Compliance Calibrator analysing APO

Similar Messages

• Convert from Compliance Calibrator 4.0 to Risk Analysis and Remediation 5.2

  Hello Forum,
  I'm looking for other opinions on converting Compliance Calibrator (CC) 4.0 to Risk Analysis and Remediation (RAR) 5.2 (formerly CC)
  I have inherited responsibility for RAR and need to upgrade it to the 5.2 level; our current ECC level prevents us from going to 5.3
  I found a process that will unload the data from CC 4.0 and be imported into RAR 5.2
  I want to understand the definitions that comprise the RAR and was thinking about recreating the definitions in 5.2 based on what is already defined in the CC 4.0 system; I have time to do this since there is no definitive deadline that would make it impossible to meet
  Currently, I have the following definitions:
  Business Process 6 entries
  Functions 47 entries
  Risks 147 entries
  Mitigating Controls 40 entries
  Would others find this approach acceptable and reasonable even though I would be entering all the information? Basically, it would be like defining the data for the very first time if this was NEW software
  I would expect to come away with a good understanding of how everything ties together; at this point, I am only looking to create the necessary data that would allow for producing SOD reports that show all users with "risks" have been mitigated with acceptable controls
  Thanks for your responses in advance
  Jerry
  Ryerson, Inc
  630-758-2021

  Thanks for the reply
  I have the migration guide and have reviewed it; I have actually played around a bit with obtaining the file from CC 4.0; I found that the data records may need some adjustments to be compatible with RAR 5.2; one of the reasons that may be leading me to do everything from scratch
  The definitions currently defined were completed by an outside source and the mitigated controls were defined by the Internal Audit area
  I'm not sure if they were mixed with the defaults
  I'm not sure at this point what impact or changes I would experience if I use the "default" supplied rules set but I expect to find out
  Thanks again for your reply
  Jerry

• Compliance Calibrator v4.0 - Cross System SoD Analysis

  Hi all,
  I'm looking to run SoD analysis across BI7 and ERP using Compliance Calibrator v4.0.  I can see the Parameter in the config overview, and have set it to yes is both systems.  But there is nothing else in the documentation as to what other config etc is needed.  Does anyone now the steps involved or could you point me in the direction of documentation.
  Thanks in advance,
  Fiona

  Hi,
  there is a difference only if you have created and assigned mitigation controls to users.
  In that case, you can decide to see the report of SOD conflicts with or without mitigation controls:
  - Either you see all SOD conflicts including these that are mitigated (it is however clearly stated in the report whether a mitigation control exists or not)
  - Or you see all SOD conflicts excepted these that are mitigated (we consider thus that mitigated conflicts should not appear in the report)
  Rgds,
  Karim

• Compliance Calibrator: Background jobs didn't bring in the correct data.

  Hi Gurus;
  In Compliance Calibrator; background jobs were last run on 5/27/09 but the management report shows that the summary is as of 5/20/09. That should have been updated uptill 5/27/09 and the new number of conflicts should have come up, which it didn't. What can be the problem?
  Thanking you;
  Raja

  Hi Harleen;
  This job was actually set by the client. So when I went to check the parameters of the jobs, I found that the field MGR_ANALYSIS consists of Field value "N". Does this mean that the Management Analysis box was not ticked when this job was scheduled?
  Regards;
  Raja

• Custom Risks in Compliance Calibrator?

  Hello,
  Can someone please verify this process for me?
  My understanding is that once you create and configure a custom risk in Compliance Calibrator 5.2, you simply click generate and can then immediately run a risk analysis using the new custom risk.
  Is there any kind of a background job required to synchronise the new custom rule prior to running a risks analysis or any steps that I'm missing?
  Thanks your help is much appreciated,

  Hi Adamo,
     This is the exact process you need to follow. Once you create main risk and generate rules, you should be able to see the risk in CC. Have you enabled the particular risk? You can go to informer and try to run a simulation or ad-hoc analysis on that particular risk.
  Regards,
  Alpesh

• SAP GRC Access Control - Compliance Calibrator - License Cost

  Dear all,
  I have some questions on Compliance Calibrator implementation.
  1. Do  we have to pay additional cost for the license to implement Compliance Calibrator?
  2. Since SAP GRC 5.3 is just released, which one do you recommend? SAP GRC 5.2 or 5.3?
  3. What would be the major difference between Compliance Calibrator in GRC 5.2 and 5.3?
  Best regards,
  Rolando

