GRC V10: BRFplus rule transport

Hi experts,
how is it possible to transport a brfplus rule.
we generate a function module via SE37 and afterwards the rule. Are the decision table and all brfplus rule settings in the transport of the function module?
Or should I transport the rule as well via brfplus? But there the "Transport" button is greyed-out, because of local object.
But the generated rule has still a local package in the settings, although the function module was assigned to a customer-package. As well I found a note 1624157, but this note doesn't work.
Any ideas?
Thanks a lot.
Alexa

Hi Alexa,
Yes brfplus rules will be transported along with function module, no need to transport separately.
First create the function module and assign to to customer package with transport request and dont forget to activate it. Once this is done select "Define Wofkflow-Related MSMP Rules" from SPRO -> Access Control -> Workflow for Access Control.
There select correct process id, rule type, rule kind, Rule id and in Application/Func. Group Name insert the function module which you have created and execute it.
Let me know if it fixes your issue.
Thanks,
Soman

Similar Messages

  • GRC v10 AC Owners

    Good day,
         OK, it seems that I am missing something with GRC 10.  We are upgrading from CC4.0 to GRC 10.  I believe I have everything configured through SPRO correctly.  I can run a risk analysis on end users and I get results.  I am now at the point where I put the mitigations into the system but I have seem to run into a snag.  When I go to master data > Mitigation, I start to fill in the information but when I try to add a AC Owner I get "No Results Found".
         I have tried adding a Owner to a risk and then going back, I have also added a user under "Access Management" tab with "Access Control Owners".  I have reviewed almost every node in SPRO and I can not seem to find where I am missing something.
    I am sure it is simple since I can not find any documentation on this almost anywhere.  We are currently running GRC v10 SP5.  We are only planning to use the RAR (5.3 term) portion of AC not the other part (Example: Risk Terminator).  Please let me know if there is a simple solution to get a user populated in the AC Owner tab.
    Kind Regards,
    Paul

    Some of the GRC Roles ..
    SAP_GRAC_ACCESS_APPROVER                   Role for Access Request Approver 
    SAP_GRAC_ACCESS_REQUESTER            Role for End user  
    SAP_GRAC_ACCESS_REQUEST_ADMIN     Role for Access Request Administrator 
    SAP_GRAC_ALERTS                                   Generate, clear and delete SOD Alerts
    SAP_GRAC_ALL                                           Super Admin for AC  
    SAP_GRAC_BASE                                        Base Role for all Access Control Users.
    SAP_GRAC_CONTROL_APPROVER          Create AC MIT control, approve, assign, alert and perform Risk analysis
    SAP_GRAC_CONTROL_MONITOR                 Ability to assign MIT control to Risk and perform risk analysis
    SAP_GRAC_CONTROL_OWNER                 Create AC MIT control.  
    SAP_GRAC_DISPLAY_ALL                         Display Access To All AC Objects.
    SAP_GRAC_END_USER                                     End User as a GRC Guest
    SAP_GRAC_FUNCTION_APPROVER            Approve Function for Workflow  
    SAP_GRAC_NWBC                                            View Access Control Information Architecture. 
    SAP_GRAC_REPORTS                                   Ability to run all AC reports.
    SAP_GRAC_RISK_ANALYSIS                 Ability to Perform Risk Analysis 
    SAP_GRAC_RISK_OWNER                       Risk maintainence And Risk Analysis 
    SAP_GRAC_ROLE_MGMT_ADMIN            Role Management Admin   
    SAP_GRAC_ROLE_MGMT_DESINGER         Role Management Designer   
    SAP_GRAC_ROLE_MGMT_ROLE_OWNER     Role Owner    
    SAP_GRAC_ROLE_MGMT_USER                      Role Management Business User  
    SAP_GRAC_SUPER_USER_MGMT_USER     Super User Firefighter   
    SAP_GRAC_SUPER_USER_MGMT_ADMIN     Super User Administrator Role  
    SAP_GRAC_SUPER_USER_MGMT_CNTLR     Super User Controller Role  
    SAP_GRC_MSMP_WF_ADMIN_ALL     MSMP Overall Administrator   
    SAP_GRC_MSMP_WF_CONFIG_ALL     MSMP Overall Configurator   
    SAP_GRAC_RULE_SETUP                       Ability to define Access Rules 
    SAP_GRAC_SETUP                                    Ability to setup Access Control 
    SAP_GRC_FN_BASE                            GRC - Base role to run applications
    Hope it helps ..
    Vikas

