GRC AC 10 Mitigation Tables
Is anyone aware of the specific tables that contain the mitigating control data (description, name, ID, organization, etc)? I'm aware of the mitigation control object tables (user, role etc). Also is the only ay to import the mitgating controls through the Migration Tool? Is there a mass deletion for mitigating controls? I have not been able to find complete documentation on this specific topic. Any assistance is appreciated.
Hi,
Try seeing the following tables
GRACMITOBJECT -Mitigating control assignment
GRRMANALMITIG - Mitigation values
I have not really studied these tables in detail yet, but if I do find anything useful I will post a reply here.
Similar Messages
-
GRC PC 2.5 table for task plan and testlog and its link
Hi,
I want to know the list of tables used and the link between the tables related to GRC PC.
Mainly I need tables involved while creating task plan, test logs. We need to develop a report using this data. We need to know how the tables are linked. We saw some two, three GRPC tables, in which the primary key is GUID. We need to know how this GUID is getting generated and on what basis we can retrieve this information from the tables.
There is one report in report center of GRC PC 2.5. In that selection screen, is it possible to add another filed and based on that retrive data.
Regards,
Karthick S
Edited by: Karthick Sitaraman on Apr 24, 2009 9:55 AMKarthick,
I can offer the following:
1) SP07 was released on 4/20/2009 and contains a new report "Test Step Status." You might want to look at this report so you don't unnecessarily reinvent the wheel. This would, however, require application of SP07. That report has 42 available fields.....lots of data.
2) The table that contains Test plan Master data is HRP5327.
We previously had minor reporting change required and SAP was able to issue a fix for it. The request was a minor, natural extension of an existing report. Part of the problem is that we have very limited web dynpro ABAP skills in house so development of a report was very time consuming. Another option you might want to look at is BI.
I hope this helps.
Matt -
GRC 5.3 mitigation control
Dear Guys,
Please help me to understand the concept of mitigation control in GRC 5.3 and when it is useful and at what time we need to implement mitigation control.
How could we mitigate user and on what criteria....????
Also some brief about control monitor.
Thanks in Advance......Hi Arpit,
Steps for remediation and mitigation strategy is as below,
Once you do risk analysis, you have the list of risk available in your system, after this you have the option to remove (Remediate) risk by removing conflicting permission or action from role.
OR
there is scenario where you have to accept the risk in this case you have to opt for mitigation control, just consider one example given below,
Function A: Create PO
Function B: Release PO
Above two functions are conflicting and create risk in standard process, so as a standard practice, in reference to compliance SAP recommends to have two people doing it separately, but customer might not be having 2 postions in org to separate this, so customer has to accept the risk and create mitigation control to document this and put the monitoring control so one person can perform this function.
This way it is helful to follow the compliance and when audit happens customer can show that they have identified the risk and documented it and put alternate monitoring control, so the risk cannot be misused.
Hope this helps you understand it.
BR,
Mangesh -
GRC AC 10 - ARM Table with Requests violations
Dear Experts,
Anyone know if there is any GRC AC 10 table containing the summary information if the ARM requests have has violation or not?
Thanks in advance,
Regards,
Vitor CozerHi Victor,
No, there are no such tables which could give the relations between the ARM requests and the corresponding violations.
You have only one option; like Neeraj suggested, run the reports for this need.
Regards,
Ameet -
GRC Access Control VIRSA_CC_ACTRULHDR table
Hi all,
we are using GRC AC 5.3 SP14.
We have noticed that, using the function "Rule Architect -> Utilities -> Export Rules", table VIRSA_CC_ACTRULHDR is not exported.
In the previous SP it was exported.
Do you know if this table is no more relevant ?
AndreaHello Andrea,
I just want to give you some feedback, I know that I'm not answering your question.
I've checked the table VIRSA_CC_ACTRULE and it has the fields: [ACTRISK] ,[ACTIONS] ,[VSYSKEY] ,[FUNCTID] ,[RISKID],[STATUS].
The table you mentioned (VIRSA_CC_ACTRULHDR) has the following columns: [ACTRISK], [RISKID] ,[STATUS] ,[ENABLEORGRULE]
Then it seems that VIRSA_CC_ACTRULHDR only adds ENABLEORGRULE information. If I were a developer I'd check first if there are org. rules defined. If not, it doesn't make sense to export the whole table because it can be generated automatically with the info. in VIRSA_CC_ACTRULE table.
