Multiple GRC rule set update

we are having a custom rule set A loaded in GRC. Now we want another rule set B, with new risks and definition to be loaded in GRC. If we try to upload rule set B risks and functions via Upload function in GRC, would it overwrite the rule set A, or not.Just wanted to confirm whether existing rule set A would be affected or not, due to upload of rule set B.

Hey Alpesh,
Sorry, I haven't understand it correct. This is a question that will always be asked in the train.
You wrote:
"If you have created different files (e.g. risks, ruleset, function action, function permission etc.) and upload them via configuration -> rule upload then RAR will not overwrite your ruleset A and will only insert new rule set files."
Is this just possible, if all IDs (risk, function, function action, function permission) will be changed before and could not be equal like in the rule set A? correct?
What's about with the ALL.txt files, do I have to change/upload them as well again?
Thanks for feedback,
alwaly a pleasure!
Greets
Martin

Similar Messages

  • GRC Rule Set Updates

    Where can I fund updates made to the default rule set?

    http://service.sap.com/support
    Click on the Help & Support tab --> Search for SAP Notes.
    You will need a valid S-number to log in.
    Thanks!
    Ankur
    SAP GRC RIG

  • Access to update the GRC rule set is limited

    Hello - What is the process (tcode) to see who has access to update the GRC rule set?
    Thanks!

    Hi Sam,
       What is the version of your RAR (CC)? If it is CC 4.0 then you enter the product via tcode and go to rule architect to make changes. If you have CC 5.X then you go through the web browser and go to Rule architect to make changes to the rule set.
    The process to change a rule set is as below:
    1) Creats Function
    2) Create risk
    3) Create Rule
    Regards,
    Alpesh

  • Rule set Updates

    We started with Virsa CC 5.1 in 2006 now we are using CC 5.2
    If I go to the SAP Note 1173980 u2013 Q2 2008. Do I find all the Rule
    Updates from 2006 to 2008 or we need to implement all the below Virsa
    Rule updates.
    1061380 u2013 Q2 2006
    1035070 u2013 Q1 2007
    1083611 u2013 Q3 2007
    1173980 u2013 Q2 2008

    HI:
    You need to review each set of updates, and determine if they are applicable for your system.  Each subsequent rule set update issued does NOT include previous entries.
    It is up to each client to customize entries in the updates per their own requirements, but just taking the last one, means that you may miss some of the important updates in previous updates.
    Margaret

  • GRC - Rule Set Library

    Hello,
    Does the GRC deliver rule set library for compliance calibrator? If yes, how it delivers this package, is it includes in the installation of the package itself or separate one. What are the factors do we need to consider when customizing or modifying the standard library to accommodate to any client requirement?
    I appreciate any help on this.
    Thanks in advance!
    Eric

    Each customer is unique therefore their ruleset should be unique.
    Afterall how can the out of the box ruleset meet all of the Internal Control requirements for all different industries in all countries for all legislations for all versions of SAP, it can't!
    Your next question is how long does it take to build your own ruleset, I have clients that have take 2 weeks and others that are still working on it after 15 years!!
    The most important people to include in your ruleset review process are:
    External audit
    Internal audit/Compliance
    Business Process Experts
    without these people on board you will design a ruleset and remediate/mitigate issues that are not actually considered to be issues!!

  • Rule Set Update - Transactions Missing

    Hello,
    I’m having an issue when trying to add a transaction to a critical rule which is part of a logical system. When I look up the transaction
    against the logical system I can’t find it. But when I look it up against one of the connectors in the logical system I can find it. Any ideas why? I’ve run
    all the sync and regenerated the rule set. I’ve also double checked that the connector is part of the logical group.
    Thanks,

    Hi Colleen thanks for the response.
    I swear in the past you were able to pull in the transaction from the logical system but I can’t remember unfortunately. The person who built this rule set must have added these custom tcode when they did the initial upload. That must be how they were able to put them under the logical system?
    I’m wondering though, If I pull a transaction in from a specific connector won’t it only run against that connector when doing analysis? That seems odd since the logical system is to avoid that! How did you handle it? I also found that since the transaction was copied and pasted into the rule set that it’s not being analyzed during analysis.
    Maybe I can’t search on the logical system since the transaction doesn’t exist in both ECC systems I have grouped under it?
    I am on SP 13 now.

