Mass role risk analysis issue

Hello GRC Community,
I have a following issue:
When I use mass risk analysis the deactivated authorization objects in the role are displayed as result. At the same time, when I use Role Level Risk Analysis the role with deactivated critical authorization objects doesnt appear.
Does anybody know how to solve this issue? Is there any configuration parameter to be adjusted?
thanks
best regards
Sabrina

Prasant,
here are the screenshots of the Job result:
1. Mass role Risk Analysis
2. Risk Analysis on the (Single) Role Level
Im Backend you can see that the role contains lots of deactivated autorization objects.
I have run all sync Jobs, but seemingly it doesnt help.
Thanks,
Sabrina

Similar Messages

  • RAR: Error message while running role risk analysis.

    Hi All,
             We are implementing RAR 5.3. When running permission level risk analysis we get the following error message:
    "Error while executing the Job:Cannot assign a blank-padded string to host variable 1.u201D
    This happens only at permission level for just one single role and for all the composite roles that contain this one.
    The rules were generated without any issue and we cannot find anything unusual on that particular single role.
    Any ideas of what could be the cause of this error?

    Hi Iliya:
              Please find below the job log with the detailed error description:
    Mon Dec 15 10:06:37 GMT-02:00 2008 : -----------------------Scheduling Job =>233---------------------------------------------------------------
    Mon Dec 15 10:06:37 GMT-02:00 2008 : --- Starting Job ID:233 (RISK_ANALYSIS_ADHOC) - mm:user10
    Mon Dec 15 10:06:37 GMT-02:00 2008 : ----------- Background Job History: job id=233, status=1, message=mm:user10 started
    Mon Dec 15 10:06:37 GMT-02:00 2008 :  Job ID:233 : Exec Risk Analysis
    Mon Dec 15 10:06:37 GMT-02:00 2008 : Start Analysis Engine->Risk Analysis .....  memory usage: free=1571M, total=1962M
    Mon Dec 15 10:06:38 GMT-02:00 2008 : Rule Loader Syskey => *
    Mon Dec 15 10:06:38 GMT-02:00 2008 : No of Systems=1
    Mon Dec 15 10:06:51 GMT-02:00 2008 : Action rules cache loaded: memory used in cache=56M, free=1512M, total=1962M
    Mon Dec 15 10:06:51 GMT-02:00 2008 :  Job ID:233 : Rules loaded,  elapsed time: 13694 ms
    Mon Dec 15 10:06:57 GMT-02:00 2008 :  Job ID:233 :
    Mon Dec 15 10:06:57 GMT-02:00 2008 :  Job ID:233 : Analysis starts: MM:USER10
    Mon Dec 15 10:07:16 GMT-02:00 2008 : Auth Map cache reloaded successfully
    Mon Dec 15 10:07:32 GMT-02:00 2008 : Cannot assign a blank-padded string to host variable 1.com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
    com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
    com.sap.sql.types.VarcharResultColumn.setString(VarcharResultColumn.java:66)
    com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:511)
    com.sap.engine.services.dbpool.wrappers.PreparedStatementWrapper.setString(PreparedStatementWrapper.java:355)
    com.virsa.cc.xsys.util.ObjTextReader.lookupByKey(ObjTextReader.java:353)
    com.virsa.cc.xsys.util.ObjTextReader.getFieldValueDesc(ObjTextReader.java:261)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.insertPermReportLines(AnalysisEngine.java:2286)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.outputPermissionViolation(AnalysisEngine.java:1858)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1182)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:243)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:207)
    com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:305)
    com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:183)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:154)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
    com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:434)
    com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1223)
    com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
    com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
    com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:480)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
    com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
    com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
    com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
    com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
    com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
    com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
    com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
    com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
    com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
    com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
    com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
    java.security.AccessController.doPrivileged(Native Method)
    com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
    com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Mon Dec 15 10:07:32 GMT-02:00 2008 : Cannot assign a blank-padded string to host variable 1.com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:309)
    com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:183)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:154)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
    com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:434)
    com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1223)
    com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
    com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
    com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:480)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
    com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
    com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
    com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
    com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
    com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
    com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
    com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
    com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
    com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
    com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
    com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
    java.security.AccessController.doPrivileged(Native Method)
    com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
    com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Mon Dec 15 10:07:32 GMT-02:00 2008 : Job ID: 233 Status: Error
    Mon Dec 15 10:07:32 GMT-02:00 2008 : ----------- Background Job History: job id=233, status=2, message=Error while executing the Job:Cannot assign a blank-padded string to host variable 1.
    Mon Dec 15 10:07:32 GMT-02:00 2008 : -----------------------Complted Job =>233---------------------------------------------------------------
    Regards.
    Leandro.

