Compliance Calibrator v.4.0 Installation Guide?
Does anyone have a Compliance Calibrator v.4.0 Installation Guide? I cannot find one on SAP Service Marketplace.
I have found a Security Guide, User Guide Supplement, User Guide, but no installation guide.
Thank you!
Hi there,
I have the guide, and I can give it to you.
Reach out to me at [email protected] and I'll get it to you.
Thanks,
Santosh
Similar Messages
-
Compliance Calibrator 5.2 Install Question
I am at a customer site installing Compliance Calibrator. We have followed the installation steps as outlined in the CC5_2_Install_700.pdf and everything has been going smoothly. We have restarted our instance and now we are trying to verify that it has installed properly. On page 44 of the guide, it says:
The Virsa Compliance Calibrator banner appears. This verifies that your installation was successful. There is no content below the banner until you:
- create JCo destinations.
- assign a role, provisioned to perform all Virsa Compliance Calibrator transactions, to a back‐end user account.
However, when we go to the URL as described in the guide, we get the netweaver login screen, but when we try to login, it doesn't show us the banner as described above. Instead it appears that the login has been rejected, though no rejection error message is displayed.
What step may we have missed?
Thanks,
Santosh KrishnanAlso please check what Language you have set for the user you are logging in with.
You must have created one user to access Virsa CC. Please check language option. If it is empty, kindly set to English
This should solve your problem.
Regards,
Faisal -
SAP GRC 5.2 Compliance Calibrator rule sets for HR module
HI All,
The company i am working for has done installation of GRC 5.2. I would like to download the SAP out of box Compliance Calibrator rule sets for HR function module in a spreadsheet format.
I would like to download the rule set for risks at Function level, Tcode level and also at authorization object level in ABAP and Roles, actions and permissions in JAVA.
I will discuss with the BPAs, internal auditors and come up with a new rule set exclusively for my company needs with the help of the above spreadhseet.
Please tell me what steps i need to do to get this thing done.Please go through the process but save these as txt files for UNIX. I am not sure about 5.2 but CC4 was not uploading rule files correctly if file was not saved for TXT for UNIX.
Regards,
Harry Sidhu -
Convert from Compliance Calibrator 4.0 to Risk Analysis and Remediation 5.2
Hello Forum,
I'm looking for other opinions on converting Compliance Calibrator (CC) 4.0 to Risk Analysis and Remediation (RAR) 5.2 (formerly CC)
I have inherited responsibility for RAR and need to upgrade it to the 5.2 level; our current ECC level prevents us from going to 5.3
I found a process that will unload the data from CC 4.0 and be imported into RAR 5.2
I want to understand the definitions that comprise the RAR and was thinking about recreating the definitions in 5.2 based on what is already defined in the CC 4.0 system; I have time to do this since there is no definitive deadline that would make it impossible to meet
Currently, I have the following definitions:
Business Process 6 entries
Functions 47 entries
Risks 147 entries
Mitigating Controls 40 entries
Would others find this approach acceptable and reasonable even though I would be entering all the information? Basically, it would be like defining the data for the very first time if this was NEW software
I would expect to come away with a good understanding of how everything ties together; at this point, I am only looking to create the necessary data that would allow for producing SOD reports that show all users with "risks" have been mitigated with acceptable controls
Thanks for your responses in advance
Jerry
Ryerson, Inc
630-758-2021Thanks for the reply
I have the migration guide and have reviewed it; I have actually played around a bit with obtaining the file from CC 4.0; I found that the data records may need some adjustments to be compatible with RAR 5.2; one of the reasons that may be leading me to do everything from scratch
The definitions currently defined were completed by an outside source and the mitigated controls were defined by the Internal Audit area
I'm not sure if they were mixed with the defaults
I'm not sure at this point what impact or changes I would experience if I use the "default" supplied rules set but I expect to find out
Thanks again for your reply
Jerry -
Need some practical Scenarios to test Compliance Calibrator, FF and AE
Hi Experts,
I have installed Compliance Calibrator 5.2 / Access Enforcer and Firefighter on a test System. However i am looking for some practical scenarios / Examples to test the functionlity of these installations. If any of you is currently working on these technologies i appreciate if you c an provide 2 3 scenarios to test my installation and functionality .
Thanks in advance.
Your help is much apprecaited..
SKHi SK,
Testing the functionality of CC
1. I would recommend to create some test roles where in you plug in some conflicting tcodes
which can pose a sure SoD Risk, lets say Create Vendor Invoice(FB01) and Make an
Automatic Payment(F110).
