RAR: Alerts tables understanding

Similar Messages

• GRC RAR Alert Email Sender

  Hi,
  I am trying to work out how GRC RAR determines which email address to use when sending out RAR Alerts.  I have a risk which has 3 Risk Owners, I have tried various combinations of assigning Risk Owners to the Risk, but cannot see any logic as to how RAR picks which one to send the email alert from.
  If I just have one Risk Owner, then the Alert is sent from that user, however when multiple owners are attached there does not appear to be any logic as to which one from the list is chosen.
  Any help would be much appreciated.
  Thanks & Regards,
  Stephen

  Hi Stephen,
  In GRC ARA 5.3, following is the logic which determines that who is sending the notification if there are multiple role owners.
  The logic goes like this while sending the emails:-
  1. It re-orders the role owner list so that alphabetically the last e-mail is treated as first.
  For example:-
  email of C01   say email is C01@ XYZ.com
  email of B01   say email is B01@ XYZ.com
  email of Z01    say email is A01@ XYZ.com
  ** Alphabetically C01 is last and will send the mails.
  2. Now this last email of C01 becomes the e-mail id who will be set to send the mail to all other owners in list.
  I hope this information helps.
  Regards,
  Yukti

• Generating RAR Alerts for just certain user groups

  Is there any way to limit a RAR Critical Actions Alert to just certain users?  Or, only if these users access certain data?
  We've had a request to monitor and send out a notification for some transactions, but only for certain users.  These transactions are available to many employees, but it is only a concern if someone from a certain group uses them.  Even then, it's only a concern if they access certain data.
  As an example (this is not the actual request), you have a transaction like say XD 03 (Customer Display) and its available to most everyone in the company.  You also have customers assigned to different company codes.  The issue then is that you have a certain group of users that are only supposed to look at customers for just one specific company code.  Ideally, you would want to be notified if they use this transaction to look at customers for other company codes.  At the very least, you want to know when they use this transaction so you would know to check on their usage.
  If this can't be done using the RAR Alerts, is there maybe another way to perform this montoring/notification?
  Thanks.

  Hi Bob,
  GRC RAR would not help you in this case. However you can restrict the Users through Roles which are assigned to them.
  For example : for tcode XD03 check maintain the authorization object F_KNA1_BUK with Activity 03 and Company code 1000 (depending upon your requirement). Assign the Role to User who require the access to view the Customers for the company 1000.
  Hopefully this may meet your expectations.
  Regards,
  Nikita Sharma.

• Mass Delete of old RAR Alerts

  Hi I have a client who averages 3,500 Alerts per month in RAR.  They have only just mitigated some users / positions which are entitled to use the particular transactions so this should significantly reduce the number of new Alerts, but they want to clear the old Alerts.
  I know you can manually go into the Alert Monitor TAB to clear them one at a time, but is there a Mass clear function hidden somewhere in AC5.3 SP11?
  Thanks,
  Stephen

  Hi Stephen,
  I must say I haven't seen such a feature yet.
  Best,
  Frank

• RAR Alert Monitor - Critical Actions Report - user ID is garbled

  In the above report, the alert generation has data in it, showing that a transaction was executed, from a terminal, but the user ID is garbled.  It appears like this:
  Alert Date Time    8/10/2010 - 10:32:34 AM
  User    +LqvhQveEQJ (+LqvhQveEQJ)
  Risk Violated   BSCF:Basis Configuration Actions
  It then continues to show me the details of the transactions executed, and the date, time and terminal from where they were executed.
  With the user ID being garbled, it's not clear where it's getting this user from, and how to rectify it.  Any ideas?
  Thanks,
  Santosh

  Hi Santosh,
  Add atuhorization object "S_TOOLS_EX " in SAP pre-delivered "/virsa/CC_Default_Role" default role which you have in R/3 and make sure that role is assigned to user account which you are using in JCO connection as well.
  This will resolve your issue.
  Thanks,
  Tavi
  SAP Security & GRC Consultant.

