RAR - Risk Analysis - Permission Level - V_VBAK_AAT||AUART - Error

I have a trouble related with risk analysis at permission level, when the V_VBAK_AAT||AUART is activated in two functions of my customized GRC rule-set (VIRSA_CC_FUNCPRM) for controlling some "document types" for tcodes VA01 and VA02. When I execute this customization in RAR, the system says "No match / No conflicts" for the risks where these functions appear, however performing some queries in the back-end systems, I have realized there are more than 80 users in conflict for some of them, given the fact that they have value '*' in object/field V_VBAK_AAT||AUART.
At a first time I thought that most probably would be related with the fact that these functions are part of risks that combine 3 and 4 functions at the same time, with OR logical activated in document types, but when I searched for the rules generated for these risks I noticed that only 34.000 rules were generated and this no overpass the limit of 45566 rules defined at RAR. Anyway, I performed some tests reducing the number of possible combinations and, basically, whenever the following line is activated, the outcome is u201Cno conflictsu201D:
D VIRSA_CC_FUNCPRM FN15 VA01 GRC-C21 V_VBAK_AAT||AUART ZSO ZSO OR 0 null
If this line is disabled, then, several users with conflicts are reported. As mentioned above, these users have value '*'   for object/field V_VBAK_AAT||AUART, so I do not understand why those users are not reported when the line above is activated.
I have done the following checks, all of them correct:
- The user/role/profile synchro has been done and all the users has been stored in table VIRSA_CC_
- All the lines in VIRSA_CC_FUNCPRM part of my customized rule-set have been correctly inserted in the same Oracle table
- All the combinations of rules has been created (including VA01 and VA02 with V_VBAK_AAT||AUART)
Any suggestions?
Thanks in advance

I've detected the same problem for the following authorization objects:
- F_BKPF_BLA||BRGRU
- V_VBRK_FKA||FKART
- M_MSEG_BWE||WERKS
RAR reports no conflicts (at authoriztion level) when these objects are activated (of course having users with these conflicts in back-end systems)
This problem has been proved in the installation of different customer with SAP GRC Access Control 5.3 SP12.
Anybody else has experienced this issue????

Similar Messages

  • GRC 5.3: CUP risk analysis VS. RAR risk analysis

    I've installed and configured RAR and CUP.  When I do a risk analysis simulation in RAR on a user for adding a role, it comes back with no conflicts.  When I go into CUP and make a new request for adding the same role to the same user, it comes back with risk violations, but it looks like they are critical actions that are being flagged.  Why is there a discrepancy, and how do I go about getting the same risks in CUP as I do in RAR?

    >
    Frank Koehntopp wrote:
    > I guess the behaviour is on purpose.
    >
    > In RAR, you can do a selective analysis on only one kind of risk. You usually only need to do that in the remediation process, where this kind of selection is helpful to track down the root cause (although I'd like to have an ALL option in RAR as well...)
    >
    > In CUP, you do want to see any kind of risk that might arise from a role assignement to a user.
    >
    > I have to say, I can not really understand why you'd want to switch off critical action or permission risks here. The user analysis in RAR and CUP serve two different purposes, hence I cannot see a bug here. If you have defined critical risks, why would you not want to see them???
    Hi Frank,
    I understand your point, but we are in the same situation as the others. We do not want to see Critical Action Risks in CUP because this is a separate process (for us) than Permission Level Risks Analysis piece. With our current structure, our Security Admins use RAR to run Permission Level Risk Analysis and mitigates appropriately. A separate compliance group uses the Critical Action reports to see who has what Critical tcodes, etc. We do not mitigate these "risks," we more or less use it as a report.
    I do not understand what you mean when you say "The user analysis in RAR and CUP serve two different purposes" - I feel it should be the same purpose, to ultimatley simulate if adding security to a user will cause SOD violations. If I have CUP configured to do Permission Level Analysis, that's all I want to be seeing in CUP.
    Let me know if I need to clarify further.

