GRC 5.3 SPM - Tables

Similar Messages

• GRC PC 2.5 table for task plan and testlog and its link

  Hi,
  I want to know the list of tables used and the link between the tables related to GRC PC.
  Mainly I need tables involved while creating task plan, test logs. We need to develop a report using this data. We need to know how the tables are linked. We saw some two, three GRPC tables, in which the primary key is GUID. We need to know how this GUID is getting generated and on what basis we can retrieve this information from the tables.
  There is one report in report center of GRC PC 2.5. In that selection screen, is it possible to add another filed and based on that retrive data.
  Regards,
  Karthick S
  Edited by: Karthick Sitaraman on Apr 24, 2009 9:55 AM

  Karthick,
  I can offer the following:
  1) SP07 was released on 4/20/2009 and contains a new report "Test Step Status."  You might want to look at this report so you don't unnecessarily reinvent the wheel.  This would, however, require application of SP07.  That report has 42 available fields.....lots of data.
  2) The table that contains Test plan Master data is HRP5327.
  We previously had minor reporting change required and SAP was able to issue a fix for it.  The request was a minor, natural extension of an existing report.  Part of the problem is that we have very limited web dynpro ABAP skills in house so development of a report was very time consuming.  Another option you might want to look at is BI. 
  I hope this helps.
  Matt

• GRC AC 10 - ARM Table with Requests violations

  Dear Experts,
  Anyone know if there is any GRC AC 10 table containing the summary information if the ARM requests have has violation or not?
  Thanks in advance,
  Regards,
  Vitor Cozer

  Hi Victor,
  No, there are no such tables which could give the relations between the ARM requests and the corresponding violations.
  You have only one option; like Neeraj suggested, run the reports for this need.
  Regards,
  Ameet

• GRC Access Control VIRSA_CC_ACTRULHDR table

  Hi all,
  we are using GRC AC 5.3 SP14.
  We have noticed that, using the function "Rule Architect -> Utilities -> Export Rules", table VIRSA_CC_ACTRULHDR is not exported.
  In the previous SP it was exported.
  Do you know if this table is no more relevant ?
  Andrea

  Hello Andrea,
  I just want to give you some feedback, I know that I'm not answering your question.
  I've checked the table VIRSA_CC_ACTRULE and it has the fields: [ACTRISK] ,[ACTIONS] ,[VSYSKEY] ,[FUNCTID] ,[RISKID],[STATUS].
  The table you mentioned (VIRSA_CC_ACTRULHDR) has the following columns: [ACTRISK], [RISKID] ,[STATUS] ,[ENABLEORGRULE]
  Then it seems that VIRSA_CC_ACTRULHDR only adds ENABLEORGRULE information. If I were a developer I'd check first if there are org. rules defined. If not, it doesn't make sense to export the whole table because it can be generated automatically with the info. in  VIRSA_CC_ACTRULE table.
  It just a thought, I don't know the source code of the export program and I'm not a developer either (LOL).
  I couldn't find any kind of info regarding this in the corresponding note (1168120).
  Cheers,
  Diego.

• GRC AC 10 SPM Empty Logs

  Hello Experts ,
  Strange thing that I am observing , while obtaining FF Logs in the UI , some logs are blank while some are populated in the session details .  What could be reason for this ? The logs under "Log Summary Reports"are empty for some sessions .Is there a way I can cross check . Any Notes regarding the same. SM20 Logs in the backend systems are proper and show transaction logs where as empty in grc
  Reg,
  Anthony

  Hello Simon,
  We applied the note for timezone settings , but still not all sm20 called transactions are appearing in the SPM logs .Are there any other notes / should we raise a message with SAP ?
  Best Regards,
  Anthony Hjelm

• After installing GRC 5.3-SPM-Not able to see all features in configuration

  Hello Experts,
  We have installed GRC-5.3 Superuser Privilege Management in JAVA standalone system and when we trying to configure we are not able to see the all features in configuration tab.
  We have created a user and assigned all roles starting with FF then tried login to
  http://<hostname>:<port>/webdynpro/dispatcher/sap.com/grc~ffappcomp/Firefighter
  I can able to login successfully and when I go into configuration tab I cannot see all features, Could you please help me out.
  Thanks & Regards,
  Nagaraju

  Dear Nagaraju,
  You may be seeing only one "Connectors" in configuration tab in SPM. If it is so, then you are not missing anything here. It is the only configuration we need to do in SPM at java side.
  If it is not showing, that means you have missed some action to assign FireFIghter Role in SPM. Check it out.
  Regards,
  Sabita Das

• GRC AC v10 SPM WF - Workflow Item not showing up in WF Inbox

  GRC AC v10 - SP12
  The outlook email notification for the Workflow Item goes out, but there is nothing in the NWBC Inbox for the WF Item. Subsitution is setup correctly.
  Any ideas?
  -john

