Compliance Calibrator standard rule files needed

Similar Messages

• Compliance Calibrator Default Rules Upload Files

  I'm implementing Compliance Calibrator 5.1, and I'm at the point where I need to upload the default rule-set.  However, I cannot locate the flat files required for the initial rule-set upload (i.e. business process, function, and risk definitions).  I've read through the user guides, but they don't seem to reference exact file names or specify where the files would be located after install.  Thanks in advance for your help.

  Varun,
  you may get a quicker answer to your question in the GRC forum
  Governance, Risk and Compliance (SAP GRC)

• SAP GRC 5.2 Compliance Calibrator rule sets for HR module

  HI All,
  The company i am working for has done installation of GRC 5.2. I would like to download the SAP out of box Compliance Calibrator rule sets for HR function module in a spreadsheet format.
  I would like to download the rule set for risks at Function level, Tcode level and also at authorization object level in ABAP and Roles, actions and permissions in JAVA.
  I will discuss with the BPAs, internal auditors and come up with a new rule set exclusively for my company needs with the help of the above spreadhseet.
  Please tell me what steps i need to do to get this thing done.

  Please go through the process but save these as txt files for UNIX. I am not sure about 5.2 but CC4 was not uploading rule files correctly if file was not saved for TXT for UNIX.
  Regards,
  Harry Sidhu

• Create rules in Compliance Calibrator for HR PD profiles

  Hello
  In Compliance Calibrator can we create a rule to check PD profile combinations?
  Example:
  We have 3 PD profiles say 1, 2, 3
  We dont want 1, 3 together
  Any help on this, is greatly appreciated.

  Alexander,
  Thanks for your prompt response. But the note available from SAP is not included SCM?
  <b>Note 1033326 - Compliance Calibrator 5.2 Rule Upload</b>
  SOD Action and Permission level rules are provided for R/3, APO, ECCS, CRM
  and SRM. HR and Basis rules are included in the R/3 but also broken out
  separately.
  Could you tell me what all other modules are included in the standard ruleset?
  Thanks in advance
  Eric

• Error while uploading standard text files for the Global rule set

  Hi all,
  As part of Post Installation Activities we have uploaded standard text files for business process, functions, risks and rule set obtained with the installable Software.
  While uploading the text files we have uploaded the Basis Functions Authorizations first and then R/3 text files.
  When we checked no actions are appearing in the rule architect under respective functions except for the BASIS Module.
  Is this because we have uploaded the Basis functions before the R/3 text files?If yes, how to replace the Basis with the R/3 ones.
  We tried to replace the Basis function authorizations by re-uploading the R/3 text files again but we got the below error message u201CORA-00001:unique constraint (SAPSR3DB.SYS_C004479) violatedu201D
  Can somebody please help in this regard how to get the standard rule set in our system?
  Thanks and Best Regards,
  Srihari.K

  Hi Sri,
  you should upload first the static text files and the authorization objects first and then the GRC standard rule set files following the instructions of the SAP Configuration Guide available in Service Market Place under http://service.sap.com/instguides .
  The GRC standard rule set contains files named Basis_functions_action.txt and R3_function_action.txt. The first one contains ONLY function definitions in terms of transcation codes for basis only, whereas the second one contains functions definition for basis AND ERP modules. The same holds for the *_function_permission.txt files. There are also function definition files for other SAP solutions such as APO, CRM, HR  etc.
  You can open a customer message and request a deletion script for the rule sets files you have uploaded already. After their application of this script all rule set data will be deleted from your database. If you have uploaded static text and authorization files correctly, you can then upload the GRC standard rule set files as needed again.
  best regards,
  Frank

• Rule file design need to reject some members in the same field

  Hi,
  I'm working on Essbase vrsn11.1.1.3.I'm building dimensions through rules file. I have a .dim file with parent child reference that have 5 fields(parent-child-alias1-alias2-property).
  The requirement is as such that the fourth field (alias2) is to be needed only for some members,Let say i have four members to load(A,B,C,D)Alias1 is required for all four members but alias2 is to be loaded only for B & D members.
  Is there any possibility to full fill this requirement, if so then kindly let me know
  thanks in advance
  Edited by: hyperion on Jan 12, 2012 4:01 PM

  create second rule file and load alias2 only with your select/reject criteria.
  Essbase rule file will reject entire record if at least one column matches up reject condition.

