RAR 5.3: Uploading Critical Actions

Hi,
We have already a system with SoD Matrix already loaded and rules generated.
Our question: Is it possible to upload critical actions (include in functions and these into risks) using "Rule upload" functionality or once the SoD Matriz is loaded not more risks can be uploaded using such functionality and must be entered manually?
I remember there was a note related with the way rule upload works and the append / insert happening but I can not find it now.
Any help on this?
Many thanks in advance. Best regards,
   Imanol

Hi Imanol,
You can create txt files for new risks upload and do it. It will append the existing data. Just make sure that tcodes, objects and other required values are in place. Also, if a function / risk is existing, then modified data will not be applicable but it will throw error. But if your txt files are having all new data, then it will be uploaded successfully. We have done it, as our rulebook was prepared in installment and we uploaded SOD first and gave the risk alanysis to business before SAT risks were prepared and uploaded.
Regards,
Sabita

Similar Messages

  • RAR: SoD Riskk and Critical Actions risks

    Hi all,
    I would like to get your input regarding different approaches followed in order to load in RAR SoD risk and critical actions risks.
    1) Do you load all of them under the same rule set?
    2) Do you think is convenient to load them under two different rule sets? One for SoD and the other for critical action?
    My decision here since AC modules when calling to RAR are using the default SoD, would be to define everything under the same unique rule set. Agree on that?
    Keep in mind the four GRC AC modules are implemented.
    Thanks for all. Kind regards,
      Imanol

    Hi Imanol,
      It depends on the client requirements. If client wants to see critical risks as well as SoD risks in CUP then same ruleset is the way to go. If client doesn't want to confuse approvers by showing critical risks then separate ruleset is the right way. At my current client, we have separate rulesets for SoD and Critical actions. We ask role owners to reaffirm all the role assignment which contains critical actions quarterly so we are covered from that angle.
    Regards,
    Alpesh

  • AC 5.3  Critical Action Alert Emails not being sent

    HI:
    We have set up Critical Action alerts for a couple of transactions and while the on-line alert logs are being generated correctly, the alert email is not being sent to the Risk Owner.
    Does anyone know where I can trouble shoot this issue?
    Thanks,
    Margaret

    >
    Alpesh Parmar wrote:
    > Margaret,
    >
    >     Have you set up the SMTP server in visual admin? RAR needs to use this server details to send out an email.
    >
    > Alpesh
    Hi AlpeshMargaret,
    Where are the instructions for setting up the SMTP server in visual admin for the purpose of Alert Generation? I am not seeing this in the Configuration Guide. Could you point me to the correct documentation?
    Thanks!
    Jes

  • Critical Actions are not showed in Reports

    I'm having a problem in displaying user analysis report in management view.
    I have uploaded SAP default rulesets and it does contain some defined critical actions. I can also display critical actions by user in risk analysis reports.
    But the problem is in "User analysis Report", the number of critical action&role is always 0. 
    Does anybody know the reason?
    Is there anything that I'm missing?
    Thank you&Regards
    Stellare

    Hi,
    if you are using CC 5.2: have you checked the field Critical Action and role/profile analysis in Configuration->Background job->Schedule Analysis ?
    I suppose you are talking about that there is no critical violation in Informer.
    Hope this help you
    Emilio

  • Can CUP be configured to ignore Critical Action risks during SOD analysis?

