RAR Risk Analysis Issue in Background Mode - "Failed to Display Result"

Similar Messages

• GRC Access Control 5.3 - RAR Risk Analysis in offline mode

  Hi expert,
  I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
  Best Regards!

  I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
  Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
  USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
  Hope I explained myself. Thanks for your help.

• Can you download RAR Risk Analysis reports to something other than Excel?

  When you run a RAR Risk Analysis and go to export the resulting reports, RAR automatically exports this into an Excel spreadsheet.
  Is it possible to export the reports into some other kind of format/tool?  (SQL would be ideal.)
  We are on GRC 5.3 SP13.
  Thanks.

  Our CMG group runs a company-wide risk analysis 2-3 times a year to use in their SOD Review process.  We are looking into loading this report into QuickView to give them more capabilities with using the report.  QV will work with Excel, but you have to load every spreadsheet and every page separately. 
  We are looking to see if we could download it into some other format that would contain all of the report in just one file.  Would make the QV load easier.  Something like SQL would probably be ideal.
  Thanks.

• Failed to Display Result error in Compliance Calibrator 5.2

  Yes, first of all, we are going to upgrade to 5.3, and then 10, but for now I have this old version.
  I ran an ad-hoc report in CC 5.2 as a background job.  The job has completed and there is the icon to view the report.  When I click on it, it shows me the report screen with no data on it, and at the bottom, it says, "Failed to display result".
  I'm not sure what the reason is for this.  Have you encountered this error before?
  Thanks,
  Santosh

  Hi Santosh,
  It is very likely this is because you haven't maintained properly the Background Job Spool File Location. Check the configuration tab under Miscellaneous. Make sure the path you maintain is writeable by the user running the Java engine. Take notice that paths in Windows and Unix will look quite different:
  Windows:
  server\path\
  Unix
  /path/
  Regards,
  Luis

• Job log - Failed to display result

  Hello,
  We have a problem displaying job logs, the message 'Failed to display result' appears when we try to display the log.
  The jobs have run last week.
  Any idea where I can have a look to find out what's going wrong?
  Thanks in advance,
  Kind regards,
  Ursula Delort
  SAP Administrator

  In fact, I just found out that we zip the job logs, and I just need to unzip them to be able to access the log.
  Ursula Delort

• RAR - Risk Analysis - Permission Level - V_VBAK_AAT||AUART - Error

  I have a trouble related with risk analysis at permission level, when the V_VBAK_AAT||AUART is activated in two functions of my customized GRC rule-set (VIRSA_CC_FUNCPRM) for controlling some "document types" for tcodes VA01 and VA02. When I execute this customization in RAR, the system says "No match / No conflicts" for the risks where these functions appear, however performing some queries in the back-end systems, I have realized there are more than 80 users in conflict for some of them, given the fact that they have value '*' in object/field V_VBAK_AAT||AUART.
  At a first time I thought that most probably would be related with the fact that these functions are part of risks that combine 3 and 4 functions at the same time, with OR logical activated in document types, but when I searched for the rules generated for these risks I noticed that only 34.000 rules were generated and this no overpass the limit of 45566 rules defined at RAR. Anyway, I performed some tests reducing the number of possible combinations and, basically, whenever the following line is activated, the outcome is u201Cno conflictsu201D:
  D VIRSA_CC_FUNCPRM FN15 VA01 GRC-C21 V_VBAK_AAT||AUART ZSO ZSO OR 0 null
  If this line is disabled, then, several users with conflicts are reported. As mentioned above, these users have value '*'   for object/field V_VBAK_AAT||AUART, so I do not understand why those users are not reported when the line above is activated.
  I have done the following checks, all of them correct:
  - The user/role/profile synchro has been done and all the users has been stored in table VIRSA_CC_
  - All the lines in VIRSA_CC_FUNCPRM part of my customized rule-set have been correctly inserted in the same Oracle table
  - All the combinations of rules has been created (including VA01 and VA02 with V_VBAK_AAT||AUART)
  Any suggestions?
  Thanks in advance

  I've detected the same problem for the following authorization objects:
  - F_BKPF_BLA||BRGRU
  - V_VBRK_FKA||FKART
  - M_MSEG_BWE||WERKS
  RAR reports no conflicts (at authoriztion level) when these objects are activated (of course having users with these conflicts in back-end systems)
  This problem has been proved in the installation of different customer with SAP GRC Access Control 5.3 SP12.
  Anybody else has experienced this issue????

