How to understand Permission level SoD analysis reports?

Similar Messages

• How to set permission levels per site collection

  Hello,
  A site collection would have 700 sites , with the same (new) permission levels. Is there a way (apart from programming) to copy these permission levels?
  Thank you.
  Christos

  Hello,
  Check this link
  http://social.technet.microsoft.com/Forums/en-US/bdb82f15-6d9c-47b3-b511-f8e019347895/how-to-set-permissions-to-list-item-sharepoint-programmatically
  Thanks!

• How to display 3 level hierarchy alv report using SALV

  Hi ,
        I need to display a Hierarchy ALV report with 3 level.I thought of trying CL_SALV_HIERSEQ_TABLE but i am able to display only two level report.
        How can i display the 3 - level heirarchy report using SALV. I don't want to use SALV_TREE.
        Regards,
        Aditya Tanguturi.

  Hi Aditya,
  Please check this thread
  Is it possible to display more than 2 levels us... | SCN
  Thanks !
  Amit

• How to understand patch level

  Hi experts.
  I have this problem.
  In my development portal, I see, under the System Administration->System Configuration->Collaboration the entry "Transports"
  Instead,
  in my production portal, I see, under the System Administration->System Configuration->Collaboration the entry "Groupware Transports"
  The systems are EP 7.0 SPS level 17 but I have some doubts about the same patch level.
  How can I see which is the patch level component of the above mentioned entries "Transports" and "Groupware Transports"  ?
  Thanks for your help.
  Mario.

  Mario,
  https://wiki.sdn.sap.com/wiki/display/EP/Howtofindoutportalversion%2Cpatchlevelinformation%2Ccomponentsinstalledandsystemlevelinformation
  Try accessing this url for your portal http://server:port/sap/monitoring/ComponentInfo with a System Admin Id
  Good Luck!
  Sandeep Tudumu

• User Level SOD Report - Batch

  Hi GRC Experts,
  Every day my company runs a User Level SOD analysis against every user in ERP or HRP.  Here is the criteria for ERP (there is a connector):
  System:  Our defined ERP connector
  Risk Level:  All
  Rule Set:  Global
  User is not DDIC
  User Type:  Dialog
  Format: Detail      Technival View
  Access Risk Analysis at the Permission Level
  Show All Object
  This job is run in Background, and the report output is downloaded from Background Jobs.
  Is there a way to schedule this job using SE38 and a variant?  We would like to start using a automated scheduling tool.
  The program run is GRFN_BP_SCHEDULER with variant &0000000001569
  I looked at the variant, and it looks for I_PLANID and I_UPDTSK.
  Is all the criteria I selected stored in a table as a PLANID?
  Thanks in advance.
  Donna Wiley

  Hello Plaban,
  Thank you for the info!  How do you set up the variant for the "Report" options?  We need two reports for "User Level".  In the Report Options section, we need one report with a Format = Detail and one with a Format = Management Summary. Both reports should be in the Format = Technical View.
  Thank you and kind regards,
  Janice

• Permission level ruleset download.

  Hi,
  We have unmitigated risks showed up when the risk analysis is done by action level, and those transactions showed up in the   transaction usage history(stats) reports, but we use permission level risk analysis in AE and CC, so these risks dont show up and we didn't have to mitigate at the time of provisining.
  Now I'm in a stage where I need to prove that unmitigated risks are not really risks as per permission level. Because of the no.of risk ids showed up, i'm looking for some easy way to prove this instead of going by each risk id auth object values and comparing with user access in sap system.
  Also, looking for any way to download clean permission level rule set., so I could develop program for comparision. So I tried to download using 'Search permission rules'' report, but the format is not great, would require lot of changes in order to use downloaded for manual comparision in the excel.
  Thanks
  Laks

  SAP_ALL,
  Add SAP_ALL to the Permission level ruleset, before downloading.
  It will solve your problem.
  Thanks,
  Lakh

• User Analysis at Permission Level - Detail Report (RAR SP12)

  Hello All,
  I have having question regarding the User Level Analysis at Permission level report. Currently, we are on GRC Access control 5.3 SP12.
  Per my understanding when you execute the User level analysis at Action level, you get SOD conflict reports based on T-code level and not on authorization / permission level. But, if you execute the user level analysis at permission level then SOD report is based on the authorization / permission object level.
  But now, when I execute the user level analysis at PERMISSION LEVEL in the Informer tab, in the report I am only able to see "Transaction Code Check at Transaction Start" name in the Permission Object Column and "Transaction Code" name in the Field column.
  Look forward to hear from you all.
  Thanks in advance,
  Regards,
  Angelica