  • SAP GRC AC 5.3 CUP Risk Analysis issue

    Hi all,
    I have assigned a new SoD Role to a user, who has been given previously other SoD Roles that were authorized to assingn, then I launched the Risk Analysis and it shows the risk between the previously SoD Roles, but I want to see the new posible risks between the new SoD Role and the others.
    Is there any parameter into CUP to set up that controls the issue ? How must I do?
    Thanks in advance.
    Regards.

    Hi Chinmaya,
    Firstly, thanks for your help and support.
    According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
    Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that  risks showed  as mitigated?
    Thanks, regards.

  • Business Roles - Risk analysis

    Hi All,
    We are on GRC SP13.
    We are using business roles for provisioning to end users.
    When role owner is performing risk analysis for business roles, results are proper according to defined ruleset only if "SYSTEM" field is empty.
    If system is selected, then results shows that "NO VIOLATIONS".
    Is this the standard behaviour for risk analysis of business roles or Am i missing anything?
    Looking for your advise on this.
    Regards,
    Sai.

    Hi Jaya,
    Yes I remember this is possible. You can setup a customize attribute in GRC privileges. And put the business role name into this attribute.
    Try this URL, but perhaps your GRC consultant should read it instead of you.
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/d0e2c628-2690-2e10-0d82-dbf1931db2cd?QuickLink=index&overridelayout=true&51565377381172
    After creating the attribute, you need to revise the GRC framework to include this attribute (business role name) in your request.
    I don't have a working IDM system (with GRC integration) with me. I could not provide you more details.
    Cheers,
    Chenyang Xiong

  • RAR Risk Analysis Issue in Background Mode - "Failed to Display Result"

    Hi,
    I have strange problem in RAR.
    When I run risk analysis for 20 users in background mode, the job got successful but the spool file is empty. But at the bottom of page there is a message:  "Failed to Display Result".
    The Job log is showing the following message couple of times:
    WARNING: ./virsa/bgJobSpool/19.i (No such file or directory)
    java.io.FileNotFoundException: ./virsa/bgJobSpool/19.i (No such file or directory)
         at java.io.FileInputStream.open(Native Method)
         at java.io.FileInputStream.<init>(FileInputStream.java:129)
         at java.io.FileInputStream.<init>(FileInputStream.java:89)
         at java.io.FileReader.<init>(FileReader.java:62)
    But When I try to run for few users (like 6 memebrs where selection criteria is AUDIT*) in same way, the spool details got displayed this time. But the log is showing strange error messages this time:
    Nov 15, 2010 3:53:53 PM com.virsa.cc.common.util.ExceptionUtil logError
    SEVERE: null
    java.lang.NullPointerException
         at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForUserInputElement.wdGetObject(IPublicBackendAccessInterface.java)
         at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
    Nov 15, 2010 3:53:55 PM com.virsa.cc.dataextractor.bo.DataExtractorSAP getObjPermissions
    FINEST: getObjPermissions: elapsed time=1436ms
    Nov 15, 2010 3:53:55 PM com.virsa.cc.common.message.util.MessagingHelper getMessage
    INFO:
    ********msg: 'com.virsa.cc.common.message.dao.dto.MessageDTO@34d834d8'
    Any ideas please?

    Hi Alpesh,
    You are correct. The issue is due to multi node environment.
    But when I tried to define a custom spool folder path: usr/sap/<SID>/<Instance No>/log/virsa/bgJobSpool (in RAR - Miscellaneous - spool files location for background jobs) & run the risk analysis report in background mode, still RAR is saving the spool files in default location only.
    Can you suggest me if I am wrongly defining the location of folder?
    Should we define the complete location of the folder i.e starting with drive letter or path starting with user/* is sufficient?
    Regards,
    Dasarad

  • GRC AC 10.0 Mass risk analysis vs. Role level analysis

    Hello GRC experts,
    I urgently need your advice on the issue  with deactivated permission objects which are identified as risks in the mass role analysis.
    For example, in one role we have deactivated the permission object: S_ARCHIVE, and there are No activities maintained.
    But in the mass role risk analysis  and in the CUP request this object S_ARCHIVE with the ACTVT 01 is displayed as risk. As you can see in the screenshot, there are no activites maintained at all. We have created the MSMP workflow where all CUP requests with risks should go the the Security Stage. Now we have the situation that even though our roles are clean, they are forwared to the Security stage. It is a huge problem, because our security stage has no even more to to, than before using GRC! Because the dectivated objects are identified as risks.
    Please advise me, how to solve the problem. Did I missed some config parameters or is it a well known problem?
    We are on SP14, AC 10.0.
    At the single role level there are no risks displayed.
    Thanks in advance,
    regards
    Sabrina

