RAR: SoD Riskk and Critical Actions risks

Similar Messages

• Can CUP be configured to ignore Critical Action risks during SOD analysis?

  Hi All,
  We have configured our CUP workflow to take a detour path if SOD violations are found at a stage. RAR has Critical actions defined in the rule set. When  CUP performs the SOD analysis, is there any way we can skip critical action risks and consider only SOD risks?
  We are 5.3 SP 11.1

  Hi,
  If the critical action activated in the same rule set, than you have to define a mitigation control as well, because CUP is going to show these risk after a risk analysis and you have to mitigate that. There is no possiblity to skip that.
  Possible solutions:
  If you want these risks (critical actions) just for reporting aspects in RAR, than you should maybe create a new ruleset just only for these risks, and deactivate it, on the Global ruleset... I wouldn't recommend that, because, if you are going to define critical actions, you have to define mitigation control, from the security aspects as well.
  Cheers,
  Martin

• RAR 5.3: Uploading Critical Actions

  Hi,
  We have already a system with SoD Matrix already loaded and rules generated.
  Our question: Is it possible to upload critical actions (include in functions and these into risks) using "Rule upload" functionality or once the SoD Matriz is loaded not more risks can be uploaded using such functionality and must be entered manually?
  I remember there was a note related with the way rule upload works and the append / insert happening but I can not find it now.
  Any help on this?
  Many thanks in advance. Best regards,
     Imanol

  Hi Imanol,
  You can create txt files for new risks upload and do it. It will append the existing data. Just make sure that tcodes, objects and other required values are in place. Also, if a function / risk is existing, then modified data will not be applicable but it will throw error. But if your txt files are having all new data, then it will be uploaded successfully. We have done it, as our rulebook was prepared in installment and we uploaded SOD first and gave the risk alanysis to business before SAT risks were prepared and uploaded.
  Regards,
  Sabita

• Critical Action and Role/Profile Analysis

  Hi,
  I want to know the purpose of the Batch Risk Analysis back ground job "Critical Action and Role/Profile Analysis" in RAR 5.3.
  I'm assuming that I need not run this job if I do not want the critical roles/profiles like SAP_ALL to be analysed which were defined to be critical in rule architect.
  Please let me know if there is any other purpose to run the BG job "Critical Action and Role/Profile Analysis".
  Thank you,
  Partha

  Hello Partha,
    You got this right. It will analyze the defined critical actions/roles/profiles.
  Regards, Varun

• Critical Action and Role/Profile Analysis job in not running in GRC 5.3

  Hi Team,
  I  am working for a client where GRC 5.3 is installed( support pack 4 and patch 1).
  The installation is complete and also the post processing is done.
  We have scheduled a periodic ( weekly ) incremental background job for Critical Action and Role/Profile.
  Following are the parameter setting used:
  Task: Risk Analysis -Batch
  Batch Mode : Incremental
  First time it run successfully on 28th June'09 and it is completed with spool also. But next time it is supposed to run on 4th of July'09 . But it does not. And since then it is in same state.
  I am not able to find any reason that why it is behaving this way where other incremental jobs are running successfully.
  It will be helpfull if any one can guide me providing the solution.
  Regards,
  Kakali

  Hi Varun,
  I go to the Job History Button. It shows the following data only :
  2009-06-28 00:00:59 Done Job Completed successfully
  2009-06-27 23:45:00 Started RAR_PE1CLNT100_Critical Action and Role/Profile Analysis started :threadid: 0
  Under the Last Run Colomn it shows 28th June ( Status -completed)
  Under Next Run Date it is showing 4th July
  Follwoing are the list of Updates available From SP05
  When executing the critical roles/profile jobs in background, a message
  "error while executing the Job: null" comes up. ---( this one is for which come under Informer Tab)
  Background job spools are not available after upgrade from 5.2 to 5.3.
  Critical action and critical role/profile analysis cannot be run in
  background by system. --- ( But in my case It ran for once )
  Selection parameters (System, User and User Group) have been provided for
  "Critical Action and Role/Profile Analysis" in Configuration->Background
  Job->Schedule Job. --- ( it means it run usually)
  Critical Actions report in detail view shows no results after executing the
  Risk Analysis Job in the background. The same report shows data when
  executed in the foreground. ( this one is for which come under Informer Tab )
  When there is only one periodic job configured in RAR, this job fails to
  start after the first time in the specified time. ( this is not true, becoz there other periodic jobs running successfuly)
  Unable to run Informer - audit reports - critical role and profiles with
  logical systems. ( this is again under Informer Tab )
  I had gone through this  earlier also, but not able to match any update with my problem. If if have any other suggestion you can provide me the same.
  Is there any way to check for job log so that I can check what is the problem. View Log option is also greyed out as we have sap logger set up as a default logger Parameter. I have made it enable just to check but there is nothing.
  Please Guide.
  Regards,
  Kakali

