Mitigation not showing in Risk Analysis
I have migitated a role and can see the mitigation on the Mitigation tab under Mitigated Roles. I wanted to run a Risk Analysis on the role to make sure the mitigation is in my reports and they not showing.
I have checked my settings on the configuration tab under "Risk Analysis" on "Exclued Mitigated Risk" and it's set to "No". I run my reports in the Infomer Tab > Risk Analysis > Role Analysis and the Report Type is at the permission level and under "More Options" the "Ignore Migitation" is set to "No".
I have reran my "sync" jobs and management reports in the order they should be ran and they are still not showing up. The migitation is not showing up in my management reports either. I am on SP9.
Is there anything else I'm missing?
I answered my own question on this.
Similar Messages
-
RAR5.3 - SoD Report Not Showing Full Risk Description
Hello,
In a Sandbox environment, I'm playing around with/testing a new ruleset. The environment has our Production ruleset and I've added some risks to this ruleset via file upload in Configuration. The risks look great. Both the description and detailed description got imported correctly. The rules generated perfectly for these new risks I uploaded. Everything related to the risk, the way the risk is built, the rules, looks perfect. When I run Risk Analysis on test users that I know have the risk, they show on the report just as expected. However, the risk "description" is essentially missing. For example, in Management Summary View, here is what Risk B001* looks like:
B001: Basis Development & System Administration
Medium Basis TEST_USER(TEST_USER) USSPCJH40_E3
I've bolded the Risk Description.
However, here is what one of my new risks shows up like (F031, a risk we haven't put in production yet for various reasons):
F031: F031
Medium Finance TEST_USER(TEST_USER) USSPCJH40_E3
The Risk Description only says "F031." It still is hyperlinked so it still works, but I want to see the full Risk Description, obviously. When I look at the Risk in Rule Architect, both descriptions are there.
I then extracted the Rules via Rule Export and looked in the VIRSA_CC_RISKT table - the F031 description is there!
B001 (which looks fine) and F031 (which has the description missing) has entries in ALL of the same tables (unless there's a table that I'm not getting with the export?)
Can anyone help me out? Has anyone experienced a similiar issue? Why would all my newly imported risks not show a Risk Description when running Risk Analysis?
Thanks in advance!
Jes Behrens
Edited by: Jes Behrens on Feb 26, 2009 8:26 AMHi !
This report shows the schedule line items , group schedule line items and rental contact (billing plan) lines when particular checkbox is checked. The checkboxs p_all(non-schedule line) , p_group(group schedule line items) are working in my above alv report and showing result but unfortunately when p_rental is checked it dosent give me result , it says no data selected. This when checked has to show result based on a different set of selections as I have done, but its not shwoing me the result .
Kindly help please.
Thanks -
Designed Reports are not showing in the Analysis Report List
Hello Master's,
I have designed one report as per our client requirement, and assigned also, but its not showing in the analysis reports list.May i know what setting needs be done to appear in the reports list?.
How to create and add the characteristics(New Fields) in the reports, here we can able to create and add the key figures.
Kindly update the solutions with steps.
For you reference please find the below screen shot.
Thanks in Advance......!
Kind Regards
Shankarappa H LHi Shankarappa,
The Analysis -> Reports shows a list of views. Hence, once you create a report you need to complete two mandatory steps.
1. Create a View
2. Assign Report
For more information, please refer to the following link: In conversation with Sebastine Augustine, product manager redefining Business Analysis that forms an integral part of th…
Thanks,
Sebastine -
Crystal Report not showing details when analysis authorizations are used
We have a crystal report that is filter by company code. Analysis authorizations have been created for each company code as well as one for all (* access). In bex the report runs fine with the analysis authorizations. In crystal if the test user has the * analysis authorization the report runs correctly. If the test user has a specific company code the details section of the report does not display
I may be a little slow here but if the user does not have the access he should not be able to see the details or am I missing something here?
-
CUP Risk Analysis results are not shown, continues processing request
We have several users that complain the risk analysis in CUP never finishes. Requests do not contain risks or huge amount of risks which could explain a long runtime.
With one user we checked, the user is never getting the risk analysis result on his screen. Sitting together with the user shows that the progress bar at bottom of IE is completing analysis, however the screen is not updated to show the risk analysis result and continues to show the processing circle.
On other pc's CUP risk analysis result is shown as expected, so it must be some issue in local PC Internet Explorer settings.
Environment used is Windows XP with IE 8. GRC version is 5.3.
Have any of you experienced the same? And is there a solution available that will resolve this issue, by e.g. correcting settings in IE 8?Hello!
If you want to successfully use GRC 5.3 with IE8, you have two options:
1) Change a parameter in the server
2) use the compatibility mode.
3) Update NW
refer to [Note 1347768 - Web Dynpro and Microsoft Internet Explorer Version 8.0|https://service.sap.com/sap/support/notes/1347768]
I dismiss option 2, because it requires to change in every end user computer, so I've been working with option 1 without problems. Bear in mind that NW 7.01 is supported: [Note 1433940 - Access Control compatibility on Netweaver Java server 7.01|https://service.sap.com/sap/support/notes/1433940]
Cheers!
