GRC 10: Default Rule sets

Similar Messages

• Default Rule Set

  How can I get a copy of the most recent default rule set?

  You can download it in any support pack in VIRCC folder --> CC_rules.zip.
  The delivered rule set is in the CC_rules.zip file
  Ankur
  SAP GRC RIG

• For GRC 5.3 can I use the SAP GRC 5.2 rule set

  We are going for an upgrade to GRC 5.3,  I have a small concern here....
  Can I use the same ruleset what I used in GRC 5.2 to SAP GRC5.3 ...?
  because when I checked ruleset at permission level in GRC 5.2 it displays first object of an action from one function conflicting with first object of an action from another function, where as in GRC 5.3 it displays all objects of an action from one function vs all objects of an action from another function....
  How will it impact analysis in GRC 5.3 with old rule set...?
  appreciate your response & thanks in advance.

  Hi,
  Here you will find the documentation to get Upgrade/Configuration Guides.
  [https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&]
  SAP BusinessObjects Governance --> Access Control ---> SAP GRC Access Control 5.3
  There you will find a Upgrade guideline.
  Cheers,
  Martin

• GRC Rule Set Updates

  Where can I fund updates made to the default rule set?

  http://service.sap.com/support
  Click on the Help & Support tab --> Search for SAP Notes.
  You will need a valid S-number to log in.
  Thanks!
  Ankur
  SAP GRC RIG

• Compliance Calibrator Default Rules Upload Files

  I'm implementing Compliance Calibrator 5.1, and I'm at the point where I need to upload the default rule-set.  However, I cannot locate the flat files required for the initial rule-set upload (i.e. business process, function, and risk definitions).  I've read through the user guides, but they don't seem to reference exact file names or specify where the files would be located after install.  Thanks in advance for your help.

  Varun,
  you may get a quicker answer to your question in the GRC forum
  Governance, Risk and Compliance (SAP GRC)

• Mulltiple Rule Sets in GRC 10.0 for one System

  Hi All,
  We do have 2 different companies working on one system and by that 2 different rule sets that are applicable.
  Due to that we are facing different problems we don't know how to solve yet but lets start with the first one dealing with the rule set that should be used in the access request.
  We want to determin which rule set should be used over the requested role (e.g. if role name contains 0001 use rule set 0001, if role name contains 0002 use rule set 0002).
  We have alerady tried several different senarios in BRF+ without success.
  Does anybody have a solution or at least an idea for this topic?
  Thank you all very much in advance!
  Eva

  Hi Ashish ,
  Thanks for your time . Let me explain you my requirement and would really appreciate if you would have some inputs here which would help me to design this .
  The actual client requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If this group decides to apply mitigating controls to the issues, the workflow must then go to the compliance group for them to review for appropriateness. Requirement is do a SoD analysis for every role change/add request , so that this group takes the appropriate action based on the SoD Analysis . For all my CUP request raised , i want system to do a SoD analysis and let this group know whenever there is a SoD found or just end the workflow if there is no risk.
  I am aware of the Risk analysis process for GRC 10.0 , however i want it to happen as a part of this work flow requirement.
  The requirement is to configure the access request work flow so that the end goal of work flow is just facilitation of an SOD review.  I hope i was able to explain my requirement . Thanks again for your help.
  Your valuable guidance would be really appreciated.
  Vikas

• Best practice for the Update of SAP GRC CC Rule Set

  Hi GRC experts,
  We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
  Which is a best practice for accomplish our goal?
  Many thanks in advance. Best regards,
    Imanol

  Hi Simon and Amir
  My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
  I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
  Connie

• Access Control Rule Set deletion in GRC 10

  Greetings,
  Has anyone tried deleting rulesets or have experienced any issues while deleting rule sets in GRC 10. I have tried to delete them from SPRO as well as from Setup Tab in Access Control , however its not working for me . Even in SPRO , after chooseing the physical system and logical system infromation , it stays on that screen for ever and nothing happens.
  Any help or guidance here will be much appreciated.
  Thanks everyone for your valueable time.
  Vikas

  Hey ,
  There are no tricks or tips.  It was something stupid on my part.
  I Just had a look at the system again and found a function left in the system which was mapped to this Ruleset , so that was the only i was not able to delete the ruleset . As soon as i deleted that function , it worked .
  So i was able to delete the entire rule set after deleting all the risks and functions mapped to this rule set.
  Have a great day ahead ...
  Vikas

• Rule set migration from GRC 5.3 to GRC 10.0

  Hello everyone,
  I ask you this question: if I want to migrate from GRC 5.3 to GRC 10.0, can I keep my old custom rule set with no modification or I have to make some changes to it to import in GRC 10?
  Thankyou in advance for the answers
  Greetings
  Gianluca
  Edited by: Gianluca Mocini on Apr 1, 2011 5:33 PM

  Hi,
    The migration utility is very simple. You install it on GRC 5.3 box and then select the items you want to migrate. It will generate tab limited text files and you can use those files to import data into 10.0 box.
  Regards,
  Alpesh

• GRC 10.0 : Maximum number of Rule Sets

  Hi Experts,
  What is the maximum number of rule sets we can define in GRC 10.0?
  What could be the impact on performance if we defined a dozen of different rule sets?
  Best Regards,
  Nicolas

  Hi,
  In theory, you can have as many rulesets as you wish in the GRC 10 world. However, you rightly point out that there will be a substantial performance impact.
  The number of rulesets is not really the key element here but the number of risks and rules defined within them will be.
  If you know that you wish to manage a significant number of separate rulesets, be sure to spec them out accordingly and make use of the connector groups to rationalise the content as far as possible (e.g. group similar elements like Basis or systems together). You will also need to size the GRC system appropriately with a basis SME so that you can review the system performance appropriately.
  Simon

• Access to update the GRC rule set is limited

  Hello - What is the process (tcode) to see who has access to update the GRC rule set?
  Thanks!

