Improving CAPTURE rule set performance

Similar Messages

• I have messages in mail that are color-coded as if by a rule, but I have no rules set. How can I correct this?

  The only rule that I ever had in Mail was the default one that color coded messages from Apple blue. I notice that some messages are color-coded brown and I have no rules set at al (hence no rule to turn off.)  Some of the messages are related to viewing online magazine, but not all.  How can I stop this?

  Hi. Thanks for your message.
  Well, I understand what you are trying to say but I thought it was easier to categorize in Apple Mail.
  On Entourage I just click twice on a sender address, record it on Address book and give it a colour that I previously defined as "Work", "Personal", "Customers", "Suppliers", "Friends" or whatever.
  As Apple Mail don't have Address Book as part of it but an outside feature it's very annoying. Of course I am used to use a software and I don't expect now Apple Mail do everything as Entourage but... as someone said it seems Apple Mail stopped in time. The recent version seems the first one ever issued. I hate the way Mail.app handles attachments by placing big chunky previews right in my email. I prefer them to be named attachments listed somewhere else, out of the content of my email. I don't if I can change this via terminal commands? Can you tell me if that is possible?
  I don't understand why Apple Mail have lots of plugins instead of a great improvment from the backstage.
  I use Apple computers since ever and I love this machines but sometimes I don't understand this lake of improvments.
  Take a look at this link:
  http://scottworldblog.wordpress.com/2009/10/12/microsoft-entourage-vs-apple-mail /
  Of course I don't agree 100% with him but some things are true...

• Do you trust the SAP standard rule set ?

  Hello all,
  I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
  As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
  1. what is your SAP release  ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
  2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
  Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point. 
  So, the best practice is :
  a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
  b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
  You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
  Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
  Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
  Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu.  But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
  Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA.  The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA.  That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional  auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
  Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
  Success !
  Sam

  Sam and everyone,
  Sam brings up some good points on the delivered ruleset.  Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point.  This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks.  I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
  I'll try to address each area that Sam brings up:
  1.  Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific.  We therefore provide rules with the lowest common denominator when it comes to auth object settings.
  The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
  The underlying assumption is that we want to ensure the rules do not have any false negatives.  This means that we purposely activate the fewest auth objects required in order to execute the transaction.
  If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
  Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
  2.  For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone.  This is why we deliver only the core auth objects in our rules and not all.  A example is ME21N. 
  If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain.  However, in the rules we only enable one of the object, M_BEST_BSA.  This is to prevent false negatives.
  3.  Sam is absolutely right that the delivered auth object settings for FB01 have a mistake.  The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK.  This was a manual error on my part.  I've added this to a listing to correct in future versions of the rules.
  4.  Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed.  See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
  1083611 Compliance Calibrator Rule Update Q3 2007
  1061380 Compliance Calibrator Rule Update Q2 2006
  1035070 Compliance Calibrator Rule Update Q1 2007
  1173980 Risk Analysis and Remediation Rule Update Q2 2008
  5.  SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved.  See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008.  A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
  6.  Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
  https://www.sdn.sap.com/irj/sdn/bpx-grc                                                                               
  Under Key Topics - Access Control; choose document below:
      o  GRC Access Control - Access Risk Management Guide   (PDF 268 KB) 
  The access risk management guide helps you set up and implement risk    
  identification and remediation with GRC Access Control.

• Best practice for the Update of SAP GRC CC Rule Set

  Hi GRC experts,
  We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
  Which is a best practice for accomplish our goal?
  Many thanks in advance. Best regards,
    Imanol

  Hi Simon and Amir
  My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
  I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
  Connie

• GRC 10.0 : Maximum number of Rule Sets

  Hi Experts,
  What is the maximum number of rule sets we can define in GRC 10.0?
  What could be the impact on performance if we defined a dozen of different rule sets?
  Best Regards,
  Nicolas

  Hi,
  In theory, you can have as many rulesets as you wish in the GRC 10 world. However, you rightly point out that there will be a substantial performance impact.
  The number of rulesets is not really the key element here but the number of risks and rules defined within them will be.
  If you know that you wish to manage a significant number of separate rulesets, be sure to spec them out accordingly and make use of the connector groups to rationalise the content as far as possible (e.g. group similar elements like Basis or systems together). You will also need to size the GRC system appropriately with a basis SME so that you can review the system performance appropriately.
  Simon

