Offline Essbase analysis
Does anyone have any suggestions on how to best take essbase offline for executives to do offline analysis?I imagine that Personal essbase will be far too complex to support.We are using Analyzer, so a 3rd party analysis tool is probably not a possible alternative.Thanks!Anthony
you can use BRIO (now Hyperion perf. suite) and save reports with data...these reports can be updated by connecting to the Essbase-server (via-LAN) or you can even publish updated reports which the users can download from over the internet... does this sound feasible?
Similar Messages
-
Integration of Essbase / Analyser security with External securtiy like LDAP
Hi,We are trying to create a reporting intranet website and our aim is to have only one login per user via our website, this needs us to integrate the security for Essbase , analyser and any other BI tool. Also keeping in mind that we need to use filters on some of our essbase applications.Has anyone used this concept ? Any inputs on this is welcome.Thanks
integration in hyperion environment is possible via hyperions CSS (common security services) ..for integration and SSO with other products/technology you might find the new netegrity siteminder integration useful!cheers
-
I've chosen yes as offline analysis improves response time when running frontend reports, but this is populating table virsa_cc_prmvl. Running full sync jobs multiple is getiing very time consuming as it starts deleting data from this table.
But if if set offline analyis to NO then reponse will be low for reports run from informer tab.
Per your experience what do you suggest yes/no for offilne analysis?
Thank you,
ParthaHi Santhosh/Frank,
As i understand you have successfully completed offline risk anaysise i have some questions to clarify :
1. What are the steps ypou followed in the process both for SAP and non SAP system
2. Have you done data extraction through ABAP report for SAP system?
3. We have done successfully done Action Level offline risk anaysies for a SAP system, but thenin permission level analysis it shows zero voilation any idea on this?
we are sp 14
4. Now SAP GRC 10.0 is out in the market, do u have any idea how we perform offline risk anaysis in SAP GRC 10.0?
Thanks and Regards,
Sandeep -
Best Practice for Hyperion Planning : Essbase or Dataform for Adhoc Analysi
Hi,
with Hyperion Planning, you are able to start an Adhoc Analysis from an Hyperion Planning Dataform or from an Essbase cube?
What is the best way / pro / contra ? thanks in advance
.... I 've juste notice that when you delete the dataform the Retrieve doesn't work anymore :-( .... and with Essbase you get some "un-useful" dimension as HSP_Value
Regards
xavierA couple of other things that go with Planning as the data source:
1) You have access to all of the non-Essbase data -- think SmartLists, text (okay, it's there now in Essbase, but not from Planning applications) fields, supporting detail, etc. If you want users to see that relationally stored data, the only other way to get it in Excel is to run a Financial Reports report into Excel (or hack the tables and write SQL to pull the stuff -- did that pre 11x and it's too much work).
2) There's a performance hit when going against Planning, just like there is when Planning is the data source in Financial Reports.
Using a form to limit dimensionality - isn't that what SmartSlices are for? I guess it's another way to get to the same place. Although you have to administer the SmartSlices, I would imagine they would break less often than a form might. Having said that, once built, how often do you delete a form?
It's really nice that ad-hoc analysis from forms are now possible, but I've always thought of it as nice feature to have alongside data entry, never as the primary path into Essbase analysis.
Just my $0.02.
Regards,
Cameron Lackpour -
Offline & Online Risk Analysis
Hello experts,
What is Offline Risk Analysis and Online Risk Analysis in SAP GRC and which case are we using..? Please let us know the difference between both..?
Regards
BabuDear Babu,
offline means that the analysis is based on the last risk analysis (for example if you schedule once per day you will get this information in your report). Online means you are checking on-time in the systems (current situation) and system considers real time information. You can choose "Offline Data" in risk analysis screen to run with offline data.
With parameter 1027 you can enable or disable offline risk analysis.
Regards,
Alessandro -
In our GRC AC 5.3 SP10, we have RAR config tab -risk analysis -additional option - enable offline risk anlysis is set to YES.
But when I run a risk anlysis from informer tab - reports shows offline anlysis:NO.
My queries are:
1. what are difference between yes and no for affline analysis. How does they affect risk analysis report.
2. Is the above scenario a problem? does it provide incorrect result of risk analysis? If yes, how this can be rectified?If you set offline risk analysis to yes in configuration then when the batch risk analysis background job runs it populates the RAR table virsa_cc_prmvl. So the advantage of offline analysis is you can do risk analysis based on the last batch risk analysis job making the response time better.