• GRC 5.3 Risk Critical Action reports return "no matches or conflicts"

  When running GRC 5.3 Risk Analysis Critical Action reports on either the user level or role level getting the message no matches or conflicts.
  However, Permission level reports are successfully returning correct results on the user and role level.
  This is a new installation of GRC 5.3 with latest SP.  Is there any set up that has to be done to run critical action analysis reports in GRC 5.3?
  This is also using the SAP default Global ruleset with no customisation.
  I have used GRC 10 to run the critical action reports and these work with using the critical risks as defined in the ruleset.  Does GRC 5.3 work a different way?  Is there any additional set up that has to be performed?  I just want to see the risks on role level or user level that relate to just the critical access risks (just 1 function).
  Please advise.

  Hi Trinadh
  Thank you for the response.  I did not know that you had to define the critical actions in 5.3 as I don't think you have to do it 10 - it seems to work on what is defined in the ruleset.  Where do you define the critical actions or check if it has been defined?
  Thanks

• Will there be a fix for Firefox's problems with Hotmail. I have gone back to 3.5.9 but mostly I am disappointed by the lack of action on this serious problem where a major and critical feature of a major international website is unavailable in the Firefox

  Will there be a fix for Firefox's problems with Hotmail. I have gone back to 3.5.9 but mostly I am disappointed by the lack of action on this serious problem where a major and critical feature of a major international website is unavailable in the Firefox browser.
  == URL of affected sites ==
  http://www.hotmail.com

  We've reached out to the Hotmail team and they've determined that this is a bug in their code. (It was masked by a timing issue in 3.5 that was fixed in 3.6.) We've worked with them to develop a fix but they may not have deployed it yet.

• AC 5.3  Critical Action Alert Emails not being sent

  HI:
  We have set up Critical Action alerts for a couple of transactions and while the on-line alert logs are being generated correctly, the alert email is not being sent to the Risk Owner.
  Does anyone know where I can trouble shoot this issue?
  Thanks,
  Margaret

  >
  Alpesh Parmar wrote:
  > Margaret,
  >
  >     Have you set up the SMTP server in visual admin? RAR needs to use this server details to send out an email.
  >
  > Alpesh
  Hi AlpeshMargaret,
  Where are the instructions for setting up the SMTP server in visual admin for the purpose of Alert Generation? I am not seeing this in the Configuration Guide. Could you point me to the correct documentation?
  Thanks!
  Jes

• Critical actions in SPM reports

  Hi all,
  One question in the way SPM retrives data from when reporting:
  I have seen in SPM report "SoD Conflicts Report" that SPM integrates with RAR in order to identifiy SoD Conflicts.
  Regarding, the critical actions filtering applied in SPM reports, where this information validation is it retrieved from? Critical actions defined in RAR OR critical actions maintained in R/3 transaction VFAT? What is to say in frontend (RAR) or backend (R/3)?
  Many thanks in advance. Best regards,
    Imanol

  Hi Imanol,
    It totally depends on your configuration. Go to SPM/FF -> Configuration tab. There is a parameter called 'Critical Transaction Table from Compliance Calibrator (VRAT)'. If the value is not maintained or if the value is 'NO' then SPM/FF will look at it's own critical tcode table. If the value is 'YES' then SPM/FF will look at RAR/CC for critical tcode table and you don't need to maintain critical tcodes in SPM/FF.
  Regards,
  Alpesh

• Critical Actions are not showed in Reports

  I'm having a problem in displaying user analysis report in management view.
  I have uploaded SAP default rulesets and it does contain some defined critical actions. I can also display critical actions by user in risk analysis reports.
  But the problem is in "User analysis Report", the number of critical action&role is always 0. 
  Does anybody know the reason?
  Is there anything that I'm missing?
  Thank you&Regards
  Stellare

  Hi,
  if you are using CC 5.2: have you checked the field Critical Action and role/profile analysis in Configuration->Background job->Schedule Analysis ?
  I suppose you are talking about that there is no critical violation in Informer.
  Hope this help you
  Emilio

