RAR: Upload risk owners

Similar Messages

• CUP 5.3 (SP11) Risk Owner Approval in CUP workflow

  Hello Experts,
  I have a question...
  When you create a risk in RAR, is there any way you can send an approval request automatically to a Risk Owner already set in RAR?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  We want to set risk owners different from business process owners,* and risk owners are the ones responsible for risk approval.
  *We don't want to set the "business process" as an approver determinator.
  I would appreciate your advice.
  HM

  When you create a risk in RAR, is there any way you can send an approval request *automatically* to a Risk Owner already set in RAR?
    - CUP (Page 19/33)?
  Unfortunately, there is no such option for risk in the CUP custom approver determinator.
  There is - Request Type - Attribute
  Please have a look at the following document to create RISK (RAR) approval workflows in CUP (Page 19/33 - CAD):
  http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/e03cd86c-3aa7-2a10-1aa6-e845902f555d?quicklink=index&overridelayout=true
  Thanks
  Himadama

• RAR Uploading Textobjects fails

  Hi,
  we have following issue:
  The upload of text-objects (downloaded from the backend by program /VIRSA/ZCC_DOWNLOAD_DESC ) to RAR doesn't work for us.
  We download one language only, called the file SAPtext.txt and we have chosen the appropriate menu in RAR:
  Upload Objects -> Text Objects
  We get following error messages:
  Cannot assign an empty string to host variable 4.
  com.virsa.cc.rulearchitect.bo.ObjectTextBO.insertObjectText(ObjectTextBO.java:84)
  com.virsa.cc.comp.UploadTexts.onActionUploadTextObjs(UploadTexts.java:335)
  com.virsa.cc.comp.wdp.InternalUploadTexts.wdInvokeEventHandler(InternalUploadTexts.java:169)
  com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
  and so on. I found OSS Note 1262325 and we still have this problem. Does anybody know how to proceed?
  BTW: Uploading of Authorization Objects works fine!
  We are using Access Control 5.3
  Thanks!
  Christian

  Hi Hersh,
  what do you mean with sequencing?
  I've done the following:
  File from /VIRSA/ZCC_DOWNLOAD_DESC uploaded to Upload Objects -> Text Objects
  File from /VIRSA/ZCC_DOWNLOAD_SAPOBJ uploaded to Upload Objects -> Permissions
  Uploading Permissions works fine, uploading text objects (tried UTF-8 as well) doesn't work. I don't know how to proceed.
  P.S.
  I replaced/removed all # and § !
  We are not using an unicode system
  Edited by: Christian Hofmann on Apr 15, 2009 10:02 AM
  Edited by: Christian Hofmann on Apr 15, 2009 10:35 AM

• Mitigation Control Owner instead of Risk Owner.

  Hi All,
  In a Provisioning request after Risk analysis if there is any SOD found then request needs to be forwarded to Mitigation Control Owner instead of Risk owner
  Please advice whether standard Functionality in GRC 10.1 address this requirement or it needs development.
  Thanks in Advance

  Hi Babu,
  There is no standard functionality to forward this to mitigatiion control owner.
  Even forwarding to risk owner ,you may need some customization as per SAP Note 1670504.
  Thanks,
  Mamoon

• Risk Owners approval using ABAP Function class

  Dear All
  I have implemented ABAP function class ZCL_GRAC_WFA_RISK_OWNER to identify the risk owners once the role approval is done, the Workflow is working fine with one exception.
  My scenario is like this - i have mapped P059 risks to PR risk approver coming from PR role, S007 risks is mapped to SD risk approver coming from SD role, so when the role owner have approved both the roles, i would like to send seperate risk approval requests to 2 diff risk approvers as per my mapping.
  But currently P059 & S007 risks are routed to both approvers at the same time & when one of them approves the risks - both risks get approved & provisioning is taking place.
  i would like 2 risk approval to be put in place - any idea on how to acheive this?
  Naveen

  Dear Hari
  Thanks for your response.. Yes i have implemented the note 1670504..
  As mentioned earlier i have checked my Risk approval Stage setting with both options "ALL APPROVERS" & "ANY ONE APPROVER"
  but still when one of the risk owner approves all the risks are get approved & the provisioning is completed.
  PFA
  Do let me know if you have any more options.
  Naveen

• Risk Owners/BPO

  working for a global client that has an existing process in place for mitigating controls using the SAP usergroup as the location. Each location has a unique Risk Owner/BPO.  Is there any way to do this for User Access Review/SOD reviews in GRC 5.3 SP11?