  Hi John
  this is probably be a silly question but what substitution did you set up for ZFF_CTL_01? I assume the item is in that user's inbox. Which user is meant to be receiving?
  I also noticed this KB article (1589130) which mentions the delegated person needs GRAC_REQ authorisation. Have you checked if security access issue?
  There was also mention that the delegated approver does not appear in the MSMP instance runtime (your screen shot suggests same situation unless you have not set up the delegation). SP14 delivers the fix or refer to  1915928 - UAM: Delegated Approver is not visible in the Instance status
  Possibly have a look at both of them to see if they resolve your issue.
  Regards
  Colleen

• GRC AC 10 Mitigation Tables

  Is anyone aware of the specific tables that contain the mitigating control data (description, name, ID, organization, etc)? I'm aware of the mitigation control object tables (user, role etc). Also is the only ay to import the mitgating controls through the Migration Tool? Is there a mass deletion for mitigating controls? I have not been able to find complete documentation on this specific topic. Any assistance is appreciated.

  Hi,
  Try seeing the following tables
  GRACMITOBJECT -Mitigating control assignment
  GRRMANALMITIG -  Mitigation values
  I have not really studied these tables in detail yet, but if I do find anything useful I will post a reply here.

• GRC 10.0 Upgrade & Functionality - 4 Questions

  Hi Forum,
  We are currently evaluating upgrading to GRC 10.0 from 5.3 and also start using SPM. Currently, we only use RAR. Can you guys help me with following 4 questions?
  1. We have a number of different firefighter roles used by different teams and approved by different approvers. Can we have separate requester and approver lists for different firefighter accounts in GRC 10.0 SPM?
  2. Do we have to implement GRC 10.0 Portals for SPM approval workflow?
  3. We have license for all GRC modules. Does this also include Continuous Transaction Monitoring with Oversight or is a separate license required for this?
  4. Does GRC 10.0 support automatic archiving of AC-RAR SoD reports? - When I start a weekly background job, can it be automatically archived into an archive folder of my desigantion?
  Thanks so much for your input.
  Joerg

  hi Joerg
  1.Yes, you can have different approvers per firefighter ID and have the requestors assigned to different ones as well.
  2.You do not need to install portal but you will need to facilitate some access to the front end components through activating the NWBC Netweaver Business client or using a web browser to view the internet facing services in SICF.
  3. I don't believe that your GRC license automatically entitles you to the Oversight product suite as they are still separately marketed, however the GRC Process Controls and Risk Management modules can be included if you have a full enterprise GRC license from SAP.
  4. You could certainly manage to archive the reports using standard SAP ABAP functionality (SARA). However, If you mean the standard Batch risk Analysis, then I think you'll find that the offline content is overwritten with the latest and only the summary data is retained in the historical data tables for trend analysis. From an audit perspective, historical detailed data is not partuicularly useful since they are more interested in current exposure. Auto archiving of the SPM logs is available as standard.
  Regards,
  Simon

• Audit log is not showing any data GRC 10 PC

  Hi,
  when we are trying to execute the audit logs
  under reports in process controls,not showing data and getting
  error like no data matching the entere selec criteria.
  do we need any configuration changes required
  Thanks
  GRC Admin

  Hello,
  check the table DBTABLOG if data contains or not,if no data then maintain the parameter rec/client in RZ11 and try the same
  while executing the audit log need to maintain the time frame as HH:MM not HH:MM:SS
  check the below link about DBTABLOG
  Change Log Monitor Enabling by Table log Activation in SAP Production Environment - Governance, Risk and Compliance - SC…
  Regards
  Baithi

• GRC AC 5.3 and GRC Process Control on the same server

  Hello,
  Can we install SAP GRC AC 5.3 and GRC Process Control 3.0 and GRC Risk Management 3.0 on the same box/ same server.
  Is there a OSS Note, which talks about having the above 3 components on one box?
  Thanks,
  Imran

  Hello Imran,
    1- My 3 question ARE do I need a separate JAVA Stack for GRC Process Control and seperate JAVA Stack for GRC Access Control
  -> No, you can have them installed on save Java stack.
  OR
  Can I use the same JAVA Stack for GRC Process Control & GRC Access Control?
  -> Yes, you can. You have to make sure that you are on SP10 or above for Access Control as only then it will support NW Java 7.01.
  2- Can I use EP 7.0.1 installed on same server for both GRC PC 3.0 and GRC AC 5.3?
  -> Yes, you can.
  3- Can 1 single AS JAVA Database contain both GRC Access Control VIRSA Tables and GRC Process control tables at the same time?
  -> For process Control the tables reside on the backend SAP as it is webdynpro ABAP application and for access control the tables reside on the Java database as it is java and webdynpro JAVA application.
  Regards, Varun

• Tables that contains the legacy systems authorization information

  Hi all,
  I'm setting up legacy systems in my SAP GRC 5.3. We would like to check if the information uploaded from the extractor is correct. Does anyone know what are the GRC 5.3 tables that contains all the systems authorization from the legacy system uploaded?
  Thank you in advanced.