  Hi Rolando-
  1. Yes, there lies some license cost and the amount should not as much as taking SAP R/3 license. I am not sure of exact amount but its nominal as compared to other SAP products.
  2. SAP always recommend for the latest version available and why not one would go for latest version if you are paying something for that.
  Also, it depends on your existing R/3 version and its compatibility. In short run, you can choose per your existing versions but in long run everyone has to move to latest version. Say for example whoever is using SAP R/3 technology with whatever version, they all need to upgrade to ECC6.0 by 2011 with extension upto 2013. I am not sure of any such information about GRC AC though.
  3. Some enhancement have been done with CC 5.3. Those features include-
  1. Risk analysis for SAP Enterprise Portal and UME
  2. BI integration for custom reporting
  3. Reporting enhancement features include additional auditor, business manager and IT reports
  4. SOD management by exception. Can be integrated with workflow.
  5. Import/Export of configuration data
  6. Migration scripts
  7. Download and print capability on every report.
  Some performance improvements-
  1. Concurrent risk analysis.
  2. batch mode risk analysis
  3. Improved memory mgmnt etc.
  Hope it gives you now some more visibility.
  Cheers!
  Ashok

• Create rules in Compliance Calibrator for HR PD profiles

  Hello
  In Compliance Calibrator can we create a rule to check PD profile combinations?
  Example:
  We have 3 PD profiles say 1, 2, 3
  We dont want 1, 3 together
  Any help on this, is greatly appreciated.

  Alexander,
  Thanks for your prompt response. But the note available from SAP is not included SCM?
  <b>Note 1033326 - Compliance Calibrator 5.2 Rule Upload</b>
  SOD Action and Permission level rules are provided for R/3, APO, ECCS, CRM
  and SRM. HR and Basis rules are included in the R/3 but also broken out
  separately.
  Could you tell me what all other modules are included in the standard ruleset?
  Thanks in advance
  Eric

• Need some practical Scenarios to test Compliance Calibrator, FF and AE

  Hi Experts,
  I have installed Compliance Calibrator 5.2 / Access Enforcer and Firefighter on a test System. However i am looking for some practical scenarios / Examples to test the functionlity of these installations. If any of you is currently working on these technologies i appreciate if you c an provide 2 3 scenarios to test my installation and functionality .
  Thanks in advance.
  Your help is much apprecaited..
  SK

  Hi SK,
  Testing the functionality of CC
  1. I would recommend to create some test roles where in you plug in some conflicting tcodes
      which can pose a sure SoD Risk, lets say Create Vendor Invoice(FB01) and Make an
      Automatic Payment(F110).
  2. Now run the Risk Analysis by choosing the Default SAP GRC ruleset library and do a  
      Role level Analysis.Then Assign the Test Roles to Test Users and then do a User Level Analysis.
  3. You may have create some Custom Rule sets with appropriate naming of Conflicting functions
      like Creation of Purchase Order (P001), Approve Purchase Order(P002)
      in different Application Areas like Purchase 2 Pay(P2P), Order 2 Cash (O2D) and try to do
      the same as above two steps.
  4. Test the functionality of Risk Remediation by removing the conflicting tcodes and do the
      Risk Analysis.Your previous Risk Roles must not appear
  5. Test the functionality of Risk Mitigation by placing a mitigation Control on the Conflicting tcodes
     and do the Risk Analysis.Your previous Risk Roles must not appear if you have properly
      configured your CC
  Testing the functionality of FF
  1. I would say create a few Firefighter IDs in different functional areas like FI, SD, MM, and then
     create some test users for Firefighter Owners, Controllers and Firefighters who can use
     the functionality of FF.
  2. Create some FF roles which have exceptional access in those functional areas
      encompassing transaction codes and authorization objects that are not used in normal incidents.
  3. Assign each of the FF roles to the respective FF IDs and then to the test Firefighters.
  4. Pull the log reports in FF and see if it gives exact details of the FF usage.
  5. You may have take some assistance of the Functional team members to do the testing.
  Testing the functionality of AE
  1. Create a workflow scenario of hiring a new user.
  2. Create the request under a test requestor. Assign the request to some test approver
  3. Also Assign some roles and test the functionality.
  Hope this helps for a good start
  Regards,
  Kiran Kandepalli.