  Dear Hari
  Thanks for your response.. Yes i have implemented the note 1670504..
  As mentioned earlier i have checked my Risk approval Stage setting with both options "ALL APPROVERS" & "ANY ONE APPROVER"
  but still when one of the risk owner approves all the risks are get approved & the provisioning is completed.
  PFA
  Do let me know if you have any more options.
  Naveen

• What are the roles & responsibilities of Risk Monitors & Risk Owners!

  I need a documentation where the roles & responsibilities of a risk monitor and risk owner are stated. I was assigned to do a documentation for this. can someone help me on this? Thanks.

  Risk Owner:
  The role has the authorization to run access risk maintenance and access risk analysis!
  SoD, maintain owners in AC, risk analysis.
  Risk Monitor:
  Has the authorization to run risk analysis, mitigating control assignment and assign mitigating controls to an access risk.

• AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.

  Dear All,
  we have users that have regular day-today authorization and also FF authorization.
  Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
  Thanks
  Yudit

  ok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
  in that case, at what stage does the system checks for those combined risks ?
  is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
  thanks
  Yudit

• RAR: Batch Risk (Full) not completing - gets hung

  Hi everyone:
  We are on RAR 5.3 and we have 3 backend systems (ECC, CRM, Banking Services).  We have run Full User/Role/Profile sync jobs for all 3 backends, all completing successfully.  So our connectors are working fine.
  When we try to run the Full Batch Risk Analysis to establish our baseline, the CRM and Banking Services jobs complete successfully in under 1 hour.
  When we try to run the Full Batch Risk Analysis for ECC system, we get the error below.  After this error, the job hangs and does not continue - but does not error out....it just stays in "running" state.
  Can anyone offer any insight?
  Thanks in advance!
  Margaret
  Apr 20, 2011 8:43:44 AM com.virsa.cc.xsys.bg.BatchRiskAnalysis performBatchRiskAnalysis
  WARNING: Error: while executing BatchRiskAnalysis for JobId=104 and object(s):E30765: Skipping error to continue with next object: [jcc][t4][102][10040][3.59.81] Batch failure.  The batch was submitted, but at least one exception occurred on an individual member of the batch.
  Use getNextException() to retrieve the exceptions for specific batched elements. ERRORCODE=-4229, SQLSTATE=null
  Apr 20, 2011 8:43:44 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
  FINEST: --- @@@@@@@@@@@ Updating the Job History -
  2@@Msg is Error while executing the Job for Object(s) :E30765:[jcc][t4][102][10040][3.59.81] Batch failure.  The batch was submitted, but at least one exception occurred on an individual member of the batch.
  Use getNextException() to retrieve the exceptions for specific batched elements. ERRORCODE=-4229, SQLSTATE=null
  Apr 20, 2011 8:43:44 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
  INFO: -
  Background Job History: job id=104, status=2, message=Error while executing the Job for Object(s) :E30765:[jcc][t4][102][10040][3.59.81] Batch failure.  The batch was submitted, but at least one exception occurred on an individual member of the batch.
  Use getNextException() to retrieve the exceptions for specific batched elements. ERRORCODE=-4229, SQLSTATE=null

  Hi Margaret,
  for that on you would need to look into the whole log file and analyze it.
  I would suggest you open an OSS message to get somebody looking into it.
  Best,
  Frank

• RAR upload actions

  Hello Experts
  When uploading the rules data based on the templates in the configueration guide we wanted to make sure that in order to upload the full transaction list via the "system_action_function" file it will best to retrieve the transaction list from the "Search_Results_Permission_Rules.zip" exported from the RAR and to filter it by each system and field column value = "TCD: Transaction Code " or Permission Object column value = "S_TCODE: Transaction Code Check at Transaction Start " and that will make us sure that we uplaoded all standard function transaction relationship in the system. this is the only relevant file we found that has all the transaction codes data.
  Best Regards,
  Shira

  Can you maybe rephrase that? I'm not sure what you're actually asking...
  Frank.