2. Now run the Risk Analysis by choosing the Default SAP GRC ruleset library and do a
Role level Analysis.Then Assign the Test Roles to Test Users and then do a User Level Analysis.
3. You may have create some Custom Rule sets with appropriate naming of Conflicting functions
like Creation of Purchase Order (P001), Approve Purchase Order(P002)
in different Application Areas like Purchase 2 Pay(P2P), Order 2 Cash (O2D) and try to do
the same as above two steps.
4. Test the functionality of Risk Remediation by removing the conflicting tcodes and do the
Risk Analysis.Your previous Risk Roles must not appear
5. Test the functionality of Risk Mitigation by placing a mitigation Control on the Conflicting tcodes
and do the Risk Analysis.Your previous Risk Roles must not appear if you have properly
configured your CC
Testing the functionality of FF
1. I would say create a few Firefighter IDs in different functional areas like FI, SD, MM, and then
create some test users for Firefighter Owners, Controllers and Firefighters who can use
the functionality of FF.
2. Create some FF roles which have exceptional access in those functional areas
encompassing transaction codes and authorization objects that are not used in normal incidents.
3. Assign each of the FF roles to the respective FF IDs and then to the test Firefighters.
4. Pull the log reports in FF and see if it gives exact details of the FF usage.
5. You may have take some assistance of the Functional team members to do the testing.
Testing the functionality of AE
1. Create a workflow scenario of hiring a new user.
2. Create the request under a test requestor. Assign the request to some test approver
3. Also Assign some roles and test the functionality.
Hope this helps for a good start
Regards,
Kiran Kandepalli. -
Compliance Calibrator standard rule files needed
Hello, we need the standard rule files (.txt) for the Compliance Calibrator 5.2. We don't have the installation software accessible atm and couldn't find anything on the SAP marketplace.
If someone could give us information on where to get these files explicitly would be great.
Thanks and best regards,
JanThe rules are delivered together with the software which you will be able to download if you hold a valid software license for SAP GRC Access Control. Your organization holds valid licenses of the software in several countries, e.g. in Germany, France, India, Italy, the Netherlands, and the US.
-
Configuring Role Expert Web services for Compliance Calibrator
Hi @all,
performing the configuration of Virsa Role Expert I've got a question regarding the settings for the various Web Service Info. for the Compliance Calibrator.
Apart from the Web Service URL, user name and password need to be declared. The user guide names 'sapgrc' and 'webuser' as account names.
My question: How do I setup these accounts? Is this an UME-Job - if so: what are the required roles and authorizations for these accounts?
Kind regards,
MartinHi,
the Web Services URLs are:
Web Service Info. for CC Risk Analysis: http://SERVER_NAME:PORT/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
Web Service Info. for CC Transaction Usage: http://SERVER_NAME:PORT/VirsaCCActionUsageService/Config1?wsdl&style=document
Web Service Info. for CC Mitigation Control: http://SERVER_NAME:PORT/VirsaCCMitigation5_0Service/Config1?wsdl&style=document
Web Service Info. for CC Functions: http://SERVER_NAME:PORT/VirsaCCFunction5_0Service/Config1?wsdl&style=document
Web Service Info. for AE Workflow: http://SERVER_NAME:PORT/AEWFRequestSubmissionService_5_2/Config1?wsdl&style=document
Does that answer your question?
Regards,
Martin -
Compliance Calibrator Administrator ID
As stated in the guides, the user id for the GRC Administrators for access to Compliance Calibrator UI is to be created through the UME.