• How to migrate Master Data (Rule set etc.) from GRC 5.3 to 10.1 without using the "Migration Tool"

  Greetings,
  We are currently on GRC 5.3 SP 18 (Java ONLY) and migrating to GRC 10.1. I referred the Migration Guide which outlines that GRC 5.3 needs to be upgraded to SP 20 as pre-requisite for using the "Migration Tool" . Our BASIS team is reluctant to perform this upgrade from SP 18 to SP 20.
  Having said thus, I'm exploring options of migrating data from 5.3 to 10.1 without using the "Migration Tool:.
  Rule set Migration:
  I'm in the process of preparing the 9 different files (listed below) and later utilize the "Upload Rule" option for migrating the Rule set data from 5.3 to 10.1.
  While I'm able to gather data for most of the files I'm not sure how can I obtain the data pertaining to the two files (Function Actions and Function Permissions) underlined and highlighted in Red below.
  1. Business Process
  2. Function
  3. Function Business Process
  4. Function Actions
  5 .Function Permissions
  6. Rule Set
  7. Risk
  8. Risk Description
  9. Risk Rule Set Relationship
  10. Risk Owner Relationship
  Can someone please enlighten me and share their experience with regards to this exercise. Really appreciate your help !
  - Janantik.

  I have done this successfully before.  Because you are having issues, I would NOT recommend using the migration tool to move the ruleset.  Instead:
  1. Download the ruleset files from 5.3
  2. The 5.3 tcode-permission file, which defines which tcode permissions from SU24 need to be checked during risk analysis, needs to be split into the two files you mention above in red.
  FUNCTION_ACTION : this file represents S_TCODE objects and TCD fields mapped to each function (Function to Tcode relationship).  In the 5.3 file, you will filter on object S_TCODE and field TCD, and you will get a complete list that now represents "FUNCTION_ACTION".  BUT instead of having all the jumbled permission info, you will just have 3 columns: Function - Tcode - Status.
  3. The remaining permissions that are left over, after taking out the S_TCODE -TCD items, represent the "FUNCTION_PERMISSION" file in GRC 10.
  4. Manually create the excel spreadsheets for each file.
  5. Copy and past each sheet to a unique .txt file.
  6. Upload the ruleset manually through SPRO-->GRC-->Access Control-->Access Risk Analysis-->SoD Rules-->Upload SoD Rules.
  7. Select each file and then upload to the correct Logical Group.
  This is a huge pain, but it works.  Let me know how this goes and if you need any assistance.
  -Ken

• CC / RAR 5.2 - Multiple Rule Set Question

  How does the system handle the use of multiple rule sets in CC / RAR 5.2?
  For example, letu2019s say I want to keep a standard SAP rule set in tact to use for testing and comparison in RAR, but I also want to load another one.
  I realize that only 1 can be the u201CDEFAULTu201D so what does that mean?  I know that a risk analysis is only run against the rule set you set as default.  I also know that you can select the rule set to use in processing when you manually run either through Informer or Configuration tab a risk analysis.  What I am really concerned with is what happens if you take the results to u201Cmanagement reportsu201D from 2 different rule sets?
  First, can you even do it?
  Second, if you can, then I think you must have to come up with a different RISKID configuration schema for each rule set otherwise, I do not see how you can differentiate from which rule set the violation is generated.  That said, you will also need to export the report information into Excel and make any u201Crule set sortu201D there as I donu2019t see a way to do it directly in RARu2026.maybe a future improvement?
  Can anyone confirm the impact of multiple rule sets and how you manage them?
  Regards,
  Greg

  Greg,
  You can maintain the different severity levels for different Rule Sets. For example, in one Rule Set you can keep the "Critical" Risks and in other you can keep "High", "Medium" & "Low". Run your analysis against first Rule Set if you want to know the "Critical" Risks and second Rule set you can use for rest of the severity levels. I hope this way you can manage your multiple Rule Sets in RAR.
  Thanks,
  Tavi
  SAP Security & GRC Consultant.

• Why canu0092t I enable capture of statistics performance data?

