rules"

  HI:
  I am looking for anyone who has experience in developing the "Organizational Rules" in Compliance Calibrator 4.0 or 5.3.
  We have the basic rule set loaded, with some custom functions and risks.  However, we are the parent company of many subsidiaries, and while the one rule set analysis access from tcode and object perspective, we would like to add the extra layer of organizational rules in order to reduce false positives where access is combined, but for different org values.
  I am looking for "how to"....there doesn't seem to be a lot of information out there on this functionality.
  Thanks,
  Margaret

  HI:
  My original question was answered....however upon implementation of this (we are on version 4.0)....we have updated our functions, and updated the org rules table...and generally the analysis works.  The SoD report when you just run a user analysis is no longer showing a false positive.
  However, when we use the populate the Org Rules field with our Org Rule that we want to analyze against, we get a "No users match the selection criteria" error popup.
  Is there any fix out there for this?  User is valid...it only happens when you populate the Org Rules field in the analysis screen.  I couldn't find anything on OSS.
  Thanks,
  Margaret

• SAP GRC AC: Organizational rules at Batch risks analysis and Dashboards

  Dear All.
  I would like to know GRC AC is able to consider the organizational rules defined (for example: risk only affected to Company, BUKRS 0001) at the Batch risks analysis and at the Dashboard. I already know that for the ad-hoc reporting you can filter by the Org.rules created but i would like to know if this filter is also able for the Batch risks analysis.
  Thanks and regards.

  Dear all.
  As per my knowledge this parameter only sets the flag of Consider Org.Rules at the filters. This is what the guide indicates:
  "Setting the value to YES automatically selects the Consider Org Rule checkbox on the Risk Violations tab of the Access Request and
  Role Maintenance screens."
  So how are you so sure about that indicating this flag to YES will take into consideration the org rules at the Dashboards?
  Regards

• Org data profile

  Hi guys,
  I have two questions for clarification:
  <b>1.</b> While maintaining the org data profile in IMG,what is the standard rule generally given for the service org data profile? If iam using the other standards the system says the the rfc to R/3 is not there.(Ex:10000194 for sales org data profile)
  <b>2.</b> Assume we have created the org data ......Company,Bussiness unit,position,user.Now when i have assign the sales org,dist chnl and division to the pricing procedure which ID from the org structure has to be assigned......Is it the company level ID or the Bussiness unit level ID?
  <b>The crm system is a standalone one</b>.
  Thanks
  ajay

  Hi Ajay,
  The Standard Org Rule used for Service org determination is 10000276, which is assigned to the Org Profile 000000000008 (For Header).
  This is based on the org determination rules which are assigned to the transaction types.
  These rules are defined to pick up the responsible agent/org based on two criteria
  1. Based on attributes
  2. Based on responsibilities
  3. Both of the above
  Incase when the org is to be determined based on the attributes, then the attributes of the BP like the Countyr, Postal code are matched to the same attributes of the orgs that you have maintianed in the system and the matching orgs are available for chosing.
  Based on the responsibility:- Incase you want the BP to be serviced based on his importance you chose agents based on the Responsibility. Eg:- If you want the Gold Card Members to be treated by different set of org than the normal customers, you can chose this rule to maintian it.
  Incase you have maintained both the rules, then the union of all the orgs determined by these rules will be available in the pop.
  The path to maintain these rules is
  IMG> CRM> Master Data> Org Mangement> Define Rules
  and then these rules need to be assigned to a profile which contains the rules to determine both sales and service orgs is done using the path
  IMG>CRM>Master Data> Org Management> Define profile
  and then these profiles are assgined to the transaction type using the path IMG>CRM> Transactions> Basic Settings> Define transaction types
  Hope this helps
  Regards
  Rekha Dadwal

• False-Positive SoD conflicts by Org. Level

  Hi everyone,
  I'm working on CC 5.1 and the tool is stabilized and is working fine. We used this tool to remediate more or less 50% of our SoDs.
  My question is:
  If risk A is only a risk if the roles assigned to the user have the same Plant or Company code, how could I possibly set up CC to check this?
  In other words, if the conflicted transactions are not used in the same Org. Level, it's not a risk anymore.
  Many thanks in advance for your assistance.
  Cheers

  To expand a bit on Patrick's response. you can user Organizational Rules to eliminate the false positives that are being reported.
  The user guide contains details on all of the steps required to use org rules, but in a ntushell this requires:
  - Identication of the risk(s) being incorrectly reported
  -  Modification of the necssary functions to activate the            appropriate org-level fields in the associated permissions
  - Rule regeneration
  - Use Rule Architect feature to create approriate org rules
  - Run Org User Mapping batch function to collect data on org level/user relationships (needs to be executed on a recurring basis to be kept current)
  Once these steps have been performed, user level risk analysis performed from the "Org Level" menu option should only report the desired conflicts.

• View Usage Reports on search site

  Hi,
  In Sharepoint 2013, I have a Staff Directory based on a Entreprise Search. I found Popularity and Search Reports but I would like to  know the requests with : who do to request and what kind of request is done.
  Thank you in advance

  You can get 
  Search Clicks
  The Search Clicks analysis uses information about which items users click in search results to boost or demote items in the search index. The analysis calculates a new ranking of items compared to the base relevance.
  http://technet.microsoft.com/en-us/library/jj219554%28v=office.15%29.aspx
  Number of queries
  Top queries
  Abandoned queries
  No result queries
  Query rule usage
  http://technet.microsoft.com/en-us/library/jj219554%28v=office.15%29.aspx