GRC CUP to disable mitigate option
Hi,
How can i disable mitigate option,when approver do risk analysis,we don't want approver to assign/create mitigate control .I know if i wouldn't put mitigation URL in mitigation can work.But, in SP14 if i remove mitigation URL. approver gets 500 server error.
Any solution.
Thanks
MUSHU.
Try removing the permissons Viewmitigation and create mitigationcontrol from the role.
Regards,
Chinmaya
Similar Messages
-
Role Upload template for SAP GRC CUP 5.3
Good Morning / Afternoon / Evening SAP Security Gurus,
I am looking to upload end user roles via a role upload template spreadsheet for use in SAP GRC CUP 5.3. I am referring specifically to the recommended template mentioned in step 11 of the 5.3 Post Installation CUP guide, so that roles can be picked within ERM for workflow.
According to the guide, it recommends uploading from the backend systems via a spreadsheet - any template versions or advice on finalising this would be most appreciated.
Best Regards
SteveThanks Ashish,
Someone else recommended this option as well via another forum. Have tried it out and working fine.
Thanks for the reply
Steve -
GRC CUP 5.3 SP16.3 Mitigation Controls automation removal
Does anyone know that if you create any user requests to remove roles from a user, that if any mitigation controls were assigned to the users for those roles, the mitigating control ids can also be automatically removed from RAR during auto provisioning of the request?
Right now, GRC CUP, if configured properly, during auto provisioning, will assign the mitigation controls automatically to the userid in RAR to mitigate the risks when the request is processed if the new access will give any SOD violations. But if you remove the roles from a user and he/she had any mitigation ids assigned in RAR, can the request also automatically remove the mitigated control id associated with it if the user will no longer have that risk? I have not seen the request automatically remove the mitigated id from RAR when the role was removed from the user id during auto provisioning. But I'm not sure if this requires additional workflow configuration or not.
Will greatly appreciate if any1 is aware of this issue and how to resolve it. Or is the only solution to manually remove it from RAR..but this can be tiresome..bc then you have to run the report every week or month in RAR to remove the excessive controls assigned if the users do not have the risks anymore..comparing reports from current to previous month, etc.
Thanks,
A.Hi Alley,
It is not possible to automate the removal of mitigation controls through a workflow in CUP. The only solution is to review on a regular basis and remove them manually from RAR
We also has the same issue and performing manual review at regular intervals of the user & role assigned mitigation controls
Best Regards,
Srihari.K -
Deletion of mass roles from GRC CUP 5.3
Dear All,
I have requirement to delete 1000 roles from GRC CUP 5.3.
I can see option to delete the roles individually under "search role" option but I am not able to find option to delete mass roles.
Please advice.
Regards
Trinadh BokkaHello Trinadh,
It is not possible to delete all the roles at once through the User Interface. However, you can select a lot of roles at the same time by searching for a role pattern. For example, retrieve all roles starting with Z*:
Hope it helps,
Fernando -
Future direction of User Provisioning Tools ( GRC CUP or IDM)
Hi Security Colleagues,
We all know that SAP has GRC CUP(Access Enforcer) and NW IDM for provisioing.
We can use either of toll for user provisioning.
Based on your experience , what is the best tool ? ofcourse ,It changes from one company to other depends on requirements.
I am noticed that lot of SAP devlopment activity going on around IDM.
Based on SAP's future direction, what is the best tool ?
Its a common problem for most of SAP customers as SAP is giving IDM freely as part of NW license.
please share your thoughts..
Thank You.For Futuristic product availabliliy, I always prefer the following two places to check. Can you please also check their?
http://service.sap.com/pam
http://service.sap.com/scl
Check the following Two points under the 2nd Link:
Scenario & Process Component
SAP's Release Strategy
Now based on your query I will also stick to the suggestions given in the Other two posts. To add few more points which you may get helpful I would like to emphasize on the below discussion:
u2022 SAP NetWeaver Identity Management helps companies to centrally manage their user accounts (identities) in a complex system landscape. This includes both SAP and non-SAP systems.
u2022 The solution provides an authoritative, single source of user information and enables self-service management of user information and authorizations using workflow technology.
u2022 In many cases resources such as meeting rooms, PCs and mobile devices, which all may have their own identity in some context, can be included in an identity management solution.
