Compliance Calibrator 5.2 Install Question

Similar Messages

• Compliance Calibrator Start up

  Hi,
  We are planning to bring SOD tool Compliance calibrator soon for our r/3 system.......
  before that I need to know how it works....I mean SAP provides CC software to be installed on R/3 server???
  Can some tell me on which server CC installation takes place.

  Hi Lisa,
  Purpose of Installing RTA in R/3 Server
  ==============================
  This is an ABAP component which continously and regularly collects data from R/3 Server. As I said, this the Backend used by all the GRC components that is:
  1)Access Enforcer
  2)FireFighter
  3)Role Expert    and
  4)Compliance Calibrator
  What we install in J2EE Server and Purpose of it
  ====================================
  These are Java Deployable files (called Software Deployable Archives, SDA). These files form the frontend to access GRC components. The purpose of this is that, this forms an Interface to access the different applications.
  You have different SDAs for different applications like:
  1)Access Enforce
  2) Role Expert
  3) FireFighter    and
  4) Compliance Calibrator
  For each application, you have respective Java Deployable files i.e., SDAs. Example, if you want to use Compliance Calibrator, then you need to install it FronEnd files (SDAs) on J2EE server access through Web Browser.
  Data Flow
  =========
  I will take Compliance Calibrator example and explain it you you:
  You have RTA installed in R/3 server and frontend files on J2EE server.
  As you know, Compliance Calibrator is SODs violations reporting tool. Here you define all the rules and save it. You run reports called "Synchronization" for:
  Users
  Roles and
  Profiles
  When you run this, RTA (ABAP component in R/3 Server) will send the data as per your selection (User/Role/Profile) to FrontEnd on J2EE server where it maintains its own database in J2EE server for rendering purpose.
  Then you run the "Risk Analysis" reports in front end of different types:
  User
  Roles and
  Profiles
  Then it gives you the reports accordingly. Any change in the R/3 Server, you need to re-run the "Synchronizaiton" reports again. Usually, these reports are run every day on "Incremental" basis.
  Hope, this will answer what you have asked for.
  Feel free to ask further queries.
  Reward points if useful.
  Thanks and Regards,
  Faisal

• Knowing installed support package version of Compliance Calibrator ??

  Hi all,
  We have Compliance Calibrator 5.1 in WAS 7.0, and we would want to know the installed support package... How to know ?
  in CC, when clicking on "About" we just have the CC version ("5.1").
  On the J2EE server System Information for the component ccappcomp, we just have "null (0.2007.03.09.15.22.41)".
  It looks like SP3 but how to be sure ?
  Thanks in advance...

  Vincent,
  I believe that you can get this information in the NetWeaver Software Deployment Manager (SDM). If I remember correctly the AE/CC packages are deployed using this tool. SDM has version information for all J2EE deployed software packages.
  You can find the SDM under /usr/sap/<SID>/DVEBMGS00/SDM (for Unix systems).
  Best of luck.
  Matthew

• Does Compliance Calibrator come installed with CRM 2007

  We will be installing CRM 2007 in May and I need to know if Compliance Calibrator is installed as part of the application. Currently we are running CC 3.0 in R/3, HR and BW. If the new version is part of CRM 2007 then we need to upgrade to the newest version. I also need to know if the CC is not part of CRM 2007, will CC 3.0 technically work in CRM 2007.

  Hi, thanks for your replies,
  Our SP is uptodate,
  Note 1120400 is obsolete we have CRM 6 SP2 and our patch level is 15.
  Besides we have a delta between tables entries:
  USOBX     => 103.391
  USOBX_C     => 103.389
  and
  USOBT     => 43.785
  USOBT_C     => 43.769
  Do these tables have the same number of entries in your system? What could be the impact of this delta?
  Thanks,
  Aldo