• SAP GRC AC 5.3 - RAR Risk analysis Error Log

  Hi
  i have scheduled the background job for full sync risk analysis for the first time . the job ended with status error . critical analysis, user,role and profile action analysis is shown 100% . but the user permission analysis shows 49% , role and profile permission analysis show 97% each . where can i check the log for the errors . do i need to run the whole risk analysis job again ? when i check the management reports , risk violations are shown as zero . Please let me know how i can proceed at this stage . thanks
  Regards
  Prasad

  Thanks.
  First time please do for all users. I assume this was first time and it failed, so i will suggest you scheudle for all.
  once these are done, then periodic jobs should be increamental.
  few tips :
  - schedule user sync separate job and once it finish only then scheudle role sync and when role sync finishes, only then schedule profile sync
  - always select system ids from search help (which is F4 in ABAP)
  - best scheudle one job per system id, so that when failure occurs, so that error analysis is easy
  regards,
  Surpreet

• AC10.0 RAR risk analysis

  GRC Gurus,
  I have configured GRC10.0 for AC and trying to run the risk analysis for role/user level but no data is showing up. I could select the connector and roles, but after running the risk analysis no results are coming up.
  Any help is appreciated.
  Thanks.

  Hello Bhanu,
  Will you please let me know the solution ??
  Even we are facing the same problem.
  We can see the system , also see the roles , the users and also ran the background job to execute the risk analysis to perform user, role ,profile analysis from SPRO.
  Also note that we have already uploaded txt files for SOD rules.
  When we run the report for any user or any role the result is nill .
  Please suggest how did you resolve the issue ??
  Can you also tell me how can you generate "rule Id" manually for uploaded risk id ?? from NWBC or SPRO
  We tried via  SPRO>GRC>AC-->Access Risk Analysis >Sod Rules>Generate SOD Rules
  It ran successfully but the rpeort does not give any output !!
  Thanks in advance.
  Regards,
  Victor

• RAR offline analysis issue

  In our GRC AC 5.3 SP10, we have  RAR config tab -risk analysis -additional option - enable offline risk anlysis is set to YES.
  But when I run a risk anlysis from informer tab - reports shows offline anlysis:NO.
  My queries are:
  1. what are difference between yes and no for affline analysis. How does they affect risk analysis report.
  2. Is the above scenario a problem? does it provide incorrect result of risk analysis? If yes, how this can be rectified?

  If you set offline risk analysis to yes in configuration then when the batch risk analysis background job runs it populates the RAR table virsa_cc_prmvl. So the advantage of offline analysis is you can do  risk analysis based on the last batch risk analysis job making the response time better.
  In case of online analysis from informer tab the backend system should be available. The advantage here is you are dealing with real time data whereas incase of offline analysis your data is as fresh as the last run batch risk analysis job.
  Thank you,
  Partha
  Edited by: PARTHASARATHY NUNNA on Jun 25, 2010 2:36 PM
  Edited by: PARTHASARATHY NUNNA on Jun 25, 2010 2:47 PM

• CUP-RAR Risk Analysis error

  Hello experts,
  When an approver does risk analysis for adding a role to a user in CUP before approval, the system shows 0 risk(0 risks found), However when the role is added to the user in RAR simulation, there are Risks.
  Similarly,
  When an approver does risk analysis for a role in CUP before approval, the system shows 0 risk(0 risks found), However when the role is analysed in RAR, there are Risks.
  I have checked the Org Rules parameter in RAR (It was set to No as we are not using Org Rules).
  When I set the org rule parameter to Yes, I got exception " Risk analysis failed: EXCEPTION_FROM_THE_SERVICEInconsistency Org Rule Analysis Flag Parameter". I reset the parameter to NO.
  Many thanks,

  Hello Raghu
  Here is the note number: Note 1168120 - Risk Analysis and Remediation 5.3 Support Package (VIRCC).
  Also I would suggest going to:
  1. CUP - configuration -Risk analysis - And see if the web service link for Risk analysis is correct.
  Better would be to go to Netweaver Administration -Webdynpro console -and get the correct link.
  2. CUP -configuration - Mitigation and here also put the correct link for all four options there i.e. (Risk analysis, Mitigation etc),
  Hopefully this should solve the problem .I donu2019t think it is related to org level.
  If problem still persist, kindly paste the log.
  Best Regards
  Asheesh

• Mass role risk analysis issue

  Hello GRC Community,
  I have a following issue:
  When I use mass risk analysis the deactivated authorization objects in the role are displayed as result. At the same time, when I use Role Level Risk Analysis the role with deactivated critical authorization objects doesnt appear.
  Does anybody know how to solve this issue? Is there any configuration parameter to be adjusted?
  thanks
  best regards
  Sabrina

