Different Risk Analysis Results with 10.0 and 10.1

Similar Messages

• Different Risk Analysis Results with the same user from 2 different RAR

  Hi..
  I've loaded the same Risks, Rules, etc, into 2 GRC RAR environments (Sandbox and Quality systems); both of them are connected with the same SAP ECC system. But when I do a User Risk analysis (authorization level), the result from Sandbox is different from Quality system. I donu2019t have users or roles mitigated yet, users are synchronized, rules are exactly the same and I donu2019t know what happen??... Please, help me.
  Thanks...

  Hi...
  If I do a Full Sync of users to the same ECC system from both RAR boxes, I got different number of users loaded (i.e. 18757 vs. 18141), similar case with the full sync of roles. (13100 vs.  13150).
  If I load exactly the same set of functions to both RAR systems and I generate the rules, I got the same problem, different number of rules is generated.
  I've verified both RAR configuration and they are the same (excluded users, roles mitigated, etc.)
  Is it a normal behavior? What could be wrong?
  Thanks in advance!!

• Difference in risk analysis results post sp upgrade

  Hi Team,
  Recently we upgraded our GRC component in dev box to SP level 14. We reactivated the BC sets and ran all sync jobs.
  Now the risk analysis results are very different from the non upgraded system.
  Do we need to activate BC sets post SP upgrade ? Also how will be the latest rule sets released by SAP imported into the system ?
  Thanks in advance.
  Regards,
  Anil

  Hi,
  Isn't ANALYZE outdated for R12?
  You may still use the Analyze command in 11g Database (R12 is application version), and is not obsolete.
  Please refer:
  Analyzing Tables, Indexes, and Clusters
  Ask Tom "analyze in 11g ,not obsolete?"
  How would this resolve the issue?
  If the optimizer is not updated with the latest statistics in database, then the COUNT(*) will not be updated and as a result the count will be showing a lower value.
  I suggested you to perform an analyze or gather schema statistics in order to eliminate probable cause for the issue.
  Thanks &
  Best Regards,

• CUP Risk Analysis results are not shown, continues processing request

  We have several users that complain the risk analysis in CUP never finishes. Requests do not contain risks or huge amount of risks which could explain a long runtime.
  With one user we checked, the user is never getting the risk analysis result on his screen. Sitting together with the user shows that the progress bar at bottom of IE is completing analysis, however the screen is not updated to show the risk analysis result and continues to show the processing circle.
  On other pc's CUP risk analysis result is shown as expected, so it must be some issue in local PC Internet Explorer settings.
  Environment used is Windows XP with IE 8. GRC version is 5.3.
  Have any of you experienced the same? And is there a solution available that will resolve this issue, by e.g. correcting settings in IE 8?

  Hello!
  If you want to successfully use GRC 5.3 with IE8, you have two options:
  1) Change a parameter in the server
  2) use the compatibility mode.
  3) Update NW
  refer to [Note 1347768 - Web Dynpro and Microsoft Internet Explorer Version 8.0|https://service.sap.com/sap/support/notes/1347768]
  I dismiss option 2, because it requires to change in every end user computer, so I've been working with option 1 without problems. Bear in mind that NW 7.01 is supported:  [Note 1433940 - Access Control compatibility on Netweaver Java server 7.01|https://service.sap.com/sap/support/notes/1433940]
  Cheers!
  Diego.

• I have different account ID's with my iphone and computer. I would like to standardise both to just the one. One of the ID's doesn't work, when I tried to list the second email with the preferred one a message telling me that this email is already in

  I have different account ID's with my iphone and computer.
  I would like to standardize both to just the one.
  One of the ID's doesn't work, when I tried to list this second email with the preferred one a message telling me that this email is already in use pops up.. yes it is, with me??
  Is there an easy to fix this please, Fabfitz

  If the email address you want to use is being used as the primary email address on a different ID you have to manage that ID and change it to a different primary email address.  This explains how: Change your Apple ID - Apple Support.
  If it is being used as an alternate or rescue address on a different ID, you manage the ID and either remove it or change it to a different email address.  This explains how: Manage your Apple ID primary, rescue, alternate, and notification email addresses - Apple Support.

