Exclusion of separated users in Risk analysis

Dear All
While running User Risks analysis, I need to exclude all the separated users in the Mgt report. We have already configured HR triggers for locking the Users on separation, but how GRC is able to distinguish whether the locked user is because of separation or incorrect logons.
Please suggest
Thanks
Abhijeet

Hi Abhijit,
   RAR will exclude all the loced users if you configure RAR to exclude them. If you want to exclude only separated users then may be you can exclude only the user group of those users (if you have a different user grooup when user is separated).
Regards,
Alpesh

Similar Messages

  • GRC AC 10:How to generate Access Rule? No output from User or Risk Analysis

    Hello Gurus,
    We have done configuration of GRC AC 10, and uploaded files via
    SoD rules -->Upload Rules
    After that we generated SoD rules for Risk Id : B001 and B002
    Now when we go to NWBC --> Reports & Analytics >Access Dashboards>Access Rule Library
    The report shows (for Group Rule level : Action)
    Number of Active rules : 0
    Number of Disabled Rules : 0
    Number of Functions :  151
    Where as for Group Rule level : Action Risk
    The report shows
    Number of Active Risk : 42
    Disabled risk : 161
    Nmr. of functions : 151 .
    When we perform Risk Analysis at User Level or Role Level, the output is empty !!!
    Note: All the background jobs have run successfully.
    Also the SoD files also have been uploaded successfully.
    Will you please guide how can i activate the "rules" for the uploaded risk ??
    regards,
    Victor

    Hello Victor/ Inder,
    For Risk ID B001functions are BS02 and BS11 if you open any one of them you can see system maintained as SAP BASIS which is SAP_BAS_LG (logical connector group).
    Post installation you can check in SPRO>Governance, Risk and Compliance-> common Component---> integration framework-> maintain connector and connector types->select SAP and click Define connector Group.
    BUSINESS     Business Roles     SAP
    SAP_BAS_LG     SAP Basis     SAP
    SAP_CRM_LG     SAP CRM     SAP
    SAP_ECC_LG     SAP ECCS     SAP
    SAP_HR_LG     SAP HR     SAP
    SAP_NHR_LG     SAP R3 - NON HR Basis Logical Group     SAP
    SAP_R3_LG     SAP R3     SAP
    SAP_SRM_LG     SAP SRM     SAP
    (If not present then manually you can create the same)
    Select SAP_BAS_LG and put connector type as SAP,  select SAP_BAS_LG and click Assign Connector group to group types as AM & LG, then click on Assign Connector to connector group and maintain you connector.
    Post this activity re generate SOD for B001 and then check for user level and role level analysis.
    Hope it will resolve your issue.
    Regards,
    Sudesh

  • Inconsistency Data between Role Level & User Level Risk Analysis

    Hi,
    When we run Role Level Risk Analysis for a role (Ex: XYZ), there is no SOD conflicts. But when we try to run the user level analysis, this role shows SOD conflicts. I mean, XYZ is assigned with other roles. Combination of other roles access may bring SOD conflict, thats fine, but here the challenge is role XYZ itself has SOD conflicts. The same does not appear when we run Role Level Risk Analysis!!
    How could this happen??
    Thanks,
    Karthik

    Hi Karthik,
    The role might be mitigated at role level.
    In RAR Anayze tool, click -More options to expand the selection options
    Chose "Exclude Mitigated Risks: No"

  • Role and User level Risk Analysis is not displaying any output or report.

    Hello,
    I have a problem when I run risk analysis, both in foreground and background. The issue is that no report is displayed and I have followed all the instructions carefully.
    I have done the following:
    Maintained Access Risk table to contain functions and assigned it to a rule set.
    The functions contains actions and permissions that are explicitly assigned to my ERP connector in the system field in both action and permission tabs.
    I have run the sync job to update the roles in the GRC server from the ERP backend. I am surprise that no report is displayed as I have a test role that I am sure has conflict as per my function definition.
    Please advice me if there is something I am missing.
    Thank you.