  • WebServices in GRC v10.0

    Hi all,
    I have three questions to WebServices regarding SAP GRC v10.0:
    1. Is it possible with v10 to check permissions via WebServices (SAPGRC_AC_IDM_*) only with the RAR component? In v5.3 it was only possible, if CUP was installed too.
    2. Contain the WebService SAPGRC_AC_IDM_RISKANALYSIS in v10 a analysis of critical permissions? In v5.3 only SoDs and critical actions was checked.
    3. What is the task of the parameter includeCrossSystemsAnalysis of the WebService VirsaCCRiskAnalysisService in v10? In v5.3 the value of this WebService has no impact to the SoD check (it SHOULD be:
    includeCrossSystemsAnalysis == true ==> cross system SoD check
    includeCrossSystemsAnalysis == false ==> single system SoD check
    But doesn't matter what's the value of the parameter. There is always a cross system check. Has this changed in v10.0?
    Regards
    Peter

    Hi Peter,
    AFAIK the web services have not yet been published.
    If you had the web service return violations without the requirement for CUP, what would you do with that information?
    I hear that question a lot, I would really like to understand the ideas behind it.
    To one of your other questions: cross system check is only possible for dedicated cross system risks. If there are no such risks defined, this will not yield any results no matter what the value of the parameter is.
    Thanks,
    Frank.

  • SAP GRC v10 and OIM 11g SoD

    Hi,
    I need some information about implementing integration with SAP GRC v10 and SoD. Does anyone of you has any experience in that configuration?
    We have only base information in SAP UM Connector doc and on metalink either. Dooes anyone work with SAP GRC v10 and OIM 11g?
    best
    mp

    See if this helps:
    http://www.oracle.com/technetwork/testcontent/oimconnectordatasheet-saperp-134222.pdf
    regards,
    GP

  • GRC V10 - Agent BRFplus

    Hi,
    we generated our own brfplus agent. But how is it possible to add more than one user ID to a rule result? We want to inform a group of userIDs.
    We don´t want to use MSMP Approver GroupID for the scenario, because we have to make flexible approver results regarding the request details.
    Any ideas?
    Thanks for your help.
    Alexa

    Hi Alexa,
    I'm theorising here but you should be able to have a separate decision table which actually lists the user IDs out and reports them into a new result key.
    This would effectively be your CAD (in 5.3 terminology). You can then make your original decision table reference that new decision table to find the appropriate result (a list of User IDs rather than just a single entry). Alternatively, you could play with the other types of expressions (e.g. boolean formula etc) to directly work through the logic.
    This could quickly end up being a complex over-engineered solution to a potentially simple problem so whilst it may be possible, I'm still not sure I'd go for it. I'd really look back at the core requirement and see whether it would be possible to manage with the direct users mapped or approvers group.
    Simon

  • GRC 10.0 Rule Upload

    Experts,
    I'm currently in the process of converting a legacy SoD rule-set (non SAP GRC AC) to the GRC AC 10.0 rule-set template. This is a tedious process of converting the legacy rule-set to the AC text files (Business Process, Function Action, Risks, etc.), but wanted to reach out to the group to see if there is a better way to perform this task.
    Also, is it possible to get the templates for the text files to confirm my understanding of the text files.
    Any help is greatly appreciated.
    Thank you,
    Kunal

    Diego,
    That is extremely helpful, thank you.
    My next issue is when I try to upload the text files - I receive an error " Transferred codepage does not match the byte order mark"
    I'm not sure which of the files is causing the issue. Do you know if there's a table where it will say the file and location? In 5.3 as you uploaded the files it would provide you with an error and a line number.
    Any thoughts?
    Thanks,
    Kunal

  • Workflow rule transporting problem

    Hi,
      When i am trying to transport rule to from dev system to client system it is not getting copied can any body tell how to copy the rule data from dev to c system

    Hi!!!
    Thanks for ur prompt helps. Actually instead of OBJECTID I was passing the Obj-key and not the OBJECTID. This was creating problem. But still dont know why it was creating the prob.
    Anyways THANKS A LOT.
    Regards,
    Sudipto.

  • FI rule transport with user exit

    I'm transporting FI substition rule, there are two selection checkbox: logical rules and boolean class,
    if I want to transport pre-requisite only, do I need to select logical rules only? what happens if I don't select?
    if I want to transport also user exit under the substitution rule, should I choose boolean class and de-selct logical rules?
    what should I select for each above two case?

