RAR 5.3 SP10 Mitigating Control Import Utility
All -
I exported my mitigating controls from a RAR 5.3 SP9 system and imported them into a 5.3 SP10 system. I received a successful confirmation of the import, but when I "searched" my mitigating controls there were duplicated mitigating control numbers. It looks like the import tool duplicated the mitigating control ID for every "monitor" assigned to the mitigating control number. For example, mitigating control MC00000001 with Monitor1, Monitor2, & Monitor3 equated to 3 entries of MC00000001. If I try to delete 2 of the 3 entries, I receive a "Successfully deleted" message and get the error "Exception!!. No relavent language message available in database for :0053". When I "search" again, the mtigating control is no longer there (as expected).
I confirmed my mitigating control import file does not have the multiple entries.
Any ideas?
Thanks,
Daniel
Venky,
Thank you for your response. The message issue actually wasn't the one that I was asking about, but thanks for the heads up. The main issue is that RAR (5.3 SP10) is multiplying mitigating control entries for the number of monitors assigned to the mitigating control. It appears to be an issue with SP10 as it did not occur in SP9. I'm trying to see if anyone knows what the fix is.
Thanks,
Daniel
Similar Messages
-
GRC AC RAR: Comprehension question Mitigating Controls
Hello all,
I have a small comprehension question regarding Mitigating Controls.
Situation:
We have identified some authorization roles that contained lots of risks and we decided that they should not be used anymore. I therefore had our admins remove those roles from all the userIDs and update the role descriptions so it is clear that these roles are obsolete and must not be used anymore. For specific reasons we are currently not able to archive those roles in order to remove them from the system (can't delete them either for unclarified data retention questions).
What has been done:
1. I have created the necessary userIDs for Management Approver, Monitor, etc. in tab Mitigation -> Administrators -> Create
2. I have created the necessary business unit and assigned to userIDs created in 1. in tab Mitigation -> Business Units -> Create
3. I have created a Mitigation Control "Obsolete Roles" in tab Mitigation -> Mitigating Controls -> Create
4. Within the Mitigatin Control I have mitigated all associated risks in tab "Associated Risks", added a userID in tab "Monitors" and I have added all the obsolete roles using the button "Mitigate roles"
What I want to achieve:
- Roles should not show up in the analysis anymore -> I've checked that and it works as expected
- I now want the userID I added in tab "Monitors" and when mitigating the roles to regularly check in the SAP system whether the mitigated roles have been assigned to any userIDs again (using PFCG or any other suitable report in the system).
Can I achieve that by using tab "Reports" within the Mitigating Control ?
If I provide the system in column "System", provide "PFCG" in column "Action", "Use PFCG to check is role is assigned again" in "Description", add the userID in tab "Monitor" and set Frequency to "4" this would mean that that userID needs to check whether the roles have been used again at least every 4 weeks ?
Will the system automatically send a reminder eMail to that userID every 4 weeks or does the user have to check the RAR manually in order to see "his/her" tasks ?
Regards,
BenjaminHi Jwalant,
sorry for my late reply, but I have waited for a few weeks to make be sure wheather the way you described works or not.
- The background job gets executed once a week and finishes without any error.
- The only thing that doesn't work is that the userID that I maintained in clolumn "monitor" and for which I defined a mitigation control which has to be executed every 2-weeks (using column "report") does NOT get a mail from the system that reminds him/her to execute the mitigating control.
Log of background job execution:
INFO: -
Scheduling Job =>16----
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob run
INFO: --- Starting Job ID:16 (GENERATE_ALERT) - Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 16 Status: Running
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
1@@Msg is Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION started :threadid: 2
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=16, status=1, message=Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION started :threadid: 2
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Alert Generation Started @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Conflict Risk Input has 1 records @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Critical Risk Input has 1 records @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Mitigation Monitor Control Input has 1 records @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
INFO: @@@@@ Backend Access Interface execution has been started @@@@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.common.util.ExceptionUtil logError
SEVERE: null
java.lang.NullPointerException
at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IStatRecInputElement.wdGetObject(IPublicBackendAccessInterface.java)
at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)
at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
at com.virsa.cc.comp.BackendAccessInterface.get_TcodeLog_Rec(BackendAccessInterface.java:2800)
at com.virsa.cc.comp.BackendAccessInterface.alertGenerate(BackendAccessInterface.java:1940)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.alertGenerate(InternalBackendAccessInterface.java:4355)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.alertGenerate(InternalBackendAccessInterface.java:4824)
at com.virsa.cc.xsys.bg.BgJob.alertGen(BgJob.java:1666)
at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:697)
at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:362)
here it keeps ranting on for pages about Null Pointer Exceptions
I'll just leave that part out
Mar 28, 2011 4:00:29 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
INFO: -
No of Records Inserted in ALTCDLOG =>16 For System =>XXX_xxx -
Mar 28, 2011 4:00:29 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
INFO: ==$$$===Notif Current Date=>2011-03-28==$$$==Notif Current Time=>04:00:00===$$$===
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.mgmbground.dao.AlertStats execute
INFO: Start AlertStats.............