• GRC AC 5.3 - CUP automatically pick up Risk Owners?

  Hi GRC Experts,
  Just wanted to know, is there any way CUP can pick up Risk Approvers without configuring them in CAD? Role approvers automatically get picked up when choosing the "Role" as the approver determinator within a CUP "stage"; Is there any such option for a CUP stage to pick up the Risk Approvers in the same manner?
  Thanks and Best regards,
  Sandeep

  Hi Chinmaya,
  Firstly, thanks for your help and support.
  According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
  Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that  risks showed  as mitigated?
  Thanks, regards.

• RAR: SoD Riskk and Critical Actions risks

  Hi all,
  I would like to get your input regarding different approaches followed in order to load in RAR SoD risk and critical actions risks.
  1) Do you load all of them under the same rule set?
  2) Do you think is convenient to load them under two different rule sets? One for SoD and the other for critical action?
  My decision here since AC modules when calling to RAR are using the default SoD, would be to define everything under the same unique rule set. Agree on that?
  Keep in mind the four GRC AC modules are implemented.
  Thanks for all. Kind regards,
    Imanol

  Hi Imanol,
    It depends on the client requirements. If client wants to see critical risks as well as SoD risks in CUP then same ruleset is the way to go. If client doesn't want to confuse approvers by showing critical risks then separate ruleset is the right way. At my current client, we have separate rulesets for SoD and Critical actions. We ask role owners to reaffirm all the role assignment which contains critical actions quarterly so we are covered from that angle.
  Regards,
  Alpesh

• RAR: Risk resolution options , Remove access from user is disabled

  Hi All,
  In RAR , After risk analysis, if we click on risk description 3 Risk resolution options are there.
  Mitigate Risk
  Remove access from user
  Delimit access for user
  In these options mitigate risk only working.I am using GRC SP 5.
  How about other two options , save button is disabled.How to enable this?
  can we remove/delimit access to  user using these options? any body  tested these options?
  Thanks n Regards,
  Joseph

  Joseph,
     These functionalities do not exist in the tool and these buttons have been in the RAR for past 2 years. SAP wants clients to use CUP for removing or delemiting access so I highly doubt this will ever work.
  Alpesh

• RAR - Logical system - SU24 upload

  Hi people,
  We use different logical system to include several ECC production systems. To have actual data, I need to upload the SU24 data from the backend system to the RAR (Upload objects)
  There I have only the possiblity to load the SU24 data against a physical system, not for a logical system.
  What happens now, if I am going to create a new function for a logical system and in this logical system are different ECC system referenced and each of them have another maintained SU24 data for standard transactions? Which data will be lead and relevant (pultruded) for the new function? Is it only the last loaded SU24 file?
  Thanks for your feedbacks.
  Regards,
  Martin

  Hi Martin,
  You can upload SU24 data against individual connected physical systems only and last loaded data only will reflect. Logical system is work as basket for all added physical systems and provides flexibility for future usage.
  If you want to create a new function for logical system -   While adding Action (Transaction) in new Function you can choose/specify the available systems or ALL.
  Thanks,
  Ramesh K

• User risk analysis offline mode in RAR

  Hello colleagues
  We are in AC SP14 and trying to perform RA via risk analysis-> user level. When the offline analysis parameter is set to YES we don't receive results, when the offline analysis parameter is set to NO we receive results but they are partiialy in comparison the the results we receive for the same user in the management view -> user violation report.
  So our question is:
  1.     Why the offline analysis=YES is not showing any data when all the prerequisites were performed (the background RAR sync/risk analysis/management view jobs are finished successfully and the configuration parameter of offline analysis is set to yes)?
  2.     Why the offline analysis=NO is not showing the same results as in the management view user violation report that was updated a just 10 minutes before?
  We viewed notes number 1544338 and 1126251 and all is configured an maintained as needed.
  Best Regards,
  Shira

  Hi Saurabh,
  Kindly check the below SAP notes.
  SAP note 1731579-- RAR 5.3 BRA job fails after about 4% - 6% of completion
  1727751 - Alert generation job fails with message "Error in  Alert Generation
  Hope this helps.
  Best Regards,
  Saksham