GRC RAR Simulate issue

Folks, I wonder if you can help...
We are running GRC 5.3 and I'm currently validating RAR. I have just tried to test the 'Simulate' functionality in User Level Risk Analysis but get a problem:
I am trying to test Action Level Simulation and therefore want to enter a transaction in the 'Value' field - (in order to include or exclude the transaction from the analysis), when I click on the selection icon at the side of the Value field to enter the search screen -I can then select the system I need to search, but then when I perform an unrestricted search ( to return all possible values of transactions). I get a total of 22000 values returned stopping at transactions beginning with M* - NOT the expected amount of some 90000 transactions in our system.
I have performed a download/upload of the Static text and SU24 Objects into the GRC system as part of the post installation steps and the text files produced show all the transactions objects in the system. Is there anything else I need to do in order to configure GRC to see all the transactions.
your help will be most appreciated.

Hello Wei,
Here are responses to your queries:
1. When running a RAR incremental role report with 4 rulesets, we encounter a status error on some roles, why is the status showing error while others are complete?
-> When you run batch risk analysis system runs analysis on multiple roles/users/profiles. Whenever it encounters error for one of the object (role/user/profile), system goes on to next object in sequence and does not stop there. This way risk analysis does not stop if you error for a particular object and tries to complete as much as it can. Now the reason for error on some of the objects can be found later. Try to run risk analysis on that particular object only which failed and then try to troubleshoot the problem with it. check the logs after you run on that particular object.
2. And also, from 0 - 19% seems to be quite fast, but after that it is running very slow, and i see the CPU comp and Memory uti is very high, any idea what might be the cause?
-> The time taken to perform risk analysis on objects may vary depending upon the number of auth. objects available with the object. If A role has 30 objects and B role has 2000 then system will take different amonut time to run risk analysis on each one of them. risk analysis on A will complete faster than that of B. In addition to that, since you ar using 4 rulesets , system tries to analysis the objects for all the rulesets. This will increase the risk analysis time considerably.
Regards,
Varun

Similar Messages

GRC RAR version relative to SAP upgrade to ECC 6

Hi,
Currently we are on GRC RAR version AC-RAR 5.3-13.3. We are upgrading our SAP from ECC 5 to ECC 6 and the latest support pack. What GRC RAR version do we need to be on to identify any potential SOD issues on the ECC 6 system? Are there any other potential pitfalls that we should be aware of?
Thanks,
John Burk

Hello John,
Are you using a customized rule set?
SAP provides rule updates periodically:
For example:
1446680 - Risk Analysis and Remediation Rule Update Q2 2010
You'll find that some specific changes are performed in these rule updates, and some of these changes are only for ECC 6.
You might want to check also here:
Note 986996 - GRC Access Control- Best Practice for Rules and Risks
Then, the point is not the GRC version, but the rule set. Of course, you have to upgrade the RTAs.
Cheers,
Diego.

GRC RAR

Hi,
When i ran user/role/profile synchronization job for oracle in GRC RAR.It's keep running and when i check log.It says:
com.virsa.cc.xsys.util.Lock lock
WARNING: It is used by the another owner: For current thread retrying to get lock : 1004
Please let me know,how it can be fixed.
Thanks
Mash

Basis has unlocked an object in the database for us and the user/role/profile full synchronization job for oracle in GRC RAR is now running and completed successfully
We scheduled full synch batch risk analysis job. But Job is failed due to ORA issue.
Below the Job log error message.
2012-02-23 04:01:35 Failed Error while executing the Job for Object(s) :CDELACK:Batch rolled back. Caused by java.sql.BatchUpdateException: ORA-00001: unique constraint (SAPSR3DB.SYS_C00157225) violate... (see log for details)
2012-02-23 05:40:20 Started Full Synch batch Risk ORA11IDEV started :threadid: 0

Critical transactions in GRC RAR 5.3

Hi,
we have an option in GRC RAR 5.3 to fetch the critical action report in informer. how can i add some more critical actions into the GRC, is there a facility in GRC RAR to add critical transactions or this should be done through backend??. kindly advice.
thanks