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@=== Alert Generation Completed Successfully!===@@@
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 16 Status: Complete
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
0@@Msg is Job Completed successfully
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=16, status=0, message=Job Completed successfully
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob scheduleJob
INFO: -
Complted Job =>16----
- Anothjer thing I noticed is that the job always adds some entries to table "ALTCDLOG" which I guess means something like "Alert T-Code Log".
It always adds entries like:
581 XXX_XXX userID#1 SE16 2011-03-21 07:49:44 xxx 5
582 XXX_XXX userID#1 SM37 2011-03-21 07:55:44 xxx 5
Where does the system get the information which T-Codes are "bad" and for which it needs to create those entries ? I have never configured anything like that in the system.
Or is this an indicator that the authorization roles I mitigated have been used again ?
Regards,
Benjamin -
RAR 5.3 - Mitigating Control Mass Upload
Hi Everyone,
My client wants to perfrom a mass upload of Mitigating Controls, but I can't find the format of the tables that are needed.
I have tried creating a control manually, exporting it and then changing the file and uploading but it always throws an error.
I know that there is a SAP Note about this but it is Internal Only.
Can anyone help? I guess I am looking for standard upload file format or something of that nature.
regards
SimonHi Frank
as always you are the man who knows the answer!!
You were correct Excel 2007 had converted 2010-10-11 to 11/10/2010, during the importation process, even though I had told it to keep all fields as text.
Additionally, on almost every row of the export file after having made the changes in excel, it had added several "TAB" characters as well, so I had to go down every line of the upload file to remove the extra "TABS".
After that it worked perfectly.
Now I will attempt world domination, after all it must be easier than trying to configure Access Controls 5.3
Simon
Edited by: Simon Carty on Nov 26, 2010 10:05 AM
Edited by: Simon Carty on Nov 26, 2010 10:05 AM -
Mitigation controls assignation to users in RAR
Hi,
While assigning mitigation control to the users (RAR>Mitigation> Mitigated Users-->Add), it is only possible to assign 1 user at a time...Would it be possible to assign more than 1 user through multiple selection
Thanks
AbhijeetAbhijeet,
From that path, you cannot assign multiple users at once however, if authorised, you can upload mitigation controls and within the upload files, you can upload users assigned to them.
Simon -
Reports in Mitigation Controls RAR
HI,
Does anyone know what are reports in the mitigation control setup? Reports are transactions or just reflects numbered activities that the monitor must realize?
Kind regards,
RCL.Hi RCL
If you are using any SAP report as a mitigating control you can give its name there. In addition in the Frequency field you can give the frequency at which the report should be executed. and if that report is not executed at the stated frequency RAR can send an alert to the montior of Mitigating control
Parveen -
RAR 5.3 SP8 - Invalid Mitigating Controls Report Issue
Hello,
When I view the Invalid Mit Controls Report, and I click the "Click to Change" button, it brings me to blank mitigating controls screen with an error at the bottom of the screen that reads "Category should be U, R, P, H or O"
Has anyone seen this before? The log shows nothing when I look to it to view more info about the error...
Any troubleshooting tips or is this something I need to bring up with SAP?
Thanks!
Jesyep
-
RAR: Mitigation Control Monitoring
Hi,
I have configured and executed alert generation job but we are not able to obtain the alerts for mitigation control monitoring.
What we have done:
1) Define mitigation control including transaction XXXX to be executed daily
2) Monitor has executed thansaction XXXX on day 1
3) Alert generation job has been executed on day 1 (after step 2)
3) Monitor has not executed transaction XXXX on day 2
4) Alert generation job has been executed on day 2 BUT alert for control monitoring are not obtained.
Does anyone know why we are not getting the alerts for control monitoring?
Thanks in advance. Kind regards,
ImanolWhat is value of number of days for this Monitoring in Mit Control?
Is email id of Monitor maintained in Alert tab? -
Report tab in mitigating control - RAR 5.3
While creating mitigating control there are 3 tabs - Associated risks / Monitors / Reports. What is the use of reports tab ?
The control is working even with populating the report tab.If you have a report that you want mitigation monitors to run in order to perform the control activities you can put it in there.
The alert functionality will then allow you to report on monitors that did not run that report in the specified period.