  • GRC Access Control 5.3 - RAR Risk Analysis in offline mode

    Hi expert,
    I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
    Best Regards!

    I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
    Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
    Hope I explained myself. Thanks for your help.

  • Can you download RAR Risk Analysis reports to something other than Excel?

    When you run a RAR Risk Analysis and go to export the resulting reports, RAR automatically exports this into an Excel spreadsheet.
    Is it possible to export the reports into some other kind of format/tool?  (SQL would be ideal.)
    We are on GRC 5.3 SP13.
    Thanks.

    Our CMG group runs a company-wide risk analysis 2-3 times a year to use in their SOD Review process.  We are looking into loading this report into QuickView to give them more capabilities with using the report.  QV will work with Excel, but you have to load every spreadsheet and every page separately. 
    We are looking to see if we could download it into some other format that would contain all of the report in just one file.  Would make the QV load easier.  Something like SQL would probably be ideal.
    Thanks.

  • SAP GRC AC 5.3 - RAR Risk analysis Error Log

    Hi
    i have scheduled the background job for full sync risk analysis for the first time . the job ended with status error . critical analysis, user,role and profile action analysis is shown 100% . but the user permission analysis shows 49% , role and profile permission analysis show 97% each . where can i check the log for the errors . do i need to run the whole risk analysis job again ? when i check the management reports , risk violations are shown as zero . Please let me know how i can proceed at this stage . thanks
    Regards
    Prasad

    Thanks.
    First time please do for all users. I assume this was first time and it failed, so i will suggest you scheudle for all.
    once these are done, then periodic jobs should be increamental.
    few tips :
    - schedule user sync separate job and once it finish only then scheudle role sync and when role sync finishes, only then schedule profile sync
    - always select system ids from search help (which is F4 in ABAP)
    - best scheudle one job per system id, so that when failure occurs, so that error analysis is easy
    regards,
    Surpreet

  • CUP-RAR Risk Analysis error

    Hello experts,
    When an approver does risk analysis for adding a role to a user in CUP before approval, the system shows 0 risk(0 risks found), However when the role is added to the user in RAR simulation, there are Risks.
    Similarly,
    When an approver does risk analysis for a role in CUP before approval, the system shows 0 risk(0 risks found), However when the role is analysed in RAR, there are Risks.
    I have checked the Org Rules parameter in RAR (It was set to No as we are not using Org Rules).
    When I set the org rule parameter to Yes, I got exception " Risk analysis failed: EXCEPTION_FROM_THE_SERVICEInconsistency Org Rule Analysis Flag Parameter". I reset the parameter to NO.
    Many thanks,

    Hello Raghu
    Here is the note number: Note 1168120 - Risk Analysis and Remediation 5.3 Support Package (VIRCC).
    Also I would suggest going to:
    1. CUP - configuration -Risk analysis - And see if the web service link for Risk analysis is correct.
    Better would be to go to Netweaver Administration -Webdynpro console -and get the correct link.
    2. CUP -configuration - Mitigation and here also put the correct link for all four options there i.e. (Risk analysis, Mitigation etc),
    Hopefully this should solve the problem .I donu2019t think it is related to org level.
    If problem still persist, kindly paste the log.
    Best Regards
    Asheesh

  • RAR Risk Analysis Issue in Background Mode - "Failed to Display Result"