Hi,
The process is very simple, identify your sensitive/critical transactions, make functions and then define risks as critical acttions in RAR. After generating rules, you will be able to run risk analysis for those critical/Sensitive transactions.
Regards,
Sabita

GRC RAR Alert Email Sender

Hi,
I am trying to work out how GRC RAR determines which email address to use when sending out RAR Alerts. I have a risk which has 3 Risk Owners, I have tried various combinations of assigning Risk Owners to the Risk, but cannot see any logic as to how RAR picks which one to send the email alert from.
If I just have one Risk Owner, then the Alert is sent from that user, however when multiple owners are attached there does not appear to be any logic as to which one from the list is chosen.
Any help would be much appreciated.
Thanks & Regards,
Stephen

Hi Stephen,
In GRC ARA 5.3, following is the logic which determines that who is sending the notification if there are multiple role owners.
The logic goes like this while sending the emails:-
1. It re-orders the role owner list so that alphabetically the last e-mail is treated as first.
For example:-
email of C01   say email is C01@ XYZ.com
email of B01   say email is B01@ XYZ.com
email of Z01    say email is A01@ XYZ.com
** Alphabetically C01 is last and will send the mails.
2. Now this last email of C01 becomes the e-mail id who will be set to send the mail to all other owners in list.
I hope this information helps.
Regards,
Yukti

GRC RAR function ids

Hi,
I have a question for GRC RAR functions ids.After uploading objects,do i have to create function ids and add tcodes and update permissions with the help of controllers/finance admin.I am not sure how it works.
Thanks
Mushu.

Dear Mushu,
You will get businessprocess, rule set, funciton, risks etc., text files for different systems like R/3, CRM & SRM along with the installation files. You can upload these files and generate your SOD rules. This is standard rule set available from SAP. You can customize this rule set later as per your business requirements by changing functions, risks etc.,
If you want to have totally customized rule set then you need to follow the procedure of creating functions, addition of t-codes, authorization obejcts (permissions) enablement and then generating rules. If the customized rule set is huge the better to use the text files - tweak them and upload into RAR tool
Thanks and Best Regards,
Srihari.K

GRC RAR Issue

Hello All,
How to get populate the list of System in RAR, when we want to run Role level based Risk Analysis for the particular system.
The drop down list for the System above the Role Name Tab.
I have tried to Dig out on the RAR but unable to find where to configure the same.
Thanks,
CB

Hello,
you can select the parcticler system while scheduling the background jobs at user level/role level.
there is a system selection tab->search->execute-> you can get the list of systems,and then select the particler system run the risk analysis against the user/role.
Regards,
Arjuna.

SAP GRC RAR 5.3 SP9 "Cannot execute BAPI UserList"