Diego. -
Risk Analysis not performed when using IDM WS
Hi ,
We are using the SAP delivered IDM WebService for submitting Access requests to CUP 5.3 SP8 Patch1.
We have defined the properties:
1. Perform Risk Analysis on Request Submission - YES
2. Risk Analysis Mandatory (approval stage) - YES, When Access Changed
3. Approve Request Despite Risks - NO
(This setting will enable the approver to approve the access request without performing a Risk Analysis, if the initial risk analysis doesn't identify any risk with the access request. But if there are risks, the approver need to mitigate the same before he can approve it.)
But we have found out that when submitting a request through the SAP Delivered IDM WS -'SAPGRC_AC_IDM_SUBMITREQUEST', the system DOESN'T perform RA during request submission. But when the request is submitted directly in CUP, it does.
We've referred the Note:1168508 where it's mentioned that this issue is being fixed with SP7 Patch 1. But we are already on SP8.
The Note says:
"The following issues are resolved as part of Support Package 7 Patch 1:"
and the last bullet point states that:
"While submitting a CUP Request from web service, if the flag for Risk Analysis on submission is set not performing the Risk Analysis on submission."
This feature was not working before and hence thought SAP has fixed it as mentioned in the Note. Has anybody suceeeded in getting this feature working???
Thanks & Regards,
AnilYes Dries, we have tried both and we happen to see some exceptions on request submission thru WS.
But the request is still getting created. I've an open tkt with SAP to follow it up..I'll update once i get this fixed.
Exception Details:
Exception during EJB call, Ignoring and trying Webservice Call [EXCEPTION] com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/w...
Full Message Text
Exception during EJB call, Ignoring and trying Webservice Call
com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:294)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:418)....
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:304)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:276)
... 44 more
Thx,
Anil -
Issue with risk analysis report in GRC10.0
Hi All,
We are running the user risk analysis report from NWBC: Reports and Analytics -> Access Risk Analysis Reports -> User Risk Violation report.
This report is not fetching all the data even though user has all the required authorizations.
We are getting the data when we execute the dashboard reports.
Any one has idea?
Cheers
HariAlessandro,
Thanks for the reply. I am aware of this.
Problem is when dash board report is showing the risk for the user but risk anaylsis report in Reports and Analytics is not showing the risks to that user.
As per our investigation, the risk data that is displaying in the risk anaylsis report in Reports and Analytics is incomplete. We didn't find any errors in SLG1. Also there is no issues from authorizations side.
Regards
Hari -
ARA does not show Violations in a role though conflicting transaction codes are assigned???
Hi,
I have noticed that a role having conflicting transaction codes assigned in the back end system is not propelry analyzed and in ARA application. When this role is analyzed, "No Violations" message is shown though there are conflicing transaction codes assigned.
As far risk definitaion is concerned, conflicting actions are properly defined in respective conflicting actions and thse actions are grouped in a risk, which is applicable to a logical group (which in turn has the connector included causing this problem) and they are active.
Rule are properly generated for the all the risks and functions. However, at the time of running risk analysis for this role, ARA is not showing as risk.
May any one please advise on this?
Regards,
RehanNeeraj,
Now I have defined SAP_R3_LG logical group as "SAP" connector type and regenerated all the rules. Still it is showing no violations!
Below are the screens for your reference:
Can you please advise?
Regards,
Rhn -
Risk Analysis On Request Submission property config
Hi,
We have configured the New and Change access request to go through a Role Owner Approval in CUP. As to enable the role owners aware of the reported risks with an access request when it lands in their Inbox, we have enabled the Risk Analysis config: 'Risk Analysis On Request Submission' to Yes. This setting makes the system to perform Risk Analysis using the RA webservice on ALL requests.
But we are not enforcing the Risk analysis and mitigation in all systems that are provisioned through GRC CUP. The property seems global and hence we are looking for a work around to bypass the RA on requests for some systems or rather a system specific setting.
Is there any tweak available with GRC 5.3 SP08 to achieve this?
As of now, we don't maintain the RAR rules for the systems where risk analysis is non-mandatory, but notice that the system is unnecessarily performing RA amounting to inefficient utilization of resources.
Any help would be greatly appreciated.
Thanks, AnilAnil,
There will be a few seconds extra for each system not included in risk analysis, but it should realize very quickly that there are no rules for that system (and that it can't even connect to pull authorizations if it is a dummy system).
Sorry there isn't a better answer, but it's the way it is built.
Tyler -
Activity type origin text doesn't have been showed on Cost analysis report
I have defined three acitivities TMAQ, TMO, CIF. But the origin text column of these acitivities is not showing in cost Analysis report(althoug the origin is showed), i.e. when we go to an order & navigate to "Cost Analysis". TCODE:CO02 (Production order)
Anyone knows how to show the origin text ?