In case of online analysis from informer tab the backend system should be available. The advantage here is you are dealing with real time data whereas incase of offline analysis your data is as fresh as the last run batch risk analysis job.
Thank you,
Partha
Edited by: PARTHASARATHY NUNNA on Jun 25, 2010 2:36 PM
Edited by: PARTHASARATHY NUNNA on Jun 25, 2010 2:47 PM -
Q&A for Live Expert Session "Enhanced Risk Analysis on AC 10.0"
Hi,
Please find below the questions that we could not address during yesterdays sessions. If you have any further question please create a new discussion in the forum.
Thanks,
Luis
Q: Is it still possible to filter by user group using all rule sets at once?
A: Yes, in 10.0 you can combine as many conditions as needed. In this case you would select all rulesets that apply and also the user groups.
Q: Are user groups linked to users per system, or still as in 5.3 only the first system the user is found
A: In the user information screen only the user group from the details deta source will be shown.
Q:: Have there been any enhancements made to the simulation functionality?
A: Yes, the simulation allows to use multiple combination of fields like in the new risk analysis. We can do now simulation on Business Roles. Also a new UI providing a step-by-step process for defining the simulation criteria, allowing to easily simulate changes at action, role and profile level in a single run.
Q: Is it possible to restrict access to risk analysis or changing risks, functions on a organisational level for these employees (eg. HR, Marketing, Finance etc.)
A: You can restict access to specific componets using standard authorizations, please refer to the Security Guide. Also such changes can be subject to workflow which can be customized to specific approvers.
Q: How the offline risk analysis is done on 10.0?
A: The process is the same as in 5.3. A Batch Risk Analysis must be scheduled and the "Offline Data" flag in the risk analysis must be checked.Hi GRC Team,
Please help me on this. I am waiting for your replay.
Regards,
KR -
Trying to understand "User/Role/Profile Synchronization" and Batch Analysis
Hello,
Im trying to understand what exactly and from which tables these jobs are copying to which tables in CC. I have a understanding that these jobs are moving also deleted roles from backend. This is causing unnecessary delay to long lasting job.
I would appreasite if some one could explain the logic behind these jobs. What the fullsync and incremental is reading ? What kind of changes are causing a role/user/profile to be included to the full and incremental jobs?
How the incremental analysis logic is built ?
br JanneJanne,
In my current implementation we are going for an offline risk analysis due to the heteregoneus system landscape of our client (several SAP and non SAP systems and several SAP systems under 4.6C). Eventhough within our approach we don't perfrom the backend synchronization (we use CC data extractor to pull data from backend into CC) hope the following info could hel you:
The tables such jobs you mention access to, are all the SAP backend system tables related with users, roles, profiles, action and permissions. If you check the data mapping appendix of the "user and configuration guide for 5.2" you will see all the data that CC retrieves. For instance, in order to extract user info (UserID, FName, LName, Email, Phone, Email, Department) tables USR21, USR02, ADRP, ADR6 and ADCP must be accessed.
In terms of CC tables:
VIRSA_CC_SYSUSR >> UserIDs and Systems ID relationship
VIRSA_CC_GENOBJ >> User, Role and Profile master data
VIRSA_CC_GENACT >> User-action, role-action and profile-action data
VIRSA_CC_GENPRM >> User-permission, role-permission and profile-permission
VIRSA_CC_SAPOBJ >> Action-permission
VIRSA_CC_OBJTEXT >> Objects descripcions (ACT, PRM, FLD, VAL, ORG)
Hope this helps.
Regards,
Imanol -
ARA: Excluded Roles considered for Risk Analysis???
Hi,
There are certain role which are to be excluded from risk analysis or some business reasons. To achieve this, I have added entries for these roles in SPRO and saved them.
Actually, these roles are available in all the systems. Therefore, under "System" column I have selected "ALL" and saved the entries.
I ran risk analysis for a specific business process (above roles are belonging to this business group) and surprisingly found that, those roles which are maintained as "Excluded", as shown in the risk analysis report as violating!
Thinking that "ALL" option does not work, I maintained (excluded) these roles for specific systems in SPRO. Ran risk anlaysis, but with no luck.
Then I ran risk analysis for excluded role(s), I am still getting the violations for these excluded roles!
May I know why system is considering these "excluded" roles at the time of risk analysis?
Please advise.
Regards,
FaisalAlessanrdo,
I think the "excluded" objects in path:
SPRO->GRC->AC->ARA->BRA->Maintain Exclude Objects for Batch Risk Analysis
itself says that the objects will NOT be considered while performing Batch Risk Analysis (Analytic Reports). It seems to be working fine for me.