Frank. -
Mitigation control errors out in CUP approval
We are on GRC 5.3 SP8 and I am trying to create a mitigating control in RAR. Once it goes for approval into CUP, it erroru2019s out when I try to approve it. Here is the message:
2010-05-25 10:57:43,367 [SAPEngine_Application_Thread[impl:3]_9] ERROR com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
com.virsa.ae.service.ServiceException: com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:315)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5391)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5230)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5023)
at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:946)
at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
at com.virsa.ae.commons.utils.StringEncrypter.decrypt(StringEncrypter.java:200)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:305)
... 32 more
Thanks,
PeggyHello Peggy,
Did you recently upgraded your NW Java Support package? If yes, then kindly check the SAP Note "1417651 - Unable to retrieve connector & application configuration"
The problem is coming due to change in NW encryption algorithm and impacted GRC as well. This is fixed in SP10 of GRC.
Regards, Varun -
Error when trying to approve a mitigation control in CUP
Hi,
I have created a Mitigation Control in RAR and set-up the necessary workflow. The request ends up in CUP and the approver is able to see the request when he/she logs in, however the approver cannot approve or reject the request.
The following error messages appear:
- Approve: Error processing your request, Request no: 2 in stage : MITIGATION
- Reject: Error rejecting request no: 2
I have check the workflow many times now and I have also checked the mitigation URL's.
Any idea what the problem can be?
Thanks.Thank you for your response. No the approver is not part of the DL. I just added the approver to the workflow (CAD).
Please find log details below:
2010-03-18 16:09:32,729 [SAPEngine_Application_Thread[impl:3]_8] ERROR Service call exception; nested exception is:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
java.rmi.RemoteException: Service call exception; nested exception is:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:87)
at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:96)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5335)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5174)
at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:4967)
at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:928)
at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:425)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:455)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.sap.engine.services.webservices.jaxrpc.exceptions.InvalidResponseCodeException: Invalid Response Code: (401) Unauthorized. The requested URL was:"http://vgrdci.sap.client.co.za:51900/VirsaCCWFExitService5_2Service/Config1?style=document"
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.handleResponseMessage(MimeHttpBinding.java:998)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1449)
at com.virsa.ae.request.ws.cc.Config1BindingStub.execWFExitService(Config1BindingStub.java:80)
... 33 more -
Mitigation control ID validity extension -easy way
I work in GRC AC 5.3. All Mitigation control IDs have a validity expiration on same date in near future. Our GRC has many mitigation control IDs with mitigated users. How can I change the valid to date in convenient way?
It may be extended for all mitigated users separately/individually, but it will take huge time.You can download all of them in a text file, make changes and upload it back via the import/export utility under mitigation tab,
Alpesh -
Mitigation control: Sending failed No valid SAP sender address
GRC 5.3 SP10 RAR
In mitigation control: I have created a new control ID. When I am trying to assign it to a user getting error
"Sending failed No valid SAP sender address"
Please advise to resolve the issue. I need to mitigate user.Hello Pal,
Please go to RAR configuration -> Risk Analysis -> Additional Options. Here check if you have the parameter Enable Monitor Notification set to YES. If you do then set this one to NO. Also, kindly check and make sure that you have a valid email address maintained for each of the mitigation control monitor in Mitigation tab.
If you wish to have the parameter set to yes only then you need to do the JAVA mail settings in Visual Admin. Check configuration of the JAVA mail client, which can be done using Visual Administrator, to send the Email Notification.
(Configuration > Java Mail Client > Properties > Smtp).
Regards, Varun
Edited by: Thakur Varun on May 21, 2010 3:47 PM -
Error while uploading mitigation controls
Dear All,
While uploading the mitigation controls i am facing with the below error. Can you please help me in resolving this error.
Error in table dataVIRSA_CC_MITUSER
SQL:=>Insert into VIRSA_CC_MITMON(MITREFNO,MONITORID) Values(?,?)