• Re: Virsa Compliance Calibrator & Pre-defined SOD Rule Set

  Hi All,
  We have installed the Virsa Compliance calibrator 5.1 in our sandbox environment. When we goto the "Rule Architect" tab under Compliance calibrator using tcode /virsa/zvrat it brings up the page with Rules information.
  Per the Virsa documents that i read they have mentioned that there are pre-defined SOD Rules (Transaction codes and Tcode objects) that we can use in the Rule Architect.
  My question is how do i enable and use those pre-set SOD Rules that Virsa provides by default. I do not see them under the Rule architect tab though. Can someone give some pointers to use these pre-set SOD rules.
  Thanks & Regards
  -Murali

  Hi Laziz,
  Thanks for your patience in replying to my CC 5.1 queries. I did follow your steps for the Generate Rule & Background Job-> Schedule Analysis and scheduled the job immediate.
  However, when i looked up the status of the scheduled analysis Background Job-> Search pulls up the job i scheduled at the top it reads "Job scheduler Status: unknown error" . I clicked on "View Log" button and it shows some messages as shown below (Note: I am just posting some parts of the error msgs below. but it still goes for 1 page...)
  May 16, 2007 1:09:07 PM com.virsa.cc.xsys.bg.BgJobDaemon init
  INFO: *** BgJobDaemon loaded
  May 16, 2007 1:11:09 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  java.lang.NullPointerException
       at com.virsa.cc.common.util.ConfigUtil.setDefaultJ2EEParam(ConfigUtil.java:203)
       at com.virsa.cc.common.util.ConfigUtil.getBgJobStartURL(ConfigUtil.java:192)
       at com.virsa.cc.xsys.bg.AnalysisDaemonThread.run(AnalysisDaemonThread.java:45)
       at java.lang.Thread.run(Thread.java:534)
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.ReportPack50SP1_01 class: com/virsa/cc/extreport/ReportPack50SP1_01/ReportPack50SP1_01.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=1568 compressed size=1568 actual read=1568
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtActbyRsk_Act_RskLvl class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtActbyRsk_Act_RskLvl.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=13210 compressed size=13210 actual read=13210
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtRolbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtRolbyRsk.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=19287 compressed size=19287 actual read=19287
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtProfbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtProfbyRsk.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=12807 compressed size=12807 actual read=12807
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.UsersbyOrgLevels class: com/virsa/cc/extreport/ReportPack50SP1_01/UsersbyOrgLevels.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=18557 compressed size=18557 actual read=18557
  May 16, 2007 1:24:59 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  java.lang.NullPointerException
  I am not sure whats causing this and it's been 2hrs since i scheduled the user analysis but i don't see any data still appearing in the fron-end..Any pointers again???
  Thanks
  -Murali

• Compliance Calibrator Default Rules Upload Files

  I'm implementing Compliance Calibrator 5.1, and I'm at the point where I need to upload the default rule-set.  However, I cannot locate the flat files required for the initial rule-set upload (i.e. business process, function, and risk definitions).  I've read through the user guides, but they don't seem to reference exact file names or specify where the files would be located after install.  Thanks in advance for your help.

  Varun,
  you may get a quicker answer to your question in the GRC forum
  Governance, Risk and Compliance (SAP GRC)

• SAP GRC Access Control - Compliance Calibrator - License Cost

  Dear all,
  I have some questions on Compliance Calibrator implementation.
  1. Do  we have to pay additional cost for the license to implement Compliance Calibrator?
  2. Since SAP GRC 5.3 is just released, which one do you recommend? SAP GRC 5.2 or 5.3?
  3. What would be the major difference between Compliance Calibrator in GRC 5.2 and 5.3?
  Best regards,
  Rolando

  Hi Rolando-
  1. Yes, there lies some license cost and the amount should not as much as taking SAP R/3 license. I am not sure of exact amount but its nominal as compared to other SAP products.
  2. SAP always recommend for the latest version available and why not one would go for latest version if you are paying something for that.
  Also, it depends on your existing R/3 version and its compatibility. In short run, you can choose per your existing versions but in long run everyone has to move to latest version. Say for example whoever is using SAP R/3 technology with whatever version, they all need to upgrade to ECC6.0 by 2011 with extension upto 2013. I am not sure of any such information about GRC AC though.
  3. Some enhancement have been done with CC 5.3. Those features include-
  1. Risk analysis for SAP Enterprise Portal and UME
  2. BI integration for custom reporting
  3. Reporting enhancement features include additional auditor, business manager and IT reports
  4. SOD management by exception. Can be integrated with workflow.
  5. Import/Export of configuration data
  6. Migration scripts
  7. Download and print capability on every report.
  Some performance improvements-
  1. Concurrent risk analysis.
  2. batch mode risk analysis
  3. Improved memory mgmnt etc.
  Hope it gives you now some more visibility.
  Cheers!
  Ashok

