Issue in User Level Simulation in GRC 10.0

Similar Messages

• Issue with Total Number of SODs at user level.

  Friends,
  Quick question -
  We are using GRC 5.3 Production on NT 20003 server. and back end systems are ECC 6.0
  1.We added the Additional Role to one of the business users in ECC 6.0
  2.We ran the FULL synch after adding this role in backend.
  Issue : The total number of SODs did not change for users, even though the SODs for this business users did increase about 300.
  Locations of Screen
  Informer Tab ->> Risk Violoations.
  Analysis Type -> Users
  Does anyone has any idea how this numbers get interpreted?
  The Total number of Violations for permission should increase, if user level SOD gets increased, as per our understanding.
  PT

  It should be in below sequence -
  1. Full or incremental sync for user/role/profile
  2. Full or incremental batch risk analysis for role/user/profile
  3. Management report
  The view you see is management report, which is based upon above jobs. FIrst jobs does high level sync like user/role/profile addition/deletion etc. Second job actually does risk analysis. Third one fills up the management view. If your batch risk analysis was run on  Aug 30 aug 10 and management report after completion of the same, the report will show the same data till you run these jobs again even there are many changes in backend authorization.
  Hope it clarifies your query.
  Regards,
  Sabita

• Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

  I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data  in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please  consider it urgent.

  Hi,
  Assign ECC connector to SAP_ECCS_LG group.
  Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
  Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
  Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help.  I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
  Regards,
  Vivek

• AC 10.1 Empty screen on User Level analysis

  Hi all,
  We have migrated our 5.3 Access Control System to 10.1 and all the post-installation steps are applied. We loaded the user and roles from our ERP System, created rules and generated them for our system. Parameter 1027 – Enable offline risk analysi is set to YES. We also ran the batch job for the risk analysis in Background (transaction GRAC_BATCH_RA). When we run the NWBC -> Access Management -> User Level for our System we get just an empty window – no error message, nothing. It doesn’t make a difference if we run it on action level, permission level with offline data or without, in foreground or background, the result is just an empty window. What might be the issue here ?
  Thanks in advance
  Bernd

  Hello Bernd,
  In GRC 10.1 there are a few new things. Can you tell which view you are running the report on? There are three in GRC 10.1; namely - Remediation view, Business View and Technical View. See screen below.
  Most problems are on Remediation View (which is selected by default when you start running the RA). For traditional risk analysis report please run on the "Technical View" and see if you get results.
  To fix the issue with the remediation view's blank screen please review following notes:
  2040204 - Remediation View does not show up while running risk analysis
  2035538 - Remediation view in Risk Analysis does not show any data
  2099999 - Remediation View screen shows blank while Risk Analysis
  Thanks
  Sammukh

• LaserJet P1505n printing slow just for user-level accounts in Win7

  I have several workstations running Win7 Pro 64-bit that have been installed as replacements for XP machines.  All of them print to one of several P1505n printers, and are using the latest drivers from HP.  Under XP there were no problems printing to these printers, but the Win7 machines have significant delays when trying to print.  The Windows test page prints instantaneously, but printing from any other application has a delay of up to a full minute before the job begins to print.  Once the job prints, it prints without issue.
  One thing that I have noticed during my testing seems to point to permissions.  If I am logged in using my admin-level account, everything prints as it should, with no delays at all.  Once I log in with a user-level account, however, the delays begin.  I found the driver files at C:\Windows\System32\spool\drivers\x64\3, but giving "everyone" full control over those files does not help.
  Is there anything else that I should be looking at?
  Thanks in advance!
  Donny

  In the end, I was able to resolve the problem by installing the Vista x64 drivers.  No playing with permissions necessary.

• Windows Server 2012 Group Policy Block USB Storage devices @ User Level Not getting applied on a Domain Client machine with Windows Server 2008 R2. Why?

  Hello,
  I have a Windows Server 2012 R2.
  I have configured the Group Policy on it to block the usage of USB - Storage Devices @ user level on the client machines. It works properly for my Windows 7 client machines but it's not working on one of the machine having Windows Server 2008 R2 installed
  on it (this machine is also a domain client in the same domain).
  I will really be thankful if anyone can suggest some solution to this issue.
  Please feel free to write back in-case I have missed anything obvious to be shared.
  Thanks!
  -Vinay Pugalia
  If a post answers your question, please click "Mark As Answer" on that post or
  "Vote as Helpful".
  Web : Inkey Solutions
  Blog : My Blog
  Email : Vinay Pugalia

  Hi,
  Any update?
  Just checking in to see if the suggestions were helpful. Please let us know if you would like further assistance.
  Best Regards,
  Andy Qi
  TechNet
  Subscriber Support
  If you are TechNet
  Subscription user and have any feedback on our support quality, please send your feedbackhere.
  Andy Qi
  TechNet Community Support