• Risk Analysis result different in DEV and PROD

  Hi Gurus,
  I have modified few functions in development and transported the changes but after transport there is a new SOD produced at the user level and with same access in Development there is no violation when I checked the function permission there is two duplicate entries in production ruleset compared to Development. Do I need to remove the duplicate entries in production and then run risk analysis is this going to fix SOD ?
  My assumption is GRC 10 doesn't have ability to transport changes for deletion in functions.
  Regards,
  Salman

  Dear Salman,
  looks that the rules have been appended so it shows twice.
  I suggest to download the correct rules from DEV and upload in PROD again. You can use program GRAC_UPLOAD_RULES to upload in PROD. Please make sure you set the option to overwrite, and not append.
  With GRAC_RULE_DELETE you can also delete the rules before you upload (not necessary, but possible).
  Hope this helps.
  Regards,
  Alessandro

• Did CUP risk analysis change with SP7?

  Dear GRC experts,
  I am pretty sure when we tested CUP 5.3 SP4 when doing risk analysis it would only show new risks caused by new roles selected in request (like Risks from Simulation Only YES in RAR). Exisitng risks for that user would not be shown.
  Now with CUP 5.3 SP7 fix1 we get the existing risks shown as well not in any way related to the role(s) selected, which will be confusing to the role approvers. E.g. role request is display role, approver needs to run risk analysis and gets existing risks shown. He/she can not deselect roles to remove risks as only display role is in request. There might be no mitigating controls for those risks (creation of new mitigating controls is blocked). This would end up in requests with risks even though the requested role is not risk relevant, or even request gets stuck because no mitigatign control exists and config is set to do not allow approval of requests with risks.
  Please confirm if indeed only new risks where shown in CUP risk analysis in previous support pack levels or rel. 5.2, or that I am mistaken and all risks where always shown at risk analysis in CUP.
  Principally I think existing risks should be focus of GET CLEAN effort. Risk analysis in CUP should focus on preventing new risks at part of STAY CLEAN phase.

  Hi,
  When we run Risk Analysis for the user, it will show the existing violations as well as the violation which are there with new roles also.
  When we click on Risk Analysis under Simulation tab we can find Risk Violation details.
  Here I have a doubt, how to deselect violation role while approving request. I m unable to find that option. Please advice.
  Thanks & regards,
  KKRao.
  Edited by: KKRao_2020 on Oct 9, 2009 9:22 AM
  Edited by: KKRao_2020 on Oct 9, 2009 9:27 AM

• AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.

  Dear All,
  we have users that have regular day-today authorization and also FF authorization.
  Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
  Thanks
  Yudit

  ok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
  in that case, at what stage does the system checks for those combined risks ?
  is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
  thanks
  Yudit

• IQ09 - Different process for material with bacth Split and no Batch

  Hello,
  i want to know if IQ09 treats material with batch number and no batch in the same way for fetching the serial number.
  view V_EQUI_EQBS_SML is used to fetch the serial numbers.
  i just need to confirm if the process is same in case a material has batch & no Batch together.
  Thanks
  Renu

  Hi,
  We faced the same problem and went back to option:
  Cont.Ins Lot creation (QMAT-CHG) = "For each Material Document item
  This solves the problem and was in our case the solution for receipts from production. But at goods receipt for purchase orders we still use the option for each material document, batch and SL.
  There we pick up the materials in WM by hand by scanning the bar codes on the pallets (printed at GR). The transfer order creates a negative quant in unrestricted use that is later filled by the automatic usage decision that moves the stock from quality to unrestricted in the same bin.
  Hope this helps.....
  Arno

• The risk analysis results are different when choose report type as "summary" and "management" summary

  Hello experts,
  I found a expired user with SOD conflicts in "management summary" report format, but it doesn't exist in "Summary" report. You can find the screenshot in attached file. The user name is "YINPENG2_BK".
  What happened? The result of different report formats are from different data source?
  Sincerely yours,
  Lynn

  Hi Lynn,
  that's not an issue from the system. It's more a handling issue as the results are splitted into several result sets. In management summary view you have only one result set as it's grouped by user and risk, whereas you have more than one in summary view (as you have multple entries for each user and risk).
  Change to the second, third, etc. result set and you will see the user in the list:
  Regards,
  Alessandro