  Hi Angelica,
  This behaviour is ok for those risks in which you have not enabled any Object/Field value. It will pick S_TCODE Object and show you the risk.
  This is useful because -
  1. If you have risks defiend at Tcode level - you can still catch them while running risk analysis at permission level.
  2. If you have Object Values defined in risk and you are running permission level analysis it will show risk only if Object Values meet. In that case permission level risk anlysis will not show risk if there is no actual risk.
  3. Running risk analysis at Action level can show false positives when risk is defined ta Object level. So, it is always better to r
  un alanysis at permission level, it will bring all actual risks skipping false positives.
  4. You can run only one level risk analysis in CUP and ERM and permission level covers all risks.
  If you have risk defined at Object Level and the role/user is not fulfilling all values, it should not show in permission level. In your case, if it is showing only "Transaction code check at start"  and the risk is defined at Object Level, then sure it is a bug.
  Regards,
  Sabita

• User analysis at Action level and Permission level

  Hi Gurus,
  I am totally confused by the way our CC is working while using it for User Analysis. I understand that during Risk Analysis for a user with Report Type "Action Level" will give the conflicts at the transaction level for the user and with Report Type "Permission Level" will give the conflicts at the Object level for the user. Also the permission level report includes the results of the action level report as well and hence Permission level report is more detailed & reliable.
  But now when I run the analysis report for a particular user both at Action & Permission level...the user is not getting any conflicts at Action level but it is showing conflicts at the Permission level. For another user the vice versa is happening. Could anyone help me in understanding the above 2 scenarios?
  Regards,
  Lakshmi.

  Hi
  A user to be need to have a action level conflict should have that transansaction code access only ie object s-tcode =  xyz transaction code.
  Similarly for a user to be reported in permission level conflict the user should have access to
  S_tcode = xyz transaction code Plus all other authorisation objects...Or in other words if the user is missing any authorisation object it wont be reported there...
  So just check what authorisation object level check is enabled for that transaction code in the rule architect tab.. Thereafter see whether user have access to all those authorisation object with the values specified...
  Parveen

• RAR - Risk Analysis - Permission Level - V_VBAK_AAT||AUART - Error

  I have a trouble related with risk analysis at permission level, when the V_VBAK_AAT||AUART is activated in two functions of my customized GRC rule-set (VIRSA_CC_FUNCPRM) for controlling some "document types" for tcodes VA01 and VA02. When I execute this customization in RAR, the system says "No match / No conflicts" for the risks where these functions appear, however performing some queries in the back-end systems, I have realized there are more than 80 users in conflict for some of them, given the fact that they have value '*' in object/field V_VBAK_AAT||AUART.
  At a first time I thought that most probably would be related with the fact that these functions are part of risks that combine 3 and 4 functions at the same time, with OR logical activated in document types, but when I searched for the rules generated for these risks I noticed that only 34.000 rules were generated and this no overpass the limit of 45566 rules defined at RAR. Anyway, I performed some tests reducing the number of possible combinations and, basically, whenever the following line is activated, the outcome is u201Cno conflictsu201D:
  D VIRSA_CC_FUNCPRM FN15 VA01 GRC-C21 V_VBAK_AAT||AUART ZSO ZSO OR 0 null
  If this line is disabled, then, several users with conflicts are reported. As mentioned above, these users have value '*'   for object/field V_VBAK_AAT||AUART, so I do not understand why those users are not reported when the line above is activated.
  I have done the following checks, all of them correct:
  - The user/role/profile synchro has been done and all the users has been stored in table VIRSA_CC_
  - All the lines in VIRSA_CC_FUNCPRM part of my customized rule-set have been correctly inserted in the same Oracle table
  - All the combinations of rules has been created (including VA01 and VA02 with V_VBAK_AAT||AUART)
  Any suggestions?
  Thanks in advance

  I've detected the same problem for the following authorization objects:
  - F_BKPF_BLA||BRGRU
  - V_VBRK_FKA||FKART
  - M_MSEG_BWE||WERKS
  RAR reports no conflicts (at authoriztion level) when these objects are activated (of course having users with these conflicts in back-end systems)
  This problem has been proved in the installation of different customer with SAP GRC Access Control 5.3 SP12.
  Anybody else has experienced this issue????

