GRC10 Firefighter - Role-based & ID-based

Similar Messages

• Implementing roles and rules based authorisation with Azure AD

  Hi all,
  I would greatly appreciate some input on feasibility and patterns I should look at for a complex technical requirement that I am currently tasked with designing.
  We have a system that comprises a web and mobile app. In the past we have implemented session based authentication through ADAM and authorisation through custom business rules contained within the applications. The authentication mechanism is in the process
  of being migrated to Azure AD and authorisation is planned to be moved to Azure AD for our next release.
  Existing authorisation within our web application is already complex. We have users that belong to different groups with a range of permissions such as read, write or admin. Additionally each user is granted access to N customers and also N locations within
  each customer. We have a requirement that any number of combinations of customers and locations be supported. Users also need to have different permissions for each entity, i.e. read access to customer 1 location 2, write access to customer 4 and administer
  customer 7. Currently these privileges are maintained within a relational database and enforced as part of each PageLoad(). Essentially this is a combination of roles and rules based authorisation.
  We are struggling to represent this complex matrix structure within Azure AD and efficiently implement the authorisation decision in Azure AD. The driver for this technical requirement is to provide re-usability of the authorisation component to other (as
  yet unidentified) applications.
  Currently the best option we have come up with is implementing custom attributes for each class of permissions and storing within this 2048 bit field a bitmask that represents whether this permission is granted for a given location (which has a many to one
  relationship with customer).
  Any help or comment would be gratefully received,
  Phil

  Hi
  When "Advance routing" is used for Task assignment; the task service asserts the folllowing fact types : Task, PreviousOutcome and TaskAction to the rules engine. These facts gives all the reqd info about the task (like outcome of the participant, task stage .. etc)
  Now in the defined ruleset; we can have rules as per our requirement that can extract info from the asserted fact types and assign task to the required/next participant.
  Also note that we write the advance rules for exception cases only.
  For example; let's say all participants have 2 possible Outcomes [COMPLETE, RECHECK]. We have defined the ideal task routing flow as :
  Participant A -> Participant B -> Participant C. This is the flow when all participant selects "COMPLETE"
  Now suppose B selects outcome as "RECHECK" then the task shld move back to A. So for this case only we need to write a advance rule.
  Pls refer to the code sample at : http://download.oracle.com/technology/sample_code/hwf/workflow-106-IterativeDesign.zip
  Also dev guide : refer to section 28.3.7.2 http://download.oracle.com/docs/cd/E14571_01/integration.1111/e10224/bp_hwfmodel.htm#BABBFEJJ
  Thanks
  Edited by: Kania on May 19, 2010 2:41 AM

• Assign roles to task based on condition

  Hi,
  How to assign portal role to task based on condition. If city = abc assign roleA, or else city = zyx assing roleB ie..
  Appreciate your valuable suggestions.
  cheers
  -Ian

  Hi Abhilash & John,
  I have created context attributes 'City' & 'Role'  in WD, hence in BPM, ruleset was created with Context -'http://sap.com/wd_dc/RoleChekComponent' as Return Type & Parameters. While creating decission table, "City" as condition, and "Role" as action selected.
  In decission table, feed the values like for city to role like  "NewYork", "role1" ; "Chicago", "role2" and so on. Hence Rule was created. while I am trying to pass City name to Ruleset function in Task level to fetch corresponding Role name, getting below error. This is because of I have seleted context as Return Type & Parametes while creating Rule.
  Function 'roleChecking' has incompatible parameter #1. Expected 'Context', but found 'xsd:string'
  If I pass context to function getting below error -
  Function 'CheckRole_Ruleset' has incompatible parameter #1. Expected 'Context', but found 'Context'
  How to fix the problem.. Highly appreciated your suggestions and inputs..
  regares,
  -Ian

• GRC 10 EAM - Unable to assign Firefighter roles to owners

  Greetings SAP gurus,
  I am currently on a new GRC 10 installation and having issues with the Emergency Access Management (EAM) component previously known as FireFighter or SPM.  Note: We are trying to implement the Firefighter ''Role-Based" Approach.
  Issue: We are unable to assign EAM roles to owners within NWBC. Click on 'Assign owners to Firefigher ID's and provision Firefighter ID's to firefighters' via the Access Management Tab within NWBC, option Superuser Assignment. Click on Assign.  We are able to find the owners, but when I search for roles to assign, I get the error, 'No records found for the search criteria entered''.
  We are on SP7.
  Items completed:
  1) All post installation tasks were completed correctly, i.e. BC sets activated, connector groups created and working.
  2) EAM roles created on target system and imported via BRM.
  3) EAM role properties edited for "Firefighting' usage in BRM, role owners defined, functional areas defined, business process and sub process areas defined.
  4) Access control owners (i.e. role owners and controllers) defined.
  5) The ID being used for configuration is currently assigned all GRC_NWBC roles available.
  6) The connector groups are working fine and we are using for the Access risk Analysis component which is working fine.
  7) The post EAM configuration steps has been completed.
  Has anyone else experienced a similar issue?  I look forward to your responses.
  Rgds,
  Prevlin Moodley

  Hello Prevlin,
  Are you using a FF role owner for the assignment. This might be helpful:
  [Note 1289579 - Firefighter Owner additional authorization for Role based FF|https://service.sap.com/sap/support/notes/1289579]
  Cheers,
  Diego.