Hi everyone,
After upgrading to 5.3 SP9, my client started experiencing some problems with RAR. I doubt it's linked to the upgrade, since I did all the testing and results were as expected. The problem is as follows:
Using RAR, for only one specific system (SAP ECC6 box), when running foreground AND background analysis for USERS, all analysis fails with the following error log (see below message). All ROLE analysis work as expected (SOD and critical actions/autorisations).
In the configuration tab, the connexion test is successful. I did some testing with a BASIS from the client and we identified that when running a successful analysis, we could log a RFC connection to the backend system (dont recall the transaction used though). When the analysis failed, no connexion was logged.
The client's GRC admin opened a ticket with SAP, but I was wondering if the collective knowledge of SDN could maybe help us identify the cause of our problems.
Any solution path is welcome
Kind regards
Jerome Fortin
========================================================================================
Jan 18, 2010 2:19:09 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Foreground : Analysis starts: XL1360
Jan 18, 2010 2:19:09 PM com.virsa.cc.comp.VirsaXSR3_01Interface execute
WARNING: VIRSAXSR3_01: Cannot execute BAPI UserList
java.lang.ArrayIndexOutOfBoundsException
     at com.sap.mw.jco.JCO$MetaData.getType(JCO.java:10211)
     at com.sap.aii.proxy.framework.core.JcoBaseTypeData.getElementValue(JcoBaseTypeData.java:503)
     at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClass.getRelatedModelObjects(DynamicRFCModelClass.java:787)
     at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClass.addRelatedModelObject(DynamicRFCModelClass.java:821)
     at com.virsa.cc.common.ModelNodeUtil._copyNodeTreeToModel(ModelNodeUtil.java:68)
     at com.virsa.cc.common.ModelNodeUtil.copyNodeTreeToModel(ModelNodeUtil.java:52)
     at com.virsa.cc.comp.VirsaXSR3_01Interface.execute(VirsaXSR3_01Interface.java:267)
     at com.virsa.cc.comp.wdp.InternalVirsaXSR3_01Interface.execute(InternalVirsaXSR3_01Interface.java:1341)
     at com.virsa.cc.comp.wdp.InternalVirsaXSR3_01Interface$External.execute(InternalVirsaXSR3_01Interface.java:1376)
     at com.virsa.cc.comp.BackendAccessInterface.executeBAPIModel(BackendAccessInterface.java:3415)
     at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:409)
     at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
     at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.executeBAPI(InternalBackendAccessInterface.java:4227)
     at com.virsa.cc.comp.BackendAccessInterface.searchUser(BackendAccessInterface.java:758)
     at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.searchUser(InternalBackendAccessInterface.java:4279)
     at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.searchUser(InternalBackendAccessInterface.java:4748)
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:548)
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.userIsIgnored(DataExtractorSAP.java:529)
     at com.virsa.cc.xsys.meng.MatchingEngine.getObjActions(MatchingEngine.java:702)
     at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:121)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1344)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:237)
     at com.virsa.cc.ui.UserSelection.onActionExecute(UserSelection.java:634)
     at com.virsa.cc.ui.UserSelection.onActionConfirmExecute(UserSelection.java:1858)
     at com.virsa.cc.ui.wdp.InternalUserSelection.wdInvokeEventHandler(InternalUserSelection.java:1287)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
     at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:332)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:219)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Jan 18, 2010 2:19:09 PM com.virsa.cc.xsys.meng.MatchingEngine matchActRisks
WARNING: Error :
com.virsa.cc.dataextractor.dao.DataExtractorException: Impossible d'extraire les donn?es du syst?me (P01R3S010) ; pour plus d'information, reportez-vous ? ccappcomp.n.log
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:551)
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.userIsIgnored(DataExtractorSAP.java:529)
     at com.virsa.cc.xsys.meng.MatchingEngine.getObjActions(MatchingEngine.java:702)
     at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:121)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1344)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:237)
     at com.virsa.cc.ui.UserSelection.onActionExecute(UserSelection.java:634)
     at com.virsa.cc.ui.UserSelection.onActionConfirmExecute(UserSelection.java:1858)
     at com.virsa.cc.ui.wdp.InternalUserSelection.wdInvokeEventHandler(InternalUserSelection.java:1287)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
     at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:332)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:219)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Jan 18, 2010 2:19:09 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
WARNING: Foreground : Failed to run Risk Analysis
java.lang.Exception: Impossible d'extraire les donn?es du syst?me (P01R3S010) ; pour plus d'information, reportez-vous ? ccappcomp.n.log
     at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:127)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1344)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:237)
     at com.virsa.cc.ui.UserSelection.onActionExecute(UserSelection.java:634)
     at com.virsa.cc.ui.UserSelection.onActionConfirmExecute(UserSelection.java:1858)
     at com.virsa.cc.ui.wdp.InternalUserSelection.wdInvokeEventHandler(InternalUserSelection.java:1287)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
     at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:332)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:219)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Yes, I am aware there might be an issue with the BAPI USER list execution, it is pretty excplicit in the message.
I was wondering if anyone has seen this error before and if someone can help me trace the source of the error. A message was already open with SAP before christmas and no solution was identified at the moment.
Impossible d'extraire les donn?es du syst?me (P01R3S010) ; pour plus d'information, reportez-vous ? ccappcomp.n.log at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:551) at
This can be translated to: Cannot extract data from the system P01, for more information look at the log file xxxx..
Edited by: Jerome Fortin on Jan 19, 2010 9:15 AM