  Hi,
  Following some documents suggested here, I tried to enable capture of statistics performance data.
  This is what I did:
  rsa1,
  Tools (from menu)
  Settings for BI statistics
  Then I selected the Infoprovider tab; Under the “statistics” column, it looked like:
  Default Value    X
  Cube1               D
  Cube2               D
  Cube3               D
  I tried to change the “D”s to X, and the options were:
  X   – On
  D   – Default
       -- Off
  But when I switched to X, the "check mark" to save from X to D remains gray and I am unable to turn on the statistics for the cubes Cube1, Cube2, Cube3, etc.
  What could be the reason why I can’t seem to turn on the statistics on our BI7 development and quality environment?
  Thanks

  Hi,
  Refer.
  How to Set up BW Statistics
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/5401ab90-0201-0010-b394-99ffdb15235b
  Activating Data Transfers for BW Statistics 
  http://help.sap.com/saphelp_nw04s/helpdata/en/e5/2d1e3bd129be04e10000000a114084/frameset.htm
  Installing BW Statistics
  http://help.sap.com/saphelp_nw04/helpdata/en/8c/131e3b9f10b904e10000000a114084/frameset.htm
  Monitoring BI Statistics
  http://help.sap.com/saphelp_nw70/helpdata/en/46/f9bd5b0d40537de10000000a1553f6/frameset.htm
  Hope this helps.
  Thanks,
  JituK

• Improving redo log writer performance

  I have a database on RAC (2 nodes)
  Oracle 10g
  Linux 3
  2 servers PowerEdge 2850
  I'm tuning my database with "spotilght". I have alredy this alert
  "The Average Redo Write Time alarm is activated when the time taken to write redo log entries exceeds a threshold. "
  The serveres are not in RAID5.
  How can I improve redo log writer performance?
  Unlike most other Oracle write I/Os, Oracle sessions must wait for redo log writes to complete before they can continue processing.
  Therefore, redo log devices should be placed on fast devices.
  Most modern disks should be able to process a redo log write in less than 20 milliseconds, and often much lower.
  To reduce redo write time see Improving redo log writer performance.
  See Also:
  Tuning Contention - Redo Log Files
  Tuning Disk I/O - Archive Writer