    Hello John,
    Good Morning !!
    Sorry for the late reply , but to my surprise , i do not see any tab containing "Actions & Permission".
    This are the tabs that i have in NWBC
    My Home
    Master Data
    Access Management
    Rule Setup
    Reports & Analytics
    Assessments
    Setup
    I am currently on SAPK-V1005INGRCFNDA support package for GRCFND_A .
    Is there something wrong that's hapenning?? or i am looking at wrong place !!
    Under Setups , i have an option "Access Rule Maintenance" which has
    Rule Sets
    Functions
    Access Risks
    When i click Accesas rule sets , i see Risk IDS : e.g. B001, B002 etc and when i click "generate rule" in foregroubd/background",
    it does not generate any rules ,when i click
    View Action Rules
    View Permission Rules
    It shows "Table does not contain any data".
    Please guide.
    Thanks
    Regards,
    Victor

  • Risk Analysis - Ignored Users

    I have a client who wants to have ignored users (in User Level Risk Analysis) set to Loacked OR Expired....not just Locked, not just Expired, not Locked AND expired....is there a "hidden" selection somewhere?

    Hi Jack,
    i have made a quick test (RAR 5.3 SP11) and the option "Locked and Expired" ignores these users:
    1) Locked and Expired
    2) Locked
    3) Expired
    So i would say that "Locked and Expired" is "Locked or Expired" too.
    You can make a quick test with your SPxx and you will see.
    Regards
    Pavel

  • Risk Analysis in GRC 10.0

    Dear Experts,
    I have configured RAR in GRC 10.0. Sync jobs are successful. Batch risk analysis is sucessful.
    But when I tried to run a User/Role risk analysis I am not getting any result. I am not sure whether system has run risk analysis or not but I get the confirmation screen with blank result table. Please advise how to fix this issue.
    I appreciate your help.
    Thanks,
    Raj

    Hello Raj,
    Check the below points related to risk analysis
    1.check once the parameter id in configuration settings
    2.BC set activation
    3.while running risk analysis check backend system name and connector which is configured.

  • ARQ: What level of risk analysis is performed in Access Request???

    Hi,
    I have a question/doubt which might look silly!
    When we perform risk analysis in access request in "Risk Violation" Tab. May I know if I am correct in saying that this is "USER LEVEL" risk analysis?
    Secondly, note#1638140 says:
    Resolution
    The Impact Analysis type in Access Request risk analysis simulation is suppose to evaluate the HR org or position changes, which might have an impact on other users that are in the same org or assigned to the same positions.  The Risk Analysis type is showing existing risks plus the risks if the new access in the request is added to the users or roles.
    I am a bit confused with this statement. It says "if the new access in the request is added to the users or roles".
    Can anybody please help me understand this?
    Thirdly, if a request shows existing risks plus new risks if the new access (only 1 single role) in the request is added to a user, does such request qualify for "Violation Detour" and changes its path for the new role added?
    Please advise.
    Regards,
    Faisal

    Faisal,
    not really sure if I understand your doubts correctly.
    The risk analysis in simulation analyzes all the current and to-be-added authorization. Better to explain in an example.
    User has ROLE_A and ROLE_B and in simulation you add ROLE_C. ROLE_A contains FB60, ROLE_B MM03 and ROLE_C FK02. Per definition from rule set a violations is between FK02 and FB60. MM03, as it is only display, isn't a risk.
    So the user has with the current authorization (MM03, FB60) no risk. In simulation you add FK02 which conflicts with FB60 and the simulation will show a violation. In the simulation you can differenciate risks based on their color if it comes from existing or newly added authorization.
    In simulation it is possible to simulate different scenarios like adding tcodes, roles or profiles. Be aware that if you run the simulation if always analyzes the full authorization (current and simulated).
    Does this answer your question?
    Regards,
    Alessandro