  • Updating rule set in CC from SAP

    Hi - if anyone can help with this issue - I'd greatly appreciate it.
    We loaded CC 5.2 last year and loaded all of our custom transactions to the appropriate functions.  However, since then, there have been changes to standard and custom transactions (in the authorization objects) and those changes are not showing up in the rule set.  (we added new authorization objects)  Is there a way to have the rule set update automatically with these?
    We are running the two SAP jobs that export the texts and objects and then we have two jobs running daily in CC to bring in from those files.  We then have a full system sync running daily.  Updates are still not coming in.
    Any help is appreciated!
    Thanks,
    Elizabeth

    HI Elizabeth,
    When you say you have added new Authorization objects, do you mean to say that you have added to the roles?
    I strongly recommend to go to SU24 tcode and check whether the new Authorization objects are properly Check/Maintained to the respective Tcodes.
    Also merge all the new authorization data in all the roles and regenerate them.
    Also you need to update the rules once the above steps are done.
    Regards,
    Kiran Kandepalli.

  • Updating Compliance Calibrator Rule Set

    The business has decided to change a few rules by removing a couple of custom tcodes from the rule set.  In DEV I go into the Function and remove the objects associated with the tcode and disable the tcode.  After running the rule set update there is still some sort of tie.  I have created a test ID in DEV with a known issue around each of the changes.  I'm not getting a different result when running compliance calibrator.
    Any ideas?
    We are running R/3 4.6C and compliance calibrator 4.0

    Can you please check the following demo?
    [Virsa Compliance Calibrator Application for SAP v5.1 Demo|http://www.sdn.sap.com/irj/scn/elearn?rid=/library/uuid/d2f1cf9c-0d01-0010-2dac-aedd3c4f7f5b&overridelayout=true]
    Please give more details on the step where you got stuck.
    Regards,
    Dipanjan

  • FBL5N - in Rule set - It is a Display customer line items

    Dear All,
    We observed that FBL5N - Display customer line items in Standard SoD rule set under function AR07  addressing a risk of S022.
    Unless there are t-codes of FD03 or FB02 this t-code does not allow to change the payment terms of the customer.
    We are having a challenge from the client that FBL5N is a display t-code and why it is there in rule set.
    Has anybody came across this scenario? If yes, what is the underlying risk for this FBL5N independently.
    Is there any SAP Note for this t-code like ME23N from SAP.
    Thanks and Best Regards,
    Srihari.K

    Hi Christian,
    We checked the authorization objects as well enabled in GRC rule set as below:
    F_BKPF_BUK - Docume t Authorization document for company codes - 01 or 02 - Enable.
    Inspite of this access, FBL5N cannot be used to change the document for payment terms and assignments without FB02 t-code
    assignment in the role.
    Independently FBL5N cannot be used for any change or create activity except Display customer line items.
    Please advise
    Thanks and Best Regards,
    Srihari.K