  Hi Sam,
     What is the version of your RAR (CC)? If it is CC 4.0 then you enter the product via tcode and go to rule architect to make changes. If you have CC 5.X then you go through the web browser and go to Rule architect to make changes to the rule set.
  The process to change a rule set is as below:
  1) Creats Function
  2) Create risk
  3) Create Rule
  Regards,
  Alpesh

• How to migrate Master Data (Rule set etc.) from GRC 5.3 to 10.1 without using the "Migration Tool"

  Greetings,
  We are currently on GRC 5.3 SP 18 (Java ONLY) and migrating to GRC 10.1. I referred the Migration Guide which outlines that GRC 5.3 needs to be upgraded to SP 20 as pre-requisite for using the "Migration Tool" . Our BASIS team is reluctant to perform this upgrade from SP 18 to SP 20.
  Having said thus, I'm exploring options of migrating data from 5.3 to 10.1 without using the "Migration Tool:.
  Rule set Migration:
  I'm in the process of preparing the 9 different files (listed below) and later utilize the "Upload Rule" option for migrating the Rule set data from 5.3 to 10.1.
  While I'm able to gather data for most of the files I'm not sure how can I obtain the data pertaining to the two files (Function Actions and Function Permissions) underlined and highlighted in Red below.
  1. Business Process
  2. Function
  3. Function Business Process
  4. Function Actions
  5 .Function Permissions
  6. Rule Set
  7. Risk
  8. Risk Description
  9. Risk Rule Set Relationship
  10. Risk Owner Relationship
  Can someone please enlighten me and share their experience with regards to this exercise. Really appreciate your help !
  - Janantik.

  I have done this successfully before.  Because you are having issues, I would NOT recommend using the migration tool to move the ruleset.  Instead:
  1. Download the ruleset files from 5.3
  2. The 5.3 tcode-permission file, which defines which tcode permissions from SU24 need to be checked during risk analysis, needs to be split into the two files you mention above in red.
  FUNCTION_ACTION : this file represents S_TCODE objects and TCD fields mapped to each function (Function to Tcode relationship).  In the 5.3 file, you will filter on object S_TCODE and field TCD, and you will get a complete list that now represents "FUNCTION_ACTION".  BUT instead of having all the jumbled permission info, you will just have 3 columns: Function - Tcode - Status.
  3. The remaining permissions that are left over, after taking out the S_TCODE -TCD items, represent the "FUNCTION_PERMISSION" file in GRC 10.
  4. Manually create the excel spreadsheets for each file.
  5. Copy and past each sheet to a unique .txt file.
  6. Upload the ruleset manually through SPRO-->GRC-->Access Control-->Access Risk Analysis-->SoD Rules-->Upload SoD Rules.
  7. Select each file and then upload to the correct Logical Group.
  This is a huge pain, but it works.  Let me know how this goes and if you need any assistance.
  -Ken

• Multiple GRC rule set update

  we are having a custom rule set A loaded in GRC. Now we want another rule set B, with new risks and definition to be loaded in GRC. If we try to upload rule set B risks and functions via Upload function in GRC, would it overwrite the rule set A, or not.Just wanted to confirm whether existing rule set A would be affected or not, due to upload of rule set B.

  Hey Alpesh,
  Sorry, I haven't understand it correct. This is a question that will always be asked in the train.
  You wrote:
  "If you have created different files (e.g. risks, ruleset, function action, function permission etc.) and upload them via configuration -> rule upload then RAR will not overwrite your ruleset A and will only insert new rule set files."
  Is this just possible, if all IDs (risk, function, function action, function permission) will be changed before and could not be equal like in the rule set A? correct?
  What's about with the ALL.txt files, do I have to change/upload them as well again?
  Thanks for feedback,
  alwaly a pleasure!
  Greets
  Martin

• GRC Upgrade 4.7 to 5.3 - Rule Set Upload

  Questions about upgrade from 4.7 to 5.3
  Work in corporate conglomerate that consists of 4 independent business units each with own SOD rule set:
  u2022How do we upload each independent set of rule sets so they can coexist within GRC 5.3?
  u20224.7 mapping of files to 5.3 naming conventions u2013 see 4.7 rule set download below
  CONFIG
  CR_PROFS
  CR_PROFST
  CR_ROLES
  CR_ROLEST
  CR_TRANS
  CR_TRANST
  SOD_OBECT01
  SOD_OBECT02
  SOD_OBECT03
  SOD_OBECTT
  SOD_TCODE
  SOD_TCODET

  Alpesh
  We are trying to upload our existing SOD 4.7 rules using the 5.3 the configuration tab u2013 rule upload.  We are having difficulties associating old 4.7 SOD files names to the 5.3 SOD file names.  Is this the correct location within 5.3 to associate a physical system to a specific set of SOD rule sets?  If not could you please point us to correct location within 5.3.
  Thanks

• SAP GRC 5.2 Compliance Calibrator rule sets for HR module

  HI All,
  The company i am working for has done installation of GRC 5.2. I would like to download the SAP out of box Compliance Calibrator rule sets for HR function module in a spreadsheet format.
  I would like to download the rule set for risks at Function level, Tcode level and also at authorization object level in ABAP and Roles, actions and permissions in JAVA.
  I will discuss with the BPAs, internal auditors and come up with a new rule set exclusively for my company needs with the help of the above spreadhseet.
  Please tell me what steps i need to do to get this thing done.

  Please go through the process but save these as txt files for UNIX. I am not sure about 5.2 but CC4 was not uploading rule files correctly if file was not saved for TXT for UNIX.
  Regards,
  Harry Sidhu