  Hi,
  If I understand your question correctly, you wish to know the GRC 5.3 RAR tables that contains the authorization information and want to connect a legacy system.
  If you check the /VIRSA/* tables, you can find all the GRC related tables.
  However, if you are trying to perform an offline risk analysis, refer the below Article:
  http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c
  Hope this helps!!
  Regards,
  Raghu

• SPM questions(Fire Fighter)

  Hello All,
  I had some questions on SPM(Fire fighter),please help me with this..
  For Critical transactions tab in /n/virsa/vfat--why we used it for,does it show header and footer log details..
  if we do not enter critical transactions will it still pull up critical history in FF logs.
  Second question-->Do we have setting of FF log history,can we pull the history of the user which is year old in FF log?
  Appreciate your responses.

  Hi,
  For Critical transactions tab in /n/virsa/vfat--why we used it for,does it show header and footer log details..
  if we do not enter critical transactions will it still pull up critical history in FF logs.
  The critical transactions that you maintain here will help you to generate a separate report that shows who and when any of the transaction codes were executed (and when they were executed). If you don't want to seperate the critical transactions, you can leave this blank.
  Do we have setting of FF log history,can we pull the history of the user which is year old in FF log?
  The logs will be available until they are archived.
  /VIRSA/ZFFUSERS - Table holds the Change logs (CLOG)
  /VIRSA/ZFFTNSLOG - Transaction Log (TLOG)
  Search in SE16, with /VIRSA/ZFF* to view the list of SPM tables.
  I recommend you to refer SAP Note 1041912 - Firefighter Best Practice Archiving Strategy that gives you the best solution to archive SPM logs.
  Hope this helps!!
  Regards,
  Raghu

• FF log issue.

  Hi Experts,
  Our FF log job /VIRSA/ZVFATBAK runs hourly, without varient and with same timezone of A/P server batch user ID as per SAP recommendation. It generets FF logs perfectly. Inbetween due to maintenance of our batch Job scheduler software it was stopperd for 6 hours and job didn't run. Now for that duration when I am taking FF logs it gives me message "BACKGROUND JOB NOT SCHEDULED/FILE NOT YET GENERATED...".  Is there any way can I generate/capture FF logs from STAT for that duration? I tried to run /VIRSA/ZVFATBAK  externaly using SA38 doesn't works, although I can see data using SM20N for that duration.
  Thanks,
  Yashwin

  Hello,
  This maybe can help you...
  GRC 5.3 SPM Log Report
  Good luck!

• Configuration of  User Access Review process

  Hi,
  I'm new to the forum.
  I´m looking at the User Access Review process in CUP.
  I would like implement the User Access Review request. So, my question is:
  1.  Where take GRC the data to make the analysis? I need to know the exactly place where data are collected (which table, transaction code or  statistical data)
  In case that GRC use the backend tables, I should be aware of time that tables are operational in the system, correct?
  2. Otherwise, how affects this analysis the performance in backend system?
  3. I have read that it is possible obtain reports with use of Action Usage. The report that I mention is: RAR --> Informer --> Security Reports --> Miscellaneous --> Action Usage by User
  Where does it gets information from? Could be data in the same place that use User Access Review process?
  4. Is it possible to introduce another actors in the Reviewers (In Configuration Tab, User Review > Options > User Review pane)? Now, the reviewers configured are Manager or Role Owner.
  5. To set User Access Reviews, I need some additional technical or is an automatic procedure?
  If there is any requirements that I should be taken into account please, let me know.
  Thanks in advance
  Marta

  Hi,
  I have found this document that answers all my questions:   www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/b05010a3-ed45-2c10-79b2-96df60a6bf2b
  So, now I have another question:
  The GRC Access Control that I have, ERM is not configured and there is no communication with it; (only RAR and CUP are configured).  So, I would like to know if it´s possible configured User Access Review apart from ERM.
  To realize the Role Usage Synchronization job in ERM, the transaction usage information from RAR alert data is needed. The job also obtains role to user assignments and role content information from the back-end systems. Access Control then translates the transaction usage information into role usage.
  If this information could be extracted from the backend tables, I am looking for an alternative to way to load data in the system, regardless ERM. Is it possible?
  Thanks in advance
  Marta