RAR - Exception in risk analysis
Hello All,
We are geeting below mentioned error while performing risk analysis -
WARNING: Job ID:235 : Failed to run Risk Analysis
java.io.IOException: No space left on device (errno:28)
at java.io.FileOutputStream.writeBytes(Native Method)
at java.io.FileOutputStream.write(FileOutputStream.java:260)
at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336)
at sun.nio.cs.StreamEncoder$CharsetSE.implWrite(StreamEncoder.java:395)
at sun.nio.cs.StreamEncoder.write(StreamEncoder.java:136)
at java.io.OutputStreamWriter.write(OutputStreamWriter.java:191)
at java.io.BufferedWriter.flushBuffer(BufferedWriter.java:111)
at java.io.BufferedWriter.write(BufferedWriter.java:206)
at java.io.Writer.write(Writer.java:126)
at com.virsa.cc.xsys.riskanalysis.dao.dto.RAReportDTO.printToSpool(RAReportDTO.java:454)
at com.virsa.cc.xApr 1, 2011 2:08:45 AM com.virsa.cc.xsys.meng.ObjAuthMatcher <init>
Thanks,
Jagat
Hi Jagat,
You have increase your file system space at database. This is common problem is development systems as there will be less space availability for development systems.
It would be good if you can define SAP_ALL, SAP_NEW, DDIC etc profiles under critical roles and exclude those roles for running the background job.
These profiles will have lot of conflicts and will occupy lot of space and also takes huge amount of time
Thanks and Best Regards,
Srihari.K
Similar Messages
-
GRC Access Controls v5.3 RAR Batch Job Risk Analysis Incr Analysis
Hi All!
re: GRC Access Controls v5.3 RAR Batch Job Risk Analysis Incr Analysis
Can anyone list or direct me to a help link that has the progress list of processes that are contained in this batch job?
Thanks!Hi All,
I have answered my own question. The processes are:
User Permission Analysis
Profile Action Analysis
Role Action Analysis
User Action Analysis
Role Permission Analysis
-john -
CUP 5.3 SP 11.1 Exception during Risk Analysis
Hi All,
Can you please help in resolving this?
Our current client has RAR and CUP. RAR and CUP are connected to ECC and BW. ECC has SOD rule sets in RAR but BW does not. Can you please go through the following scenarios and help me resolve this:
1> ECC is selected as Application and ECC roles are selected in request. When I perform Risk analysis it works fine.
2> BW is selected as Application and BW roles are selected in request. When I perform Risk analysis it works fine ( 0 risks found).
3> ECC and BW are selected for Applications and ECC and BW roles are selected in request. The Risk analysis failed giving an error message saying "EXCEPTION_FROM_THE_SERVICE Risk Analysis Failed". <BR>
Here is the error log <BR>
2010-04-15 08:26:09,420 [SAPEngine_Application_Thread[impl:3]_15] DEBUG NavigationEngine.java@85:execute() : Current Module: |AE| Conversation: |cnvCopyRequest| Screen: |scrRoles|
2010-04-15 08:26:09,420 [SAPEngine_Application_Thread[impl:3]_15] DEBUG NavigationEngine.java@105:execute() : Module#AE#Conversation#cnvCopyRequest#Screen#scrRoles#Action#selectRoles#
2010-04-15 08:26:09,420 [SAPEngine_Application_Thread[impl:3]_15] DEBUG NavigationEngine.java@285:execute() : Handler found:class com.virsa.ae.search.actions.SearchRolesAction
2010-04-15 08:26:09,420 [SAPEngine_Application_Thread[impl:3]_15] DEBUG com.virsa.ae.configuration.bo.AssignRoleGABO : findRoleDetailsByName(String roleProfName) : : Enter, roleProfName=PR0000EXEC
2010-04-15 08:26:09,421 [SAPEngine_Application_Thread[impl:3]_15] DEBUG RoleDAO.sqlj@2625:findCustomFieldsbyRoleName() : INTO the method : ctx=com.virsa.ae.dao.sqlj.SqljContext@7b4c7b4c roelProfName=PR0000EXEC
2010-04-15 08:26:09,423 [SAPEngine_Application_Thread[impl:3]_15] DEBUG com.virsa.ae.dao.sqlj.RoleDAO : findCustomFields(SqljContext ctx, String roleProfName) : : ,list size=0
2010-04-15 08:26:09,424 [SAPEngine_Application_Thread[impl:3]_15] DEBUG com.virsa.ae.configuration.bo.AssignRoleGABO : findRoleDetailsByName(String roleProfName) : : Enter, roleProfName=PR0000EXEC
2010-04-15 08:26:09,425 [SAPEngine_Application_Thread[impl:3]_15] DEBUG RoleDAO.sqlj@2625:findCustomFieldsbyRoleName() : INTO the method : ctx=com.virsa.ae.dao.sqlj.SqljContext@7c927c92 roelProfName=PR0000EXEC