• How to build a Analysis report in OBIEE 11g

  Hi All,
  I have a query regarding 'How to' to build an analysis report in OBIEE 11g.
  The data model is a financial data model, where information such as Actual, Plan, Forecast, What - if etc for current AND prior year need to be displayed in a dashboard.
  I created two analysis reports one for current year Rep1 and second for prior year Rep2 each with filter criteria as current year and prior year respectively based on years column. and then in the dashboard I created prompt based on scenario column (radio button) for Actual, plan, Forecast, and wht if.
  I am able to show the current vs prior year data in the same dashboard for Actual or Plan or forecast or what if (depending on data availability in the database).
  I want to achieve the same information in a single analysis report instead of two separate analysis reports. I do not want to create separate physical report for current and prior year data.
  I need one analysis report which I can use in dashboard and depending on selection for scenario (actual , plan, forecast or wht if) I want to show the current AND prior year data the way I achieved in with two seperate reports embedded in their respective sections as explained above.
  Does any one have idea how to achive this by building single analysis report?
  If you need any more clarificaiton or have any queries, please let me know.
  Thanks and Regards
  Santosh

  As per I understand your requirement,
  In your Dashboard create a Presentation variable which receives the value of year you select.
  Now in your analysis, select the year column along with all the measures you want (Actual, plan, Forecast, and what-if, etc).
  Create a filter on Year column and convert it into SQL. Put the condition as:
  "Year" BETWEEN @{Presentaion_Variable} - 1 AND @{Presentation_Variable}
  You will get the result for selected year and the previous year.
  Hope it helps..
  Regards,
  A.K.

• How to understand STATPACKS report ?

  Hi,
  How to understand STATPACKS report ? Some documents or link ?
  Thank you.

  http://www.akadia.com/services/ora_statspack_survival_guide.html
  http://download-uk.oracle.com/docs/cd/B10501_01/server.920/a96533/statspac.htm
  http://jonathanlewis.wordpress.com/2008/02/18/analysing-statspack/
  and many..many more....!!!!
  Grrod reading...
  Sim

• TS1485 change the permission level for iTunes and iTunesHelper to allow full access. how do i do this

  How do i change the permission level for Itunes

  I have actually been using Amazon cloud for a while now and never had this problem. Actually, I think I did get locked out once and was able to get back in by contacting support and answering some questions. This option isn't available with Apple.. They lock you out for 90 days regardless of whether you can verify your ID. I know this because I contacted them recently and they verified my identity exhaustively and then said 'sorry-there's nothing we can do and you are not  getting a refund for time lost.'  I think I understand why the policy is there, but I think it's ridiculous that they make no exceptions even when the mistake is on their side, which I'm pretty sure it is in my case.

• How can I see Foreign Currency FC balance in Purchase Analysis Report??

  Dear Experts,
  Right now in the Purchase Analysis Report, I can only see Local Currency and System Currency balances. How can I see Foreign Currency balances??
  Much Thanks!
  Warmest Regards,
  Chinho

  Hi!
  I belive its not there in Purchase\Sales Analysis Reports. You need to build a Customized report for that.

• Sales Analysis Report by Items - How to chart it

  The sales analysis report by items is great for us but I notice that there is no way of getting a bar chart for example at that initial report level. Only when you drill down in to a group does it show the charts.
  Is is possible to get the Items Groups summary sales report in to a chart?

  Hi Ricky.....
  Chart waise Graphical Representation is given by SAP and it can be easily done in XCelcius.
  All you need to do is you have to create your own report and put this report in XCelcius.
  It is recently launched.....
  Regards,
  Rahul

• Ad hoc Risk Analysis report is returning incorrect Risk Level for some Risks

  We are running GRC AC 10.0 with SP 16.  After application of Support Pack 16, some of our ad hoc risk analysis reports are returning incorrect risk levels.  For example:  Risk F024 Open closed periods and inappropriately post currency or tax entries is set as High.  When the Ad hoc report is run, the risk F024 will show on a user with a level of Medium.  We have generated our ruleset and have followed the normal procedures used to implement the support pack.  Any ideas what is causing this issue?  I have exhausted my knowledge and search attempts.
  Any help is appreciated.
  Sara B.

  Hi Kevin
  Many thanks for your post, we did run a full BRA but no luck unfortunately. Some Risks still reporting as Medium when they should be Critical or High. Oddly it is reporting correctly against some risks just not for all!
  Cheers
  Hussain