• User Level SOD Report - Batch

  Hi GRC Experts,
  Every day my company runs a User Level SOD analysis against every user in ERP or HRP.  Here is the criteria for ERP (there is a connector):
  System:  Our defined ERP connector
  Risk Level:  All
  Rule Set:  Global
  User is not DDIC
  User Type:  Dialog
  Format: Detail      Technival View
  Access Risk Analysis at the Permission Level
  Show All Object
  This job is run in Background, and the report output is downloaded from Background Jobs.
  Is there a way to schedule this job using SE38 and a variant?  We would like to start using a automated scheduling tool.
  The program run is GRFN_BP_SCHEDULER with variant &0000000001569
  I looked at the variant, and it looks for I_PLANID and I_UPDTSK.
  Is all the criteria I selected stored in a table as a PLANID?
  Thanks in advance.
  Donna Wiley

  Hello Plaban,
  Thank you for the info!  How do you set up the variant for the "Report" options?  We need two reports for "User Level".  In the Report Options section, we need one report with a Format = Detail and one with a Format = Management Summary. Both reports should be in the Format = Technical View.
  Thank you and kind regards,
  Janice

• Automount SSHFS drive in user-level systemd session

  Hello,
  I'm able to automount a network drive through SSHFS using the following .mount unit in the system-level systemd session:
  [Unit]
  Description=adama shared drive
  [Mount]
  What=[email protected]:/home/shared
  Where=/home/koral/remote/adama
  Type=fuse.sshfs
  Options=_netdev,noauto,users,idmap=user,IdentityFile=/home/koral/.ssh/id_rsa,allow_other
  [Install]
  WantedBy=default.target
  As is, the network drive is mounted at system start-up and it is read/write-able by any user logged into the local system.
  I'd like the drive to be mounted only when my $USER logs-in and read/write-able only by my $USER, so I considered moving the .mount unit to my user-level systemd session, but now the automounting fails with an unhelpful error message:
  systemd[1969]: Mounting adama shared drive...
  systemd[1969]: home-koral-remote-adama.mount mount process exited, code=exited status=1
  systemd[1969]: Failed to mount adama shared drive.
  systemd[1969]: Unit home-koral-remote-adama.mount entered failed state
  I guess there is a permission issue somehow, could you please help figuring it out ?
  Note: I'm still using systemd-204 as the user-level session is kind of broken in later versions as described here.
  Kind regards.
  Last edited by koral (2014-03-30 17:54:45)

  xtian wrote:I can mount using the manual command `$sshfs [email protected]:/ /mnt/mrwizard.local`
  According to the above your username is xtian, which it isn't in your fstab entry:
  xtian wrote:[email protected]:/ /mnt/mrwizard.local ...
  So without having looked for further errors nor knowing anything about sshfs, I would suppose to change this.
  Sometimes simple spelling errors are actually the hardest to solve. – Like I always try to '#include <some_library.c>'.

• Remove Personalization at User Level - Saved Searches

  All,
  There is a problem in the Saved Searches. We are on 11.5.10. The page immeditely throws error when a custom view is created using "Save Search" button.
  It says,
  ## Detail 0 ##
  java.lang.NullPointerException
  at oracle.apps.fnd.framework.webui.OADataBoundValueCustomization.getValue (OADataBoundValueCustomization.java:191)
  I am not able to revert this view created through save search. I tried by setting the Disable Self-Service Personal to Yes at that user level where i created the view and bounced apache. But the error still exists.
  Is there any means like by "Functional Administrator" responsibility where these views can be removed?
  Thanks,
  Padmaja

  Pl see if a similar issue reported in MOS Doc 859190.1 (Personal Worklist Returns NullPointerException When 'Disable Self - Service Personal' Is Set To Yes) can help
  HTH
  Srini

• Management report doesnt show violations at user level.

  Dear all,
  I have a problem that the management report in 5.3 SP04 doesnt show violations at user level. At role level it works fine.
  I've tried full sync and generated a new management report. The problem remains.
  No. of Users Analyzed 859
  Users with no Violations 859 100%
  Users with Violations 0 0%
  Number of Roles Analyzed 2,986
  Roles with no Violations 2,510 84%
  Roles with Violations 476 16%

  Hi Vit,
    Follow both the notes mentioned by Sahad. Check the data in virsa_cc_prmvl table. Run the following script and see if you can see any data:
  select * from virsa_cc_prmvl where genobjtp=1
  If you don't have any data then there was some issue with user analysis so you will have to run the analysis again. If there is data then run the management report again and you should see the data.
  Regards,
  Alpesh

• Restricting Authorizations to Variants at User level

  Hi SAPians,
  Can you help me to know how can I restrict variants to be displayed for particular users.?
  Example: I am creating 5 variants in EMMACL transaction and give authorizations for the users only to particular Variants as below:
  1. Variant1 --> Can be access by only users ERP-EHK, ERP-SAP & ERP-EJS
  2. Variant2 --> Can be access by only users ERP-EAS & ERP-HJG.
  3. Variant3 --> Can be access by only user ERP-EMM
  4. Variant4 --> Can be access by only users ERP-EHK & ERP-UJY
  5. Variant5 --> Can be access by only user ERP-EAS
  Let me know how I can achieve the above requirement?