• Moving Beyond Tables-.Understanding the DIV :)-

  Hello,
  Unfortunately I was taught Dreamweaver sorta backwards and have always used tables for layout.  The advantage has always been a grid layout where you can move things by sliding the guides around.  It works most of the time, but I am determined to move beyond it.
  I admit my Dreamweaver skills are fair at best, and appreciate any input…. please be kind
  Here is the current webpage : http://www.outposticearena.com/
  Here is my rough draft (very much improved with added animation)…. and still confused regarding layout….http://taffyproductions.com/test/
  1) Why are there lines between my sidebar1/nav?  Which css rules control their spacing and size?
  2) How do I control the top and bottom spacing between my H2 tag "Welcome to the Cooloop" and the .p tag below it?
  3) I have 4 images/links in the sponsors div.  I want to center/ space them.  How can I do this?
  Thanks again!!!
  Gary

  1. In style.css  Line 111
  ul.nav li
    border-bottom-width: 1px;
    border-bottom-style: solid;
    border-bottom-color: #666666;
  Remove the border and gone are the lines
  2. At the start of style.css place the following code
  * {margin:0;padding0;}
  Each browser has its own default style rules. If they were all the same rules then we could live with it. Because they are not the same, it is best to bring all of the styli rules down to one denominator by setting the margins and padding to zero. This may mess up some of the other styles, but these can be fixed by a bespoke setting of the margins and padding.
  3. First we need to re-arrange our markup
  <div id="footer1">
      <div><a href="http://www.abqfsc.org/" target="_blank"><img src="images/afsc.jpg" alt="albuquerque figure skating club"/></a></div>
    <div><a href="http://www.nmhockey.com/" target="_blank"><img src="images/nmhockeyadult.gif" alt="NM Hockey" /></a></div>
    <div><a href="http://apps.planethockey.com/site/camps/default.aspx?CampId=176" target="_blank"><img src="images/planet_hockey.gif" alt="planet hockey" /></a></div>
    <div><a href="http://www.nmice.org/" target="_blank"><img src="images/nmice.jpg" alt="New Mexico Ice Hockey" /></a></div>
    <p>Web Design by <a href="http://taffyproductions.com/" target="_blank">Gary Goldblum</a></p>
  </div>
  Then we will add a bit of styling
  #footer1 div {
      width: 25%;
      float: left;
  #footer1 div img {
      display: block;
      margin: auto;
  As a passing comment, just one question per post please.

• How to find RAR tables

  Hi All,
  after i syncronize the User/Role/Profile data for the first time, i want to cross check this data in RAR database tables.
  i have list of RAR tables but i could not find tables related User, Role and Profile. I tried in CCDebugger also.
  What is the table name which holds all the table names in RAR?
  Thanlks in advance

  Hi Ammu,
  RAR doesn't work in the conventional ABAP sense.  RAR gets the actual values for User/Role/Profile data from Backend.  Only the header data (such as ) is kept in GRC tables.  Whenever Batch Risk Analysis is done, GRC RAR accesses backend, runs the ruleset against the authorisations assigned in backend, identifies the conflicts and stores this processed data in GRC tables as Risk to User mapping. 
  As far as syncronisation is concerned.  Whenever GRC is synced, GRC table VIRSA_CC_GENOBJ stores the date and time when a particular User/Role/Profile was last syncronised. When this job is run again (In Incremental Mode), GRC checks whether any change has happened to User/Role/Profile after the last sync.  If yes, it updates the data for changes items only.  Incase of Full sync,the whole GRC frontend data is deleted and updated from backend.  Objects to be synced are maintained in 'UPDATE' field of table VIRSA_CC_GENOBJ.
  Rgds
  Ganesh.S

• Help me to update table with condition's

  this table is an alert table which will update when the sql server down , not pinging and drive space low.
  Every 15 mins the monitoring system run. if the any issue came then it will update the information in this table. if  the issue not solved by 15 mins the table will update again with the same details.. 
  I would like update tickeraised = Y  only on first time and  if i got same issue less then 30 min the it should not change to Y..  based on server name , type and message. 
  min >10 and <20 min if any value is there then the table should not update with same value. can any one help me with tsql query...