  Some comments on the section that was pulled from Wikipedia. There is some confusion in the market as their are different types of solid state disks with different pros and cons. The first major point is that the quote pulled from Wikipedia addresses issues with Flash hard disk drives. Flash disks are one type of solid state disk that would be a bad solution for redo acceleration (as I will attempt to describe below) they could be useful for accelerating read intensive applications. The type of solid state disk used for redo logs use DDR RAM as the storage media. You may decide to discount my advice because I work with one of these SSD manufacturers but I think if you do enough research you will see the point. There are many articles and many more customers who have used SSD to accelerate Oracle.
  > Assuming that you are not CPU constrained,
  moving the online redo to
  high-speed solid-state disk can make a hugedifference.
  Do you honestly think this is practical and usable
  advice Don? There is HUGE price difference between
  SSD and and normal hard disks. Never mind the
  following disadvantages. Quoting
  (http://en.wikipedia.org/wiki/Solid_state_disk):[
  i]
  # Price - As of early 2007, flash memory prices are
  still considerably higher  
  per gigabyte than those of comparable conventional
  hard drives - around $10
  per GB compared to about $0.25 for mechanical
  drives.Comment: Prices for DDR RAM base systems are actually higher than this with a typical list price around $1000 per GB. Your concern, however, is not price per capacity but price for performance. How many spindles will you have to spread your redo log across to get the performance that you need? How much impact are the redo logs having on your RAID cache effectiveness? Our system is obviously geared to the enterprise where Oracle is supporting mission critical databases where a hugh return can be made on accelerating Oracle.
  Capacity - The capacity of SSDs tends to be
  significantly smaller than the
  capacity of HDDs.Comment: This statement is true. Per hard disk drive versus per individual solid state disk system you can typically get higher density of storage with a hard disk drive. However, if your goal is redo log acceleration, storage capacity is not your bottleneck. Write performance, however, can be. Keep in mind, just as with any storage media you can deploy an array of solid state disks that provide terabytes of capacity (with either DDR or flash).
  Lower recoverability - After mechanical failure the
  data is completely lost as
  the cell is destroyed, while if normal HDD suffers
  mechanical failure the data
  is often recoverable using expert help.Comment: If you lose a hard drive for your redo log, the last thing you are likely to do is to have a disk restoration company partially restore your data. You ought to be getting data from your mirror or RAID to rebuild the failed disk. Similarly, with solid state disks (flash or DDR) we recommend host based mirroring to provide enterprise levels of reliability. In our experience, a DDR based solid state disk has a failure rate equal to the odds of losing two hard disk drives in a RAID set.
  Vulnerability against certain types of effects,
  including abrupt power loss
  (especially DRAM based SSDs), magnetic fields and
  electric/static charges
  compared to normal HDDs (which store the data inside
  a Faraday cage).Comment: This statement is all FUD. For example, our DDR RAM based systems have redundant power supplies, N+1 redundant batteries, four RAID protected "hard disk drives" for data backup. The memory is ECC protected and Chipkill protected.
  Slower than conventional disks on sequential I/OComment: Most Flash drives, will be slower on sequential I/O than a hard disk drive (to really understand this you should know there are different kinds of flash memory that also impact flash performance.) DDR RAM based systems, however, offer enormous performance benefits versus hard disk or flash based systems for sequential or random writes. DDR RAM systems can handle over 400,000 random write I/O's per second (the number is slightly higher for sequential access). We would be happy to share with you some Oracle ORION benchmark data to make the point. For redo logs on a heavily transactional system, the latency of the redo log storage can be the ultimate limit on the database.
  Limited write cycles. Typical Flash storage will
  typically wear out after
  100,000-300,000 write cycles, while high endurance
  Flash storage is often
  marketed with endurance of 1-5 million write cycles
  (many log files, file
  allocation tables, and other commonly used parts of
  the file system exceed
  this over the lifetime of a computer). Special file
  systems or firmware
  designs can mitigate this problem by spreading
  writes over the entire device,
  rather than rewriting files in place.
  Comment: This statement is mostly accurate but refers only to flash drives. DDR RAM based systems, such as those Don's books refer to, do not have this limitation.
  >
  Looking at many of your postings to Oracle Forums
  thus far Don, it seems to me that you are less
  interested in providing actual practical help, and
  more interested in self-promotion - of your company
  and the Oracle books produced by it.
  .. and that is not a very nice approach when people
  post real problems wanting real world practical
  advice and suggestions.Comment: Contact us and we will see if we can prove to you that Don, and any number of other reputable Oracle consultants, recommend using DDR based solid state disk to solve redo log performance issues. In fact, if it looks like your system can see a serious performance increase, we would be happy to put you on our evaluation program to try it out so that you can do it at no cost from us.

• Multiple rule sets - impacts in GRC modules

  Hi,
  We are currently running CC 5.2 on our European perimeter.  We would like to extend in the near future to our US perimeter.  For that, we have to take into consideration a complete new set of rules.
  I presume there will be no issue to handle multiple sets of rules in CC but I was wondering what could be the potential impacts/problems for the other GRC modules?
  i.e.: in Role Expert, for the US roles we would like to avoid getting potential risks from European rule sets,...
  Has anybody some attention points or good practice to share on that ?  It would be a great help for us.
  Thanks & Regards

  Different installation of GRC Solutions for different regions is certainly not recommended and not even required.  It is important to design your cross system landscape efficiently considering different regions in mind and create different rule sets for different regions. In a cross system landscape you can have multiple systems from different regions with entirely a different set of modules and data. Obviously the risk will be different, for that purpose you have to create different rule sets for sure.
  Now when you are performing risk analysis for a particular region you have to select the considered system/connector and a rule set respectively so that you get the risks on targeted system only.
  Bill-
  as you asked, if there are chances of potential impacts/problems for the other GRC modules or not,
  The answer is, There will be no impact at all because you are considering them as separate entities within a landscape. It is the beauty of GRC Access Controls to have multiple system connectors, logical systems and cross system landscape that provides almost every feature to cover all regional perimeters.
  Regards,
  Amol Bharti

• Mass RAR Rule Set Changes

  My integrator is telling me that there is no way to complete a mass update to the authorizations/restrictions in our RAR rule set (AC 5.3.)  That is, at the recommendation of our external auditor, we added additional transactions to existing rules but failed to activate the company code restrictions to ignore display only access and therefore, I am receiving a significant number of SODs which are false positives. 
  I find it hard to believe that there is no easy way to activate the company code authorization objects (and others) for the additional transactions in the rule set.  The integrator is telling me that this has to be done one by one.  Please tell me that there is an easier way.
  Apologies if this is a repeat; if this topic is out there, could someone point me in the right direction?Thank you in advance!
  Thank you in advance!