• 4.6C to ECC 6.0 upgrade - Issue with Virsa Compliance Calibrator

  The issue is that phase IS_SELECT during the PREPARE is not detecting VIRSA as an add-on. This of course will result in VIRSA not being upgraded and the system will be unstable ( note 989368 ). Also, I can't choose to delete the add-on either.
  We installed the compliance calibrator before SAP purchased VIRSA. So, the tool was installed through transports, not SAINT. I assume this is why phase IS_SELECT is not seeing the tool.
  Any ideas?
  -Scott

  Received a reply from SAP. Since VIRSA was installed through STMS the IS_SELECT phase will not see the add-on. I had to do the ECC 6 upgrade as normal and then install VIRSA 4.0 for SAP 700 systems through SAINT.
  I had to clear SPDD and SPAU as much as possible for /VIRSA/* objects. However, there were six objects I could not clear. This did not cause any issues.
  Notes 1006083 and 985617 are needed for this procedure.
  Thanks for all the suggestions.
  -Scott

• Chart view - Management Reports - Compliance Calibrator 4.0

  Is posible to change scales in the graphics provided by Chart view in the option Management reports in the Compliance Calibrator?
  How?
  Thanks

  Let me change the question: is it possible to generate graphics weekly, for example?
  Thanks

• Need some practical Scenarios to test Compliance Calibrator, FF and AE

  Hi Experts,
  I have installed Compliance Calibrator 5.2 / Access Enforcer and Firefighter on a test System. However i am looking for some practical scenarios / Examples to test the functionlity of these installations. If any of you is currently working on these technologies i appreciate if you c an provide 2 3 scenarios to test my installation and functionality .
  Thanks in advance.
  Your help is much apprecaited..
  SK

  Hi SK,
  Testing the functionality of CC
  1. I would recommend to create some test roles where in you plug in some conflicting tcodes
      which can pose a sure SoD Risk, lets say Create Vendor Invoice(FB01) and Make an
      Automatic Payment(F110).
  2. Now run the Risk Analysis by choosing the Default SAP GRC ruleset library and do a  
      Role level Analysis.Then Assign the Test Roles to Test Users and then do a User Level Analysis.
  3. You may have create some Custom Rule sets with appropriate naming of Conflicting functions
      like Creation of Purchase Order (P001), Approve Purchase Order(P002)
      in different Application Areas like Purchase 2 Pay(P2P), Order 2 Cash (O2D) and try to do
      the same as above two steps.
  4. Test the functionality of Risk Remediation by removing the conflicting tcodes and do the
      Risk Analysis.Your previous Risk Roles must not appear
  5. Test the functionality of Risk Mitigation by placing a mitigation Control on the Conflicting tcodes
     and do the Risk Analysis.Your previous Risk Roles must not appear if you have properly
      configured your CC
  Testing the functionality of FF
  1. I would say create a few Firefighter IDs in different functional areas like FI, SD, MM, and then
     create some test users for Firefighter Owners, Controllers and Firefighters who can use
     the functionality of FF.
  2. Create some FF roles which have exceptional access in those functional areas
      encompassing transaction codes and authorization objects that are not used in normal incidents.
  3. Assign each of the FF roles to the respective FF IDs and then to the test Firefighters.
  4. Pull the log reports in FF and see if it gives exact details of the FF usage.
  5. You may have take some assistance of the Functional team members to do the testing.
  Testing the functionality of AE
  1. Create a workflow scenario of hiring a new user.
  2. Create the request under a test requestor. Assign the request to some test approver
  3. Also Assign some roles and test the functionality.
  Hope this helps for a good start
  Regards,
  Kiran Kandepalli.