  In future please post DDL and DML. For now I have created a scenario which will help you understand solution to your own requirement.
  CREATE TABLE Tickets_Log(
  Ticked_ID SMALLINT IDENTITY(1,1) PRIMARY KEY,
  Ticket_Type VARCHAR(20) NOT NULL,
  Log_Date DATETIME2 NOT NULL DEFAULT DATEADD(MINUTE,-15,GETDATE()),
  Machine_Name VARCHAR(50) NOT NULL,
  Message VARCHAR(100) NOT NULL,
  Ticket_Status CHAR(2) NOT NULL DEFAULT 'N',
  Update_Status SMALLINT DEFAULT 0)
  INSERT Tickets_Log(Ticket_Type,Machine_Name,Message)
  SELECT 'Pinging','HOD-400-651','Server Not Pinging' UNION
  SELECT 'Low Drive Space','HOD-400-652','Drive Space Low' UNION
  SELECT 'Connection','HOD-400-653','Unable to Connect to Server'
  UPDATE TL
  SET Log_Date=NewTickets.Log_Date,
  Update_Status=1
  FROM( SELECT 'Pinging' Ticket_Type,'HOD-400-651' Machine_Name,'Server Not Pinging' Message,GETDATE() Log_Date UNION
  SELECT 'Pinging','HOD-400-653','Server Not Pinging',GETDATE() Log_Date) NewTickets
  LEFT JOIN Tickets_Log TL ON NewTickets.Machine_Name=TL.Machine_Name AND NewTickets.Ticket_Type=TL.Ticket_Type
  WHERE TL.Ticket_Type IS NOT NULL AND TL.Machine_Name IS NOT NULL AND DATEDIFF(MINUTE,TL.Log_Date,NewTickets.Log_Date)>=15 AND Update_Status=0
  INSERT Tickets_Log(Ticket_Type,Machine_Name,Message,Log_Date)
  SELECT NewTickets.*
  FROM( SELECT 'Pinging' Ticket_Type,'HOD-400-651' Machine_Name,'Server Not Pinging' Message,GETDATE() Log_Date UNION
  SELECT 'Pinging','HOD-400-653','Server Not Pinging',GETDATE() Log_Date) NewTickets
  LEFT JOIN Tickets_Log TL ON NewTickets.Machine_Name=TL.Machine_Name AND NewTickets.Ticket_Type=TL.Ticket_Type
  WHERE TL.Ticket_Type IS NULL AND TL.Machine_Name IS NULL
  Chaos isn’t a pit. Chaos is a ladder. Many who try to climb it fail and never get to try again. The fall breaks them. And some are given a chance to climb, but they refuse. They cling to the realm, or the gods, or love. Illusions. Only the ladder is real.
  The climb is all there is.

• Alert Management

  Dear All,
  Please guide on Alert Management
  We created query for alert and we set alert frequency as every 1 Minute to popup alert immediately. But alert get popup on every minute in users Messages/alert window on respective day.
  I have set update messages (Min) = 1 in Generatl setting - > Services.
  Query
  select
       OI.Series as 'Series',
       OI.docnum as 'Incoming Excise Invoice Number',
       OI.docdate as 'Doc Date',
       OI.taxdate as 'Document Date',
       OI.cardcode as 'Card Code',
       OI.cardname as 'Card Name',
       OI.doctotal as 'Amount',
       OI.comments as 'Remark',
       OI.createDate as 'Date',
       OI.numatcard as 'Excise Ref. No'
  from oinv OI
  where   convert(varchar,OI.createDate,103) = CONVERT(varchar,getdate(), 103)
  I want to fire this alert only once.
  Is any setting we missed out?
  Regards
  Mahendra

  I am afraid your query will make your alert table growing like a monster.
  Your intension of just one alert for one new invoice to be checked every minute is understandable.  However, there is no easy logic to achieve what you need.  You will quickly find out, the alert will be fired as soon as the first invoice on the current day and every minute from then on.
  Thanks,
  Gordon

• Alert file creation in PI system

  Hello Experts ,
  We have a requirement that we need to create one file in our integration server path.
  Please let me know is there any standard sap program which will take the value from the alert table at run time ?
  If we dont have any such program please let me know the table names from which I need to fetch the data to get all the error information both ABAP stack and JAVA stack ?
  Thanks in advance for your help.
  Regards,
  Somenath

  you can create aleart file by abap program,
  when error occur in pi , alert is arise in alert rule -> alaertcategory,
  you can call abap program after alert. set in tc:alertcatdef.
  please search more in sdn, I ll find and success what you want to do.
  Naoki

• How to capture alert text messages defined in RWB to CCMS

  Dear Team,
  I have configured  for Alerts in RWB to capture Integration and Adapter Engine failure messages.
  I am getting a detailed description of alert text in the alert inbox.
  Example:Error found in MAPPING.EXCEPTION_DURING_EXECUTE for the MAPPING Category in the Message ID XXXX for the Interface XXXX  from the Sender Party XXXX.
  Now my requirement is I need to capture the detailed text message in CCMS.
  Note: I have added the rule CCMS_GET_MTE_BY_CLASS and specified R/3 system ID (SID) and  MTEClass as SXI_RWBAlerts in RZ20.
  I am getting only the Number of active alerts for the defined Alert Category and the number of alert rules created in RWB.
  Number of active alerts    2
  Assigned alert rule: 1     Alert for Application Category error
  Assigned alert rule: 2     Alert rasied for all IE/AE failures
  What is the method need to be assigned to capture the error text messages from RWB?
  Please do the needful.
  Regards
  B.Dheepa