  • Non existing value EC for M_BEST_BSA / BSART used in rule set

    Hello,
    while implementing the 2010 rule set updates into our system, we realized that there is a value used that is not existing in the system.
    It is for object M_BEST_BSA, field BSART. The value is EC.
    In the rule update document from Q2 2010, there is the following comment:
    5. PR02 u2013 Maintain Purchase Order u2013 Upon review of this function with the rules mini-council, the decision was made to remove document type from the rules.  Previously, we delivered document types EC, FO and NB with our rules.  However, the majority of customers create custom document types for purchasing.  Many customers did not customize the rules, which results in only those users that had the standard EC, FO and NB document types being reported as having a risk.  Users who had the custom document types would not be reported, which results in false negative reporting.  Therefore, the decision was made to remove document type from our delivered rules.  This will force each customer to review their document types and edit this function to include all relevant document types so all users who have a risk are shown.
    However the value is still enabled in function PR04, even though it is not a valid value for field BSART. It is not existin in table T161, which holds the PO document types. It does not seem to exist since at least release 4.6C
    The value is inherited from the transactions ME28 and ME29N
    Does anyone know what it is about and why the value still is considered a standard value?
    I know this does not give me false conflicts, as the BSART values are used in condition OR.
    Why is the value not just removed, if it is not a valid value at all?
    edit:
    Sorry, forgot to mention, we use CC4.0 in an ECC6.0 system
    end of edit:
    Regards,
    Thomas Schaeflein
    IBM
    Edited by: Thomas Schaeflein on Jan 26, 2011 4:14 PM

    Start by saying bump.
    I've still no word from Adobe if they are doing anything with
    this problem. Any one had any replys from Adobe on it? Any one
    found a work around with recoding queries?

  • GRC role set documents for auditors

    Hi,
    We have installed GRC5.2 and Iam looking for GRC rule set documents.I could not find in service market place, what i found was Installation/config/migration which was not helping me anymore.
    Can some one guide me hwere to find GRC rule set docs?
    Appriciate if you can help
    - Lisa

    Hello Lisa,
    You are welcome.
    1. I would not say it would be exactly a document that you would get from GRC server but you can create a saparate login for the auditor when he comes to  review your system, much like you do in SAP R/3 and he can see from there what information he wants to get out of your system. There are change histories and request histories in the tool itself which he can explore to get what you wanted to create a document for.
    2. Regarding the post installation steps, I would advise you to go through te documentation for the same which is available on the SAP portal. It differs from installation to installation and would be not possible to explain it all here in the forum as it has many aspects to it. Also, the guide has step by step explanation for various tasks, none of which should ideally be missed or skipped for an efficient implementation, which can be the case otherwise if you just take a note of the points only based on forum posts.
    3. Not sure of the program for training, though SAP does not have the certification for the GRC AC till date for sure, as I had enquired in the SAP TechED 2008. Or maybe you can drop a mail to the trainings department with SAP to check the same and get the sure info, which we would like if you could share with us too.
    Thanks.
    Regards,
    Hersh.

  • Multiple rule sets - impacts in GRC modules

    Hi,
    We are currently running CC 5.2 on our European perimeter.  We would like to extend in the near future to our US perimeter.  For that, we have to take into consideration a complete new set of rules.
    I presume there will be no issue to handle multiple sets of rules in CC but I was wondering what could be the potential impacts/problems for the other GRC modules?
    i.e.: in Role Expert, for the US roles we would like to avoid getting potential risks from European rule sets,...
    Has anybody some attention points or good practice to share on that ?  It would be a great help for us.
    Thanks & Regards

    Different installation of GRC Solutions for different regions is certainly not recommended and not even required.  It is important to design your cross system landscape efficiently considering different regions in mind and create different rule sets for different regions. In a cross system landscape you can have multiple systems from different regions with entirely a different set of modules and data. Obviously the risk will be different, for that purpose you have to create different rule sets for sure.
    Now when you are performing risk analysis for a particular region you have to select the considered system/connector and a rule set respectively so that you get the risks on targeted system only.
    Bill-
    as you asked, if there are chances of potential impacts/problems for the other GRC modules or not,
    The answer is, There will be no impact at all because you are considering them as separate entities within a landscape. It is the beauty of GRC Access Controls to have multiple system connectors, logical systems and cross system landscape that provides almost every feature to cover all regional perimeters.
    Regards,
    Amol Bharti

  • Best practice for the Update of SAP GRC CC Rule Set

    Hi GRC experts,
    We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
    Which is a best practice for accomplish our goal?
    Many thanks in advance. Best regards,
      Imanol