Out of all other points, lets discuss about Provisioning:
u2022 The term provisioning is often used to denote user provisioning or account provisioning.
u2022 The functionality includes:
o creation of accounts
o setting initial passwords
o setting and modifying access rights
o disabling (revoking) an account
o deleting an account
u2022 The overall purpose is to make sure an identity (for example a user) has the correct access to the applications.
u2022 User provisioning products also include workflow capabilities to apply business rules to the account provisioning process and typically provide user self-service capabilities (e.g., password reset)
(All these details I picked up and pasted here from different section of a Solutioning Material I prepared for my company to introduce IDM solutions to my customer... couldn't give here properly due to space constraints). You can understand the Importance SAP is imposing on this product for All aspects of Automating Security and Identity of Living and Non-Living staffs as well. By using this you can get more benefits besides of Provisioning which is available in separate Solutions under other products like Virsa etc. Please go through the relevant materials available in the IDM Forum (Bernhard provided u the link) to understand go for an realization assessment.
regards,
Dipanjan
Edited by: Dipanjan Sanpui on Oct 5, 2009 11:42 AM -
SAP GRC CUP Getting message "Some unmitigated risks exist".
Hi,
when there is one profile or role,when approver mitigate the request.It gets message" Some unmitigated risks exist".
Already it's configured as unchecked for "Allow Approvers to approve access, despite any conflicts" in GRC CUP.
Any advise or solution.
Thanks
shahed.Hi Shahed,
When u you the seeting "Allow approver to approve dispite Risks" as unchecked. This setting exist at stage level as well as at global level. Stage level setting get the preference. With this setting Approver will not be able to approve the request untill all risks are mitigated or no risks exists. It will show an error some unmitigated risk.
Kind Regards,
Srinivasan -
Hi Guys,
We have a requirement where we have to disable the option of "Overprint [Black] Swatch at 100%" in Indesign. This option is available when we go to Indesign ---> Preferences----> Appearance of Black.
Also, if a user opens a file, in which the swatch is already enabled, then it should prompt him for disabling.
I am aware of doing it through AppleScripting, however I would be needing it on both mac as well as Windows Workstations and hence as such I require a JavaScript here.
I am novice to JavaScripting and any help would be highly appreciated.
Thanks Everyone,
AbhishekThanks for your response!!
However, currently this action gets applied to only active documents.
Can we keep the status disabled after we close the indesign document. We need to have it disabled in the preferences panel.
Thanks again for your help !!
Regards,
Abhishek -
Hi Friends,
I am new to Indesign Scripting by Apple Script. As a beginner, I am trying to do some basic scripting in Indesign by Apple Script.
My aim is to disable the option of "Overprint [Black] Swatch at 100%" in Indesign. This option is available when we go to Indesign ---> Preferences----> Appearance of Black.
Also, if a user opens a file, in which the swatch is already enabled, then it should prompt him for disabling.
I can make a display dialog in AppleScript. But, I am bit unsure as how can I go ahead and disable this option. I tried this below script:
tell application "Adobe InDesign CS4"
tell every layout window to set overprint preview to false
end tell
However, it is changing the view option to overprint preview.
Appreciate your help and suggestions!
Thanks,
Abhishektell application "Adobe InDesign CS5"
tell the active document
set overprint black of document preferences to false
end tell
end tell -
How to disable save option from adobe toolbar in Acrobat Reader
We need to disable Save option from Acrobat Reader plugin in Internet Explorer 8/9/10 version.
Acrobat version is X.
Is it possible to disable Save ( Floppy Disk) icon?
We have disabled printing and copying.
Please helpYou are, I'm afraid, chasing an impossible security that cannot exist. Many have sought this, but it just isn't there -- and there is so much more than the save button involved.