• Configuring Role Expert Web services for Compliance Calibrator

  Hi @all,
  performing the configuration of Virsa Role Expert I've got a question regarding the settings for the various Web Service Info. for the Compliance Calibrator.
  Apart from the Web Service URL, user name and password need to be declared. The user guide names 'sapgrc' and 'webuser' as account names.
  My question: How do I setup these accounts? Is this an UME-Job - if so: what are the required roles and authorizations for these accounts?
  Kind regards,
  Martin

  Hi,
  the Web Services URLs are:
  Web Service Info. for CC Risk Analysis:     http://SERVER_NAME:PORT/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
  Web Service Info. for CC Transaction Usage: http://SERVER_NAME:PORT/VirsaCCActionUsageService/Config1?wsdl&style=document
  Web Service Info. for CC Mitigation Control: http://SERVER_NAME:PORT/VirsaCCMitigation5_0Service/Config1?wsdl&style=document
  Web Service Info. for CC Functions: http://SERVER_NAME:PORT/VirsaCCFunction5_0Service/Config1?wsdl&style=document
  Web Service Info. for AE Workflow: http://SERVER_NAME:PORT/AEWFRequestSubmissionService_5_2/Config1?wsdl&style=document
  Does that answer your question?
  Regards,
  Martin

• Compliance Calibrator Administrator ID

  As stated in the guides, the user id for the GRC Administrators for access to Compliance Calibrator UI is to be created through the UME.
  In the UME we have created the user ID with a role with the actions:
  UME.AclSuperUser
  UME.Batch_Admin
  UME.Manage_All
  UME.Manage_All_Companies
  UME.Manage_Groups
  UME.Manage_My_Profile
  UME.Manage_Roles
  UME.Manage_Users
  UME.Sync_Admin
  Com.virsa.cc.ChangeAdmins
  Com.virsa.cc.ChangeBP
  Com.virsa.cc.ChangeBUnit
  Com.virsa.cc.ChangeCrActions
  Com.virsa.cc.ChangeCrProfiles
  Com.virsa.cc.ChangeCrRoles
  Com.virsa.cc.ChangeFunction
  Com.virsa.cc.ChangeMitCntl
  Com.virsa.cc.ChangeMitHRObject
  Com.virsa.cc.ChangeMitProfile
  Com.virsa.cc.ChangeMitRole
  Com.virsa.cc.ChangeMitUser
  Com.virsa.cc.ChangeOrgRules
  Com.virsa.cc.ChangeRisks
  Com.virsa.cc.ChangeRuleSet
  Com.virsa.cc.ChangeSupplementRule
  Com.virsa.cc.ClearAlert
  Com.virsa.cc.CreateAdmins
  Com.virsa.cc.CreateBP
  Com.virsa.cc.BUnit
  Com.virsa.cc.CreateCrActions
  Com.virsa.cc.CreateCrProfiles
  Com.virsa.cc.CreateCrRoles
  Com.virsa.cc.CreateFunction
  Com.virsa.cc.CreateMitCntl
  Com.virsa.cc.CreateMitHRObject
  Com.virsa.cc.CreateMitProfile
  Com.virsa.cc.CreateMitRole
  Com.virsa.cc.CreateMitUser
  Com.virsa.cc.CreateOrgRules
  Com.virsa.cc.CreateRisks
  Com.virsa.cc.CreateRuleSet
  Com.virsa.cc.CreateSupplementRule
  Com.virsa.cc.DeleteAdmins
  Com.virsa.cc.DeleteAlert
  Com.virsa.cc.DeleteBP
  Com.virsa.cc.DeleteBUnit
  Com.virsa.cc.DeleteCrActions
  Com.virsa.cc.DeleteCrProfiles
  Com.virsa.cc.DeleteCrRoles
  Com.virsa.cc.DeleteFunction
  Com.virsa.cc.DeleteMitCntl
  Com.virsa.cc.DeleteMitHRsObject
  Com.virsa.cc.DeleteMitProfile
  Com.virsa.cc.DeleteMitRole
  Com.virsa.cc.DeleteMitUser
  Com.virsa.cc.DeleteOrgRules
  Com.virsa.cc.DeleteRisks
  Com.virsa.cc.DeleteRuleSet
  Com.virsa.cc.DeleteSupplementRule
  Com.virsa.cc.ExportRules
  Com.virsa.cc.GenerateAlert
  Com.virsa.cc.ImportRules
  Com.virsa.cc.MassFuncMaint
  Com.virsa.cc.RunAuditReports
  Com.virsa.cc.RunRiskAnalysis
  Com.virsa.cc.RunSecurityReports
  Com.virsa.cc.ViewAlertMonitor
  Com.virsa.cc.ViewBgJobLog
  Com.virsa.cc.ViewConfiguration
  Com.virsa.cc.ViewInformer
  Com.virsa.cc.ViewMgmtReport
  Com.virsa.cc.ViewRuleArchitect
  Basically, this is the administrator role for the UME that we have in the development environment currently.
  When we attempt to log on to the Compliance Calibrator, we get logged out immediately.
  We do not even see the top bar of the compliance calibrator UI.
  I have checked the SDN forums and according to the developers here, it is because there is no JAVA role assigned to the user but we have assigned all the actions to the user.
  Do advise if there is a step that we have missed out during the user creation.