• Rule based & Cost based optimizer

  Hi,
  What is the difference Rule based & Cost based optimizer ?
  Thanks

  Without an optimizer, all SQL statements would simply do block-by-block, row-by-row table scans and table updates.
  The optimizer attempts to find a faster way of accessing rows by looking at alternatives, such as indexes.
  Joins add a level of complexity - the simplest join is "take an appropriate row in the first table, scan the second table for a match". However, deciding which is the first (or driving) table is also an optimization decision.
  As technology improves a lot of different techiques for accessing the rows or joining that tables have been devised, each with it's own optimium data-size:performance:cost curve.
  Rule-Based Optimizer:
  The optimization process follows specific defined rules, and will always follow those rules. The rules are easily documented and cover things like 'when are indexes used', 'which table is the first to be used in a join' and so on. A number of the rules are based on the form of the SQL statement, such as order of table names in the FROM clause.
  In the hands of an expert Oracle SQL tuner, the RBO is a wonderful tool - except that it does not support such advanced as query rewrite and bitmap indexes. In the hands of the typical developer, the RBO is a surefire recipie for slow SQL.
  Cost-Based Optimizer:
  The optimization process internally sets up multiple execution proposals and extrapolates the cost of each proposal using statistics and knowledge of the disk, CPU and memory usage of each of the propsals. It is not unusual for the optimizer to analyze hundred, or even thousands, of proposals - remember, something as simple as a different order of table names is a proposal. The proposal with the least cost is generally selected to be executed.
  The CBO requires accurate statistics to make reasonable decisions.
  Even with good statistics, the complexity of the SQL statement may cause the CBO to make a wrong decision, or ignore a specific proposal. To compensate for this, the developer may provide 'hints' or recommendations to the optimizer. (See the 10g SQL Reference manual for a list of hints.)
  The CBO has been constantly improving with every release since it's inception in Oracle 7.0.12, but early missteps have given it a bad reputation. Even in Oracle8i and 9i Release 1, there were countless 'opportunities for improvement' <tm> As of Oracle 10g, the CBO is quite decent - sufficiently so that the RBO has been officially deprecated.

• Tax procedure condition based / formula based

  Hi,
  I have a query.
  1.Based on tax procedure how we can identify that the tax procedure is formula based or condition based.
  2.what are advantages over one another.
  3.Is their any other way we can find out tax procedure attached to po is formula based / condition based.
  4.What is sequence  to create procedure and maintain record for these two procedure.
  Thanks & Regards
  Atharva G.

  Hi Atharva,
  I will list out the differences and advamtages between the two
  TAX INJ procedure is formula based
  TAX INN procedure is condition based    
  In TAX INJ to define the tax rates we are using excise tax rate in J1ID AND tax code ( FTXP)
  In TAXINN nothing we are entering in tax code also , we are entering every duties in FV11( condition records)
  Amending the duty rates is very easy in case of TAXINN than TAXINJ since we are mentioning the tax duties in FV11 through validity periods, if the tax rate is changed from that date we can maintain the record for the new period in FV11
  IN TAXINN assign taxcode to company code is manadatory but its not manadatory in case of TAXINJ     
  Kindly get back to me, if you have any more clarifications.
  Balakrishna R.V
  Sonata Software Pvt Ltd.

• Pull based , Push based Extraction

  Hi ,
    What is Pull based , Push based extraction ?
    Why LO is using Push based extraction , FI uses Push ?
    What we nedd 2 types Pull , Push ?
  Can anyone tell me the flow of data from R3 TO BW in Pull based , Push based.
  Best Regards

  hi,
  take a look
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/18dfe590-0201-0010-6b8b-d21dfa9929c9
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/978ff5a6-0301-0010-16b0-99d0e7bac114
  Also have a look at this thread
  Push method and Pull method of extraction
  Regards,
  R.Ravi

• COPA (Cost based & Account Based)

  Hi Gurus;
  Can some share me the documents for cost based & account based extraction of COPA.
  I am looking for differences and how exactly do you do extraction for the both(Step-by-step).
  I am also looking for which model should we use if COPA is not implemented in R/3 and otherwise.
  Thanks in advance!