• Configuring Role Expert Web services for Compliance Calibrator

  Hi @all,
  performing the configuration of Virsa Role Expert I've got a question regarding the settings for the various Web Service Info. for the Compliance Calibrator.
  Apart from the Web Service URL, user name and password need to be declared. The user guide names 'sapgrc' and 'webuser' as account names.
  My question: How do I setup these accounts? Is this an UME-Job - if so: what are the required roles and authorizations for these accounts?
  Kind regards,
  Martin

  Hi,
  the Web Services URLs are:
  Web Service Info. for CC Risk Analysis:     http://SERVER_NAME:PORT/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
  Web Service Info. for CC Transaction Usage: http://SERVER_NAME:PORT/VirsaCCActionUsageService/Config1?wsdl&style=document
  Web Service Info. for CC Mitigation Control: http://SERVER_NAME:PORT/VirsaCCMitigation5_0Service/Config1?wsdl&style=document
  Web Service Info. for CC Functions: http://SERVER_NAME:PORT/VirsaCCFunction5_0Service/Config1?wsdl&style=document
  Web Service Info. for AE Workflow: http://SERVER_NAME:PORT/AEWFRequestSubmissionService_5_2/Config1?wsdl&style=document
  Does that answer your question?
  Regards,
  Martin

• Upload spreadsheet into Compliance Calibrator

  Hey Experts....
  Does anyone know how to upload a large amount of Users and Roles into Compliance Calibrator to do a simulation for SOD analysis?
  I have about 500 Users I need to run CC against in Production and don't want to do them manually.
  Any help would save a lot of time/$$.
  Thanks.
  Chris

  Chris,
       What version of CC do you have? What do you mean by doing it manually? If you have SAP 4.6C and above, you should be able to schedule background job to syn users, roles etc.
  Please provide more details.
  Regards,
  Alpesh

• Re: Virsa Compliance Calibrator & Pre-defined SOD Rule Set

  Hi All,
  We have installed the Virsa Compliance calibrator 5.1 in our sandbox environment. When we goto the "Rule Architect" tab under Compliance calibrator using tcode /virsa/zvrat it brings up the page with Rules information.
  Per the Virsa documents that i read they have mentioned that there are pre-defined SOD Rules (Transaction codes and Tcode objects) that we can use in the Rule Architect.
  My question is how do i enable and use those pre-set SOD Rules that Virsa provides by default. I do not see them under the Rule architect tab though. Can someone give some pointers to use these pre-set SOD rules.
  Thanks & Regards
  -Murali

  Hi Laziz,
  Thanks for your patience in replying to my CC 5.1 queries. I did follow your steps for the Generate Rule & Background Job-> Schedule Analysis and scheduled the job immediate.
  However, when i looked up the status of the scheduled analysis Background Job-> Search pulls up the job i scheduled at the top it reads "Job scheduler Status: unknown error" . I clicked on "View Log" button and it shows some messages as shown below (Note: I am just posting some parts of the error msgs below. but it still goes for 1 page...)
  May 16, 2007 1:09:07 PM com.virsa.cc.xsys.bg.BgJobDaemon init
  INFO: *** BgJobDaemon loaded
  May 16, 2007 1:11:09 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  java.lang.NullPointerException
       at com.virsa.cc.common.util.ConfigUtil.setDefaultJ2EEParam(ConfigUtil.java:203)
       at com.virsa.cc.common.util.ConfigUtil.getBgJobStartURL(ConfigUtil.java:192)
       at com.virsa.cc.xsys.bg.AnalysisDaemonThread.run(AnalysisDaemonThread.java:45)
       at java.lang.Thread.run(Thread.java:534)
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.ReportPack50SP1_01 class: com/virsa/cc/extreport/ReportPack50SP1_01/ReportPack50SP1_01.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=1568 compressed size=1568 actual read=1568
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtActbyRsk_Act_RskLvl class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtActbyRsk_Act_RskLvl.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=13210 compressed size=13210 actual read=13210
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtRolbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtRolbyRsk.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=19287 compressed size=19287 actual read=19287
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtProfbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtProfbyRsk.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=12807 compressed size=12807 actual read=12807
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.UsersbyOrgLevels class: com/virsa/cc/extreport/ReportPack50SP1_01/UsersbyOrgLevels.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=18557 compressed size=18557 actual read=18557
  May 16, 2007 1:24:59 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  java.lang.NullPointerException
  I am not sure whats causing this and it's been 2hrs since i scheduled the user analysis but i don't see any data still appearing in the fron-end..Any pointers again???
  Thanks
  -Murali