  Hi Chee,
  I'm installing Compliance Calibrator 5.1 on WAS7.0. now when i configure the administrator role for Portal user, I'm not able to see any of the com.virsa.cc actions in available actions list.
  In the inst guide for CC 5.2 it suggests a alternate method to upload a role file UME Roles file, UMERoles_CC52.txt. Where can we find this file for CC5.1.
  Help me on this issue. I'm really troubled due to this with no leads at all.
  Please suggest me a way.
  Thanks,
  Vishal.

• SAPu00AE COMPLIANCE CALIBRATOR BY VIRSA SYSTEMS

  Hello all,
  My company are thinking of implementing the above for auditing purposes to comply with Sarbanes-Oxley and compliance. I have read some documentation from the SAP website and this documentation states that:
  "Because SAP Compliance Calibrator by Virsa Systems is embedded in your SAP system, no additional hardware or software is required."
  Has anyone implemented this soultion? If so is there any additional documentation available for it?
  Cheers,
  Bernard.

  David,
  As We are in the process of implementing this virsa tool but we are not sure as to what are the exact steps that we should extract  to. Do you have a step by step guide (apart from the VIRSA install guide) which would guide us through the complete install and configuration. We have ECC 6.0 ,Portal,BI 7,CRM 5
  Would you be kind enough to send the information to me asap.
  Please forward me the doc to following id , I will be very much appreciate if you could do the help ..
  [email protected]
  Thanks
  Laxmi

• Compliance Calibrator 4.0 - importing Long Risk Detailed Description text

  We just installed Compliance Calibrator, in Production, and we need to import the Long Detailed Description text, for each risk, from client 000 to our production client (600).
  Our Basis staff do not want to unlock the system for client copy imports.  Is there another way of importing the Long Detail Description text for each risk, into Production, without unlocking the system for client copying?

  Hi, when you transport with Utilities -> Rule Transport , the Long Risk DEsc is not transported ?
  Claudio

• Appearing blank screen in compliance calibrator url

  hi
  i have recently installed java front end part of SAP GRC patches on a sap java server. and i have crated jco connections to connect to backend sysems. but after that , when i see with following url
  http//<server_name>:5<instance>00/webdynpro/dispatcher/sap.com/grc~ccappcomp/Compliance
  Calibrator 
  i can see the above heading as SAP GRC and all, but no content i can see.
  did any body face this kind of problem--- please help
  thanks
  Akhil

  Hi Akhil,
  You need to upload all the Standard UME roles provided by SAP onto the UME of GRC Server. You can find all these roles in VIRSAACCNTNT.sar files in the GRC AC package. When you'll un-car this file it will extract files having all the AC roles and you need to upload them in UME and assign users with all the necessary roles.
  The files would be re_ume_roles.txt; cc_ume_roles.txt and ae_ume_roles.txt.
  All the best!
  Cheers!
  Aman
  GRC RIG