    Hi,
    I have strange problem in RAR.
    When I run risk analysis for 20 users in background mode, the job got successful but the spool file is empty. But at the bottom of page there is a message:  "Failed to Display Result".
    The Job log is showing the following message couple of times:
    WARNING: ./virsa/bgJobSpool/19.i (No such file or directory)
    java.io.FileNotFoundException: ./virsa/bgJobSpool/19.i (No such file or directory)
         at java.io.FileInputStream.open(Native Method)
         at java.io.FileInputStream.<init>(FileInputStream.java:129)
         at java.io.FileInputStream.<init>(FileInputStream.java:89)
         at java.io.FileReader.<init>(FileReader.java:62)
    But When I try to run for few users (like 6 memebrs where selection criteria is AUDIT*) in same way, the spool details got displayed this time. But the log is showing strange error messages this time:
    Nov 15, 2010 3:53:53 PM com.virsa.cc.common.util.ExceptionUtil logError
    SEVERE: null
    java.lang.NullPointerException
         at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForUserInputElement.wdGetObject(IPublicBackendAccessInterface.java)
         at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
    Nov 15, 2010 3:53:55 PM com.virsa.cc.dataextractor.bo.DataExtractorSAP getObjPermissions
    FINEST: getObjPermissions: elapsed time=1436ms
    Nov 15, 2010 3:53:55 PM com.virsa.cc.common.message.util.MessagingHelper getMessage
    INFO:
    ********msg: 'com.virsa.cc.common.message.dao.dto.MessageDTO@34d834d8'
    Any ideas please?

    Hi Alpesh,
    You are correct. The issue is due to multi node environment.
    But when I tried to define a custom spool folder path: usr/sap/<SID>/<Instance No>/log/virsa/bgJobSpool (in RAR - Miscellaneous - spool files location for background jobs) & run the risk analysis report in background mode, still RAR is saving the spool files in default location only.
    Can you suggest me if I am wrongly defining the location of folder?
    Should we define the complete location of the folder i.e starting with drive letter or path starting with user/* is sufficient?
    Regards,
    Dasarad

  • AC10.0 RAR risk analysis

    GRC Gurus,
    I have configured GRC10.0 for AC and trying to run the risk analysis for role/user level but no data is showing up. I could select the connector and roles, but after running the risk analysis no results are coming up.
    Any help is appreciated.
    Thanks.

    Hello Bhanu,
    Will you please let me know the solution ??
    Even we are facing the same problem.
    We can see the system , also see the roles , the users and also ran the background job to execute the risk analysis to perform user, role ,profile analysis from SPRO.
    Also note that we have already uploaded txt files for SOD rules.
    When we run the report for any user or any role the result is nill .
    Please suggest how did you resolve the issue ??
    Can you also tell me how can you generate "rule Id" manually for uploaded risk id ?? from NWBC or SPRO
    We tried via  SPRO>GRC>AC-->Access Risk Analysis >Sod Rules>Generate SOD Rules
    It ran successfully but the rpeort does not give any output !!
    Thanks in advance.
    Regards,
    Victor

  • RAR: Error message while running role risk analysis.

    Hi All,
             We are implementing RAR 5.3. When running permission level risk analysis we get the following error message:
    "Error while executing the Job:Cannot assign a blank-padded string to host variable 1.u201D
    This happens only at permission level for just one single role and for all the composite roles that contain this one.
    The rules were generated without any issue and we cannot find anything unusual on that particular single role.
    Any ideas of what could be the cause of this error?