  • Error while doing risk analysis for a user

    Hi ,
    When i did risk analysis at user level for a particular user we are getting this error under level  ."Exception!!. No relavent language message available in database for :0292".I had reuploaded the the messages text file but still the error persists i have restarted the j2ee application but still the error is not going .any pointers please thanx in advance.When checked the file CC5.3_MESSAGES.txt it does not contain any entry corresponding to message code 0292.So how shud i proceed.
    Edited by: Ambarish annapureddy on Jan 21, 2009 12:54 PM

    Hi Ambarish,
        What is the patch level of GRC AC 5.3? Did you apply any service pack recently? Did the service pack contain any message file? There has to be some message file which contains message '0292'. If you can not find the message file then open a message with SAP support and they should be able to provide it to you.
    Regards,
    Alpesh

  • Error while performing Risk Analysis at user level for a cross system user

    Dear All,
    I am getting the below error, while performing the risk analysis at user level for a cross system (Oracle) user.
    The error is as follows:
    "ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.connector.exceptions.BaseResourceException: Cannot get connection for 120 seconds. Possible reasons: 1) Connections are cached within SystemThread(can be any server service or any code invoked within SystemThread in the SAP J2EE Engine), 2) The pool size of adapter "SAPJ2EDB" is not enough according to the current load of the system or 3) The specified time to wait for connection is not enough according to the pool size and current load of the system. In case 1) the solution is to check for cached connections using the Connector Service list-conns command, in case 2) to increase the size of the pool and in case 3) to increase the time to wait for connection property. In case of application thread, there is an automatic mechanism which detects unclosed connections and unfinished transactions.RC:1
    Can anyone please help.
    Regards,
    Gurugobinda

    Hi..
    Check the note # SAP Note 1121978
    SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
    Check for the following...
    CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
    ChangeThreadCountStep =50
    InitialThreadCount= 100
    MaxThreadCount =200
    MinThreadCount =50
    Regards
    Gangadhar

  • Different Risk Analysis Results with the same user from 2 different RAR

    Hi..
    I've loaded the same Risks, Rules, etc, into 2 GRC RAR environments (Sandbox and Quality systems); both of them are connected with the same SAP ECC system. But when I do a User Risk analysis (authorization level), the result from Sandbox is different from Quality system. I donu2019t have users or roles mitigated yet, users are synchronized, rules are exactly the same and I donu2019t know what happen??... Please, help me.
    Thanks...

    Hi...
    If I do a Full Sync of users to the same ECC system from both RAR boxes, I got different number of users loaded (i.e. 18757 vs. 18141), similar case with the full sync of roles. (13100 vs.  13150).
    If I load exactly the same set of functions to both RAR systems and I generate the rules, I got the same problem, different number of rules is generated.
    I've verified both RAR configuration and they are the same (excluded users, roles mitigated, etc.)
    Is it a normal behavior? What could be wrong?
    Thanks in advance!!

  • Running Risk analysis at User Level(CC)

    Hi
    Please Clear my query, wat is the difference between running the risk analysis at userlevel Violation count by Risk and Violation count by Permission.
    violation count by Permission, the total number of violations are 377,569.
    Violation count by Risk,the total number of violations are 11,716.
    Thanks & Regards

    Hi Karuna,
    When you perform Risk Analysis at User level and choose violation count by Permission/Risk. Here are the details of each analysis:
    1. Violation Count by Risk
    This analysis will display the count of how many SOD risks associated with the users existing in each business process like FI, HR, MM, PR, SD.
    It will display as a bar graph or pie chart. If you choose each of the business processes and drill down to the particular SOD risk,P001 then you can display how many users have that risk, P001
    2. Violation Count by Permission
    This analysis will display the count of SOD violations at the action/permission level associated with the users existing in each business process.
    If you choose the conflicting functions inside each SOD risk, and then expand on the permission tab you will understand why the huge number of violations it is showing.
    In the Risk information screen, in Conflicting Functions, click the AP02 u2013 Process Vendor Invoices link to display the SAP transaction codes and the authorization objects. There are 26 different transactions in SAP to Process Vendor Invoices and another 185 authorization object values u2013 all come preconfigured out of the box.
    Choose the Permission tab. Expand Action F-42. Open an authorization object to show field values. By looking at all possible permutations of actions/permissions of one business function with all actions/permissions of the second business function, you can understand how the system arrives at the number of violations.
    Hope this will help you understand better.
    Regards,
    Kiran Kandepalli.

  • Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

    I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data  in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please  consider it urgent.

    Hi,
    Assign ECC connector to SAP_ECCS_LG group.
    Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
    Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
    Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help.  I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
    Regards,
    Vivek

  • User risk analysis offline mode in RAR

    Hello colleagues
    We are in AC SP14 and trying to perform RA via risk analysis-> user level. When the offline analysis parameter is set to YES we don't receive results, when the offline analysis parameter is set to NO we receive results but they are partiialy in comparison the the results we receive for the same user in the management view -> user violation report.
    So our question is:
    1.     Why the offline analysis=YES is not showing any data when all the prerequisites were performed (the background RAR sync/risk analysis/management view jobs are finished successfully and the configuration parameter of offline analysis is set to yes)?
    2.     Why the offline analysis=NO is not showing the same results as in the management view user violation report that was updated a just 10 minutes before?
    We viewed notes number 1544338 and 1126251 and all is configured an maintained as needed.
    Best Regards,
    Shira

    Hi Saurabh,
    Kindly check the below SAP notes.
    SAP note 1731579-- RAR 5.3 BRA job fails after about 4% - 6% of completion
    1727751 - Alert generation job fails with message "Error in  Alert Generation
    Hope this helps.
    Best Regards,
    Saksham

  • Risk Analysis shows no Roles or Users!!

    Hi Team,
    Please can you help me, I am configuring GRC AC 10's ARA and I am stuck with the issue when I execute Risk Analysis on Roles or Users, I am getting blank field. No data is getting pulled up from backend system. Although my Repository Sync job finished successfully when I did it for User, Roles and Profiles.
    Please can anybody help.
    Thanks,
    Nick

    Hi Nick,
    please check this thread: GRC AC 10: RAR - no analysis results, or document: GRC AC 10: RAR - no analysis results
    Regards, Andrzej

  • After the risk analysis I am trying to mitigate the users with risk ID and I am getting an authorization error.

    Dear All,
    I am trying to mitigate some users and after running risk analysis when I am trying to mitigate them I am getting an error saying I am not authorized to do so.
    I have requird roles to do my activity-

    Dear Prasant,
    I am getting above error.
    I have required roles
    GRC_CONTROL_APPROVER
    GRC_RISK_OWNER
    Regards,
    Abhishek

Maybe you are looking for

  • Safari doesn't open right and nothing works

    When I open safari there is no file edit view history or any of the bars at the top except the adress bar and it doesn't let you type in it. also the apple start page doesn't look right. I have safari on my windows laptop and it works great it dosn't

  • Trouble burning to Blu-Ray with PE 7.0

    I have tried for the last few months to burn a 2 hour video to Blu-Ray.  I ahve burned shorter videos to a rewritable blu-ray disc with success but this video is just barely over the max (24/sec) quality.  Even when I shorten it to the hgih quality l

  • Best Page size in BI Publisher

    hi 2 all Kindly confirm that which page size is best for every printer in BI Publisher. Actually my report have 22 columns , 15 columns are numeric and amount fields , which i adjust column with narrow that half portion of amount display at top and o

  • Message splitting 1:n without BPM error : 404   Not Found

    hi, is u r server is updated with sps14 please once check this.. may be this is the problem Thanks, Madhav. Note:points if useful

  • Updating data in Master data Attribute in BI 7.0

    Hi All I am using Bi 7.0. While doing data load for the attributes of an infoObject, my Monitor shows the correct information (i.e. 2 Records transferred and 1 record added, Which should ideally happen based on the conditions in the routines wherein