It just a thought, I don't know the source code of the export program and I'm not a developer either (LOL).
I couldn't find any kind of info regarding this in the corresponding note (1168120).
Cheers,
Diego. -
GRC AC V10 - Mitigation Control Approval Workflow
Hi guys,
can me explain somebody the difference between the processID SAP_GRAC_CONTROL_ASGN und SAP_GRAC_CONTROL_MAINT?
And as well can somebody provide me the initiator rule ID for both so that we can have a detailed look into the brfplus rule.
We only want to mitigate controls via an controlowner approval and not a process for the creation of new controls.
That means an asisgnment approval workflow for mitigation controls.
Thanks a lot.Hello Alexa,
Did you ever employ SAP_GRAC_CONTROL_ASGN ? Were you able to identify the included agents ?
I am interested in identifying approvers for mitigating controls who can be included in the workflow but are not risk owners. Would you have any suggestions for this type of agent ?
Any information would be appreciated.
Thanks,
Jamie -
Hi,
I would like to know whether SPM tables are transportable? or do we need to open the client every time you update tables?
Thanks
SamHi Ahmed,
You can download and upload all configurations within Backend /n/virsa/zvfat tcode itself.
Goto Utilities> Download and take the desired dump, you will have to do one by one all. Next you upload it in QA and Prod server in the same place - Utilities> Upload
Just two things might be different in each system - RFC and connector, make sure to change them manually after upload and it will work fine.
FFIDs are to be created manually and Roles are to be transported and attached.
Regards,
Sabita -
Audit log is not showing any data GRC 10 PC
Hi,
when we are trying to execute the audit logs
under reports in process controls,not showing data and getting
error like no data matching the entere selec criteria.
do we need any configuration changes required
Thanks
GRC AdminHello,
check the table DBTABLOG if data contains or not,if no data then maintain the parameter rec/client in RZ11 and try the same
while executing the audit log need to maintain the time frame as HH:MM not HH:MM:SS
check the below link about DBTABLOG
Change Log Monitor Enabling by Table log Activation in SAP Production Environment - Governance, Risk and Compliance - SC…
Regards
Baithi -
GRC AC 5.3 and GRC Process Control on the same server
Hello,
Can we install SAP GRC AC 5.3 and GRC Process Control 3.0 and GRC Risk Management 3.0 on the same box/ same server.
Is there a OSS Note, which talks about having the above 3 components on one box?
Thanks,
ImranHello Imran,
1- My 3 question ARE do I need a separate JAVA Stack for GRC Process Control and seperate JAVA Stack for GRC Access Control
-> No, you can have them installed on save Java stack.
OR
Can I use the same JAVA Stack for GRC Process Control & GRC Access Control?
-> Yes, you can. You have to make sure that you are on SP10 or above for Access Control as only then it will support NW Java 7.01.
2- Can I use EP 7.0.1 installed on same server for both GRC PC 3.0 and GRC AC 5.3?
-> Yes, you can.
3- Can 1 single AS JAVA Database contain both GRC Access Control VIRSA Tables and GRC Process control tables at the same time?
-> For process Control the tables reside on the backend SAP as it is webdynpro ABAP application and for access control the tables reside on the Java database as it is java and webdynpro JAVA application.
Regards, Varun -
Mitigation control ID validity extension -easy way
I work in GRC AC 5.3. All Mitigation control IDs have a validity expiration on same date in near future. Our GRC has many mitigation control IDs with mitigated users. How can I change the valid to date in convenient way?
It may be extended for all mitigated users separately/individually, but it will take huge time.You can download all of them in a text file, make changes and upload it back via the import/export utility under mitigation tab,
Alpesh -
Tables that contains the legacy systems authorization information
Hi all,
I'm setting up legacy systems in my SAP GRC 5.3. We would like to check if the information uploaded from the extractor is correct. Does anyone know what are the GRC 5.3 tables that contains all the systems authorization from the legacy system uploaded?
Thank you in advanced.Hi,
If I understand your question correctly, you wish to know the GRC 5.3 RAR tables that contains the authorization information and want to connect a legacy system.
If you check the /VIRSA/* tables, you can find all the GRC related tables.
However, if you are trying to perform an offline risk analysis, refer the below Article:
http://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c
Hope this helps!!