    Hi Sabrina,
    check note
    http://service.sap.com/sap/support/notes/2036645
    Please let me know if it works.
    Regards,
    Alessandro

  • Risk Analysis Failing in ERM 5.3

    Hi All -
    I would appreciate some assistance with pin-pointing an issue that I'm having with running Risk Analysis on roles in ERM. Currently I have RAR configured with the appropriate rule set and generating the expected risk/sod conflicts for users & roles. I have also added the appropriate Web Service Info. in th Misc section under the configuration tab (url, user, pwd) for all sections associate with RAR integration.
    Now when I run a risk analysis on a particular role in RAR i get the correct conflicts however when I get the Risk Analysis stage with ERM I receive the following Error:
    Risk analysis failed; Cannot assign NULL to host variable 5. setNull() can only be used if the corresponding column is nullable. The statement is "INSERT INTO VT_RE_RSK_OBJRULES (OBJCODE, OBJDESC, OBJFLDCODE, OBJFLDDESC, VALFRMID, VALTOID, COND, RSKVIOLID) VALUES(?, ?, ?, ?, ?, ?, ?, ?)".
    I also get this error when trying to run Mass Maintenance --> Risk Analysis:
    Risk anaysis for role "XX:XXXXX" failed
    Before I was getting error: "Risk Analysis performed successfully; No Risk Found" so I referenced SAP Note 1265964 and applied all solution steps.
    Lastly here is the error log:
    2010-01-14 14:59:28,768 [SAPEngine_Application_Thread[impl:3]_31] ERROR com.virsa.re.role.actions.RiskAnalysisAction
    java.lang.Throwable: Cannot assign NULL to host variable 5. setNull() can only be used if the corresponding column is nullable. The statement is "INSERT INTO VT_RE_RSK_OBJRULES (OBJCODE, OBJDESC, OBJFLDCODE, OBJFLDDESC, VALFRMID, VALTOID, COND, RSKVIOLID)  VALUES(?, ?, ?, ?, ?, ?, ?, ?)".
         at com.virsa.re.bo.impl.RiskAnalysisBO.saveObjViolations(RiskAnalysisBO.java:906)
         at com.virsa.re.bo.impl.RiskAnalysisBO.performObjLvlRiskAnalysis(RiskAnalysisBO.java:824)
         at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysisOnSystem(RiskAnalysisBO.java:214)
         at com.virsa.re.role.actions.RiskAnalysisAction.performRiskAnalysisOnMultipleRoles(RiskAnalysisAction.java:609)
         at com.virsa.re.role.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
         at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)
         at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
         at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)
         at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Any help would be greatly appreciate it - Thanks in Advance!

    GOing to repost

  • Risk Analysis in GRC 10.0

    Dear Experts,
    I have configured RAR in GRC 10.0. Sync jobs are successful. Batch risk analysis is sucessful.
    But when I tried to run a User/Role risk analysis I am not getting any result. I am not sure whether system has run risk analysis or not but I get the confirmation screen with blank result table. Please advise how to fix this issue.
    I appreciate your help.
    Thanks,
    Raj

    Hello Raj,
    Check the below points related to risk analysis
    1.check once the parameter id in configuration settings
    2.BC set activation
    3.while running risk analysis check backend system name and connector which is configured.

  • Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

    I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data  in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please  consider it urgent.

    Hi,
    Assign ECC connector to SAP_ECCS_LG group.
    Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
    Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
    Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help.  I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
    Regards,
    Vivek

  • Risk Analysis shows no Roles or Users!!

    Hi Team,
    Please can you help me, I am configuring GRC AC 10's ARA and I am stuck with the issue when I execute Risk Analysis on Roles or Users, I am getting blank field. No data is getting pulled up from backend system. Although my Repository Sync job finished successfully when I did it for User, Roles and Profiles.
    Please can anybody help.
    Thanks,
    Nick

    Hi Nick,
    please check this thread: GRC AC 10: RAR - no analysis results, or document: GRC AC 10: RAR - no analysis results
    Regards, Andrzej

  • Mass Role Analysis on RAR

    Hello all, i would like to know if it is possible to get an analysis and report of all Z* Roles using risk analysis.
    It seems that i can just one by one get role analysis and report, so is there a way to get a mass role analysis for example all Z Roles?
    I appreciate your help.
    Thanks

    HI,
    In risk analysis role level screen,for line with role expend drop-down list by defauslt it is ---u have many options there choose--multiple and take your all z-roles into one notepad and save as UTF-8 and upload that file in this screen.
    And run the risk analysis at background and u will get the risk analysis result..
    Regards
    Ravikumar.ch

  • Role and User level Risk Analysis is not displaying any output or report.