  Is there any easy way?  Depends on what you think is easy  
  For mass updates to function I will typically use the:  Configuration -> Rule Upload  feature.  To perform an update to an authorization object, you would use the 'Function Authorization' selection.
  To upload the function you'd want to use the file formats from the 9 upload files SAP provides for the ruleset.  If I recall correctly, function uploads will overwrite the existing function so it is important that your upload file contains all existing function data + the additional auth objects you want to activiate. 
  As with any text file manipulation and download/upload or export/import features into GRC you want to be particulary careful with formatting and attention to detail.  Probably a good idea to take a backup of the rules if this is your first time working with the ruleset files.

• Same rule set for two apply processes

  Hi!
  Can anyone tell me whether it is possible to use the same rule set and all rules in it for two apply processes? It would be easy for me to use such configuration, because sometimes I create LCRs myself, sometimes Oracle captures them. They're exactly the same.
  And second question - I tried the above configuration, but the apply process for user created LCRs aborts when it sees first message. Error is: "ORA-00600: internal error code, arguments: [knlcfpactx:any_knlso], [], [], [], [], [], [], []". Oracle MetaLink and Google know nothing about this error. I also don't know if it's somehow connected with these rule sets or is it a problem within my procedure which creates LCRs.
  Greetings

  I'm answering myself. Yes, it is possible, to use the same rule set for different processes. It is said in the documentation. It is also possible to use one rule in several rule sets according to documentation.
  And it seems that it has nothing to do with my ORA-00600 error.

• Change History When Importing DEV Rule Set to PRD

  Does anyone know what effect importing the DEV rule set in PRD has on the change history in CC5.x?  In other words, if one imports the DEV rule set into PRD, will the change history capture any changes that were made to the risks and functions during the import process?
  Thanks!

  Importing the Rules to a new environment is like creating them anew from scratch. Any new function/risk creation does not appear in the Change history at all. 'Change' only refers to modification done to the original entries.
  Cheers!!

• FBL5N - in Rule set - It is a Display customer line items

  Dear All,
  We observed that FBL5N - Display customer line items in Standard SoD rule set under function AR07  addressing a risk of S022.
  Unless there are t-codes of FD03 or FB02 this t-code does not allow to change the payment terms of the customer.
  We are having a challenge from the client that FBL5N is a display t-code and why it is there in rule set.
  Has anybody came across this scenario? If yes, what is the underlying risk for this FBL5N independently.
  Is there any SAP Note for this t-code like ME23N from SAP.
  Thanks and Best Regards,
  Srihari.K

  Hi Christian,
  We checked the authorization objects as well enabled in GRC rule set as below:
  F_BKPF_BUK - Docume t Authorization document for company codes - 01 or 02 - Enable.
  Inspite of this access, FBL5N cannot be used to change the document for payment terms and assignments without FB02 t-code
  assignment in the role.
  Independently FBL5N cannot be used for any change or create activity except Display customer line items.
  Please advise
  Thanks and Best Regards,
  Srihari.K

• Important!! Improve the life and performance of the battery.