    Hi Iliya:
              Please find below the job log with the detailed error description:
    Mon Dec 15 10:06:37 GMT-02:00 2008 : -----------------------Scheduling Job =>233---------------------------------------------------------------
    Mon Dec 15 10:06:37 GMT-02:00 2008 : --- Starting Job ID:233 (RISK_ANALYSIS_ADHOC) - mm:user10
    Mon Dec 15 10:06:37 GMT-02:00 2008 : ----------- Background Job History: job id=233, status=1, message=mm:user10 started
    Mon Dec 15 10:06:37 GMT-02:00 2008 :  Job ID:233 : Exec Risk Analysis
    Mon Dec 15 10:06:37 GMT-02:00 2008 : Start Analysis Engine->Risk Analysis .....  memory usage: free=1571M, total=1962M
    Mon Dec 15 10:06:38 GMT-02:00 2008 : Rule Loader Syskey => *
    Mon Dec 15 10:06:38 GMT-02:00 2008 : No of Systems=1
    Mon Dec 15 10:06:51 GMT-02:00 2008 : Action rules cache loaded: memory used in cache=56M, free=1512M, total=1962M
    Mon Dec 15 10:06:51 GMT-02:00 2008 :  Job ID:233 : Rules loaded,  elapsed time: 13694 ms
    Mon Dec 15 10:06:57 GMT-02:00 2008 :  Job ID:233 :
    Mon Dec 15 10:06:57 GMT-02:00 2008 :  Job ID:233 : Analysis starts: MM:USER10
    Mon Dec 15 10:07:16 GMT-02:00 2008 : Auth Map cache reloaded successfully
    Mon Dec 15 10:07:32 GMT-02:00 2008 : Cannot assign a blank-padded string to host variable 1.com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:85)
    com.sap.sql.log.Syslog.createAndLogOpenSQLException(Syslog.java:124)
    com.sap.sql.types.VarcharResultColumn.setString(VarcharResultColumn.java:66)
    com.sap.sql.jdbc.common.CommonPreparedStatement.setString(CommonPreparedStatement.java:511)
    com.sap.engine.services.dbpool.wrappers.PreparedStatementWrapper.setString(PreparedStatementWrapper.java:355)
    com.virsa.cc.xsys.util.ObjTextReader.lookupByKey(ObjTextReader.java:353)
    com.virsa.cc.xsys.util.ObjTextReader.getFieldValueDesc(ObjTextReader.java:261)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.insertPermReportLines(AnalysisEngine.java:2286)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.outputPermissionViolation(AnalysisEngine.java:1858)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1182)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:243)
    com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:207)
    com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:305)
    com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:183)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:154)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
    com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:434)
    com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1223)
    com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
    com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
    com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:480)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
    com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
    com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
    com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
    com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
    com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
    com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
    com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
    com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
    com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
    com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
    com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
    java.security.AccessController.doPrivileged(Native Method)
    com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
    com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Mon Dec 15 10:07:32 GMT-02:00 2008 : Cannot assign a blank-padded string to host variable 1.com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:309)
    com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:183)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:154)
    com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:81)
    com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:434)
    com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1223)
    com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
    com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
    com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:480)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
    com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
    com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
    com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
    com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:299)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:711)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:665)
    com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:232)
    com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:152)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
    com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
    javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
    com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
    com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
    com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
    com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
    com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
    com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
    com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
    com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
    com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
    java.security.AccessController.doPrivileged(Native Method)
    com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
    com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Mon Dec 15 10:07:32 GMT-02:00 2008 : Job ID: 233 Status: Error
    Mon Dec 15 10:07:32 GMT-02:00 2008 : ----------- Background Job History: job id=233, status=2, message=Error while executing the Job:Cannot assign a blank-padded string to host variable 1.
    Mon Dec 15 10:07:32 GMT-02:00 2008 : -----------------------Complted Job =>233---------------------------------------------------------------
    Regards.
    Leandro.

  • User risk analysis offline mode in RAR

    Hello colleagues
    We are in AC SP14 and trying to perform RA via risk analysis-> user level. When the offline analysis parameter is set to YES we don't receive results, when the offline analysis parameter is set to NO we receive results but they are partiialy in comparison the the results we receive for the same user in the management view -> user violation report.
    So our question is:
    1.     Why the offline analysis=YES is not showing any data when all the prerequisites were performed (the background RAR sync/risk analysis/management view jobs are finished successfully and the configuration parameter of offline analysis is set to yes)?
    2.     Why the offline analysis=NO is not showing the same results as in the management view user violation report that was updated a just 10 minutes before?
    We viewed notes number 1544338 and 1126251 and all is configured an maintained as needed.
    Best Regards,
    Shira

    Hi Saurabh,
    Kindly check the below SAP notes.
    SAP note 1731579-- RAR 5.3 BRA job fails after about 4% - 6% of completion
    1727751 - Alert generation job fails with message "Error in  Alert Generation
    Hope this helps.
    Best Regards,
    Saksham