    Hello,
    I have a problem when I run risk analysis, both in foreground and background. The issue is that no report is displayed and I have followed all the instructions carefully.
    I have done the following:
    Maintained Access Risk table to contain functions and assigned it to a rule set.
    The functions contains actions and permissions that are explicitly assigned to my ERP connector in the system field in both action and permission tabs.
    I have run the sync job to update the roles in the GRC server from the ERP backend. I am surprise that no report is displayed as I have a test role that I am sure has conflict as per my function definition.
    Please advice me if there is something I am missing.
    Thank you.

    Hello John,
    Good Morning !!
    Sorry for the late reply , but to my surprise , i do not see any tab containing "Actions & Permission".
    This are the tabs that i have in NWBC
    My Home
    Master Data
    Access Management
    Rule Setup
    Reports & Analytics
    Assessments
    Setup
    I am currently on SAPK-V1005INGRCFNDA support package for GRCFND_A .
    Is there something wrong that's hapenning?? or i am looking at wrong place !!
    Under Setups , i have an option "Access Rule Maintenance" which has
    Rule Sets
    Functions
    Access Risks
    When i click Accesas rule sets , i see Risk IDS : e.g. B001, B002 etc and when i click "generate rule" in foregroubd/background",
    it does not generate any rules ,when i click
    View Action Rules
    View Permission Rules
    It shows "Table does not contain any data".
    Please guide.
    Thanks
    Regards,
    Victor

  • Issue with risk analysis report in GRC10.0

    Hi All,
    We are running the user risk analysis report from NWBC: Reports and Analytics -> Access Risk Analysis Reports -> User Risk Violation report.
    This report is not fetching all the data even though user has all the required authorizations.
    We are getting the data when we execute the dashboard reports.
    Any one has idea?
    Cheers
    Hari

    Alessandro,
    Thanks for the reply. I am aware of this.
    Problem is when dash board report is showing the risk for the user but risk anaylsis report in Reports and Analytics is not showing the risks to that user.
    As per our investigation, the risk data that is displaying in the risk anaylsis report in Reports and Analytics is incomplete. We didn't find any errors in SLG1. Also there is no issues from authorizations side.
    Regards
    Hari

  • Job Error- Batch Risk Analysis (Role Full Sync)

    Hi Experts,
    I have schedule the background job for Role analysis(Full Sync), but it gives an error- status error.
    all connections are working fine and pasted the error log for your reference.
    Oct 25, 2010 11:56:36 AM com.virsa.cc.common.util.ExceptionUtil logError
    SEVERE: null
    java.lang.NullPointerException
         at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthChgRoleInputElement.wdGetObject(IPublicBackendAccessInterface.java)
         at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
         at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)
         at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.executeBAPI(InternalBackendAccessInterface.java:4227)
         at com.virsa.cc.comp.BackendAccessInterface.getAuthChangedRoles(BackendAccessInterface.java:3735)
         at com.virsa.cc.comp.BackendAccessInterface.getAuthChangedRoles(BackendAccessInterface.java:3724)
         at com.virsa.cc.comp.BackendAccessInterface.getObjDetails(BackendAccessInterface.java:1428)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.getObjDetails(InternalBackendAccessInterface.java:4327)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.getObjDetails(InternalBackendAccessInterface.java:4796)
         at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjDetails(DataExtractorSAP.java:630)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.getObjInfoFromSource(AnalysisEngine.java:4140)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1754)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:317)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchRiskAnalysis(BatchRiskAnalysis.java:1055)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchSyncAndAnalysis(BatchRiskAnalysis.java:1366)
         at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:559)
         at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:362)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:375)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:92)
         at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:444)
         at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1236)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
         at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
         at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
         at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
    INFO:  Job ID:23 : Analysis done: T_00035951_H_IXOSCFGS elapsed time: 666 ms
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.bg.BgJob setStatus
    INFO: Job ID: 23 Status: Error
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.bg.BgJob setStatus
    INFO: Job ID: 23 Status: Error
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
    INFO: Detailed Analysis Time:
    Risk Analysis Time: Started @:Mon Oct 25 11:56:36 EDT 2010
    Rule Load Time: Started @:Mon Oct 25 11:56:36 EDT 2010
    Rule Load Time:0millisec
    Org Rule Loop Time: Started @:Mon Oct 25 11:56:36 EDT 2010
    Rule Loop Time: Started @:Mon Oct 25 11:56:36 EDT 2010
    Rule Loop Time:648millisec
    Org Rule Loop Time:649millisec
    Risk Analysis Time:686millisec
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.util.Lock lock
    FINEST: Lock:1004
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.util.Lock unlock
    FINEST: Unlock:1004
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.util.Lock lock
    FINEST: Lock:1004
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.util.Lock unlock
    FINEST: Unlock:1004
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
    INFO:  Job ID:23 : Exec Risk Analysis
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
    INFO:  Job ID:23 : Before Rules loading,  elapsed time: 2 ms
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
    INFO:  Job ID:23 : Analysis starts: T_00035952_H_PMREAD_I
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.util.Lock lock
    FINEST: Lock:1005
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.util.Lock unlock
    FINEST: Unlock:1005
    Oct 25, 2010 11:56:36 AM com.virsa.cc.common.util.ExceptionUtil logError
    SEVERE: null
    java.lang.NullPointerException
         at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForRoleInputElement.wdGetObject(IPublicBackendAccessInterface.java)
         at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
         at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)
         at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.executeBAPI(InternalBackendAccessInterface.java:4227)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.executeBAPI(InternalBackendAccessInterface.java:4696)
         at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjActions(DataExtractorSAP.java:213)
         at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjActions(DataExtractorSAP.java:105)
         at com.virsa.cc.xsys.meng.MatchingEngine.getObjActions(MatchingEngine.java:813)
         at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:121)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1407)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:317)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchRiskAnalysis(BatchRiskAnalysis.java:1055)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchSyncAndAnalysis(BatchRiskAnalysis.java:1366)
         at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:559)
         at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:362)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:375)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:92)
         at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:444)
         at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1236)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
         at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
         at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
         at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Oct 25, 2010 11:56:36 AM com.virsa.cc.xsys.meng.ObjAuthMatcher <init>
    FINEST: ObjAuthMatcher constructed: 0ms, #singles=27, #ranges=0, #super=0
    Oct 25, 2010 11:56:37 AM com.virsa.cc.common.util.ExceptionUtil logError
    Kindly do the needful.
    Regards,
    Arjun.