• Different Results with Powershel v2 and v3

  Hope someone can help me determine why there is a difference in my data between v2 and v3 of Powershell. I do my development on my laptop which has version 3 installed, but the script is executed on a server which has version 2 installed.
  #create directory searcher object and set it's porperties
  $searcher = New-Object DirectoryServices.DirectorySearcher
  # (!userAccountControl:1.2.840.113556.1.4.803:=2) - Filters out disabled accounts
  $searcher.Filter = '(&(objectCategory=person)(objectClass=user)(!samaccountname=ITS-*)(!userAccountControl:1.2.840.113556.1.4.803:=2))'
  $searcher.PageSize = 5
  $searcher.SearchRoot = "LDAP://OU=District Offices,DC=myDomain,DC=com"
  #load only the following properties
  $params = @("samaccountname","sn","givenname","mail","physicaldeliveryofficename","department","title","manager","distinguishedname")
  foreach($param in $params)
  $searcher.PropertiesToLoad.Add($param) | Out-Null
  try
  $found = $searcher.FindAll()
  $found | ForEach-Object {
  if (($_.Properties["distinguishedname"] -notlike "*,OU=Generic User Accounts*") -and ($_.Properties["title"] -notlike "*Consultant*") `
  -and ($_.Properties["title"] -notlike "*Commissioner*") -and ($_.Properties["title"] -notlike "*Security Guard*") `
  -and ($_.Properties["title"] -notlike "*OSC*") -and ($_.Properties["title"] -notlike "*DCC*Temp*") -and ($_.Properties["samaccountname"] -ne "tbjohn") `
  -and (($_.Properties["mail"] -ne "")))
  $filtered += $_
  Running this script on my machine produces the data that the user is looking for. When I run it on the server, there are users in the data file that should not be. In the filter statement if I change
  -and (($_.Properties["mail"] -ne "")))
  #TO BE
  -and (($_.Properties["mail"] -ne $null)))
  Then those users are removed, but then other users are included and I haven't figured out why yet. Why would there be a difference, with the above script? I would think that should work in any version but obviously that is not true.
  If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
  Don't Retire Technet

  jrv, with your modifications, things look to be going great, but again I am having an issue between version 3 and version 2 of powershell
  I have the following code in a file
  $searcher = New-Object DirectoryServices.DirectorySearcher
  $searcher.Filter = '(&(objectCategory=person)(objectClass=user)(mail=*)(!samaccountname=ITS-*)(!userAccountControl:1.2.840.113556.1.4.803:=2))'
  $searcher.PageSize = 5
  $searcher.SearchRoot = "LDAP://OU=District Offices,DC=MyDomain,DC=com"
  #load only the following properties
  $params = @("samaccountname","sn","givenname","mail","physicaldeliveryofficename","department","title","manager","distinguishedname")
  foreach($param in $params)
  $searcher.PropertiesToLoad.Add($param) | Out-Null
  # Filtered results to exclude certain OU's
  $filtered = @()
  try
  $filtered += $searcher.FindAll() | Where {
  $_.Properties["distinguishedname"][0] -notmatch ",OU=Generic User Accounts" `
  -and $_.Properties["title"][0] -notmatch "Consultant|Commissioner|Security Guard|OCS|DCC.*Temp" `
  -and $_.Properties["samaccountname"][0] -ne "tbjohn"
  $filtered.Count
  catch
  Write-Host "Error occured $_"
  exit
  I then did two different tests. In a command window I run the following
  C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -Version 3.0 -ExecutionPolicy RemoteSigned -File F:\PS_Scripts\ADTest.ps1
  The results here return the count of 2485, yet if I force it to use version two with the following command
  C:\Windows\System32\WindowsPowershell\v1.0\powershell.exe -Version 2.0 -ExecutionPolicy RemoteSigned -File F:\PS_Scripts\ADTest.ps1
  The results returned is an error stating "Cannot index into a null array", is there a difference in the DirectorySearcher object in version 2.0 compared to version 3.0?
  If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
  Don't Retire Technet

• Why are all the sound levels so different!?? With VST's and in Ultrabeat...

  I'm having so much trouble with the audio levels in logic pro. It seems every VST has a completely different level when the volume on the vst is set to 100. Miroslav Philharmonik is EXTREMELY quiet..., and when I load drums into ultrabeat, they immediately peak like crazy. I tried loading my drums up in battery 3 after that, and all the drums where extremely quiet compared to my other vst's YET it showed in the mixer that they were peaking????? I don't understand what's happening, I know you have to mix but this never happened in any other daw that I've used.