  • Different Risk Analysis Results with the same user from 2 different RAR

    Hi..
    I've loaded the same Risks, Rules, etc, into 2 GRC RAR environments (Sandbox and Quality systems); both of them are connected with the same SAP ECC system. But when I do a User Risk analysis (authorization level), the result from Sandbox is different from Quality system. I donu2019t have users or roles mitigated yet, users are synchronized, rules are exactly the same and I donu2019t know what happen??... Please, help me.
    Thanks...

    Hi...
    If I do a Full Sync of users to the same ECC system from both RAR boxes, I got different number of users loaded (i.e. 18757 vs. 18141), similar case with the full sync of roles. (13100 vs.  13150).
    If I load exactly the same set of functions to both RAR systems and I generate the rules, I got the same problem, different number of rules is generated.
    I've verified both RAR configuration and they are the same (excluded users, roles mitigated, etc.)
    Is it a normal behavior? What could be wrong?
    Thanks in advance!!

  • Error Creating Request - Risk Analysis in CUP

    Initially, we had the issue of not being able to create requests in CUP. I read around and found out that I needed to go to Configuration > Risk analysis and change the "Perform Risk Analysis on Request" to No. I tested and I was able to create a request. This tells me that SOMETHING is wrong with the Risk Analysis in CUP. So since its a Risk Analysis error, I when into a requested and selected Run Risk Analysis and go the following error.
    "Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: java.lang.Exception: Incorrect content-type found 'text/html' "
    But before anything. I just want to verify if its an authorization error with our webserivces id. Any input?
    Thank you,

    1. In the CUP Configuration-> Risk Analysis.
    Under the section "Select Risk Analysis and Remediation Version"( or "Select Compliance Calibrator Version" for version below CUP 5.3) make sure that the following web service is given in the URI, if the "Version" selected is above 4.0.
    "http://<servername>:<portnumber>/VirsaCCRiskAnalysisService/Config1?wsdl&style=document"
                                                                In the server name and port number, enter the corresponding entries of the Compliance Calibrator (CC) or (Risk Analysis and Remediation (RAR)) server entries on which it is installed.
    The User given under this section should have the administrator access for the CUP and RAR.
    CUP is 5.3 and we have the correct URL. The user is given the following roles:
    AEADMIN
    CC_Administrator
    VIRSA_CC_ADMINISTRATOR
    Please review the attachment for the list of actions in these roles. Please let me know if there is an action that the webservice id should have. In the link below, be careful of all the download buttons. Choose the "Save file to your PC: click here" link and open the file. (not save)
    http://www.2shared.com/document/8dOC7v6E/actions.html
    2. Make sure that the user provided in the CUP connector has the access for connecting to RAR and it should also have the administrator rights of the RAR.
    Should the access be provided from the roles/actions from above?
    3. Make sure that the password of both the users given in the above points is not expired i.e. they have been reset in UME.
    You can check the same by once logging into the UME through that users. In case it asks for the password change, then the password is expired and you need to change the password and give the new password in the CUP.
    Should the password ever expire for this ID? I will double check on the password.
    4. The logon language of both the above users should be maintained in UME.
    I am not sure how to check this, please advise.
    5. Also check that the connector in the RAR is working and is able to connect to the backend SAP system.
    I tested the connection in CUP and connection was successful. How can I test the connection for RAR?
    Thank you in advance,
    Edited by: Eric Lau on May 17, 2010 6:41 PM