  Prasant,
  here are the screenshots of the Job result:
  1. Mass role Risk Analysis
  2. Risk Analysis on the (Single) Role Level
  Im Backend you can see that the role contains lots of deactivated autorization objects.
  I have run all sync Jobs, but seemingly it doesnt help.
  Thanks,
  Sabrina

• GRC 5.3: CUP risk analysis VS. RAR risk analysis

  I've installed and configured RAR and CUP.  When I do a risk analysis simulation in RAR on a user for adding a role, it comes back with no conflicts.  When I go into CUP and make a new request for adding the same role to the same user, it comes back with risk violations, but it looks like they are critical actions that are being flagged.  Why is there a discrepancy, and how do I go about getting the same risks in CUP as I do in RAR?

  >
  Frank Koehntopp wrote:
  > I guess the behaviour is on purpose.
  >
  > In RAR, you can do a selective analysis on only one kind of risk. You usually only need to do that in the remediation process, where this kind of selection is helpful to track down the root cause (although I'd like to have an ALL option in RAR as well...)
  >
  > In CUP, you do want to see any kind of risk that might arise from a role assignement to a user.
  >
  > I have to say, I can not really understand why you'd want to switch off critical action or permission risks here. The user analysis in RAR and CUP serve two different purposes, hence I cannot see a bug here. If you have defined critical risks, why would you not want to see them???
  Hi Frank,
  I understand your point, but we are in the same situation as the others. We do not want to see Critical Action Risks in CUP because this is a separate process (for us) than Permission Level Risks Analysis piece. With our current structure, our Security Admins use RAR to run Permission Level Risk Analysis and mitigates appropriately. A separate compliance group uses the Critical Action reports to see who has what Critical tcodes, etc. We do not mitigate these "risks," we more or less use it as a report.
  I do not understand what you mean when you say "The user analysis in RAR and CUP serve two different purposes" - I feel it should be the same purpose, to ultimatley simulate if adding security to a user will cause SOD violations. If I have CUP configured to do Permission Level Analysis, that's all I want to be seeing in CUP.
  Let me know if I need to clarify further.

• SAP GRC AC 5.3 CUP Risk Analysis issue

  Hi all,
  I have assigned a new SoD Role to a user, who has been given previously other SoD Roles that were authorized to assingn, then I launched the Risk Analysis and it shows the risk between the previously SoD Roles, but I want to see the new posible risks between the new SoD Role and the others.
  Is there any parameter into CUP to set up that controls the issue ? How must I do?
  Thanks in advance.
  Regards.

  Hi Chinmaya,
  Firstly, thanks for your help and support.
  According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
  Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that  risks showed  as mitigated?
  Thanks, regards.

• Batch Risk Analysis in Full Sync mode with special user groups not working

  Dear All,
  we start Batch Risk Analyse Job in Full Sync with special User groups (use Range). In the Joblog I can see, that he selecet lesser users as in jobs before. But after all is finished (also managment job) when I go in Informer, he shows me also this user groups I have no analysed in Backgroudjob... Also he shows me in the detailed anlayse the date from a run before.. And we have deactivated some Risk - these are still in the analysis.
  Have some one a information for me what here is wrong..
  Best Regards
  Gabriele Herr

  to old..

• Program in background mode failed

  I have developed an customized report which basically uploads a file from server and perform computation against the data in SAP.
  Tested ok when executed normally. But it fails to upload file when its set to background job.
  Used 'Open Dataset'
  Please advice.

  CALL FUNCTION 'WS_UPLOAD'
         EXPORTING
              FILENAME        = ZFNAME
              FILETYPE        = 'ASC'
         IMPORTING
              FILELENGTH      = RC
         TABLES
              DATA_TAB        = ITAB
         EXCEPTIONS
              FILE_OPEN_ERROR = 1
              OTHERS          = 2.
    IF SY-SUBRC <> 0 .
      DATA: LEN TYPE I.
      CLEAR ZLINE.
      OPEN DATASET ZFNAME IN TEXT MODE.
      IF SY-SUBRC = 0.
        DO.
          READ DATASET ZFNAME INTO ZLINE LENGTH LEN.
          IF SY-SUBRC <> 0.
            EXIT.
          ENDIF.
          ITAB-LINE = ZLINE.
          APPEND ITAB. CLEAR ITAB.
        ENDDO.
      ENDIF.
      CLOSE DATASET ZFNAME.
    ENDIF.
    IF ITAB[] IS INITIAL .
      ERR-FDATE = SDATE.
      ERR-REMARKS = "unable to find file".
      APPEND ERR.
    ENDIF.
  This is the portion for uploading the file.
  Anyway to debug when in backgroud?