In the UME we have created the user ID with a role with the actions:
UME.AclSuperUser
UME.Batch_Admin
UME.Manage_All
UME.Manage_All_Companies
UME.Manage_Groups
UME.Manage_My_Profile
UME.Manage_Roles
UME.Manage_Users
UME.Sync_Admin
Com.virsa.cc.ChangeAdmins
Com.virsa.cc.ChangeBP
Com.virsa.cc.ChangeBUnit
Com.virsa.cc.ChangeCrActions
Com.virsa.cc.ChangeCrProfiles
Com.virsa.cc.ChangeCrRoles
Com.virsa.cc.ChangeFunction
Com.virsa.cc.ChangeMitCntl
Com.virsa.cc.ChangeMitHRObject
Com.virsa.cc.ChangeMitProfile
Com.virsa.cc.ChangeMitRole
Com.virsa.cc.ChangeMitUser
Com.virsa.cc.ChangeOrgRules
Com.virsa.cc.ChangeRisks
Com.virsa.cc.ChangeRuleSet
Com.virsa.cc.ChangeSupplementRule
Com.virsa.cc.ClearAlert
Com.virsa.cc.CreateAdmins
Com.virsa.cc.CreateBP
Com.virsa.cc.BUnit
Com.virsa.cc.CreateCrActions
Com.virsa.cc.CreateCrProfiles
Com.virsa.cc.CreateCrRoles
Com.virsa.cc.CreateFunction
Com.virsa.cc.CreateMitCntl
Com.virsa.cc.CreateMitHRObject
Com.virsa.cc.CreateMitProfile
Com.virsa.cc.CreateMitRole
Com.virsa.cc.CreateMitUser
Com.virsa.cc.CreateOrgRules
Com.virsa.cc.CreateRisks
Com.virsa.cc.CreateRuleSet
Com.virsa.cc.CreateSupplementRule
Com.virsa.cc.DeleteAdmins
Com.virsa.cc.DeleteAlert
Com.virsa.cc.DeleteBP
Com.virsa.cc.DeleteBUnit
Com.virsa.cc.DeleteCrActions
Com.virsa.cc.DeleteCrProfiles
Com.virsa.cc.DeleteCrRoles
Com.virsa.cc.DeleteFunction
Com.virsa.cc.DeleteMitCntl
Com.virsa.cc.DeleteMitHRsObject
Com.virsa.cc.DeleteMitProfile
Com.virsa.cc.DeleteMitRole
Com.virsa.cc.DeleteMitUser
Com.virsa.cc.DeleteOrgRules
Com.virsa.cc.DeleteRisks
Com.virsa.cc.DeleteRuleSet
Com.virsa.cc.DeleteSupplementRule
Com.virsa.cc.ExportRules
Com.virsa.cc.GenerateAlert
Com.virsa.cc.ImportRules
Com.virsa.cc.MassFuncMaint
Com.virsa.cc.RunAuditReports
Com.virsa.cc.RunRiskAnalysis
Com.virsa.cc.RunSecurityReports
Com.virsa.cc.ViewAlertMonitor
Com.virsa.cc.ViewBgJobLog
Com.virsa.cc.ViewConfiguration
Com.virsa.cc.ViewInformer
Com.virsa.cc.ViewMgmtReport
Com.virsa.cc.ViewRuleArchitect
Basically, this is the administrator role for the UME that we have in the development environment currently.
When we attempt to log on to the Compliance Calibrator, we get logged out immediately.
We do not even see the top bar of the compliance calibrator UI.
I have checked the SDN forums and according to the developers here, it is because there is no JAVA role assigned to the user but we have assigned all the actions to the user.
Do advise if there is a step that we have missed out during the user creation.Hi Chee,
I'm installing Compliance Calibrator 5.1 on WAS7.0. now when i configure the administrator role for Portal user, I'm not able to see any of the com.virsa.cc actions in available actions list.
In the inst guide for CC 5.2 it suggests a alternate method to upload a role file UME Roles file, UMERoles_CC52.txt. Where can we find this file for CC5.1.
Help me on this issue. I'm really troubled due to this with no leads at all.
Please suggest me a way.
Thanks,
Vishal. -
SAPu00AE COMPLIANCE CALIBRATOR BY VIRSA SYSTEMS
Hello all,
My company are thinking of implementing the above for auditing purposes to comply with Sarbanes-Oxley and compliance. I have read some documentation from the SAP website and this documentation states that:
"Because SAP Compliance Calibrator by Virsa Systems is embedded in your SAP system, no additional hardware or software is required."
Has anyone implemented this soultion? If so is there any additional documentation available for it?
Cheers,
Bernard.David,
As We are in the process of implementing this virsa tool but we are not sure as to what are the exact steps that we should extract to. Do you have a step by step guide (apart from the VIRSA install guide) which would guide us through the complete install and configuration. We have ECC 6.0 ,Portal,BI 7,CRM 5
Would you be kind enough to send the information to me asap.
Please forward me the doc to following id , I will be very much appreciate if you could do the help ..
[email protected]
Thanks
Laxmi -
Compliance Calibrator 5.2 Application Error
Hi,
I have deployed compliance calibrator 5.2 webdynpro on Web AS Java 700 SP10.
The database is SAP DB on windows 2003.
I have followed the installation document and after deploying the ccappcomp file and all other files.I have restarted the server thro SAPMMC.
On testing the compliance calibrator login URL , I am not able to login.