• Need some practical Scenarios to test Compliance Calibrator, FF and AE

  Hi Experts,
  I have installed Compliance Calibrator 5.2 / Access Enforcer and Firefighter on a test System. However i am looking for some practical scenarios / Examples to test the functionlity of these installations. If any of you is currently working on these technologies i appreciate if you c an provide 2 3 scenarios to test my installation and functionality .
  Thanks in advance.
  Your help is much apprecaited..
  SK

  Hi SK,
  Testing the functionality of CC
  1. I would recommend to create some test roles where in you plug in some conflicting tcodes
      which can pose a sure SoD Risk, lets say Create Vendor Invoice(FB01) and Make an
      Automatic Payment(F110).
  2. Now run the Risk Analysis by choosing the Default SAP GRC ruleset library and do a  
      Role level Analysis.Then Assign the Test Roles to Test Users and then do a User Level Analysis.
  3. You may have create some Custom Rule sets with appropriate naming of Conflicting functions
      like Creation of Purchase Order (P001), Approve Purchase Order(P002)
      in different Application Areas like Purchase 2 Pay(P2P), Order 2 Cash (O2D) and try to do
      the same as above two steps.
  4. Test the functionality of Risk Remediation by removing the conflicting tcodes and do the
      Risk Analysis.Your previous Risk Roles must not appear
  5. Test the functionality of Risk Mitigation by placing a mitigation Control on the Conflicting tcodes
     and do the Risk Analysis.Your previous Risk Roles must not appear if you have properly
      configured your CC
  Testing the functionality of FF
  1. I would say create a few Firefighter IDs in different functional areas like FI, SD, MM, and then
     create some test users for Firefighter Owners, Controllers and Firefighters who can use
     the functionality of FF.
  2. Create some FF roles which have exceptional access in those functional areas
      encompassing transaction codes and authorization objects that are not used in normal incidents.
  3. Assign each of the FF roles to the respective FF IDs and then to the test Firefighters.
  4. Pull the log reports in FF and see if it gives exact details of the FF usage.
  5. You may have take some assistance of the Functional team members to do the testing.
  Testing the functionality of AE
  1. Create a workflow scenario of hiring a new user.
  2. Create the request under a test requestor. Assign the request to some test approver
  3. Also Assign some roles and test the functionality.
  Hope this helps for a good start
  Regards,
  Kiran Kandepalli.

• Updating Compliance Calibrator Rule Set

  The business has decided to change a few rules by removing a couple of custom tcodes from the rule set.  In DEV I go into the Function and remove the objects associated with the tcode and disable the tcode.  After running the rule set update there is still some sort of tie.  I have created a test ID in DEV with a known issue around each of the changes.  I'm not getting a different result when running compliance calibrator.
  Any ideas?
  We are running R/3 4.6C and compliance calibrator 4.0

  Can you please check the following demo?
  [Virsa Compliance Calibrator Application for SAP v5.1 Demo|http://www.sdn.sap.com/irj/scn/elearn?rid=/library/uuid/d2f1cf9c-0d01-0010-2dac-aedd3c4f7f5b&overridelayout=true]
  Please give more details on the step where you got stuck.
  Regards,
  Dipanjan

• Re: Virsa Compliance Calibrator & Pre-defined SOD Rule Set

  Hi All,
  We have installed the Virsa Compliance calibrator 5.1 in our sandbox environment. When we goto the "Rule Architect" tab under Compliance calibrator using tcode /virsa/zvrat it brings up the page with Rules information.
  Per the Virsa documents that i read they have mentioned that there are pre-defined SOD Rules (Transaction codes and Tcode objects) that we can use in the Rule Architect.
  My question is how do i enable and use those pre-set SOD Rules that Virsa provides by default. I do not see them under the Rule architect tab though. Can someone give some pointers to use these pre-set SOD rules.
  Thanks & Regards
  -Murali