If you are a big enterprise with sensitive information consider DRM solutions ($$$$+). -
GRC CUP Error creating request. Approver not found
Hi,
We just upgrade from GRC CUP 14 to GRC CUP 15.6 support pack.I already performed post upgrade steps and when i try to create a request i am getting approver not found.i didnot change workflow.In stage for role approver we have approver determinator "role".
system log report
com.virsa.ae.workflow.NoApproverFoundException: No approvers found for req no : 493, for reqPathId, 662, for path, PROD_APPRV_PATH and approver determinator : Role
at com.virsa.ae.workflow.bo.WorkFlowBOHelper.handleApproversTransactions(WorkFlowBOHelper.java:1469)
at com.virsa.ae.workflow.bo.WorkFlowRequestCreateHelper.handleWFForNewPath(WorkFlowRequestCreateHelper.java:278)
at com.virsa.ae.workflow.bo.WorkFlowRequestCreateHelper.createNewWorkflow(WorkFlowRequestCreateHelper.java:167)
at com.virsa.ae.workflow.bo.WorkFlowBO.saveNewWorkflow(WorkFlowBO.java:120)
at com.virsa.ae.accessrequests.bo.RequestBO.saveNewRequest(RequestBO.java:579)
at com.virsa.ae.accessrequests.actions.CreateRequestAction.createRequest(CreateRequestAction.java:381)
at com.virsa.ae.accessrequests.actions.EUCreateRequestAction.createRequestHandler(EUCreateRequestAction.java:135)
at com.virsa.ae.accessrequests.actions.EUCreateRequestAction.execute(EUCreateRequestAction.java:68)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Please let me know solution ASAP.This is high priority.
Thanks
Yakoob.It looked like some old request stuck in DB.But, not sure about it.I tried by changing the number ranges in configuration by giving the current request number in "from number",but it didn't work.
This is strange some time it gives "error creating request: path not found." and once this error gone then "error creating request : approver not found".
To avoid this i created one more stage by custom approver determinator with application attribute and approver assiged.This stage, i assigned before role approver stage then it worked,Request get created and request get provisioned.
i don't understand why it's not working,if i assigned role approver stage first in a path of workflow.role approver (approver determinator:"role" standard one, "approver" gets from configuration:roles:create role:role approver OR upload from role import).
Please help
Thanks
Yakoob. -
Disable cut option in Indesign CS5.5
Hi,
I want to disable CUT option in indesign once document is opened. I have added ActionFilter.cpp in my project and added following code in "FilterAction" function,
IDocument* myDoc = Utils<ILayoutUIUtils>()->GetFrontDocument();
if (myDoc)
switch(actionID->Get())
CAlert::WarningAlert("1");
case kCutActionID:
case kCopyActionID:
case kPasteActionID:
CAlert::WarningAlert("2");
*componentClass = kSampleActionComponentBoss;
break;
default:
break;
But it is failed to disable CUT menu. and even warning alert "1" is not displayed. Am I missing anything in this? please let me know.
Thanks in advanceHi,
I have solved this issue
took help of SuppUI sample code of indesign.
Thank you -
Our company deals with audio/video media provided by content providers and per MPAA guidelines we need our macs configured where no media content can be copied/transferred out of Macs via External Drives, Wireless, Bluetooth etc.
I was able to configure mac to restrict copy to external connected drives. But iam wondering how to disable bluetooth option so that data transfer to a bluetooth device can be avoided. Is there a way we can disable or remove bluetooth option in Macs?
Thanks for yourhelpHave you checked this item in BIOS: "BIOS --> Security --> I/O Port Access --> Bluetooth"?