Record::Line Number :21 : D VIRSA_CC_MITMON TESTC1 TEST1
Below is the text file which i am uploading into the RAR for test purposes
M VIRSA_CC_ADMIN USERID NAME EMAILID ROLEID
D VIRSA_CC_ADMIN TEST1 TEST1 test M
M VIRSA_CC_BUSUNIT BUSID
D VIRSA_CC_BUSUNIT TH
M VIRSA_CC_BUSUNITT BUSID LANG DESCN
D VIRSA_CC_BUSUNITT TH EN Thailand
M VIRSA_CC_BUAPPVR BUSID APPROVERID
D VIRSA_CC_BUAPPVR TH TEST1
M VIRSA_CC_BUMONITOR BUSID MONITORID
D VIRSA_CC_BUMONITOR TH TEST1
M VIRSA_CC_MITREF MITREFNO BUSID APPROVERID
D VIRSA_CC_MITREF TESTC1 TH TEST1
M VIRSA_CC_MITREFT MITREFNO LANG DESCN
D VIRSA_CC_MITREFT TESTC1 EN Test mitigation control
M VIRSA_CC_MITRISK MITREFNO RISKID
D VIRSA_CC_MITRISK TESTC1 F006*
M VIRSA_CC_MITMON MITREFNO MONITORID
D VIRSA_CC_MITMON TESTC1 TEST1
M VIRSA_CC_MITRPT MITREFNO ACTIONS VSYSKEY MONITORID FREQUENCY
M VIRSA_CC_MITUSER MITREFNO RISKID USERID VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITROLE MITREFNO RISKID ROLEID VALIDFROM VALIDTO MONITORID STATUS
D VIRSA_CC_MITROLE TESTC1 F006* Z1.*.ASST-SC-FINC-MGR 6/9/2010 7/25/2010 TEST1 0
M VIRSA_CC_MITHROBJ MITREFNO RISKID HROBJ HROBJTYP VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITPROF MITREFNO RISKID PROFILE VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITUSRORG MITREFNO RISKID USERID ORGRULEID VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_DETDESC OBJECT_TYPE OBJECT_ID LANG DETAIL_DESCN
D VIRSA_CC_DETDESC MIT TESTC1 EN Test Mitigation control
We are not mitigating users now. Only roles are getting mitigated and hence we have not provided any values to the MIT USER table.
Thanks and Best Regard,
Srihari.KDear Varun,
Thanks for your reply. It helped me a lot. But however i am facing the following issue while uploading the mitigation controls
After exporting the mitigation file from RAR, we opened the text file in a spreadsheet format and added few lines to the file and saved in the same text format or in UTF-8 format also
After uploading the same into RAR again after changes we are facing similar errors mentioned in above query.
But when we add lines directly in the wordpad and upload the file then it is successful.
We have to add so many mitigation controls and roles to be assigned for which excel would be easy way to dump.
Is there anything wrong we are doing here in editing and converting the files.
Thanks and Best Regards,
Srihari.K -
Workaround for non-SAP mitigating control reminders
Dear all,
Our business users would like to document mitigating controls in RAR 5.3 regardless of whether they are connected with an SAP report. They would also like to receive email reminders for those controls.
Unfortunately, the frequency of the control can only be defined per connected SAP report and reminders will only be sent for controls if the SAP report has not been executed.
Have you been exposed with a similar requirement? It seems like a natural thing to ask from a business perspective. RAR 5.3, however, is not designed in that way.
Have you come up with any feasible workarounds for this?
My current approach would be to create a dummy Z-report per SAP system (such as Z_MANUAL_MITCTRL) that control monitors have to call once to confirm the execution of their control.
Cheers and best regards
PatrickHello,
Regarding your question, in fact this is dependant on how your UME (User Management Engine) is configured on your WAS (Web Application Server). If the UME is connected to your R/3 back-end then the user need to have a R/3 account to connect to CC, otherwise if your UME is "independant" then you just need to create an account in the UME.
Regards,
Jérôme. -
CUP-5.3-SP13-Mitigation Controls by rol/users
Hi all!
Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?
I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?
Many thanks in advance! any help would be welcomed.
Margarita.Hi Margarita,
If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.
For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.
Also in RAR following things needs to be done.
RAR Configuration->Risk analysis-> Defaults values.
Exclude mitigated Risk as yes.
RAR Configuration-> Risk Analysis ->Additional options
Include Role/Profile Mitigating Controls in User Analysis as yes.
If above values are defined as No. than Risk Voilation will be shown in the request.
Kind Regards,
Srinivasan
Maybe you are looking for
-
I'm running Mavericks and imported a time machine backup of Snow Leopard during installation. I am trying to free up space on my boot SSD and was thinking of moving Users and Applications folders to their own partitions or drives. I'm doing a lot of
-
We want to generate a log of activities performed on Document class (rename,property change,create , copy etc) .Is it possible using agents ? As agents would only be notifying on creation,updating and deletion .. while updating of a document can happ
-
Doe anybody know how I stop safari's address bar prediciting what I am going to type into the address bar? It is pretty annoying. Thank you.
-
How to make my music library on my iPhone appear the way I wanted?
Hi there, I have created my own music library by ligit CDs and have purchased some songs through iTunes, it is saved onto my macbook pro, since I have songs in Chinese, Japanese and English, I have re-arranged and re-editded my music library my own w
-
How come I cannot freeform the crop tool anymore?
I typically do not maintain a fixed aspect ratio for the cropping tool in Lightroom (2014). But I needed to change it to a fixed ratio temporarily to crop to some print sizes. But now, the "Custom" aspect no longer works. Every time I try to crop