I dont think that the objects maintained in above path will have any importance while performing Risk Analysis from NWBC->AM->Roles Analysis) and will NOT be considered.
Please correct me, if required.
Secondly, I found 2 relevant posts here on SCN:
SAP GRC Access Control: Offline-Mode Risk Analysis
SAP GRC 10.0 Offline Risk Analysis
Both of them are talking about the offline mode of running risk analysis. Actually I have not used it yet therefore, wanted to know the real usage of it. These posts seem to be giving the details of "Offline" mode analysis.
I believe this will not be used in my scenario as there is no such requirement and real need. Therefore, I think I should disable it (Offline Data) option from the analysis screen just to avoid any confusion.
Currently all our risk analysis is taking place "Online". There is no "real" need to use "Offline".
May you please let me know in which scenario this would be useful?
Regards,
Faisal -
Risk Analysis for Third party ERP system
We want to perform offline risk analysis for third party ERP(SRM) system.... We have already GRC system installed with Global rule set for SAP ERP & want to have another ruleset for offline risk analysis.
Just would like to have a confirmation for below steps & estimated time for this.
Activities Need to be performed from Our side(Client) :-
1) Send the RAR format for Users/Roles/Actions & Permissions.
2) Cross Verify the format.
3) Create the connector for stored files.
4) Upload the files via Data Extraction utility.
5) Generate the ruleset for SRM(third party).
6) Schedule the various background jobs.
Activities Need to be Performed from Third Party - HUBWOO(Owns SRM ERP system) :-
1) Convert users/action/roles and permissions files to RAR format.
Activities need to be Performed from SAP :-
1) Provide the ruleset for HUBWOO SRM system.
Please let me know if I missed any step above & estimated time to complete from our end & did anyone has come across ruleset for HUBWOO system..?
Thanks in Advance!!Thanks all for your reply,
Alpesh, but still I have small concern here, when SAP provide the ruleset files, it also provides for Oracle, People soft & JDE ERP.
Though these are also third party ERP's for SAP...?
Does it mean that we can'task for ruleset for other third party ERP from SAP...? or does SAP Charge something for it..?
Thanks -
AC 10.1 Empty screen on User Level analysis
Hi all,
We have migrated our 5.3 Access Control System to 10.1 and all the post-installation steps are applied. We loaded the user and roles from our ERP System, created rules and generated them for our system. Parameter 1027 – Enable offline risk analysi is set to YES. We also ran the batch job for the risk analysis in Background (transaction GRAC_BATCH_RA). When we run the NWBC -> Access Management -> User Level for our System we get just an empty window – no error message, nothing. It doesn’t make a difference if we run it on action level, permission level with offline data or without, in foreground or background, the result is just an empty window. What might be the issue here ?
Thanks in advance
BerndHello Bernd,
In GRC 10.1 there are a few new things. Can you tell which view you are running the report on? There are three in GRC 10.1; namely - Remediation view, Business View and Technical View. See screen below.
Most problems are on Remediation View (which is selected by default when you start running the RA). For traditional risk analysis report please run on the "Technical View" and see if you get results.
To fix the issue with the remediation view's blank screen please review following notes:
2040204 - Remediation View does not show up while running risk analysis
2035538 - Remediation view in Risk Analysis does not show any data
2099999 - Remediation View screen shows blank while Risk Analysis
Thanks
Sammukh -
Problem in RAR Background Jobs
Hi Experts,
We are facing a problem during Batch Risk Analysis-
Batch Risk Parameters-
System- RP1
Options-
User
Role
Profile, Critical Actions and Role/Profile Analysis
Management reports
User and Role permission Level risks analysis run fine, but at User Critical Analysis after 44% Systme is throwing an error-
Error log-
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.bg.CriticalTcdRoleAnalysis deleteExistingData
INFO: Job ID:371 Critical Role/Profile data deleted
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
INFO: Job ID:371 : Exec Risk Analysis
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
WARNING: Job ID:371 : Failed to run Risk Analysis
com.virsa.cc.dataextractor.dao.DataExtractorException: Cannot extract data from system (ECC Production System); for more details, refer to ccappcomp.n.log
at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:551)
at com.virsa.cc.dataextractor.bo.DataExtractorSAP.userIsIgnored(DataExtractorSAP.java:529)
at com.virsa.cc.xsys.meng.MatchingEngine.matchCritRoleProf(MatchingEngine.java:1203)
at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performCriticalRoleAnalysis(AnalysisEngine.java:3634)
at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:320)
at com.virsa.cc.xsys.bg.CriticalTcdRoleAnalysis.performBkgTcdAnalysis(CriticalTcdRoleAnalysis.java:244)
at com.virsa.cc.xsys.bg.CriticalTcdRoleAnalysis.loadAnalysisResult(CriticalTcdRoleAnalysis.java:78)
at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchSyncAndAnalysis(BatchRiskAnalysis.java:1407)
at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:427)
at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:284)
at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:249)
at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:444)
at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1236)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.bg.CriticalTcdRoleAnalysis deleteExistingData
INFO: Job ID:371 Critical Action data deleted
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
INFO: Job ID:371 : Exec Risk Analysis
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Job ID:371 : Before Rules loading, elapsed time: 0 ms
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Job ID:371 : Analysis starts: SUHAILS
Jul 23, 2009 4:02:45 PM com.virsa.cc.xsys.meng.MatchingEngine matchActRisks
WARNING: Error :
com.virsa.cc.dataextractor.dao.DataExtractorException: Cannot extract data from system (ECC Production System); for more details, refer to ccappcomp.n.log
Have anyone experienced same issue? Please suggest what could be the reason and solution.