  Hi Dheepa,
  unfortunately that's not possible with SAP default. Then you need to build your own CCMS node and get informations from alert tables (you can check report RSALERTDISP to get the involved ABAP tables). I'm not sure if it makes sense because you have only limited text length for CCMS alerts and RWB alerts are mostly longer (with more information). Maybe another possibility is to create an analysis method and add it to your RWB node to start report RSALERTDISP when alert is clicked in SolMan. I cannot provide you detailed information about it because I have no experience yet, it's only to share my ideas...
  Regards
  Markus

• How to set column widths in tables for selected table only, not globally throughout document?

  I've been utilizing the below script (thank you so much Ramkumar. P!) to set column widths throughout a sizable InDesign book with tables on every page and it is truly a time saver. At this point in time, I have three versions of it because there are different column widths throughout the book. Is it possible to augment the script to run only on a selected text frame (containing a table)? If so, would someone be kind enough to share the augmented script with me? I've been trying to figure out this seemingly simple change through trial and error with no success as yet. I realize this is a totally newbie request and I'm entirely at the mercy of the kindness of the Javascript gods that contribute within this forum. Seeing that in a different post related to this script, one such guru responded to a request as simple as "Where do I put the scripts in InDesign" gave me enough courage to ask for some help! Thank you in advance to anyone willing to provide a solution.
    var myDoc = app.activeDocument;
       var myWidths = [100, 100, 150, 150];
       for(var T=0; T < myDoc.textFrames.length; T++){
           for(var i=0; i < myDoc.textFrames[T].tables.length; i++){
               for(var j=0; j < myWidths.length; j++){
                   myDoc.textFrames[T].tables[i].columns[j].width = myWidths[j];
       alert("Table width updated successfully...");

  Hello all
  I have the same problem in that I'm not a scripting person, but was able to get the above script working without problem, and it does set irregular table column widths perfectly, so thanks to Ramkumar. P for that.
  BUT, it changes the column width for ALL tables in the document, whereas I would like to just target the selected table.
  Any ideas as to how I might amend this script to achieve this?
  Thx, Christian

• How to display Bi reports in VC via Alert data Service?

  Hi All of you,
  I am new to VC,I had a enhancement ,That I already had list Alerts in portal as Deployed o/p(through Alert data Service),I need to get the respective BI reports of the Alerts,Do I need to assign Action to 1 of the row("Subject" of Alert) in the Alert table?or Any other way to display the info in Bi data source?
  Thanks in Advance

  Hi Sandeep,
  You can access the BI queries into VC using BI Kit available. I think based on the alerts you can trigger the execution of report in VC.
  Check with the basis about BI Kit for VC.
  Regards,
  anil

• GRC AC 5.3 - RAR Parameters

  Hello,
  I have the following 8 queries related to GRC AC 5.3 RAR parameters
  When I go into RAR -> Configuration -> Miscellaneous, I see the following entries.
  Maximum Display Lines For Print Preview 
  This parameter specifies the maximum number of lines to be displayed in print preview mode; the default value is 500
  1- What is the Print Preview of the lines for? Can I make it 10000 instead of 500. Is there a performance impact?
  Background Job Spool File Location 
  This parameter specifies the location where the background job spool files are stored Note: You need to restart the server
  2- Why do I need the Background Job Spool File location? Is it when I use Default Logger parameter as SAP Logger? Currently we are using the Default Logger parameter as Java Logger
  Alert Log File Name and Location 
  This parameter specifies the location where the action usage purged data files are stored
  3- Whey do I need this Alert Log file parameter for? I mean how is the Alert Log file generated in RAR 5.3
  SAP Application Server Location 
  Enter SAP application server location here
  4- Why do I need SAP Application Server Location, when I have installed SAP GRC 5.3 on standalone SAP JAVA Stack?
  FTP Site Location 
  Enter FTP site location here
  5- What should the FTP site location be given as? Should I give a fully qualified domain for a particular host for the FTP of above RAR background job log files and RAR Alert log files?
  6- Do we have the background job log files FTP into another host, if Default Logger parameter is chosen as SAP Logger?
  FTP Site User Name 
  Enter FTP site User Name here
  7- What is the best practice for specifying a FTP User? I mean what is the username normally given in RAR environment?
  8- Is there any OSS Note, SAP Help URL which  describes about RAR parameters in detail?
  Thanks,
  Haleem