Regards,
Raghu -
Configuration of User Access Review process
Hi,
I'm new to the forum.
I´m looking at the User Access Review process in CUP.
I would like implement the User Access Review request. So, my question is:
1. Where take GRC the data to make the analysis? I need to know the exactly place where data are collected (which table, transaction code or statistical data)
In case that GRC use the backend tables, I should be aware of time that tables are operational in the system, correct?
2. Otherwise, how affects this analysis the performance in backend system?
3. I have read that it is possible obtain reports with use of Action Usage. The report that I mention is: RAR --> Informer --> Security Reports --> Miscellaneous --> Action Usage by User
Where does it gets information from? Could be data in the same place that use User Access Review process?
4. Is it possible to introduce another actors in the Reviewers (In Configuration Tab, User Review > Options > User Review pane)? Now, the reviewers configured are Manager or Role Owner.
5. To set User Access Reviews, I need some additional technical or is an automatic procedure?
If there is any requirements that I should be taken into account please, let me know.
Thanks in advance
MartaHi,
I have found this document that answers all my questions: www.sdn.sap.com/irj/bpx/go/portal/prtroot/docs/library/uuid/b05010a3-ed45-2c10-79b2-96df60a6bf2b
So, now I have another question:
The GRC Access Control that I have, ERM is not configured and there is no communication with it; (only RAR and CUP are configured). So, I would like to know if it´s possible configured User Access Review apart from ERM.
To realize the Role Usage Synchronization job in ERM, the transaction usage information from RAR alert data is needed. The job also obtains role to user assignments and role content information from the back-end systems. Access Control then translates the transaction usage information into role usage.
If this information could be extracted from the backend tables, I am looking for an alternative to way to load data in the system, regardless ERM. Is it possible?
Thanks in advance
Marta -
Problem in Virsa 4.0 in Mitigate Users
Hi ...
We have patched Virsa 4.0( 400_620) on our production server. After patching, we are facing problem with Mitigate Users.
After logging in CC4.0, under the Mitigation Tab, Mitigation Control ->Mitigate Users -> New Entries.
Here when we add or Mitigate a User under this New Entries, filled required data and SAVE, it prompts "INVALID RISK ID" on the status bar.
We have all the RISK IDs in the CC4.0, when searched for RISK ID and MITIGATING CONTTROL ID, we can see all data in CC4.0.
Due to this SOX team is not able to MITIGATE USERS.
Please advice and suggest how we can fix this problem.
Thanks,
Regards,
NarenderHi Kathy,
I am facing the same issue here. The patch update from 400_640 to 400_700. Originally the 'user mitigated' table had a major flaw within it, whereby it would accept any value, ie you could potentially mitigate a user against a series of risks that did not exist in the system or were not associated with the control id.
The patch has somewhat filled this flaw. Since then all risk appear to be invalid when you mitigate (whether mass way or within the control ID). To resolve this, there is a table called /VIRSA/RISKS (Rule Architect>Risks) which needs to have the risk ID defined. For example DP02 (Create outbound delivery with order ref). This was not needed to be maintained before or there was no check in the code previously.
If your rule matrix has this risk split into various org risks like ours such as DP02ES (spain) you will be able to associate that risk to a control ID or mitigate a user with that risk (via the mass option), as long as the DP02 is defined in the risks table.
The good thing with these checks is 1) the system now checks if the risk is first defined in the system (Rule Architect>Risks- /VIRSA/RISKS) and 2) you will not be able to mitigate user via the mass option if the risk being used is not associated within the mitigation control ID your using.
Hope that helps
Amar -
Brain Bender - select where not data
Hi Gurus'
I have an problem that is doing my head in, just cant get the data set back that I want.
I have two tables (more than that really, these are the last two of 6 related tables) 'mitigation' and mitigation_tracking" which have a one to many relation ship.
The primary and foreign keys relationships are shown at the bottom of the post.
In my example the mitigation table (pkey MIT_ID) has 8 records and I want to return the 8 records except if the user (mit_userid) has already submitted an entry into the tracking table.
With a right outer join using MIT_ID mitigaiton to mitigation_tracking will return the 8 records and 3 nulls I want but if I try and limit this because the user has already processed some entries, is where I run into trouble.