    Hi All,
    We have configured our CUP workflow to take a detour path if SOD violations are found at a stage. RAR has Critical actions defined in the rule set. When  CUP performs the SOD analysis, is there any way we can skip critical action risks and consider only SOD risks?
    We are 5.3 SP 11.1

    Hi,
    If the critical action activated in the same rule set, than you have to define a mitigation control as well, because CUP is going to show these risk after a risk analysis and you have to mitigate that. There is no possiblity to skip that.
    Possible solutions:
    If you want these risks (critical actions) just for reporting aspects in RAR, than you should maybe create a new ruleset just only for these risks, and deactivate it, on the Global ruleset... I wouldn't recommend that, because, if you are going to define critical actions, you have to define mitigation control, from the security aspects as well.
    Cheers,
    Martin

  • Critical Action and Role/Profile Analysis

    Hi,
    I want to know the purpose of the Batch Risk Analysis back ground job "Critical Action and Role/Profile Analysis" in RAR 5.3.
    I'm assuming that I need not run this job if I do not want the critical roles/profiles like SAP_ALL to be analysed which were defined to be critical in rule architect.
    Please let me know if there is any other purpose to run the BG job "Critical Action and Role/Profile Analysis".
    Thank you,
    Partha

    Hello Partha,
      You got this right. It will analyze the defined critical actions/roles/profiles.
    Regards, Varun

  • Critical actions in SPM reports

    Hi all,
    One question in the way SPM retrives data from when reporting:
    I have seen in SPM report "SoD Conflicts Report" that SPM integrates with RAR in order to identifiy SoD Conflicts.
    Regarding, the critical actions filtering applied in SPM reports, where this information validation is it retrieved from? Critical actions defined in RAR OR critical actions maintained in R/3 transaction VFAT? What is to say in frontend (RAR) or backend (R/3)?
    Many thanks in advance. Best regards,
      Imanol

    Hi Imanol,
      It totally depends on your configuration. Go to SPM/FF -> Configuration tab. There is a parameter called 'Critical Transaction Table from Compliance Calibrator (VRAT)'. If the value is not maintained or if the value is 'NO' then SPM/FF will look at it's own critical tcode table. If the value is 'YES' then SPM/FF will look at RAR/CC for critical tcode table and you don't need to maintain critical tcodes in SPM/FF.
    Regards,
    Alpesh

  • Critical Action and Role/Profile Analysis job in not running in GRC 5.3

    Hi Team,
    I  am working for a client where GRC 5.3 is installed( support pack 4 and patch 1).
    The installation is complete and also the post processing is done.
    We have scheduled a periodic ( weekly ) incremental background job for Critical Action and Role/Profile.
    Following are the parameter setting used:
    Task: Risk Analysis -Batch
    Batch Mode : Incremental
    First time it run successfully on 28th June'09 and it is completed with spool also. But next time it is supposed to run on 4th of July'09 . But it does not. And since then it is in same state.
    I am not able to find any reason that why it is behaving this way where other incremental jobs are running successfully.
    It will be helpfull if any one can guide me providing the solution.
    Regards,
    Kakali

    Hi Varun,
    I go to the Job History Button. It shows the following data only :
    2009-06-28 00:00:59 Done Job Completed successfully
    2009-06-27 23:45:00 Started RAR_PE1CLNT100_Critical Action and Role/Profile Analysis started :threadid: 0
    Under the Last Run Colomn it shows 28th June ( Status -completed)
    Under Next Run Date it is showing 4th July
    Follwoing are the list of Updates available From SP05
    When executing the critical roles/profile jobs in background, a message
    "error while executing the Job: null" comes up. ---( this one is for which come under Informer Tab)
    Background job spools are not available after upgrade from 5.2 to 5.3.
    Critical action and critical role/profile analysis cannot be run in
    background by system. --- ( But in my case It ran for once )
    Selection parameters (System, User and User Group) have been provided for
    "Critical Action and Role/Profile Analysis" in Configuration->Background
    Job->Schedule Job. --- ( it means it run usually)
    Critical Actions report in detail view shows no results after executing the
    Risk Analysis Job in the background. The same report shows data when
    executed in the foreground. ( this one is for which come under Informer Tab )
    When there is only one periodic job configured in RAR, this job fails to
    start after the first time in the specified time. ( this is not true, becoz there other periodic jobs running successfuly)
    Unable to run Informer - audit reports - critical role and profiles with
    logical systems. ( this is again under Informer Tab )
    I had gone through this  earlier also, but not able to match any update with my problem. If if have any other suggestion you can provide me the same.
    Is there any way to check for job log so that I can check what is the problem. View Log option is also greyed out as we have sap logger set up as a default logger Parameter. I have made it enable just to check but there is nothing.
    Please Guide.
    Regards,
    Kakali