Thanks,
SabitaHi, I had included this reply in another thread with relatively the same issue:
In the Configuration tab (Additional Options), do you have "Enable Offline Risk Analysis" set to "Yes"?
If yes, the error could occur because of updating the conflict permission details in the offline table VIRSA_CC_PRMVL. I believe this will occur in users who are assigned to big roles that contain lots of authorizations.
As a test workaround, if you had set "Ignore Critical Roles & Profiles" to yes, you can enter those big roles into the list and run the batch risk analysis for only those users with errors.
As another test workaround, If you had set "Consider Org Rules" to yes, set it to "No". After that, run again batch risk analysis for the users with errors.
I agree it is not a direct solution to the problem (which I am also facing right now and dealing with SAP) but helps to identify where the problem is.
Would be interesting to know what solution SAP had provided for your issue. -
I keep getting an error message when trying to login
I keep getting an error message when I am trying to add ICloud to my PC
Try to log with Admin/password since EAS has his own security system. Then, you will be abble to log with essbase analysis server users.kbbinge
-
Cell Text greyed out in Hyperion Menu of Excel
Hi all,
anybody has an idea why the Cell Text Menu is greyed out in Excel via Smart View when I am accessing my Essbase cube. When I am using the Excel Add-in I can edit the Cell Text.
Thanks,
BerndWe use Cell text (link related object) in our Essbase Cube where we pull data with Excel Addin and Hperion Financial Reports. So far our users are modifying the cell with Excel-Addin.
This means that Smart View cannot provide the option to modify cell text for Essbase analysis?
Thanks,
Bernd
Edited by: bjaegle on Aug 11, 2009 2:00 PM -
Hello,
Does any one have GRC AC 5.3 running on Linux and Oracle 10g?
I need same recommandations regarding the IBM JDK settings for risk analysis performance.
ThanksHello Ankur,
The thread you asked me to check was opened by me.
we applied already the parameters but still facing problems after changing Risks/Rules and puting "enable offline risk analysis" option to YES.
Do you have GRC on Linux?
Thanks
Maybe you are looking for
-
I'm using Windows XP. I've used Firefox for years but in recent weeks I've had the following problem. When I endeavour to open an internet site the tab appears in the toolbar at the bottom of the screen instead of loading the page. When I click on th
-
I have a Belkin wireless G Router. It all works fine except when I want to put a passcode on the wireless internet. I connect to the router and create a codekey, but when I type in the codekey to connect wirelessly it wont let me. I spoke to Belkin r
-
Crystal reports 2011 installation INS00140 "Invalid KeyCode" error.
I just purchased and downloaded the latest Crystal Reports 2011 (SP02) version and I am getting the infamous INS00140 Invalid KeyCode error. I have read and tried all the solutions that I could find in this forum, and some more quasi-solutions found
-
Access manager policyagent 2.1 fro webspher5.0 with sun access manager in
Help It is very urgent I have installed my sun access manager and sun direcory server on same machine solaris10.SSL is diable in directory server.Access manager working on ssl mode means it is working on Http with port 80 and Https with port443.Acces
-
Java Script has been blocked, and says missing plugin.
I have downloaded a bunch of internet browsers to try and fix the issue but the Java has been enabled on all of them and none of them are allowing Java Script 6 or 7 to work. is there soemthing i can do to rectify this problem. or has Java been block