    Hi,
    Boolean classes and logical rules have nothing to do with pre-requisites and/or user-exit of your substitution. Logical rules is something you define outside the subsitution as additional feature.
    Regards,
    Eli

  • For GRC 5.3 can I use the SAP GRC 5.2 rule set

    We are going for an upgrade to GRC 5.3,  I have a small concern here....
    Can I use the same ruleset what I used in GRC 5.2 to SAP GRC5.3 ...?
    because when I checked ruleset at permission level in GRC 5.2 it displays first object of an action from one function conflicting with first object of an action from another function, where as in GRC 5.3 it displays all objects of an action from one function vs all objects of an action from another function....
    How will it impact analysis in GRC 5.3 with old rule set...?
    appreciate your response & thanks in advance.

    Hi,
    Here you will find the documentation to get Upgrade/Configuration Guides.
    [https://websmp103.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&]
    SAP BusinessObjects Governance --> Access Control ---> SAP GRC Access Control 5.3
    There you will find a Upgrade guideline.
    Cheers,
    Martin

  • SAP GRC AC: Organizational rules at Batch risks analysis and Dashboards

    Dear All.
    I would like to know GRC AC is able to consider the organizational rules defined (for example: risk only affected to Company, BUKRS 0001) at the Batch risks analysis and at the Dashboard. I already know that for the ad-hoc reporting you can filter by the Org.rules created but i would like to know if this filter is also able for the Batch risks analysis.
    Thanks and regards.

    Dear all.
    As per my knowledge this parameter only sets the flag of Consider Org.Rules at the filters. This is what the guide indicates:
    "Setting the value to YES automatically selects the Consider Org Rule checkbox on the Risk Violations tab of the Access Request and
    Role Maintenance screens."
    So how are you so sure about that indicating this flag to YES will take into consideration the org rules at the Dashboards?
    Regards

  • GRC AC RAR rules not picked up

    Hello All,
    I am new to GRC AC and we have a sandbox set up.  When looking at SRM a user that has SAP_ALL and is set up in the Java stack for open access.  When we run the RAR for this user there are a number of the standard rules that are not showing up.  I can explain away the ones that are cross system (ECC and SRM because we have not yet set up the Cross System to look at both) however there are a number of rules that are strictly SRM that are not being picked up can anyone explain why?
    Thanks
    MK

    Hello All,
    I am new to GRC AC and we have a sandbox set up.  When looking at SRM a user that has SAP_ALL and is set up in the Java stack for open access.  When we run the RAR for this user there are a number of the standard rules that are not showing up.  I can explain away the ones that are cross system (ECC and SRM because we have not yet set up the Cross System to look at both) however there are a number of rules that are strictly SRM that are not being picked up can anyone explain why?
    Thanks
    MK

  • Not able to upload SAP GRC 5.2 rules

    Hi All,
    We are in the process of performing the Post Installation steps of SAP GRC CC 5.2
    While we are trying to import rule set the system is creating/scheduling a background job. In the log there is a warning regarding the URL  
    WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
    Pls guide us as to how to import standard SAP rulesets witout getting above warning message.
    Also I dont understand why the background job is triggered when i am still trying to import the rules.
    Regards,
    Kiran Kandepalli.

    Hi Kiran,
       This is a common issue in GRC AC 5.2. Please follow the pre-implementation guide thoroughly which will take care of this issue. Look at the last section in the guide. Here is the link:
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/0079de64-f5f1-2910-3688-b16619da82fb
    If this does not help, please follow OSS note # 999785 and 1176262.
    Regards,
    Alpesh

  • GRC 10: Default Rule sets

    Hi All.
    i am wondering whether we have default rule set for GRC10 as we found with GRC 5.3. Where do I find them in GRC 10 software download?
    rEgards,
    Faisal

    In GRC10 default rule set are available by BCset :
    GRAC_RA_RULESET_COMMON
    GRAC_RA_RULESET_JDE
    GRAC_RA_RULESET_ORACLE
    GRAC_RA_RULESET_PSOFT
    GRAC_RA_RULESET_SAP_APO
    GRAC_RA_RULESET_SAP_BASIS
    GRAC_RA_RULESET_SAP_CRM
    GRAC_RA_RULESET_SAP_ECCS
    GRAC_RA_RULESET_SAP_HR
    GRAC_RA_RULESET_SAP_NHR
    GRAC_RA_RULESET_SAP_R3
    GRAC_RA_RULESET_SAP_SRM