• Issue with Compliance Calibrator 5.2 SP9 Background Jobs

  Hello,
  I'm having an issue with Compliance Calibrator 5.2 SP9 where If I run a role analysis as a background job that has the same parameters as a previously run role analysis background job, the second job that is run will display a failure message.  It does not appear to matter if the similar background jobs were run by the same individual or separate individuals.  As long as the job that was previously run is still in the background job history, than any job with the same parameters run by a user will fail. 
  Is this normal operation for CC? 
  Is there a configuration change that could allow a job to be rerun in the background multiple times?
  Is there a fix for this issue in a later support pack or with upgrade to 5.3?
  Thanks for the help it's much appreciated,

  To better clarify what is occurring, the 1st job will run and complete successfully and return/display the appropriate results correctly.  The 2nd job will than be subsequently kicked off and finish same as with the previous job except when you open the background results no data is displayed and the message at the bottom reads: Failed to display result.  To make more sense of what Iu2019m doing, these are the logical steps Iu2019m following:
  1.  Select Role Level analysis
  2.  Enter parameters for analysis
  3.  Schedule background job to run immediately
  4.  View background job results (successful job and correct results)
  5.  Select Role Level analysis (with same or any other user)
  6.  Enter same parameters as step 2 for analysis
  7.  Schedule background job to run immediately
  8.  View background job results (successful job, but the error message: u2018Failed to display resultu2019, instead of seeing the CC reports)
  I believe the error is somewhere in the running of a job with the same parameters (Same Role and same Report Type).  If I delete the previous jobs from the background history that have the parameters Iu2019m using and try the analysis again, a third time, with the same parameters as before, it will run successfully and display the correct results.
  Is this normal and acceptable operation for CC5.2 SP9?
  Is there a configuration change that would allow a job to be run in the background multiple times with the correct CC results?
  Is there a fix for this issue in a later support pack or with upgrade to 5.3?

• Update on Management View in VIRSA Compliance Calibrator 5.2

  Hello,
  is there a way to delete the Data for the Management View in VIRSA Compliance Calibrator 5.2 and then make a full new data load.
  When I select Full Synchronisation and Management Reports in the Schedule Analysis, the system does not update the Management View correctly, the Management Report shows still roles which are already deleted in the SAP-System.
  Thanks

  Hi,
       You can do a Full sync of Users and Roles first which will be ovewrite and then run the Batch Risk Analysis Management Reports.
        You can try this exercise first if it does not work then go ahead with Alpesh's advice.
  Thanks
  Darshan

• Compliance Calibrator 5.1 Risk Categories

  Hello.
  Is there a difference in the way the systems reacts to a risk category i.e. if the risk is classified as High, does it stop a user from doing something? Is there any difference between medium and low or are the categories merely used in the risk analysis reports as a statistic?
  Thanks.

  It is still preventative in that you can perform a risk analysis simulation.  That is, you can test for risks <i>before</i> you grant the user access.  It is also preventative in that it is testing segregation of duties controls, which are a type of preventative control.
  Risk Terminator leverages from the Compliance Calibrator rule-sets and basically modifies the user maintenance and role maintenance tcodes to add a risk-analysis step in there.  So, for example, if you are maintaining a role, when you go to generate, it will perform a risk analysis and you will have to document the reasons for creating/changing a risky role.  Same when you assign roles to a user that combine to cause a risk.  So, yes, Risk Terminator is also preventative.  As is Access Enforcer.

• Compliance Calibrator for SRM and SCM???

  Hello,
  Can we use the compliance calibrator for the modules like SRM and SCM? Do we get any ruleset for these modules from SAP or need to create ourself?
  Thanks in advance
  Eric

  Alexander,
  Thanks for your prompt response. But the note available from SAP is not included SCM?
  <b>Note 1033326 - Compliance Calibrator 5.2 Rule Upload</b>
  SOD Action and Permission level rules are provided for R/3, APO, ECCS, CRM
  and SRM. HR and Basis rules are included in the R/3 but also broken out
  separately.
  Could you tell me what all other modules are included in the standard ruleset?
  Thanks in advance
  Eric