  I'm having so much trouble with the audio levels in logic pro. It seems every VST has a completely different level when the volume on the vst is set to 100. Miroslav Philharmonik is EXTREMELY quiet..., and when I load drums into ultrabeat, they immediately peak like crazy.
  It's one of a the reasons mixers have volume controls.
  Seriously - an orchestral instrument is likely to have hundreds of parts all playing at once. If each part was designed to hit close to 0dB, then it would be impossible to do anything as the resultant mix would be massively loud - you'd have to turn everything down all the time.
  Drums are probably going to be peaking fairly loud in a mix, as they do contain a lot of the energy.
  There is no standard. A mono synth will often have hotter levels than a polysynth part, as the polysynth could be playing 8-32 voices all at once. Also, different patches, and different instruments themselves will be programmed to have different volume levels.
  This is all true regardless of DAWs, and is nothing specifically to do with Logic.
  All all the instruments, and mixer channels have volume controls, to let you control their volume and place them where they need to be for your needs.

• 2 Different SAP systems one with only WM and other no WM system

  Hi All,
    We are having trouble to implement 2 different SAP systems. In one SAP system only MM & IM will be there. The other SAP system only WM system will be there.
              In the SAP system with only MM / IM system all the materials will be valuated where as the SAP system with only WM system, there won't be any valuations. It just serves as a 3PL warehouse for the first SAP system which has only IM environment.  Both are acting as a different companies.
  We planned to interface all the PO, Inbound Deliveries and also the Sales order and deliveries to WM SAP system and develop a custom program to do PGR / PGI in WM system and then transmit the PGR / PGI details to the SAP system (which has only MM / IM environment). The WM system also uses the RF guns. But not so sure whether this can help.
  Can you please help me how to configure the WM system. I will be very grateful for your help.
  Regards,
  Vansh

  Hello,
  there is a standard SAP solution: [Decentralized Warehouse Management (LE-IDW) |http://help.sap.com/saphelp_erp60_sp/helpdata/en/51/803c35975f0054e10000009b38f839/content.htm]
  for your scenario.
  Andrzej

• Setting up an iPad for a different user?  Preloading with documents, photos, and more...

  We plan to gift an iPad to a customer, but we would like to load it up with company photos, presentation materials, documents, and apps before passing it off to them.  Is there anyway to do this without everything being erased when they connect it to their iTunes? 
  Thanks

  No. You could put on apps, but the new user won't be able to update them or back them up to his/her iTunes account.

• AE 5.2 remote risk analysis with CC 520_640

  Hi,
  Can anyone please tell me if this scenario is possible.
  AE to do risk analysis in remote system by using CC rules defined in a central system.
  Eg. ECC system has mitigation rules defined for HR. ECC also has rules defined for Finance, MM etc
        AE 5.2 will connect to the CC (ECC system) when processing a request and check the HR rules for the  
        roles in AE to do a remote risk analysis before provisioning the access in HR box.
       ECC box has CC 520_640 - ECC 5.0
       HR box has CC 520_700  - ECC 6.0
        Is this possible at all? CC configuration parameters are enabled and defined to do a remote analysis.
        Risk analysis shows risks when a remote analysis is done in CC. But AE risk analysis shows no risks.
  Thanks

  Good question but quite confusing way to ask but anyways..
  As you said you are able to perform risk analysis in RAR/CC on the considered system (remote system as you mentioned) but not able to perform the same in CUP/AE
  from the symptoms It seems like the web service in AE for integration with CC to perform Risk Analysis is not configured.
  Please go to Configuration tab > Risk Analysis menu > Select CC version
  and enter the URL for the web service, it may be something like
  hostaddres:portno/VirsaCCRiskAnalysisService/config?wsdl&style=document
  or you can find it through following method.
  Go to Web Services Navigator (same location as for UME) and drill down to VirsaCCRiskAnalysisService and get the URL from there. Finally enter the URL on the above mention location.
  Then try performing the Risk Analysis on the considered system, if it is still not working and in case the web service is already configured and working for other systems let me know. We will think in some other direction.
  Best Regards,
  Amol Bharti