  Hi Laziz,
  Thanks for your patience in replying to my CC 5.1 queries. I did follow your steps for the Generate Rule & Background Job-> Schedule Analysis and scheduled the job immediate.
  However, when i looked up the status of the scheduled analysis Background Job-> Search pulls up the job i scheduled at the top it reads "Job scheduler Status: unknown error" . I clicked on "View Log" button and it shows some messages as shown below (Note: I am just posting some parts of the error msgs below. but it still goes for 1 page...)
  May 16, 2007 1:09:07 PM com.virsa.cc.xsys.bg.BgJobDaemon init
  INFO: *** BgJobDaemon loaded
  May 16, 2007 1:11:09 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  java.lang.NullPointerException
       at com.virsa.cc.common.util.ConfigUtil.setDefaultJ2EEParam(ConfigUtil.java:203)
       at com.virsa.cc.common.util.ConfigUtil.getBgJobStartURL(ConfigUtil.java:192)
       at com.virsa.cc.xsys.bg.AnalysisDaemonThread.run(AnalysisDaemonThread.java:45)
       at java.lang.Thread.run(Thread.java:534)
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.ReportPack50SP1_01 class: com/virsa/cc/extreport/ReportPack50SP1_01/ReportPack50SP1_01.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=1568 compressed size=1568 actual read=1568
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtActbyRsk_Act_RskLvl class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtActbyRsk_Act_RskLvl.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=13210 compressed size=13210 actual read=13210
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtRolbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtRolbyRsk.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=19287 compressed size=19287 actual read=19287
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtProfbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtProfbyRsk.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=12807 compressed size=12807 actual read=12807
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.UsersbyOrgLevels class: com/virsa/cc/extreport/ReportPack50SP1_01/UsersbyOrgLevels.class
  May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
  FINEST: Jar Entry length=18557 compressed size=18557 actual read=18557
  May 16, 2007 1:24:59 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
  WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
  java.lang.NullPointerException
  I am not sure whats causing this and it's been 2hrs since i scheduled the user analysis but i don't see any data still appearing in the fron-end..Any pointers again???
  Thanks
  -Murali

• Compliance Calibrator 5.1 Alert File generation

  Greetings,
  I would like to understand how the Compliance Calibrator (CC) 5.1 Alert Generation File is created.  I specify a file name in 'Configuration/Miscellaneous/Alert Log Filename & Location', and schedule the job via 'Configuration/Background Job/Alert Generation'.  The file is updated daily, but where is the data pulled from?  It looks like the data is sorted daily by User ID and tcode.  The data looks like it could come from the Security Audit Logs on ABAP instance, but would this be required?
  Any technical information would be helpful.
  Thank you,
  Rob

  Hi Rob,
    There are different types of alerts, which can be generated by Compliance Calibrator:
    a) system finds that certain mitigation reports were not run in time;
    b) end users executed critical transaction, listed in one of your risks;
    c) end user executed conflicting transactions, lsited in one of your risks.
    So, the data is pulled from your ABAP system. And it explains why you get the list of user IDs and tcodes.
    Please, advise whether it asnwers your question ? And if yes, award the points accordingly
  Best regards,
  Laziz

• Need the ability to export rule file field mappings

  Hi. I have a number of rule files that have a large number of field mappings (i.e. the Replace -> With options on the Global Properties tab). I was just wondering if anyone has found a way to export these to excel or similar.
  Thanks
  Sean
  Edited by: SeanO on 8/03/2010 15:38

  "The reason is due to bad print when having a view is shaded" Could you please explain?
  What are you planning to resolve? Which format has the printing issue?
  What other print options you want to use in addition to the forcetoblack?
  Please provide samples and steps to reproduce the problem. Thx
  Edited by: AutoVueAU_2 on Oct 27, 2012 9:43 PM

• Need to generate multiple error files with rule file names during parallel data load

  Hi,
  Is there a way that MAXL could generate multiple error files during parallel data load?
  import database AsoSamp.Sample data
    connect as TBC identified by 'password'
    using multiple rules_file 'rule1' , 'rule2'
    to load_buffer_block starting with buffer_id 100
    on error write to "error.txt";
  I want to get error files as this -  rule1.err, rule2.err (Error files with rule file name included). Is this possible in MAXL? 
  I even faced a situation , If i hard code the error file name like above, its giving me error file names as error1.err and error2.err. Is there any solution for this?
  Thanks,
  DS

  Are you saying that if you specify the error file as "error.txt" Essbase actually produces multiple error files and appends a number?
  Tim. 
  Yes its appending the way i said.
  Out of interest, though - why do you want to do this?  The load rules must be set up to select different 'chunks' of input data; is it impossible to tell which rule an error record came from if they are all in the same file?
  I have like 6 - 7 rule files using which the data will be pulled from SQL and loaded into Essbase. I dont say its impossible to track the error record.
  Regardless, the only way I can think of to have total control of the error file name is to use the 'manual' parallel load approach.  Set up a script to call multiple instances of MaxL, each performing a single load to a different buffer.  Then commit them all together.  This gives you most of the parallel load benefit, albeit with more complex scripting.
  Even i had the same thought of calling multiple instances of a Maxl using a shell script.  Could you please elaborate on this process? What sort of complexity is involved in this approach.? Did anyone tried it before?
  Thanks,
  DS

• Do you trust the SAP standard rule set ?