  Hi,
  i have assigned it at user level then why iam i
  getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
  What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
  Thanks,
  Hussein

• How to assign profiles at user level  ?

  hello every body.....i have created 2 users say x , y
  and i have assigned them general ledger responsibilty.....
  .at site level profile Gl set of books name is vision operation..
  .now i have assigned Gl set of books profile to user x at user level
  as vision china...and to user y as vision germany.....when i login with
  different user name with gl responsibilty ......after navigating
  to----journal-->enter--->new journal----for both users iam getting the
  same currency which is at sit level...i thought for x user the currency
  will be china currency
  and for y user it will be germany curreny which i hav assigned at user level....
  please help me regarding this.......
  thanks and regars
  imran

  Hi,
  i have assigned it at user level then why iam i
  getting the currency code of site level ?Did you user to logout and login again after setting the profile option at the user level?
  What if you set this profile option at the site/application/responsibility level, can you reproduce the issue then?
  Thanks,
  Hussein

• Controlling Task expiry at User Level programatically

  Hi to all BPEL Guru's. Need some expert advice.
  I am using Oracle SOA Suite 10.1.3.4 on weblogic server 9.2
  The requirement given to me says that,
  - Number of approvers for a task may vary on case to case bases, and needs to be pushed in the workflow as a set of parameters.
  - Every user may have a different SLA to act on a given task.
  To satisfy the first requirement my first approach was to use Sequential Approver Participant Type and push a comma seperated approver list to the workflow. But the issue with this approach is, associating a different expiry date to every user would be a big deal. And even if I find a way to get the associated expiry date, I would not be able to set it on user level, as the 'By Expression' is supported only at Global Expiration and Escalation Policy level and not at the Participant type level. Does anything click in your mind as a workaround to this? Appreciate your help. One workaround I can think about is to get handle of 'OnUpdated' callback and change the Global Expiration and Escalation policy everyime the task is updated.
  The second approach was to have a defined set of 'Single Approver' participant types (i.e. Multiple Single Approvers)under 'Assignment and Routing Policy'. Here the dynamicity of number of approvers is lost. So I will have to design multiple workflows with a selected set of approvers. The workflow submitter can select the appropriate workflow and submit it. In this approach I can atleast associate an expiry date with a user in the incoming payload and assign to the single approver.
  Not sure how to get out of it.
  Any help is highly appreciated.
  Many Thanks,
  Vikas

  Check Note: 364503.1 - How to Set a System Profile Value Without Logging in to the Applications
  https://metalink.oracle.com/metalink/plsql/ml2_documents.showDocument?p_database_id=NOT&p_id=364503.1

• CC: Risk Resolution at user level.

  HI All,
  In CC 5.2 with latest patch level, I am facing an issue in Risk Resolution. When I do the Risk analysis at user level for a particular user and then do a detail Report and then try to do the risk resolution; there are standard three options:
  1. Mitigate.
  2. Remove Access.
  3. Delimit Access.
  from the user. Out of these three, the first one is working fine, but second and third are greyed out and I can not proceed with option 2&3. Have any one of you come accross such a situation or have any clues about the same. Also, my user has Admin rights to all the actions in the Admin role provided to me.
  Thanks a lot in advance.
  Have a nice day!!
  Regards,
  Hersh

  Hello Hersh,
  This functionality is not available in 5.2.
  Regards,
  Jagat
  Edited by: Jagat Bir Singh on Jul 31, 2008 3:16 PM
  Edited by: Jagat Bir Singh on Jul 31, 2008 3:17 PM
  Edited by: Jagat Bir Singh on Aug 1, 2008 6:52 AM

• HR: Security Profile at User Level

  Hi
  As HR: Security Profile is not enabled for user level, but sometime we need it for some users. Workaround is set up a different responsibility for the same.
  Also We can go to Application Developer Responsibility and set enable user level for HR: Security Profile option. Is it Ok to do it or this may break the system at some point.
  Suggestions Please.

  Gaurav,
  I am not an expert in this area, but I do not think enabling the profile at the user level will cause any issues. In our site, what we have done is to create a security profile specific to that user and assigned it in the HR module (not sure of the specifics, but I can find out if you are interested) - we did not enable the profile option at the user level as you are wanting to do. SR can provide you with another opinion :-)
  HTH
  Srini