  • Uploading Critical Permissions in GRC Ruleset

    Hi Everyone ,
    I am trying to upload the critical permission for my GRC Ruleset and need some guidance here. I have already uploaded all the files and my system can perform risk analysis for SOD and Critical actions .
    Now I have identified the critical permissions for my system and have created the Function_action as well as Function_permission notepad files for upload. I have replaced the tcode information in these files with ^! so that system understands that its doesnt have any action. I just kept all the function id's and have added all the Auth objects with replacing tcode tab with ^!.
    I just want to confirm if uploading these files would make this work or if there is any other step that is required to have this work.
    Thanks guys for all your help .. Appreciate your guidance.   
    Vikas

    Hi Raghu ..
    Thanks for your reply .
    I am not modifying any SAP delivered xml files , i was just trying to make changes to my rule set to have critical permission added to it.  This issue is now resolved however let me explain so that everyone our here in forum is aware of the procedure.
    I was trying to upload these critical permissions in GRC 10 Box . Manually creating 100+ functions and then creating risks mapped with them doesn't make sense as it would have taken a lot of time so i updated my existing rule set to have these critical permissions updated .  I exported my rule set from the system and added new function's to Function_action and function_permission data with " ^! " in place of Tcodes so that system doesn't consider this value while doing the analysis at critical permissions file . After updating my existing rule set i used the Overwrite option as my ruleset has my existing working functions plus the changes that i have made to include critical permissions. So  , Its working fine now and i was able to do the analysis .
    Sap Note 1225227 was very helpfull here.
    Vikas

  • GRC 5.3 Risk Critical Action reports return "no matches or conflicts"

    When running GRC 5.3 Risk Analysis Critical Action reports on either the user level or role level getting the message no matches or conflicts.
    However, Permission level reports are successfully returning correct results on the user and role level.
    This is a new installation of GRC 5.3 with latest SP.  Is there any set up that has to be done to run critical action analysis reports in GRC 5.3?
    This is also using the SAP default Global ruleset with no customisation.
    I have used GRC 10 to run the critical action reports and these work with using the critical risks as defined in the ruleset.  Does GRC 5.3 work a different way?  Is there any additional set up that has to be performed?  I just want to see the risks on role level or user level that relate to just the critical access risks (just 1 function).
    Please advise.

    Hi Trinadh
    Thank you for the response.  I did not know that you had to define the critical actions in 5.3 as I don't think you have to do it 10 - it seems to work on what is defined in the ruleset.  Where do you define the critical actions or check if it has been defined?
    Thanks

  • Critical actions showing "No match or conflict found"

    Hello
    I've set up an Active Critical Action rule, pulling in one Function and when I execute it against users that I know have access in the function, it's coming up with "No match or conflict found".
    It asked when I created it if I wanted to generate the rules and I said yes.
    Is there another step I need to complete before getting valid results?
    Thanks
    JD Schmidt

    Jon,
    Check this thread: "No match nor conflict found"
    If you are performing an Online Analysis it should work.
    Cheers,
    Diego.