2010-04-15 08:26:09,425 [SAPEngine_Application_Thread[impl:3]_15] DEBUG com.virsa.ae.dao.sqlj.RoleDAO : findCustomFields(SqljContext ctx, String roleProfName) : : ,list size=0
2010-04-15 08:26:09,425 [SAPEngine_Application_Thread[impl:3]_15] DEBUG RoleValidityHelper.java@160:isExpiredAsOfToday() : INTO the method : str : 12/31/9999
2010-04-15 08:26:09,426 [SAPEngine_Application_Thread[impl:3]_15] DEBUG RoleValidityHelper.java@166:isExpiredAsOfToday() : INTO the method : dt : Fri Dec 31 00:00:00 PST 9999
2010-04-15 08:26:09,426 [SAPEngine_Application_Thread[impl:3]_15] DEBUG RoleValidityHelper.java@176:isExpiredAsOfToday() : OUT of the method : boolResult : false
2010-04-15 08:26:09,426 [SAPEngine_Application_Thread[impl:3]_15] DEBUG LocaleUtil.java@321:getUserLocaleId() : intLocale : 1
2010-04-15 08:26:09,426 [SAPEngine_Application_Thread[impl:3]_15] DEBUG AECacheUtil.java@956:getCacheObject() : INTO the method : pCacheNameSYSTEMS,pLocaleId1
2010-04-15 08:26:09,427 [SAPEngine_Application_Thread[impl:3]_15] ERROR Ignoring exception, setting to default value : -1
java.lang.NumberFormatException: For input string: "PR0000EXEC"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:63)
at java.lang.Integer.parseInt(Integer.java:492)
at java.lang.Integer.parseInt(Integer.java:542)
at com.virsa.ae.commons.utils.Util.parseInt(Util.java:1063)
at com.virsa.ae.search.actions.SearchRolesAction.execute(SearchRolesAction.java:795)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2010-04-15 08:26:09,428 [SAPEngine_Application_Thread[impl:3]_15] ERROR Ignoring exception, setting to default value : -1
java.lang.NumberFormatException: For input string: "AR0000SRAN"
at java.lang.NumberFormatException.forInputString(NumberFormatException.java:63)
at java.lang.Integer.parseInt(Integer.java:492)
at java.lang.Integer.parseInt(Integer.java:542)
at com.virsa.ae.commons.utils.Util.parseInt(Util.java:1063)
at com.virsa.ae.search.actions.SearchRolesAction.execute(SearchRolesAction.java:802)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2010-04-15 08:26:09,428 [SAPEngine_Application_Thread[impl:3]_15] ERROR Ignoring exception, setting to default value : -1
Thanks for your help.
AnandRTA SP update solved the issue.
Thanks -
Hi Experts,
OUR GRC AC system configuration is: GRC AC 5.3 CUP Patch 7.0. One of our enduser has requested for a new role through CUP. While the manager performs the risk analysis, it is showing the following error: "Risk Analysis failed: Exception in getting the result from the webservice: service call exception, nested exception is: java.net.socket Timeout Exception: Read timout".
Below is the system log of CUP for futher reference:
2009-12-02 11:08:41,428 [SAPEngine_Application_Thread[impl:3]_12] ERROR com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1073)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:300)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:109)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
com.virsa.ae.service.ServiceException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:343)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:451)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:569)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Caused by:
java.rmi.RemoteException: Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:90)
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:99)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:311)
... 28 more
Caused by:
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:153)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:200)
at java.io.BufferedInputStream.read(BufferedInputStream.java:218)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.readLine(HTTPSocket.java:806)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getInputStream(HTTPSocket.java:341)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getResponseCode(HTTPSocket.java:250)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getResponseCode(HTTPTransport.java:362)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:553)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1432)
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:83)
... 30 more
Could anyone please analyze, where it went wrong.