  • Alert Rules Transport

    Hi Friends,
    I would like to transport all my alert rules configured for my scenario at RTW of QUALITY system  to PRODUCTION system. for that i found 2 options.
    1. Manually enter the alert rules in RTW
    2. run the report "SXMSALERT_CONFIGTRANS".
    in option2: i run the report and transport request created. it shows message as "transport enrty written. alert no: ABC1234".
    So now my doubt is: will this report transport all teh alert rules configured in RTW to PROD? my requirement is i need to transport only my scenario related alert rules....(out of 200 alert rules in RTW, only 10are related to my scenario and i need to transfer only those 10).
    Best Regards,SARAN

    Hi SARAN,
    Transport Alert Categories
    Go to ALRTCATDEF (In DEV) --> Transport (In TOOLBAR) --> Current Alert Category --> Create a Customizing Request and note down your request number
    Go to SE09 (In DEV) --> Check customizing request and Modifiable --> Choose Display Button --> Go to your Request number --> and release the sub node and then release the request.
    Go to STMS (In QA) --> Import --> Import your request
    Transport Alert Rules
    Create a workbench transport request manually with transaction SE09. Delete the corresponding unclassified task of that request. Double click on the transport request and click on button 'edit <-> change'. For Program ID enter R3TR, for Object Type enter TABU and for Object Name enter SXMSALERTRULES.
    Now click on the button with the key symbol (located under 'Function'). Click on 'Insert row' and enter * for table key. Save the request, release it and import it in the target system.
    SAP Note 1110295
    /people/santhosh.kumarv/blog/2011/02/03/know-how-to-transport-only-the-required-alert-rules

  • Cube update rules transport failing-urgent

    Hello All,
    We had a set of TPs created for our project. All went well to the QA system. But when we tried to move these transports to the PROD, first we had a set of TPs failed, all related to the activation of the update rules of the cube we have. We found that this happened ( I think so) because we missed sending changes of a few display attributes, changed to Navigational attributes, to PROD. These navigational attributes are used in the cube. Even after sending the changes of display attributes to NAV attributes, still the TPs are failing. We tried activating the cube update rules by creating new TP and transporting to PROD. But the TP failed.  As nobody in us have the authorization for activating the update rules directly in PROD, we are facing the problem. We are in doubt even if we create another new TP for activation of the UR, we may still fail to activate the UR.
    Can anybody help me with this.
    Many Thanks in advance
    Vinay

    Hello Dinesh,
    When I recreated transports, I included the cube and its update rules in 2 transports. All other object, like the infoobjects changed/created, Navigational attributes are already in production box. When I sent the TPs with cube activation and update rules activation, the TP with the UR activation failed again.
    Hi Siggi,
    When I try to open the update rules in PROD, I am unable to open and I get a message that there is error in UR coming from the data mart infosource to the cube.
    Could you please suggest me something more.
    Thanks a lot
    Regards
    Vinay

Maybe you are looking for

  • Both DVD drives open in  bootcamp

    I'm running bootcamp on a MacPro with dual DVD's. When I use the keyboard to open the top DVD drawer, BOTH of them open, first the top, then the bottom. That's going to make it inconvenient to use the DVD drives separately. BTW, neither of them close

  • How to create new database?

    In the "Oracle ODBC Test" client app, when I try to create a database with ... create database swett ... I get the error "ORA-01100: database already mounted" error. Why? I can create a table with: create table mytable .... and it builds it in the SY

  • 4507R Supervisor module question

    Hi everyone, I am getting the following message when I try to configure the gig1/2 interface which is on Sup mod 1 of my 4507 switch. router(config)#int gig1/2 % WARNING: Interface GigabitEthernet1/2 is usable/operational % only when this is the only

  • Where can I get glibc version 2.0.6 or above

    Would anyone know how/where to download glibc version 2.0.6 or above? Thanks. null

  • RegTask: Failed to send registration request message. Error: 0x80040231

    Hi, i am getting the below error ClientIDManager.log RegTask: Failed to send registration request message. Error: 0x80040231 RegTask: Failed to send registration request. Error: 0x80040231 Error initializing client registration (0x80040222). Please l