  • Risk Analysis failure in CUP

    Hi Experts,
    We have upgraded our sandbox from GRC Access Controls v5.2 to version v5.3 SP7. I am now getting the following error when doing CUP Risk Analysis to RAR:
    Risk analysis failed: Exception from the service : Risk Analysis failed
    Any ideas?
    The Connection Names are the same for CUP and RAR.
    Here is the CUP log for the error:
    2009-05-11 17:17:12,562 [SAPEngine_Application_Thread[impl:3]_36] ERROR com.virsa.ae.core.BOException: Exception from the service : Risk Analysis failed
    com.virsa.ae.core.BOException: Exception from the service : Risk Analysis failed
         at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1073)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:300)
         at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:109)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by: com.virsa.ae.service.ServiceException: Exception from the service : Risk Analysis failed
         at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:586)
         at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
         at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
         ... 24 more

    Hello All,
    I am having the same issue in CUP
    EXCEPTION_FROM_THE_SERVICERisk Analysis failed
    com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed.
    The Password for the web service has not expired or the URI is the same as the CCRiskanalysis service and as well the connectors have the same name in RAR & CUP.
    It worked till yesterday and stopped working suddenly. Any help is appreciated.

  • AE 5.2 - Risk Analysis problem

    Hello,
    I am facing an issue with AE 5.2. When I create a request to assign roles and perform Risk Analysis, I get some SOD violations messages.
    I copy the some assigned roles and paste them in CC 5.2 -> Informer -> Risk Analysis -> Role Level and I have no conflict!
    Can you please advise why I have conflict with AE and not with CC?
    Thank you very much indeed,
    Cheers,
    Abderrahim

    Hello,
    In fact, It was only a false positive issue because:
    In CC I perform a risk analysis with Permission Level option.
    However, I get risk violation in AE with Critical Transaction for the same role.
    The right way is to run risk analysis in CC with Critical Actions.
    Thank you for your collaboration.
    Regards,
    Abderrahim

  • GRC AC 10 - risk analysis : No rules were selected

    Hi,
    In GRC AC 10, when I do a risk analysis (user level for example).
    For each userid the result shown in the column action is "No rules were selected "
    any idea ?
    Thanks
    Aurélien.

    Hi Vikas,
    Further to your comment above, I would like to point you to my thread here and specifically ask you about the following statement:...
    3. Open your GRC functions and make sure you have correct back end system updated for them. Check the status of all your GRC functions and make sure they all are active.
    I opened up the Functions from NWBC and realized that all the systems for each function were as follows:
    1. SAP Basis
    2. SAP CRM
    3. SAP ECCS
    4. SAP HR
    5. SAP R3 NON HR Basis Logical Group
    6. SAP R3
    7. Logical Group
    AND ALSO
    8. The DESCRIPTION of my RFC Connector ?!
    Now my question is as follows:
    1. Where in the Pre/Post/GRC300 documents does it say that one must configure each function with the backend system as you state above....should the configurations Connector/Connector/etc etc already mapped the functions to the backend system ?
    2. Also Why is the description of my RFC Connector available as a drop down menu from " System" tab on the function edit mode - see attached screenshot.
    Your advice would be appreciated.
    Best regards,
    Paul

Maybe you are looking for

  • How to set a fixed path while clicking the save button in sap adobe form

    Hi Experts, I would like to save a form to the same location but there seems to be no way to set a default folder. Its popup save as dialog box asking when i was save the first time. Kindly give the solution to close this requirement. Warm regards, S

  • Problem with german special characters in APEX

    Hi, we have a problem with all the special characters in german language in our Application. APEX version 3.1.0.00.32 is installed on a oracle database 9.2.0.6.0 The nls_characterset of the database is: American_America.WE8ISO8859P1 We have modified

  • About bugs in ios7.0.2

    some times ring is not coming while call is  coming.....and there is no option to cut the call while screen is locked

  • Mass Change in Credit Limit

    Dear All I have four company codes and i each company i have lot of customers and i have to increase the credit limit of customer at each company codes so plz tell me how to do this at mass level. Looking Forward Shujaat Abbas.

  • Use of const keyword in java ?

    Hi All,, I want to know the use of const keyword with proper example. Many many thx in advance Cheers Souvik