ThinkPad T500 2082-6PG: T9400(2.53GHz), 2GB RAM, 250GB 5400rpm HD,
LCD, 256MB ATI Radeon HD3650, Secure chip, Fingerprint reader, WinXP SP2 -
Our corporation is mandated by privacy laws within provincial legislation that prevents us from using cloud based storage outside of our province for the storage of data. We are unable to continue using Adobe products based on the new subscription based model due to the inclusion of cloud based storage. We need to have a way to disable the ability/option for our large corporate user base to store data files in the cloud. Merely having the "option" to store files in a location of one's choice is not sufficient based on the policies we are legally forced to adhere to. Without the option of disabling the cloud storage for our user base we will be forced to look at other vendors products to fill the needs we have that are currently filled by the Adobe line of products. We would prefer to stay with Adobe products...so if someone knows how to disable this option (via registry edits, etc.), please advise.
hi Nikolay,
there is no clean solution for your problem. Browsers cache files by url, you can avoid caching appending in query string unique value per deployment. For example
_layouts/my_js_file.js?v=<current date> - will be refreshed from cache when day changes
_layouts/my_js_file.js?v=<GUID> - if guid is generated on every request, this file should never cache
_layouts/my_js_file.js?v=<product version> - more preferable solution, browser will update cache on every new version that was deployed
Actually, ScriptLink should take care about this, internally it has a method that appends unique id into query string based on js file content, if content changed, hash is also changed and new unique id is generated.
Check Below link for more information
http://sharepoint.stackexchange.com/questions/57874/how-to-avoid-caching-issue-when-using-custom-javascript-and-css-deployed-under
You can also check this link
http://www.sharepointnutsandbolts.com/2011/11/avoiding-bugs-from-cached-javascript.html
Please mark the Answer and Vote if it will help to resolved your issue -
How to disable the option of Resart for application error in SXMB_moni
Hi Experts,
I have a scenario of JDBC to Proxy.In this we have created Fault message type to capture any error.The requirement is to disable the option of Restart in SXMB_MONI for application error generated with Fault message.We have made coding for generating application error in inbound proxy code.Looking for a quick reply.
Thanks
DeepakHi Mayank,
I am looking for disabling the "Application Error" generated from Fault message of inbound proxy to "Resart" using Resart button in SXMB_moni of Application system ECC.what I am referring to is how to disable u201Crestartu201D (not resend) of the messages in SXMB_MONI if they have errors.
For example, the interface to load some entries calls a proxy which may load some messages successfully and some may result in errors. This would appear in the SXMB_MONI with application errors with restart capability. If the user restarts the message it will post the entries again which were successfully posted earlier. We would like to prevent this from happening.
Thanks
Deepak
Edited by: deepak jaiswal on Mar 2, 2010 5:19 PM -
How does GRC CUP handle scheduled termination set up in SAP HR ?
Dear Experts,
We are planning to use "HR Tiggers" for Hire, Terminate and transfer events in GRC CUP ? Can some body help me understand how does GRC CUP handle the termination requests that are scheduled in future ?
Thanks
KumarI configured HR trigger rule for infotype 0000 & subtype Z1,field MASSN with value equal to 01 to trigger new hire...i don't see any data being populated into table /VIRSA/INT_TRIG & ?VIRSA/DATA.
I could see the rule in table /VIRSA/RULEATTR.
Any help would be appreciated.
Thanks,
Srinu
Maybe you are looking for
-
I have had my imac a couple of days and when i went to play a dvd for my OU course I could hear the disc spinning then it stopped and told me "DVD player stopped unexpectedly" Its my first Apple product other than my iPad 3 so I'm a little bit lost a
-
What are Sys Prefs for View desktop on TV monitor
I have the cable connected to the computer and a flat screed TV. i get the startup display on the monitor, the mouse tracks and the screen saver works but the screen saver pictures are not the same. I cannot get the computer desktop on the TV monitor
-
EEWB enhancement destroyed BP_HEAD ??
Hi there, I did an EEWB enhancement for the objecttype BUPA. I added some new fields and a table as assignementblock. I followed the steps explained in the SAP help and in SAP Note # 1069791. What happens now is that I get following dumps opening an
-
Please tell me how do get a real person on customer support. This system is terrible.
-
Maximum No. of Drilldown Characteristics - Anyway to to overcome
Hi, We are on 3.0B vesion of the BW system, using 3.5 Frontend for BEx. In the BEx, during the query generation, we are not allowed to have more than 50 chars / KFs in the drilldown for the query. The is explained in OSS note : 540641.. Would anybo