Thanks a lot in advance.
Regards,
GurugobindaWe are facing this issue as well. This is seen in requests where there are a lot of conflicting roles requested, or if the user on the backend already has many SoD conflicts.
How many risk violations did show up in the RAR simulation? Seems that above 1000 you will get performance issues in CUP risk analysis.
We are also on SP7 and we did receive a reply from SAP that the risk violation threshold can be changed in RAR as of SP9:
=======================================================
From CUP 5.3 SP9 onwards, we have one parameter in RAR in
'Configuration>Risk Analysis>Performance Tuning' which will
enable you to set threshold violation limit for the Risk Analysis web
service. The name of the attribute is 'Threshold Violation Limit for webservice' and default value of this attribute is 1000.
When you perform risk analysis from CUP and the violation data count
exceeds this limit then error message will appear.
Setting this attribute will help tuning your performance.
==========================================================
Regards,
Stefan. -
Hello All,
Does anyone got this error while runing risk analysis on business owner stage ( where runing risk analysis is mandotory).
"Risk Analysis filed: Exception voilation exceeds the treshhold limit : THERESOLD : 1000DETAIL:17275:SUMM 1354:MGMT:3
THANKS MUCH IN ADVANCEHi,
Go to RAR->Configuration(tab)->Risk Analysis->Performance Tuning and change the value of "Web service violation limit " accordingly.
As mentioned in the parameter desc- if set this value to 0 (zero) then there is no upper or lower limit.
I did the same to avoid any limitation on the error count.
Regards, -
RAR - null pointer exception message when running risk analysis
Hi,
We recently installed & configured AC 5.3, SP11 version. From the day1 we are getting following message in the log when running risk analysis in foreground, background, when scheduled batch risk analysis in full sync, Incremental sync mode.
When I raised OSS message, they told that this is standard message when we use adaptive RFC connector in RAR. they proposed to use SAPJCO instead of Adaptive RFC connector to avoid this.
But I am some how not convinced with the answer because no one reported this problem anywhere earlier.
Can you share your ideas on this? I mean if any one got same message in any versions?
I just wanted to know is this standard bug which is visible for all customers or some thing I did wrong?
Here is the message:
com.virsa.cc.common.util.ExceptionUtil logError
SEVERE: null
java.lang.NullPointerException
at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForUserInputElement.wdGetObject(IPublicBackendAccessInterface.java)
at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)Here is the complete message:
com.virsa.cc.common.util.ExceptionUtil logError
SEVERE: null
java.lang.NullPointerException
at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForUserInputElement.wdGetObject(IPublicBackendAccessInterface.java)
at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)
at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.executeBAPI(InternalBackendAccessInterface.java:4227)
at com.virsa.cc.comp.BackendAccessInterface.getObjPermAuth(BackendAccessInterface.java:623)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.getObjPermAuth(InternalBackendAccessInterface.java:4271)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.getObjPermAuth(InternalBackendAccessInterface.java:4740)
at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjPermissions(DataExtractorSAP.java:307)
at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjPermissions(DataExtractorSAP.java:263)
at com.virsa.cc.xsys.meng.MatchingEngine.getObjPermissions(MatchingEngine.java:987)
at com.virsa.cc.xsys.meng.MatchingEngine.matchPrmRisks(MatchingEngine.java:466)
at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1524)
at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:536)
at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:339)
at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:282)
at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:84)
at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:444)
at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1236)
at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176) -
Hello experts,
When an approver does risk analysis for adding a role to a user in CUP before approval, the system shows 0 risk(0 risks found), However when the role is added to the user in RAR simulation, there are Risks.
Similarly,
When an approver does risk analysis for a role in CUP before approval, the system shows 0 risk(0 risks found), However when the role is analysed in RAR, there are Risks.
I have checked the Org Rules parameter in RAR (It was set to No as we are not using Org Rules).
When I set the org rule parameter to Yes, I got exception " Risk analysis failed: EXCEPTION_FROM_THE_SERVICEInconsistency Org Rule Analysis Flag Parameter". I reset the parameter to NO.
Many thanks,Hello Raghu
Here is the note number: Note 1168120 - Risk Analysis and Remediation 5.3 Support Package (VIRCC).