  Hi,
  > Maximum Display Lines For Print Preview 
  >  This parameter specifies the maximum number of lines to be displayed in print preview mode; the default value is 500
  >
  > 1- What is the Print Preview of the lines for? Can I make it 10000 instead of 500. Is there a performance impact?
  > 
  You should used 500 only.
  > Background Job Spool File Location 
  > This parameter specifies the location where the background job spool files are stored Note: You need to restart the server
  >
  > 2- Why do I need the Background Job Spool File location? Is it when I use Default Logger parameter as SAP Logger? >Currently we are using the Default Logger parameter as Java Logger
  > 
  No, background job spool file location is something different from logger. Background spool file location is the location where
  spool file of your background job will be generated.
  Diferent between Java Logger and SAP Logger is that if you choose SAP Logger then log file of your RAR will be generated in NWA. But if you will choose as Java Logger then log file will be generated as separate file as ccappcomp.<n>.log which you will see in CC debugger.
  > Alert Log File Name and Location 
  > This parameter specifies the location where the action usage purged data files are stored
  > 
  > 3- Whey do I need this Alert Log file parameter for? I mean how is the Alert Log file generated in RAR 5.3
  >
  check below link:
  Compliance Calibrator Alert Generation Issue
  > SAP Application Server Location 
  >  Enter SAP application server location here
  > 
  > 4- Why do I need SAP Application Server Location, when I have installed SAP GRC 5.3 on standalone SAP JAVA Stack?
  >
  > FTP Site Location 
  >  Enter FTP site location here
  >
  > 5- What should the FTP site location be given as? Should I give a fully qualified domain for a particular host for the FTP of above RAR background job log files and RAR Alert log files?
  > 6- Do we have the background job log files FTP into another host, if Default Logger parameter is chosen as SAP Logger?
  >
  > FTP Site User Name 
  >  Enter FTP site User Name here
  >
  > 7- What is the best practice for specifying a FTP User? I mean what is the username normally given in RAR environment?
  The following new reports can have long runtimes:
  - User Authorization Count
  - Role Authorization Count
  - List Expired and Expiring Roles for Users
  - For that reason These jobs run on ABAP side and produce a spool file. An icon is displayed on the front-end for the jobs that complete. (If you run jobs on all systems and it finishes on one system before another the icon will display for the finished system first)
  - The report directory on the SAP Enterprise Resource Planning (ERP) application servers. This is the temporary storage location for spool files generated by these background jobs.
  - The same directory name is used for all SAP backend systems.
  - The location, user name, and password for FTP of security reports generated by backend SAP ERP systems.
  > 8- Is there any OSS Note, SAP Help URL which  describes about RAR parameters in detail?
  Note 1121978 - Recommended settings to improve peformance risk analysis
  Check below link for performance optimization of RAR:
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/90aa3190-8386-2b10-c4ba-ced67322ea6d?quicklink=index&overridelayout=true
  Thanks
  Sunny

• APO - SNP Alert Macros running too slow

  Hi,
  We have created alert macros which run for next 27 weeks for 38000 Product-Location Combinations. They are running too slow.
  We are deleting alerts externally using program /sapapo/amon_reorg and then running this macro with "ADD" . This macro slows down once it starts filling up alert table with 100,000 records. What are the best practices for writing the macro so that it runs fast ?.
  Thanks.

  Is it necessary to write all the alerts? What I mean is, do you filter the results when you view them through the Alert Monitor?
  If your alert profile has a minimum threshold set for an alert type, then you can read this threshold in the macro and only write alerts that fall below the threshold.
  e.g.
    Step: Get Threshold Values : ( 1 Iterations :Initial;Initial )
      Action Box: Get Threshold Value
        LAYOUTVARIABLE_SET( 'Alert_Thresh' ;
        ALERT_PROFILE_THRESH( SDP_ALERT_PROFILE' ; '4100' ; 'I' ) )
  Where SDP_ALERT_PROFILE is the profile that contain sthe minimum threshold you want to use and 4100 is the alert type. The I is for information, can use either W for Warning or E for Error as well.
  Then use the variable Alert_Thresh to check if your value falls below this, only then write the alert.
  Regards
  Ian