SAP GRC RAR Rules Generation Job Error - SP13 application

Hello,
we applied SP 13 on GRC and RAR Rule Generation job is always in "error" status; below I list an example of job log:
INFO: -
Scheduling Job =>237----
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob run
INFO: --- Starting Job ID:237 (RULE_GENERATION) - generate f113
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.util.Lock lock
FINEST: Lock:1007
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 237 Status: Running
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
1@@Msg is generate f113 started :threadid: 1
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=237, status=1, message=generate f113 started :threadid: 1
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.util.Lock unlock
FINEST: Unlock:1007
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob ruleGeneration
INFO: @@@--- Rule ruleGeneration Started ....237
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob run
WARNING: *** Job Exception: null
java.lang.NullPointerException
     at com.virsa.cc.xsys.bg.BgJob.ruleGeneration(BgJob.java:1245)
     at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:609)
     at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:363)
     at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:375)
     at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:92)
     at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:444)
     at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1236)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
     at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
     at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 237 Status: Error
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
2@@Msg is Error while executing the Job:null
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=237, status=2, message=Error while executing the Job:null
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob scheduleJob
INFO: -
Complted Job =>237----
Apr 4, 2011 1:36:13 PM com.virsa.cc.xsys.util.Lock lock
WARNING: It is used by the same owner: For current thread retrying to get lock : 1001
Apr 4, 2011 1:36:13 PM com.virsa.cc.xsys.util.Lock lock
FINEST: Lock:1001
Apr 4, 2011 1:36:13 PM com.virsa.cc.xsys.util.Lock unlock
FINEST: Unlock:1001
Is there someone that can help me?
I checked and it seems that "Use NetWeaver Logical Lock" in config tab has to be set to "No"...is it correct for you or have you got other tips?
Thx to all

Hello,
actuallt current values are:
Row CNFGPARAM| CNFGSEQ| CNFGVALUE|
35 250 0 NO
36 251 0 YES
Value for 250 is ok based on your feedback.
Value for 251 is based on SNOTE 1508611, even if SDN forum suggests "0" against the note.
Have you got any tips?

Allowed variables in SAP GRC RAR messages

Hi experts,
I'm using SAP GRC AC 5.3.
In RAR, I want to configure message 0269 in cc_messages.txt file in order to change text including the description of the mitigation control.
Does anybody knows what's is this variable name ? Or even, where can I find a list of allowed variables for insertion in messages ?
Thanks,
Roque.

Roquevalder,
I understand your question now. I see the message you are talking about:
VIRSA_CC_MSG     0269     EN     error     The mitigating control was updated by #_!USERID#_! on #_!DATE#_! at #_!TIME#_!. This email serves a notification that you have been #_!STATUSCHANGED#_! as the monitor for : #_!LINESEP#_! #_!LINESEP#_! #_!LINESEP#_! #_!CONTROLIDTEXT#_! #_!CONTROLID#_! #_!LINESEP#_! #_!HROBJTYPELINE#_! #_!LINESEP#_! #_!OBJECTTYPE#_! #_!OBJECTID#_! #_!LINESEP#_! #_!ORGRULELINE#_! #_!LINESEP#_! #_!RISKIDTEXT#_! #_!RISKID#_! #_!LINESEP#_! #_!LINESEP#_! #_!MONTEXT#_! #_!MONITOR#_! #_!LINESEP#_! #_!LINESEP#_! #_!VALIDFROMTEXT#_! #_!VALIDFROM#_! #_!VALIDTOTEXT#_! #_!VALIDTO#_! #_!LINESEP#_! #_!LINESEP#_! #_!STATUSTEXT#_! #_!STATUS#_!
But at the end of the file you have something like this:
D     VIRSA_CC_MSGPRMS     0269     EN     CONTROLIDTEXT     CONTROLIDTEXT
D     VIRSA_CC_MSGPRMS     0269     EN     CONTROLID     CONTROLID
D     VIRSA_CC_MSGPRMS     0269     EN     HROBJTYPELINE     HROBJTYPELINE
D     VIRSA_CC_MSGPRMS     0269     EN     ORGRULELINE     ORGRULELINE
D     VIRSA_CC_MSGPRMS     0269     EN     RISKIDTEXT     RISKIDTEXT
I guess if you want to add a value in the message you have also to define it at the tail of the file.
My advice is to open a OSS message to ask for this functionality. You shouldn´t change it manually. Take into account that this file must be uploaded each time you update your GRC java components. So, if you make a custom change, you have to repeat that change every time you update. So I think you should ask SAP for this. They will probably include this field in next patches.
Regards,
Diego.