From the database log.. database.0.log
I have got below error
" "#1.5#0013210AB163006A0000001C00002BBC00042F422447C85F#1177861030040#/System/Database/sql/jdbc/common#sap.com/tcwddispwda#com.sap.sql.jdbc.common.CommonPreparedStatement#Administrator#59####7e57cfb0f66711dbbda40013210ab163#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#com.sap.sql.jdbc.common.CommonPreparedStatement#Java#com.sap.sql_0019#com.sap.sql.log.OpenSQLResourceBundle#Exception of type caught: .#2#com.sap.sql.log.OpenSQLException#Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".#"
Please advise and thanks a much for your guidance.
Cheers,
cOMPLIANCE cALIBRAHi,
I have deployed compliance calibrator 5.2 webdynpro on Web AS Java 700 SP10.
The database is SAP DB on windows 2003.
I have followed the installation document and after deploying the ccappcomp file and all other files.I have restarted the server thro SAPMMC.
On testing the compliance calibrator login URL , I am not able to login.
From the database log.. database.0.log
I have got below error
" "#1.5#0013210AB163006A0000001C00002BBC00042F422447C85F#1177861030040#/System/Database/sql/jdbc/common#sap.com/tcwddispwda#com.sap.sql.jdbc.common.CommonPreparedStatement#Administrator#59####7e57cfb0f66711dbbda40013210ab163#SAPEngine_Application_Thread[impl:3]_3##0#0#Error#1#com.sap.sql.jdbc.common.CommonPreparedStatement#Java#com.sap.sql_0019#com.sap.sql.log.OpenSQLResourceBundle#Exception of type caught: .#2#com.sap.sql.log.OpenSQLException#Cannot assign NULL to host variable 1. setNull() can only be used in INSERT and UPDATE statements. The statement is "SELECT MIN("YEARMONTH") "YEARMONTH",MIN("VIOLTYPE") "VIOLTYPE",MIN("VSYSKEY") "VSYSKEY",MIN("ANLTYPE") "ANLTYPE",MIN("USERGROUP") "USERGROUP",SUM("TOTCOUNT") "TOTCOUNT",SUM("RISKLOW") "RISKLOW",SUM("RISKMED") "RISKMED",SUM("RISKHIGH") "RISKHIGH",SUM("RISKCRT") "RISKCRT",SUM("URNONE") "URNONE",SUM("URLOW") "URLOW",SUM("URMED") "URMED",SUM("URHIGH") "URHIGH",SUM("URCRT") "URCRT",SUM("URMIT") "URMIT",MAX("TOTCRTCD") "TOTCRTCD",SUM("CRTCD") "CRTCD",MAX("TOTCRROLE") "TOTCRROLE",SUM("CRROLE") "CRROLE",SUM("TOTUSER") "TOTUSER",MIN("RUNDATE") "RUNDATE" FROM "VIRSA_CC_MGMTTOT" WHERE "YEARMONTH" = ? AND "VIOLTYPE" = ? AND "VSYSKEY" LIKE ? AND "ANLTYPE" = ? AND "USERGROUP" LIKE ?".#"
Please advise and thanks a much for your guidance.
Cheers,
cOMPLIANCE cALIBRA -
Compliance Calibrator Default Rules Upload Files
I'm implementing Compliance Calibrator 5.1, and I'm at the point where I need to upload the default rule-set. However, I cannot locate the flat files required for the initial rule-set upload (i.e. business process, function, and risk definitions). I've read through the user guides, but they don't seem to reference exact file names or specify where the files would be located after install. Thanks in advance for your help.
Varun,
you may get a quicker answer to your question in the GRC forum
Governance, Risk and Compliance (SAP GRC) -
Compliance Calibrator 5.2 RTA for Non-SAP Apps
Hi all,
Can SoD rules be written for analyzing a Users access to SAP and NON-SAP applications across the enterprise?
If yes will CC RTA need to be installed on the NON-SAP application?
If yes are there any requirements that need to be met by NON-SAP application and is there a list of NON-SAP applications (other than-Peoplesoft, Oracle, Hyperion, JD Edwards) that CC has an RTA for?
Is there any documentation specific to aplications that can support CC RTAs and installation on these?
-CheersHi,
Yes SoD rules can be written for analyzing user accesses to SAP and non-SAP applications.
Basically there is no other application for which an RTA exists, but there is a documentation discussing the technical requirements for file generation from the non-SAP systems for integration of non-SAP Systems with SAP Compliance Calibrator.
This documentation is available in <a href="http://service.sap.com/rkt-grc">http://service.sap.com/rkt-grc</a>
under SAP GRC Access Control 5.2 -> SAP GRC Compliance Calibrator 5.2 -> Step2: Prepare for your project -> Cross Application Material
You'll need your OSS user-id to access that page; in case you cannot access it, please post a message in the OSS.