  Reduce the operating temperature and increase battery life
  The battery in your notebook PC is designed to provide the necessary amount of energy for the processor while maintaining HP high safety standards. As a result, the battery may not charge or may stop providing power to the notebook when the battery temperature exceeds the specified, design safety level.
  If the battery life appears shorter than normal, the battery stops charging before it is 99%-100% full and the battery appears warmer than usual, the battery has most likely reached its designed "no charge" safety state. The battery will no longer charge until the temperature condition is corrected.
  Try one of the following methods to correct the battery temperature:
  When charging the battery, do not use applications that require large amounts of system resources such as graphic or memory intensive applications, heavy and extended hard drive usage.
  Turn off your notebook and remove the battery to allow it to return to a safe operating temperature.
  Make sure the notebook PC is operating on a hard surface. Using the Notebook PC on a bed or sofa may block the vents causing the notebook PC to heat up and shut down.
  By taking these steps, the battery will return to its normal operating temperature range and continue to charge and discharge as designed.
  Calibrating the battery while PC not in use
  Recalibrating the battery requires a cycle of a complete charge and a complete discharge. To recalibrate the battery while using the PC is not is use complete the following steps.
  The recalibration may take 1-5 hours depending on the age of the battery and the configuration of the notebook PC you own. The PC should not be used while you perform the following steps. Completing all the following steps will also calibrate the battery so that the power meter readings are accurate.
  Shut down the notebook PC
  Connect the AC Adapter to the notebook PC and to an electrical socket.
  Charge the Notebook PC until the Battery Charge light is Green. This indicates the battery is completely charged.
  Press and release the Power Button to start the computer.
  Press the F8 key several times when the HP Logo displays.
  When the Windows Advanced Startup Menu displays, select the Startup in Safe Mode option.
  Remove the AC power adapter from the notebook PC.
  Allow the battery to discharge completely until the notebook PC turns off.
  The battery is now calibrated and the battery level reading on the power meter is now accurate.
  If you are not using the notebook regularly then please unplug the AC adapter and shut down the notebook. By following these practices will improve the life and performance of the battery. Here is a quick list of Do's and Don'ts for the care of your Li-On batteries:
  Do's
  When you receive a new Notebook or Tablet PC, leave the battery to fully charge overnight.
  Condition a new battery by using it until it is fully discharged, and then re-charge it fully. Doing this once a month will help to accurately calibrate your battery.
  Always ensure the battery is recharged as soon as possible after it becomes fully discharged. A battery will be permanently damaged if left for an extended length of time in a fully discharged state.
  Remember that a Lithium-Ion battery will slowly deteriorate; a new battery will always perform better than one that is 6-months old.
  Remember that the battery half-life is rated for a certain total number of charge/discharge cycles (see your User Manual or Quick Start Guide for the rating). For example, a battery that is rated for 3 hours and 500 charge/discharge cycles, will still be considered as within specification, even if it only lasts for 1 hour 45 minutes after 500 charge/discharge cycles.
  Heat is the worst enemy of a battery. Allow plenty of air to circulate around the Notebook/Tablet PC, so that the battery is kept as cool as possible when charging and also when in use. If provided, use the integrated 'legs' under the Notebook to raise the notebook and improve air circulation.
  Remove the battery if storing for several months (the battery should be at approximately 50% charge or higher).
  If you use a NoteBus or if charging your Notebooks or Tablet PCs in a confined space, allow for adequate ventilation in order to keep the batteries as cool as possible.
  Don'ts
  Do Not - Expose the battery to excessive heat or cold (i.e. outside the range of 10-35 degrees Centigrade ambient).
  Do Not - Store the battery in a fully charged state (store batteries with about 50% charge).
  Do Not - Allow a nearly flat battery to be unused for more than a month or so. The battery will slowly discharge until it becomes fully discharged and this will permanently damage the battery cells.
  Do Not - Charge your Notebook/Tablet PC inside a carry case - the battery may overheat.
  Do Not - Charge your Notebook/Tablet PC when stacked on top of each other - the battery may overheat.
  Remember: Your battery is slowly degrading all the time, even if it is not used. Keeping your battery as cool as possible will slow down this degradation considerably.
  For more information please visit the following links:
  How to Improve the Performance of the Battery
  http://h10025.www1.hp.com/ewfrf/wc/document?docname=c01297640&cc=us&lc=en&dlc=en
  10 Tips to make your Laptop Battery last longer
  http://labnol.blogspot.com/2006/03/10-tips-to-make-your-laptop-battery.html
  Disclaimer: By clicking on the link above, you will be leaving HP.com to visit a web site that is not maintained by HP and where the HP privacy policy does not apply. This link is provided to you for convenience and does not serve as an endorsement by HP of any information or contacts that you may find on this non-HP site.
  ||-Although I am working on behalf of HP, I am speaking for myself and not for HP.-||
  //Click on Kudos if my reply was helpful and answered your question//
  ||-If my answer solved the problem please mark the topic as the accepted solution-||

  I hope the above article will help you guys..
  ||-Although I am working on behalf of HP, I am speaking for myself and not for HP.-||
  //Click on Kudos if my reply was helpful and answered your question//
  ||-If my answer solved the problem please mark the topic as the accepted solution-||