Also I would suggest going to:
1. CUP - configuration -Risk analysis - And see if the web service link for Risk analysis is correct.
Better would be to go to Netweaver Administration -Webdynpro console -and get the correct link.
2. CUP -configuration - Mitigation and here also put the correct link for all four options there i.e. (Risk analysis, Mitigation etc),
Hopefully this should solve the problem .I donu2019t think it is related to org level.
If problem still persist, kindly paste the log.
Best Regards
Asheesh -
Risk Analysis: CUP Error: Exception Service
Hi Guys,
I am implementing GRC -CUP, where I found following error while performing the risk analysis from CUP.
X - Risk analysis failed: Exception from the service : Inconsistency Org Rule Analysis Flag Parameter
1. In RAR - we have not enabled Org. Rule Analysis.
2. In CUP-Configuration tab- Risk Analysis link - I have disabled " Perform Org. rule Analysis"
Yet, problem is coming in the system.
Gurus,
let me know if there are some errors from myside in RAR.
Moreover, I am not able to integrate RAR with the CUP.
Are there any steps which need to follow before integration?
Thanks a ton
SKSoumya,
Can you look at the OSS Note # 1136379? I think you are missing the additional option "Consider Org. Rules when updating the Management reports and during Risk Analysis Web Service Call" part. Once you have set up everything similar to the OSS note option 2, test it.
If it still doesn't work, bounce the server and test again.
Regards,
Alpesh -
Risk analysis failed: Exception from the service : Invalid System
I'm trying to get the risk analysis performed for CUP requests. When I'm in the process of creating a request, and I add roles to the request and then click on the risk analysis button, I get the above error.
I checked the URI that I've included in the Risk Analysis section of the configuration and I believe it is correct:
http://<server>:<port>/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
I've selected 5.3 web service, and I have provided a user ID that has admin rights.
What do you think is the reason this error is being thrown?
The error in the log is:
2009-11-19 15:04:31,821 [SAPEngine_Application_Thread[impl:3]_39] ERROR com.virsa.ae.core.BOException: Exception from the service : Invalid System
com.virsa.ae.core.BOException: Exception from the service : Invalid System
Thanks,
SantoshFrank,
Thanks for your response. I was thinking along these lines already and so I have tried to do as you suggest. However it didn't work and the log indicated that it didn't like my connector name (even though the connector name is now the same as in RAR).
Caused by: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to resolve JCO destination name 'SANDBOX' in the SLD. No such JCO destination is defined in the SLD.
However, I looked at one of the online post installation checklists for CUP and I gathered that it might be necessary to have the JCo itself renamed at the backend to reflect the name used in RAR, and that should populate into my connector list within CUP (when you click on the magnifying glass).
I'm waiting to try that out, but I'm not sure about any secondary impact of making a change to the JCo name.
Let me know what you think about that move.
Thanks,
Santosh -
RAR: Error message while running role risk analysis.
Hi All,
We are implementing RAR 5.3. When running permission level risk analysis we get the following error message:
"Error while executing the Job:Cannot assign a blank-padded string to host variable 1.u201D
This happens only at permission level for just one single role and for all the composite roles that contain this one.
The rules were generated without any issue and we cannot find anything unusual on that particular single role.