    Hi,
    1.Please check what type of connection is configuired in RAR(Adaptive RFC or SAPJCO). Please switch the connection type to SAPJCO.
    2. Please check the daemon & daemon manager statues.
    3. Check the Job threds in daemon manager after sechudeling job.
    Regards,
    Arjun.

  • Issue in ERM - GRC AC 10 - Is risk analysis not mandatory

    Hi,
    We have defined our Role Methodology in 10 as Define Role - Maintain Authorizations - Analyze access risks - Derive role - approval - generation
    When we defined the role and maintained authorization data and proceeding without running risk analysis the role is moving to the next stage without stating any warning that "Risk Analysis is Mandatory". Upon click on Save & COntinue it is proceeding to further stages.
    Is there any parameter which needs to be set to throw a warning message for Risk Analysis to be run before the role is moved to next stage.
    We arleady set the paramater 3011 as YES - Conduct Risk Analysis before Role Generation.
    Thanks and Best Regards,
    Srihari.K

    Hi,
    Note the definition of the parameter 3011 as per "Maintaining Configuration Settings Guide - SAP AC 10.0":
    "Set the value to YES to automatically perform risk analysis when the user generates roles."
    This parameter applies only at generation stage.
    Cheers,
    Diego.

Maybe you are looking for

  • How to display line items twice in a single page in sap script

    HI,   I am working on check printing. I copied the standard driver program and form to Zprogram and ZForm. Which are RFFOUS_C(print program) and F110_PRENUM_CHECK(Form Name). I want to display the line items twice in the same page and sub sequent pag

  • Using ATMI and tuxedo to institue distributed transactions across multiple DBs

    I am creating the framework for a given application that needs to ensure that data integrity is maintained spanning multiple databases not necessarily within an instance of weblogic. In other words, I need to basically have 2 phase commit "internet t

  • Datagrid column calculate totals

    Hi - hope someone can help with this datagrid issue - I think it's just a small bit of code I've got to tweak. Might be some useful information to someone here anyway. I've got a datagrid populated by info from mysql via amfphp. I've managed to creat

  • Client side transaction support?

    Hi, I am curious if anyone knows of any client side AS3/flex transaction library out there. Specifically client side, not anything server side. For example I have one operation that does 2 distinct operations, if any one of them fails I need to rollb

  • Err 3259 when trying to download a purchased track

    I've purchased an album tonight (Crystal Castles) and iTunes won't download the video that comes with the track. I keep getting a time out error -3259. I've downloaded videos before without issue. I've tried disabling my AV just in case that is it, I