    Hi Simon and Amir
    My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
    I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
    Connie

  • CC / RAR 5.2 - Multiple Rule Set Question

    How does the system handle the use of multiple rule sets in CC / RAR 5.2?
    For example, letu2019s say I want to keep a standard SAP rule set in tact to use for testing and comparison in RAR, but I also want to load another one.
    I realize that only 1 can be the u201CDEFAULTu201D so what does that mean?  I know that a risk analysis is only run against the rule set you set as default.  I also know that you can select the rule set to use in processing when you manually run either through Informer or Configuration tab a risk analysis.  What I am really concerned with is what happens if you take the results to u201Cmanagement reportsu201D from 2 different rule sets?
    First, can you even do it?
    Second, if you can, then I think you must have to come up with a different RISKID configuration schema for each rule set otherwise, I do not see how you can differentiate from which rule set the violation is generated.  That said, you will also need to export the report information into Excel and make any u201Crule set sortu201D there as I donu2019t see a way to do it directly in RARu2026.maybe a future improvement?
    Can anyone confirm the impact of multiple rule sets and how you manage them?
    Regards,
    Greg

    Greg,
    You can maintain the different severity levels for different Rule Sets. For example, in one Rule Set you can keep the "Critical" Risks and in other you can keep "High", "Medium" & "Low". Run your analysis against first Rule Set if you want to know the "Critical" Risks and second Rule set you can use for rest of the severity levels. I hope this way you can manage your multiple Rule Sets in RAR.
    Thanks,
    Tavi
    SAP Security & GRC Consultant.

  • GRC AC Rule Sets

    Hi
    We have a requirement of building up a custom rule set for our organization. The current requirement is to have a central rule set across for all system and have subsequent system specific Risks identified in addition.
    Scenario: Letu2019s say we have identified around 100 risks across the enterprise, however only 50 risks out of 100 risks are applicable for one system. While for the second system there are around 70 risks applicable. Finally for the third one all 100 risks are applicable.
    Should we have system specific rule sets to address the above scenario or should we have a common rule set for the enterprise.
    Appreciate your inputs about the approach for building up of rule set for such scenarios.
    Question: With GRC 10.0, can we run risks for a system on multiple rule set IDs at one time.
    Thanks.
    Anjan Pandey

    Hi,
    Most of the clients will prefer to go with one rule set. However System can allow create/maintain multiple rule sets.
    Anyway your requirement is to have one central rule set across all systems u2013 For that, Create Logical system and maintains one Rule set is the right approach and it gives flexibility for future usage to add /remove required systems. You can maintain risks by system specific, not required to maintain multiple rule sets.
    Refer  GRC Access Control Effective Rule Set Design document,  it gives some good explanation of Rule Set Design&typical Scenarios, Logical & Physical systems approach..etc.
    Regards,
    Ram
    Edited by: ram komma on Apr 13, 2011 1:55 PM

Maybe you are looking for

  • Muse CC crashing when embedding HTML

    Trying to embed a YouTube video into a Muse site with Muse CC and is crashing every time. Is this a known issue? Is there a work around?

  • Timer in the database

    Hello, I have a question about the timer in the database. I have a job that has a priority of 1. That job needs to run from time to time.( that is to run once and then sleep for a while.) The sleeping time is provided by another job. I am using DBMS_

  • BEA Weblogic Sizing

    My boss wants to buy one Sun Microsystems Machine for BEA WebLogic Application Server. Is there any "Sizing" tool available? I want to estimate number of CPU and memory required. Many thanks :^O

  • Port number of a webservice?

    Hello, How can i get the port number of a webservice? Regards

  • How apply rolling shutter plugin AND stabilisation in CS5.5 ?

    When i apply the rolling shutter plugin (The Foundry) AND the After Effetcs's stabilisation , the fisrt effect is cancel by the second one , i've tried to pre-compose my first layer with the rolling shutter effect but AE move it into the new composit