Thanks a lot for your comments.
VeroHi Veronica
I think maybe it´s missing the description in language you are running the report.
Check transaction KL03 to see if the activity type has the description in the language you are logged.
If not go to KL02 and update the description and try to run it again.
Regards
Fred -
Critical permissions are not showing in the risk analysis in GRC10.0
Hi all,
We noticed that critical actions are flagging the in risk analysis report but not the critical permissions.
As far as I know all the settings are in place.
Is any one has any idea why critical permissions are not flagging? Our GRC is at SP14.This has been resolved
-
New Risk id's not showing in ruleset in production
Hi Experts,
We have created new risk id's in GRC development and it is working fine and is present in the ruleset but when we transported the ruleset to production the Risk Id's are not showing up in the Setup -> Access Risks path. All old risk id's are present except for the new ones.
But, when I run the risk analysis report the New Risk Id's are visible but their risk description is not present (old risk id's description is present) so I clicked on new risk id and it is showing completely same as development.
Risk Analysis reports are running fine and new risk id's are working in production but their risk description is not empty.
Can anyone please advise if I need to perform any step or this is a bug ?
PS: I generated the SOD rules in production after importing the transport.
Regards,
SalmanHello Salman,
Can you please check inside the GRC AC Tables, if the description is defined properly or not for the new Risks in your production system.
GRACSODRISK – Risk Description Table
You already have mentioned that you generated the Rules, so I wont be taking benefit of the doubt to ask you for that.
But, however I would like to point, if you have checked for the descriptions in the Access Rules Summary?
Also as you mention that you transported the Rules (New ones) from DEV to PRD. What do you imply by transports? Are you suggesting the Download/Upload SoD Rules method you followed?
Regards,
Akshay -
Dear All,
After running the risk analysis it shows only the first conflict for a risk in the rule set (Rule ID 0001). We have already Generated SOD ruleset. Also during migration from 5.3 to AC10.1 all the rulesets were imported properly.
What could be reason??
Thanks for your help.
Regards,
AbhisshekAbhisshek,
there is already a thread with the same question: Dear all I only get result for one rule id and not with others what should be an issue?
Regards,
Alessandro -
I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please consider it urgent.
Hi,
Assign ECC connector to SAP_ECCS_LG group.
Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help. I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
Regards,
Vivek -
AC10 - Auto risk analysis and auto mitigation
Hi,
I was wondering if it is possible to
- run an automatic risk analysis at the end of an approval stage of the workflow, the same way it is possible to configure at the time of request sending?
- automatically put a mitigating control in the request for the risks found?
In our case, there is only one mitigating control for each risk and the assignment of the control is an unnecessary manual task to perform. The mitigation assignment will be approved in a seperate WF by the mitigation owner.
It seems there is no out of the box solution to this, so any alternative suggestions are welcome.
Thanks,
DanielaHi Daniela,
If I may give my opinion, I would probably break your question down into 2 parts.
1) Auto Risk analysis at the end of a stage - Making "Risk Analysis Mandatory" at that stage is probably the method. Unfortunately this does mean clicking one or two buttons (so not fully automated). Think AC uses this method to ensure the reviewer is aware of the conflicts caused etc.
2) Auto Mitigation - For a business access workflow in a 'Live' situation, this is probably not a good idea, as analysing and making the decision on whether to proceed with the request should really be performed by an actual person responsible for that stage in the work flow e.g. Role Owner or Security Lead etc. You would not want to mitigate all risks automatically (if I have understood correctly that you have a mitigation per risk ID). In theory, an automated mitigation process would mitigate all risks without discrimination.
On a side note, there is a configuration setting under SPRO for Access controls as follows
"Risk Analysis- Access Request : Param ID 1072 - Mitigation of critical risk required before approving the request". By enabling this configuration, you could force a mitigating control to be applied to any user requesting Critical Access.
Hope this helps.
Maybe you are looking for
-
Macbook OS Leopard to Macbook pro
I just bought a used macbook pro and I wanted to reformat it.. my friend has an unused Macbook OS Leopard Install CD that came from Macbook when she bought it.. is it safe to use her Macbook OS in order to reformat my Macbook Pro? Are they the same?
-
Is there any methodology whereby a file can be exported, or saved, as a Tab Delimited File? Thanks
-
Cracking and popping on Inspire T2900 Speakers
There was a message exactly like this one on the forums about a year ago, perhaps more, and there were no responses...hopefully this proves more fruitful. Yesterday my Inspire T2900 speakers began to pop and crack. The pops happen at regular interval
-
Hi, We are an ISV in the area of Trim Optinization (used in the SAP Mill Products scenarios), a SAP partner, and have a product which is already certified on .Net Connector, but not as PBNW. We now want to go for PBNW certification, but are unsure wh
-
Hi Guys, Apple's MUSIC app on my iPad 2 iOS 5 starts up playing music on its own frequently, I have to stop it evy time. Any idea how I can kill the b....d?? Thank you!