Rgds,
Karim -
Compliance Calibrator 5.2
Hi,
Does anyone has configuration guide to compliance calibrator 5.1 or 5.2? All the rule architect is empty. Please advice. Thanks.
Regards
FloHi Florence,
I was out of the office for a while and because of that could not access this forum.
As you use CC 5.2, there are slight changes in the way you configure the link in comparison to version 4.0 and below.
- all of your target R/3 systems need to be registered in your SAP SLD;
- NW server running CC engine should be aware of your SLD Supplier as well;
- On your NW server open JCo maintenance and create two connections to your target server: for Metadata and for Model. Server details will be obtained from SLD;
- login to your CC 5.2 Web site and in Configuration section click "Connection" tab. You'll need to activate connection for each R/3 backend. Use "Adaptive RFC" option for SAP links and in fact it'll be your required RFC connection.
There is no need to setup any RFC connections via SM59 now.
Hope this helps. Please, award the points if your consider this answer to be useful.
Thanks,
Laziz -
Compliance Calibrator Start up
Hi,
We are planning to bring SOD tool Compliance calibrator soon for our r/3 system.......
before that I need to know how it works....I mean SAP provides CC software to be installed on R/3 server???
Can some tell me on which server CC installation takes place.Hi Lisa,
Purpose of Installing RTA in R/3 Server
==============================
This is an ABAP component which continously and regularly collects data from R/3 Server. As I said, this the Backend used by all the GRC components that is:
1)Access Enforcer
2)FireFighter
3)Role Expert and
4)Compliance Calibrator
What we install in J2EE Server and Purpose of it
====================================
These are Java Deployable files (called Software Deployable Archives, SDA). These files form the frontend to access GRC components. The purpose of this is that, this forms an Interface to access the different applications.
You have different SDAs for different applications like:
1)Access Enforce
2) Role Expert
3) FireFighter and
4) Compliance Calibrator
For each application, you have respective Java Deployable files i.e., SDAs. Example, if you want to use Compliance Calibrator, then you need to install it FronEnd files (SDAs) on J2EE server access through Web Browser.
Data Flow
=========
I will take Compliance Calibrator example and explain it you you:
You have RTA installed in R/3 server and frontend files on J2EE server.
As you know, Compliance Calibrator is SODs violations reporting tool. Here you define all the rules and save it. You run reports called "Synchronization" for:
Users
Roles and
Profiles
When you run this, RTA (ABAP component in R/3 Server) will send the data as per your selection (User/Role/Profile) to FrontEnd on J2EE server where it maintains its own database in J2EE server for rendering purpose.
Then you run the "Risk Analysis" reports in front end of different types:
User
Roles and
Profiles
Then it gives you the reports accordingly. Any change in the R/3 Server, you need to re-run the "Synchronizaiton" reports again. Usually, these reports are run every day on "Incremental" basis.
Hope, this will answer what you have asked for.
Feel free to ask further queries.
Reward points if useful.
Thanks and Regards,
Faisal -
Installation guide for 9ias on RedHat Advanced Server 3
Hi
Does anyone has the installation guide for 9ias on RedHat Advanced Server 3 please? Thank you!there is an installation guide for oracle applic server 9 and above on red hat advanced server 3 in pdf format on the linux technology center page on oracle. here is the file link.
"Install Guide: Oracle Application Server on Red Hat Enterprise Linux AS (PDF) May 2003"
you may wanna check the following link for that page.
http://otn.oracle.com/tech/linux/index.html
is this what you are looking for?
asif
Maybe you are looking for
-
Buttons not working when viewing .pdf on tablet...
I created a .pdf to view on a tablet. My links are working, but the buttons I created are not. For example, Button 1 is supposed to take the user back to page 1, but touching the button does nothing. Help! Thanks!
-
Why can't I download or update apps running IOS 8.1.1
help
-
Time machine automatically added my external hd to exclusion list
Has this happened to anyone? Today I happened to open Time Machine and look at the exclusion list to find that my portable external hard drive, which I carry with my macbook everywhere and is where I store most of my files, and which I have always in
-
Deleted playlist that updates ipod-- lost all music on ipod
like an idiot-- i accidentally deleted the playlist that is used to update the songs on my nano. so now whenever i connect my nano to update it theres a msg that says something like "cannot update ipod, the playlist used to update has been deleted."
-
User Exit for VA01 and VA02 transaction codes
Hi, I am writing a userexit for PO number checking for VA01 and VA02 transaction codes.The PO number should be unique in the table (vbkd-bstkd).Duplicate PO number entries can be checked with Sold-to Party.If anybody written something like this....pl