Disable Rules- Actions no longer needed in GRC RAR

Hello together,
Requirement: Disable Rules in RAR 5.3
There is a particular Risk ID: F029, where it has the below Conflicting Actions to be Disabled in RAR 5.3
"Post Outgoing Payments (F-31) and   Enter G/L Account Posting (F-02)
"Enter G/L Account Posting (F-02) and   Post with Clearing (FB05)
"Post Outgoing Payments (F-31) and   Post Document (FB01)
"Post with Clearing (FB05) and   Post Document (FB01)
"Post Outgoing Payments (F-31) and   Post with Clearing (FB05)
"Post with Clearing (FB05) and   Post with Clearing (FB05)
"Post Outgoing Payments (F-31) and   Reverse Document (FB08)
"Reverse Document (FB08) and   Post with Clearing (FB05)
"Post Outgoing Payments (F-31) and   Post Document (FBR2)
"Post with Clearing (FB05) and   Post Document (FBR2)
"Post Outgoing Payments (F-31) and   Reverse Cross-Company Code Document (FBU8)
"Post with Clearing (FB05) and   Reverse Cross-Company Code Document (FBU8)
"Post Outgoing Payments (F-31) and   Post Parked Document (FBV0)
"Post Parked Document (FBV0) and   Post with Clearing (FB05)
When checked the relevant functions underneath the listed Actions, they contain in the Function (AR01 & GL01)
I have listed out the common Actions and listed out the functions:
Risk ID    Actions    Function ID
F029              F31                      AR01
F029              F02                      GL01
F029              FB01                    GL01
F029              FB05                    GL01 & AR01
F029              FB08                    GL01
F029              FBR2                    GL01
F029              FBU8                    GL01
F029              FBV0                    GL01
Preformed the below steps to disable the Actions:
Rule Architect-> Functions-> Search-> Function ID-> E.g. AR01-> Search-> Change-> F-31-> Disabled.
*Issues*:
When Disabled the Action F-31, noticed that all other risks (apart from the given list above ) were also being disabled and got escalated. As Action F-31 was in conflict with other Actions and functions.
Inputs Required:
Therefore could anyone suggest in how to disable only the listed combination of Actions from RAR. As when checked through my analysis there is no option to Individually disable the Rule IDs.
Do I have to create and build the complete Rule Sets again, can anyone suggest me the next steps in what needs to be done, for these actions to be disabled.
Thank you
Regards
Sridhar

Hello Simon and Sri Hari,
Regret for the delay in reply and I am very thankful for your suggestions.
I have manually added the Rule Ids under the newly created Mitigating Ids. I followed the below steps:
1) Mitigation-> Created Mitigating Id (SMFI0004) and under Associated Risks I have manually inserted the Rule Ids (e.g. F0290KA01)
2) - Clicked on Mitigate Users and Provided the associated Users ID : SP209
    - In the Risk ID: I directly inserted the Rule ID: F0290KA01 and assigned the monitor IDs accordingly and saved the data to show up a false positive Mitigating report.
Issue:
Once I have assigned all the users by mapping the Rule Ids towards the mitigating Ids, I extracted the report: Informer Tab-> Risk Analysis-> User Level and choosed to Exclude the Mitigated Risks.
The issue is, In the extracted report I can still VIEW the mitigated users list and the clients are questioning as to why these users are still showing when its been assigned to a false positive mitigating Ids.
Request you to kindly provide your inputs and thoughts on how to exclude these mitigated users from the reports.
Thank you
Regards
Sridhar

Rare battery issue that "MacBook Pro SMC Firmware Update 1.7" was supposed to address.