  • Critical Actions

    Hi Everyone,
    I'm trying to establish what is a good practice to follow on how to deal with critical actions.
    Our thinking is that even though they are critical actions people will still need to have access to them.
    Here are some options with the cons we have been considering:
    1. Add the actions into Firefighter id's & roles. We don't necessarily want to add actions into a firefighter role that someone is expected to do during their daily/weekly/routine activities.
    2. Disable the Critical Actions rules. This will disable your ability to easily identify when an unwanted user has access to these actions.
    3. Create mitigation controls for these critical actions and assign them to the specific users. This is quite and administrative  burden due to the number of critical actions. We would not want to mitigate at the Higher risk level but rather at the individual rule level.
    We are leaning towards option 3 but would appreciate some other options and input on how to deal with these?
    Kind Regards

    We are going through the same process and are using a combination of your suggestions.  First we are going through the critical actions and determining if our company (business reps and auditors) agrees with SAP standards.  Some of the transactions we don't consider as being critical so those will be disabled.  Next, we will put some critical actions in our firefighter ID's and not allow an end-user to have them in production.  Then, we will mitigate the users who use some of the transactions regularly. And lastly, we will run the critical action notify job weekly or maybe even monthly. 
    Peggy

  • RAR Alert Monitor - Critical Actions Report - user ID is garbled

    In the above report, the alert generation has data in it, showing that a transaction was executed, from a terminal, but the user ID is garbled.  It appears like this:
    Alert Date Time    8/10/2010 - 10:32:34 AM
    User    +LqvhQveEQJ (+LqvhQveEQJ)
    Risk Violated   BSCF:Basis Configuration Actions
    It then continues to show me the details of the transactions executed, and the date, time and terminal from where they were executed.
    With the user ID being garbled, it's not clear where it's getting this user from, and how to rectify it.  Any ideas?
    Thanks,
    Santosh

    Hi Santosh,
    Add atuhorization object "S_TOOLS_EX " in SAP pre-delivered "/virsa/CC_Default_Role" default role which you have in R/3 and make sure that role is assigned to user account which you are using in JCO connection as well.
    This will resolve your issue.
    Thanks,
    Tavi
    SAP Security & GRC Consultant.

  • Upload file "action"

    I'm working with DW CS3 (actually just learning, previously
    worked with GoLive). I've created a php page that updates my
    database. Everything works . . . On the same page I've created a
    form to upload a file to my server. What do I put in the Action
    box? I'm lost! Thanks for any input!

    The action should be post I suppose.

  • RAR: Error when uploading function permission rule file

    Hi,
    when I try to upload my own rule files in AC 5.3 SP 15, I receive the following error in the function permission file:
    For input string "OR"
    That's all of  the message i GET. Unfortunately I wasn't able to locate where this error could be. The file looks just fine to me.
    Any ideas ?
    Thanks !
    Regards,
    Max
    Edited by: Maximilian Trenks on May 17, 2011 3:42 AM

    Hi,
    there was an additional tab in one row. After removing it, it all worked fine.
    Watch for 2 tabs in row !
    Regards,
    Max

Maybe you are looking for

  • The "Search" function box doesn't find things that are there! Why?!

    The "Search" function box doesn't find things that are there! Why? Eg: It doesnt show all my Sent and Received emails, but it will find an email that I half wrote and deleted. Unsure why or how to explain more fully. I also don't understand if I type

  • Time Machine HD not writeable after Snow Leopard upgrade

    Drive worked fine previously. Now getting an error upon mount and when TM tries to backup, that the HD cannot be repaired and is read only. Unable to repair manually or even with Disk Warrior. Needs format. But I don't wanna lose this data and no pla

  • Dml error logging: can we pass source column values to ora_err_tag$

    Hi Experts, We can set ora_err_tag$ values while implementing dml error logging feature. Can we pass source column values to ora_err_tag$ field of error table? Thanks, Dhiraj

  • Is Photos using a lot of CPU?

    Photos is now using a lot of CPU. This is after it converted my iPhoto library. Is this normal? Is anyone else seeing this on their machine? Here's a screen shot with Photos hidden (not actively being used).

  • The import parameter of a RFC FM is not long enough

    Hii I have a standard FM and one of the import parameter field is not long enough for.  Instead of copying the RFC FM please advise how can i change the FIELD TYPE? What is the most appropriate solution