• Critical Actions

  Hi Everyone,
  I'm trying to establish what is a good practice to follow on how to deal with critical actions.
  Our thinking is that even though they are critical actions people will still need to have access to them.
  Here are some options with the cons we have been considering:
  1. Add the actions into Firefighter id's & roles. We don't necessarily want to add actions into a firefighter role that someone is expected to do during their daily/weekly/routine activities.
  2. Disable the Critical Actions rules. This will disable your ability to easily identify when an unwanted user has access to these actions.
  3. Create mitigation controls for these critical actions and assign them to the specific users. This is quite and administrative  burden due to the number of critical actions. We would not want to mitigate at the Higher risk level but rather at the individual rule level.
  We are leaning towards option 3 but would appreciate some other options and input on how to deal with these?
  Kind Regards

  We are going through the same process and are using a combination of your suggestions.  First we are going through the critical actions and determining if our company (business reps and auditors) agrees with SAP standards.  Some of the transactions we don't consider as being critical so those will be disabled.  Next, we will put some critical actions in our firefighter ID's and not allow an end-user to have them in production.  Then, we will mitigate the users who use some of the transactions regularly. And lastly, we will run the critical action notify job weekly or maybe even monthly. 
  Peggy

• Hard drive and critical error messages

  Hello, I have suddenly rec'd numerous hard drive errors "hard drive doesn't respond to system commands" and critical error messages "damaged hard drive clusters detected. private data is at risk."    "system has detected a problem with one or more installed IDE/SATA hard disks" along with other error messages.  I have a toshiba satellite A505 over a year old and never had a problem until now.  Was just surfing the web on a retail site and started getting all these pop-ups. desktop is missing most icons, favorite list gone.  not computer savvy when it somes to figuring the error messages out.  Any help appreciated.  Should I take it in somewhere to get fixed?  Please help.
  Thank You.

  not computer savvy when it somes to figuring the error messages out. ... Should I take it in somewhere to get fixed? 
  Yes, Katy. Be sure to back up all your important files. The machine you get back will most likely have all of your pictures, Xmas cards, favorites, contacts and so forth missing.
     Locate a Toshiba Service Center
  -Jerry

• RAR v5.3 - Ignore Critical Roles & Profiles = No is not Working

  Hello everyone,
  I have SAP_ALL and SAP_NEW configured as critical profiles in Rule Architect.  I changed the Ignore Critical Roles & Profiles option to "No" to see the delta.  Yet, when I run the risk analysis (ad hoc or batch) against users with SAP_ALL, it still says No Conflicts found even though I changed the config to look at SAP_ALL users.
  Do I have to restart the server for the new Config to take effect?  It doesn't say it in the option like some of the other Config options do, but It's the only thing that I can think of.
  Thank you,
  Johonna

  Hi Johanna
  Have you run the synchronization job subsequent to the configuration of critical roles / profiles ? If not so try running the Synchronization job and then try risk analysis.
  Regards
  Swarna

• Critical actions showing "No match or conflict found"

  Hello
  I've set up an Active Critical Action rule, pulling in one Function and when I execute it against users that I know have access in the function, it's coming up with "No match or conflict found".
  It asked when I created it if I wanted to generate the rules and I said yes.
  Is there another step I need to complete before getting valid results?
  Thanks
  JD Schmidt

  Jon,
  Check this thread: "No match nor conflict found"
  If you are performing an Online Analysis it should work.
  Cheers,
  Diego.

• HP printer software includes old flash player that poses critical security risks

  I would like to use the HP Solution Center for a Photosmart C309a printer but the HP software includes an older flash player (Adobe Flash Player 9.0 r115) that poses critical security risks.  
  HP includes this old flash version at:
  C:\Program Files (x86)\HP\Digital Imaging\help\player\FlashPla.exe
  Is there a way to update this HP program file to a safe version of Flash Player?
  I think this is a generec security issue, but if it helps I run Windows 7 64-bit.

  Hello dghdah,
  Welcome to the HP Forums, I hope you enjoy your experience! To help you get the most out of the HP Forums I would like to direct your attention to the HP Forums Guide First Time Here? Learn How to Post and More.
  I understand you are looking for an updated version of Adobe Flash Player to use with Solution Center. When you install the Solution Center, normally Windows would skip the older version as your OS may have an up to date version. If this is not the case and the older version installed, you would need to update the flash player. Below I have linked you to the Adobe website to complete the update.
  Adobe Flash Player Support Center
  Best wishes,
  R a i n b o w 7000I work on behalf of HP
  Click the “Kudos Thumbs Up" at the bottom of this post to say
  “Thanks” for helping!
  Click “Accept as Solution” if you feel my post solved your issue, it will help others find the solution!