  Hello all,
  I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
  As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
  1. what is your SAP release  ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
  2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
  Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point. 
  So, the best practice is :
  a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
  b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
  You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
  Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
  Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
  Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu.  But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
  Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA.  The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA.  That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional  auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
  Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
  Success !
  Sam

  Sam and everyone,
  Sam brings up some good points on the delivered ruleset.  Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point.  This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks.  I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
  I'll try to address each area that Sam brings up:
  1.  Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific.  We therefore provide rules with the lowest common denominator when it comes to auth object settings.
  The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
  The underlying assumption is that we want to ensure the rules do not have any false negatives.  This means that we purposely activate the fewest auth objects required in order to execute the transaction.
  If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
  Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
  2.  For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone.  This is why we deliver only the core auth objects in our rules and not all.  A example is ME21N. 
  If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain.  However, in the rules we only enable one of the object, M_BEST_BSA.  This is to prevent false negatives.
  3.  Sam is absolutely right that the delivered auth object settings for FB01 have a mistake.  The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK.  This was a manual error on my part.  I've added this to a listing to correct in future versions of the rules.
  4.  Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed.  See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
  1083611 Compliance Calibrator Rule Update Q3 2007
  1061380 Compliance Calibrator Rule Update Q2 2006
  1035070 Compliance Calibrator Rule Update Q1 2007
  1173980 Risk Analysis and Remediation Rule Update Q2 2008
  5.  SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved.  See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008.  A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
  6.  Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
  https://www.sdn.sap.com/irj/sdn/bpx-grc                                                                               
  Under Key Topics - Access Control; choose document below:
      o  GRC Access Control - Access Risk Management Guide   (PDF 268 KB) 
  The access risk management guide helps you set up and implement risk    
  identification and remediation with GRC Access Control.

• Convert from Compliance Calibrator 4.0 to Risk Analysis and Remediation 5.2

  Hello Forum,
  I'm looking for other opinions on converting Compliance Calibrator (CC) 4.0 to Risk Analysis and Remediation (RAR) 5.2 (formerly CC)
  I have inherited responsibility for RAR and need to upgrade it to the 5.2 level; our current ECC level prevents us from going to 5.3
  I found a process that will unload the data from CC 4.0 and be imported into RAR 5.2
  I want to understand the definitions that comprise the RAR and was thinking about recreating the definitions in 5.2 based on what is already defined in the CC 4.0 system; I have time to do this since there is no definitive deadline that would make it impossible to meet
  Currently, I have the following definitions:
  Business Process 6 entries
  Functions 47 entries
  Risks 147 entries
  Mitigating Controls 40 entries
  Would others find this approach acceptable and reasonable even though I would be entering all the information? Basically, it would be like defining the data for the very first time if this was NEW software
  I would expect to come away with a good understanding of how everything ties together; at this point, I am only looking to create the necessary data that would allow for producing SOD reports that show all users with "risks" have been mitigated with acceptable controls
  Thanks for your responses in advance
  Jerry
  Ryerson, Inc
  630-758-2021

  Thanks for the reply
  I have the migration guide and have reviewed it; I have actually played around a bit with obtaining the file from CC 4.0; I found that the data records may need some adjustments to be compatible with RAR 5.2; one of the reasons that may be leading me to do everything from scratch
  The definitions currently defined were completed by an outside source and the mitigated controls were defined by the Internal Audit area
  I'm not sure if they were mixed with the defaults
  I'm not sure at this point what impact or changes I would experience if I use the "default" supplied rules set but I expect to find out
  Thanks again for your reply
  Jerry

• Appearing blank screen in compliance calibrator url

  hi
  i have recently installed java front end part of SAP GRC patches on a sap java server. and i have crated jco connections to connect to backend sysems. but after that , when i see with following url
  http//<server_name>:5<instance>00/webdynpro/dispatcher/sap.com/grc~ccappcomp/Compliance
  Calibrator 
  i can see the above heading as SAP GRC and all, but no content i can see.
  did any body face this kind of problem--- please help
  thanks
  Akhil

  Hi Akhil,
  You need to upload all the Standard UME roles provided by SAP onto the UME of GRC Server. You can find all these roles in VIRSAACCNTNT.sar files in the GRC AC package. When you'll un-car this file it will extract files having all the AC roles and you need to upload them in UME and assign users with all the necessary roles.
  The files would be re_ume_roles.txt; cc_ume_roles.txt and ae_ume_roles.txt.
  All the best!
  Cheers!
  Aman
  GRC RIG