Any ideas of what could be the cause of this error?Hi Iliya:
Please find below the job log with the detailed error description:
Mon Dec 15 10:06:37 GMT-02:00 2008 : -----------------------Scheduling Job =>233---------------------------------------------------------------
Mon Dec 15 10:06:37 GMT-02:00 2008 : --- Starting Job ID:233 (RISK_ANALYSIS_ADHOC) - mm:user10
Mon Dec 15 10:06:37 GMT-02:00 2008 : ----------- Background Job History: job id=233, status=1, message=mm:user10 started
Mon Dec 15 10:06:37 GMT-02:00 2008 : Job ID:233 : Exec Risk Analysis
Mon Dec 15 10:06:37 GMT-02:00 2008 : Start Analysis Engine->Risk Analysis ..... memory usage: free=1571M, total=1962M
Mon Dec 15 10:06:38 GMT-02:00 2008 : Rule Loader Syskey => *
Mon Dec 15 10:06:38 GMT-02:00 2008 : No of Systems=1
Mon Dec 15 10:06:51 GMT-02:00 2008 : Action rules cache loaded: memory used in cache=56M, free=1512M, total=1962M
Mon Dec 15 10:06:51 GMT-02:00 2008 : Job ID:233 : Rules loaded, elapsed time: 13694 ms
Mon Dec 15 10:06:57 GMT-02:00 2008 : Job ID:233 :
Mon Dec 15 10:06:57 GMT-02:00 2008 : Job ID:233 : Analysis starts: MM:USER10
Mon Dec 15 10:07:16 GMT-02:00 2008 : Auth Map cache reloaded successfully
Mon Dec 15 10:07:32 GMT-02:00 2008 : Cannot assign a blank-padded string to host variable 1.com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
com.sap.sql.types.VarcharResultColumn.setString(VarcharResultColumn.java:66)
com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:511)
com.sap.engine.services.dbpool.wrappers.PreparedStatementWrapper.setString(PreparedStatementWrapper.java:355)
com.virsa.cc.xsys.util.ObjTextReader.lookupByKey(ObjTextReader.java:353)
com.virsa.cc.xsys.util.ObjTextReader.getFieldValueDesc(ObjTextReader.java:261)
com.virsa.cc.xsys.riskanalysis.AnalysisEngine.insertPermReportLines(AnalysisEngine.java:2286)
com.virsa.cc.xsys.riskanalysis.AnalysisEngine.outputPermissionViolation(AnalysisEngine.java:1858)
com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1182)
com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:243)
com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:207)
com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:305)
com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:183)
com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:154)
com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:434)
com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1223)
com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:480)
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
java.security.AccessController.doPrivileged(Native Method)
com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Mon Dec 15 10:07:32 GMT-02:00 2008 : Cannot assign a blank-padded string to host variable 1.com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:309)
com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:183)
com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:154)
com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:434)
com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1223)
com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:480)
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
java.security.AccessController.doPrivileged(Native Method)
com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Mon Dec 15 10:07:32 GMT-02:00 2008 : Job ID: 233 Status: Error
Mon Dec 15 10:07:32 GMT-02:00 2008 : ----------- Background Job History: job id=233, status=2, message=Error while executing the Job:Cannot assign a blank-padded string to host variable 1.
Mon Dec 15 10:07:32 GMT-02:00 2008 : -----------------------Complted Job =>233---------------------------------------------------------------
Regards.
Leandro. -
AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.
Dear All,
we have users that have regular day-today authorization and also FF authorization.
Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
Thanks
Yuditok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
in that case, at what stage does the system checks for those combined risks ?
is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
thanks
Yudit -
Different Risk Analysis Results with the same user from 2 different RAR
Hi..
I've loaded the same Risks, Rules, etc, into 2 GRC RAR environments (Sandbox and Quality systems); both of them are connected with the same SAP ECC system. But when I do a User Risk analysis (authorization level), the result from Sandbox is different from Quality system. I donu2019t have users or roles mitigated yet, users are synchronized, rules are exactly the same and I donu2019t know what happen??... Please, help me.
Thanks...Hi...
If I do a Full Sync of users to the same ECC system from both RAR boxes, I got different number of users loaded (i.e. 18757 vs. 18141), similar case with the full sync of roles. (13100 vs. 13150).
If I load exactly the same set of functions to both RAR systems and I generate the rules, I got the same problem, different number of rules is generated.
I've verified both RAR configuration and they are the same (excluded users, roles mitigated, etc.)
Is it a normal behavior? What could be wrong?
Thanks in advance!! -
RAR - Risk Analysis - Permission Level - V_VBAK_AAT||AUART - Error
I have a trouble related with risk analysis at permission level, when the V_VBAK_AAT||AUART is activated in two functions of my customized GRC rule-set (VIRSA_CC_FUNCPRM) for controlling some "document types" for tcodes VA01 and VA02. When I execute this customization in RAR, the system says "No match / No conflicts" for the risks where these functions appear, however performing some queries in the back-end systems, I have realized there are more than 80 users in conflict for some of them, given the fact that they have value '*' in object/field V_VBAK_AAT||AUART.