  Hi,
  chk this:
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/g-i/how%20to%20co-pa%20-%20retraction
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/fb07ab90-0201-0010-c489-d527d39cc0c6
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sapportals.km.docs/documents/a1-8-4/how%20to%20set%20up%20connection%20co-pa%20-%20extraction
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/g-i/how%20to%20upload%20co-pa%20hierarchies.pdf
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/g-i/how%20to%20co-pa%20extraction%203.0x
  Thanks,
  Raj

• What is CoPA , what is the difference between Cost based, Account based

  Hi
  what is Copa, what is the difference between cost based , Account based copa,  where we can use. 
  can you send me please related document.
  Thank you
  Anil

  Hello
  Profitability Analysis (CO-PA) enables you to evaluate market segments, which can be classified according to products, customers, orders or any combination of these, or strategic business units, such as sales organizations or business areas, with respect to your company's profit or contribution margin.
  The aim of the system is to provide your sales, marketing, product management and corporate planning departments with information to support internal accounting and decision&#8209;making.
  Two forms of Profitability Analysis are supported: costing-based and account-based.
  ·        Costing-based Profitability Analysis is the form of profitability analysis that groups costs and revenues according to value fields and costing-based valuation approaches, both of which you can define yourself. It guarantees you access at all times to a complete, short-term profitability report.
  ·        Account-based Profitability Analysis is a form of profitability analysis organized in accounts and using an account-based valuation approach. The distinguishing characteristic of this form is its use of cost and revenue elements. It provides you with a profitability report that is permanently reconciled with financial accounting.
  You can also use both of these types of CO&#8209;PA simultaneously.
  Check this link for more help
  http://help.sap.com/erp2005_ehp_02/helpdata/en/7a/4c48c64a0111d1894c0000e829fbbd/frameset.htm
  reg
  *assign points if useful

• Can we create roles/permission list based on custom table

  I wanted to create Roles and Permission list based on custom table (which holds Business Logic),like if column value is 3 then certain roles and 2 then certain............ is it possible in PS?
  Thanks

  Are you looking at restricting the data that is shown or access to pages? Please elaborate your requirements so that a solution can be provided.

• HI,how to find roles for user based on userid?

  hi,
  i need to find roles for each user based on user id.
  can i know any one knows this how to get roles for user?
  thanks,
  jpullareddy

  hi,
  i solve my self.
  i am getting values
  jpullareddy

• Get user and user-roles in form based authentication

  How do I get user and roles associated with the user in my bean for "form based authentication".
  regards,
  nirvan.

  HttpServletRequest#getUserPrincipal().
  This has nothing to do with JSF. Form based authentication is part of Servlet spec.
  In JSF you can get the HttpServletRequest by ExternalContext#getRequest().

• Percentage based overhead based on target cost of actual production

  Hello,
  I'm trying to calculate percentage overhead (overhead as a % of total cost of production) using the usual overhead group, overhead key ,costing sheet, etc.
  Also put the overhead group in the material master.
  Although I am getting it correctly as part of product cost planning, when it comes to calculating this overhead on a production order, it does it based on 'total actual costs' posted to the order. I want it to calculate the % overhead based on the standard cost of actual production (the target cost).
  I would really appreciate some help on this.

  Hi
  If that's the requirement, you can achieve through template allocation. Refer the doc contributed by arturo senosain
  I use a workaround for such cases. Add an activity type in routing with activity quantity same as base qty of routing.. Say, 1 PC
  Maintain the activity price as .15. And you are done
  Br. Ajay M

• Collection based query based on domain

  Hello Everyone, 
  I am having a problem creating a custom collection in my SCCM enviornment
  I want query based collection All Windows Operating
  Systems  except one domain ( In our environment we have 20 domain , in this  i need to exclude one domain)
  Could you help anyone to get this please

  Understood Jeremy,
  Do you have sub domains under the one you want to exclude?
  Like sub.exclude.com under exclude.com?
  We don't have child domain on this.
  In our environment total 20000 machines are there. On the domain excluding having 9000 machines. 
  while I executing with this query i am getting total machines count is 17000 , suppose I have to get around 11000 machines. 
  Please help on this. I have to show my management today, because today is deadline for this. Please help on this 

• SCCM 2012 R2 - query based Collection based on missing update

  Hi,
  I was wondering if anyone knew what attribute to use in console to create query based collection for missing patches? I viewed the entire list of attributes available in console but I cannot seem to find anything that says "Windows Updates" or
  something similar.
  thanks

  You might also consider creating a saved search with all updates that are deployed but still required.
  Kent Agerlund | My blogs: blog.coretech.dk and
  SCUG.DK | Twitter: @Agerlund | Linkedin:
  Kent Agerlund | Author:
  Mastering System Center 2012 R2 Configuration Manager