MIT_ID RECORD_ID ASSET_ID CATEGORY_ID RE_ID MIT_ID MIT_USERID
10100 10046 10060 10102 10063 10100 BRAD
10071 10046 10060 10102 10063 10071 BRAD
10100 10046 10060 10102 10063 10100 SCOTT
10070 10046 10060 10104 10065 10070 SCOTT
10081 10046 10080 10140 10080 10081 SCOTT
10082 10046 10080 10140 10080
10083 10046 10080 10140 10080
10120 10046 10060 10102 10064
When I try: where (mit_userid is null or MIT_USRE_ID != BRAD)
the return will still include the data with the MIT_ID = 10100 because both BRAD and SCOTT have both processed this record.
What I want in to return only the rows where BRAD has not made an entry into the second mitigation tracking table even if SCOTT has.
I thought it would be easy but no matter how I look at it I cant get a query to work.
Any help would be greatly appreciated.
Data key sets.
MITIGATION
MIT_ID RE_ID CATEGORY_ID ASSET_ID RECORD_ID DATA
10081 10080 10140 10080 10046 Some Data
10082 10080 10140 10080 10046 Some Data
10120 10064 10102 10060 10046 Some Data
10070 10065 10104 10060 10046 Some Data
10071 10063 10102 10060 10046 Some Data
10100 10063 10102 10060 10046 Some Data
10083 10080 10140 10080 10046 Some Data
MITIGATION_TRACKING
MTRACK_ID RECORD_ID ASSET_ID CATEGORY_ID RE_ID MIT_ID MIT_USERID
71 10046 10060 10102 10063 10100 BRAD
70 10046 10060 10102 10063 10071 BRAD
67 10046 10060 10102 10063 10100 SCOTT
68 10046 10060 10104 10065 10070 SCOTT
69 10046 10080 10140 10080 10081 SCOTTI would just like to express my thanks to
The Flying Spontinalli and John Spencer.
Your suggestion have proved to be on the money.
This was one of the last things I needed to do in an APEX application that I was working on and I had been banging my head against the wall for 2 days.
I new that I needed to intersect on the mit_id but did not know about the "NOT IN" and NOT EXISTS"
I appreciate your taking the time to read, understand and respond.
Thanks
Regards
Brad -
GRC AC10 Mitigation Control Temporary Tables
Hi everyone,
I'm trying to find the table where GRC stores the organizational unit for a new mitigation control before the request is approved. As I could see, after approval (when the control is created) they are moved to HRP1000, 1001, etc.
I've also tried with system trace (ST01 and ST05) but I could only find these tables: GRFNMWRTINST, GRFNMWRTINSTAPPL. Unfortunately I've checked them but they don't store OU data.
Maybe it is stored in an XML file and that's why I cant reach the table.
If you have any idea or any experience to share, I would really appreciate it!
Thanks and regards,
FernandoHi Fernando
Maybe it is stored in an XML file and that's why I cant reach the table.
I was trying to figure out the same thing and suspected that was the case. Or if there might be a temporary text file
I hope someone here can clear it up. But it's a bit annoying in the approach as you cannot tell what changes have been requested or compare changes to current. Hope SAP eventually cleans this up.
Might need to trace it to identify the function module that is used by approver to view the request?
Regards
Colleen
Maybe you are looking for
-
Since yesterday my Iphone 4 does no longer connect to the Wifi. It recognises it, but doesn't connect. It is not the rooter, have checked that. Have restored iphone to factory settings and it still doesn't recognise the wifi connection. Any suggestio
-
New macbook isight not working ?
please help im new to mac and have waited along time to get one and just today received my macbook in the mail and isight does not work? it will act like it takes a pic but nothing just flashes and no picture ? is there something im supposed to do to
-
I have taken the write table to xl.vi example and modified it so that I can use it. Write now I have a vi setup that displays certain columns of data that I am pulling from a txt file in both a graph and a table. Then I am trying to write this table
-
Start Workflow when Upload File using drag and drop
Hi, I am working with SharePoint 2013. I have a workflow needed to be started and run only once after a document is uploaded into the document library. The document library has required custom columns with default values. If I set workflow starting o
-
Function Module for authorization for ztable
Hi All, I created one ZTABLE .I am adding,changing and delete data into that ZTABLE through program from upload one excel file.But before adding ,changing and delete data to that ZTABLE, first check whether that USER have authorization (Addition, Del