At a first time I thought that most probably would be related with the fact that these functions are part of risks that combine 3 and 4 functions at the same time, with OR logical activated in document types, but when I searched for the rules generated for these risks I noticed that only 34.000 rules were generated and this no overpass the limit of 45566 rules defined at RAR. Anyway, I performed some tests reducing the number of possible combinations and, basically, whenever the following line is activated, the outcome is u201Cno conflictsu201D:
D VIRSA_CC_FUNCPRM FN15 VA01 GRC-C21 V_VBAK_AAT||AUART ZSO ZSO OR 0 null
If this line is disabled, then, several users with conflicts are reported. As mentioned above, these users have value '*' for object/field V_VBAK_AAT||AUART, so I do not understand why those users are not reported when the line above is activated.
I have done the following checks, all of them correct:
- The user/role/profile synchro has been done and all the users has been stored in table VIRSA_CC_
- All the lines in VIRSA_CC_FUNCPRM part of my customized rule-set have been correctly inserted in the same Oracle table
- All the combinations of rules has been created (including VA01 and VA02 with V_VBAK_AAT||AUART)
Any suggestions?
Thanks in advanceI've detected the same problem for the following authorization objects:
- F_BKPF_BLA||BRGRU
- V_VBRK_FKA||FKART
- M_MSEG_BWE||WERKS
RAR reports no conflicts (at authoriztion level) when these objects are activated (of course having users with these conflicts in back-end systems)
This problem has been proved in the installation of different customer with SAP GRC Access Control 5.3 SP12.
Anybody else has experienced this issue???? -
GRC 5.3: CUP risk analysis VS. RAR risk analysis
I've installed and configured RAR and CUP. When I do a risk analysis simulation in RAR on a user for adding a role, it comes back with no conflicts. When I go into CUP and make a new request for adding the same role to the same user, it comes back with risk violations, but it looks like they are critical actions that are being flagged. Why is there a discrepancy, and how do I go about getting the same risks in CUP as I do in RAR?
>
Frank Koehntopp wrote:
> I guess the behaviour is on purpose.
>
> In RAR, you can do a selective analysis on only one kind of risk. You usually only need to do that in the remediation process, where this kind of selection is helpful to track down the root cause (although I'd like to have an ALL option in RAR as well...)
>
> In CUP, you do want to see any kind of risk that might arise from a role assignement to a user.
>
> I have to say, I can not really understand why you'd want to switch off critical action or permission risks here. The user analysis in RAR and CUP serve two different purposes, hence I cannot see a bug here. If you have defined critical risks, why would you not want to see them???
Hi Frank,
I understand your point, but we are in the same situation as the others. We do not want to see Critical Action Risks in CUP because this is a separate process (for us) than Permission Level Risks Analysis piece. With our current structure, our Security Admins use RAR to run Permission Level Risk Analysis and mitigates appropriately. A separate compliance group uses the Critical Action reports to see who has what Critical tcodes, etc. We do not mitigate these "risks," we more or less use it as a report.
I do not understand what you mean when you say "The user analysis in RAR and CUP serve two different purposes" - I feel it should be the same purpose, to ultimatley simulate if adding security to a user will cause SOD violations. If I have CUP configured to do Permission Level Analysis, that's all I want to be seeing in CUP.
Let me know if I need to clarify further. -
GRC Access Control 5.3 - RAR Risk Analysis in offline mode
Hi expert,
I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
Best Regards!I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
Hope I explained myself. Thanks for your help.
Maybe you are looking for
-
Is there a way to view windows media files on an iPhone?
Is there a way to view windows media files on an iPhone?
-
Hello, Having some trouble enrolling my first Mac device with SCCM 2012 SP1. I have installed the client and am trying to use the CMEnroll Tool with no success. Command I am using is this: CMEnroll -s fqdn.siteserver -ignorecertchainvalidation -u "do
-
I have a password in my iphone3 and my niece have entered password wrongly too many times. What shhould i have to do?
-
Domain directory path different than unc path??
GroupWise 8 new secondary on Linux things "looked right, but couldn't connect Checked "Display Object" in C-1 on the domain object and I see that the Domain directory path is wrong - it is not what the UNC path is. Where do I change it?? or do I need
-
Bought supscription of Dreamweaver but keep getting "trail version expired"
Hello, I installed a trial version of DreamWeaver one month ago. This is expired and I hit the BUY button and purchased a supscription. I got a confirmation mail of the purchase. But when I launch Dreamweaver again, I keep getting this message that m