I recently downloaded this update that is supposed to "address a rare issue on some Apple notebooks where a battery that has accumulated more than 1000 charge cycles may unexpectedly shut down or stop functioning." This did nothing for my battery, which has been completely shot for the past six months. My MacBook Pro is essentially a desktop now because it constantly has to be plugged in. My battery only had between 200-300 cycles when it shutdown. Apple service would not replace the battery free of charge because I was off my warranty, even though I knew this was a factory defect. My question is now that Apple has acknowledged that some of the MacBook Pros had faulty batteries, will they replace them free of charge even if i'm off warranty? It seems ridiculous that I have to pay $200 plus to fix a problem that was their fault in the beginning by supplying faulty batteries.

Welcome to the Apple Support Communities
Apple has fixed the battery problem by a SMC update, so the 1000 cycles problem is now fixed, and your problem is different.
During the first year of warranty, if your battery fails, you will get it repaired for free. However, if it fails when the warranty has expired, you will have to pay unless you have purchased AppleCare.
If it's a common problem with a lot of MacBooks Pro, Apple will start a replacement program, where they will repair all batteries affected for free. This is the only exception, so you will have to pay because your warranty expired

Estimation for efforts and man days for GRC RAR

Hi,
I am new to GRC implemetation. I have to estimate number of person days or efforts required to implement RAR at clients place.
Requirements are like..
Implementing only RAR
Have their own rule set,
Have 1600 users and 300 roles.
Can anybody give some inputs on how to go with this ?
Regards,
Bindu

Hi Bindu,
As per my consulting experience, this implementation would take from 1 month to 3 months. It doesn't matter how many users the client has but the implementation will depend upon some of following criterias:
1) Is the rule set already built or do you need to build it?
2) How many violation do you expect? Do you expect most of violatons to remediate or mitigate during the course of implementation?
3) Will there be a constant help available from client side?
4) What functionalities of RAR client wants to use?
5) Does client have exposure to NW and Java?
Regards,
Alpesh

Thunar & Squeeze/Xarchiver RAR Decompression Issue

Trying to decompress ~100 MB RAR archives results in Squeeze 0.2.3 and Xarchiver 0.5.2 (via repos) hanging and freezing the system. Thus is with either the thunar-archive-plugin, or through Thunar UCAs. The same happens with squeeze-0.2.90-svn-r29419 and 7z (from p7zip 4.61) as well. unrar via the CLI and PeaZip 2.5 both handle the decompression of large files gracefully. Anyone else experience the same?
UPDATE: Looks as if the issue is specific to large, passworded RAR archives and Squeeze. Although Squeeze will not hang the system with the same file on the same box under Ubuntu.
Last edited by adamlau (2009-02-02 01:38:50)

OK, I got it.
In case someone else has this problem. The Trash and Removable Media icons were checked in Desktop Settings/Icons, but none of them showed up on the Desktop. The reason turned out to be the way how I started up xfce: instead of
exec ck-launch-session xfce4-session
in my .xinitrc, it should be
exec ck-launch-session startxfce4
startxfce4 is a script wrapper for xfce4-session, which also sets some env variables...
Thanks anyway
Last edited by Leonid.I (2011-01-22 17:00:11)

Remediation in GRC RAR

Hi,
After Running the Risk Analysis under Informer Tab in RAR Component, there is an option to do Mitigation or Remediation directly. The Mitigation is working fine but coming to the Remediation the Submit button is disabled.
Please let us know the process, how to utilize this functionality.
Thanks,
Sudip Saha

Sudip,
This feature is not available. It was never implemented in RAR 5.X but it may work in AC 10.0.
Regards,
Alpesh

GRC RAR Simulate issue

Similar Messages

Maybe you are looking for