Remediation in GRC RAR

Hi,
After Running the Risk Analysis under Informer Tab in RAR Component, there is an option to do Mitigation or Remediation directly. The Mitigation is working fine but coming to the Remediation the Submit button is disabled.
Please let us know the process, how to utilize this functionality.
Thanks,
Sudip Saha

Sudip,
This feature is not available. It was never implemented in RAR 5.X but it may work in AC 10.0.
Regards,
Alpesh

Similar Messages

GRC RAR version relative to SAP upgrade to ECC 6

Hi,
Currently we are on GRC RAR version AC-RAR 5.3-13.3. We are upgrading our SAP from ECC 5 to ECC 6 and the latest support pack. What GRC RAR version do we need to be on to identify any potential SOD issues on the ECC 6 system? Are there any other potential pitfalls that we should be aware of?
Thanks,
John Burk

Hello John,
Are you using a customized rule set?
SAP provides rule updates periodically:
For example:
1446680 - Risk Analysis and Remediation Rule Update Q2 2010
You'll find that some specific changes are performed in these rule updates, and some of these changes are only for ECC 6.
You might want to check also here:
Note 986996 - GRC Access Control- Best Practice for Rules and Risks
Then, the point is not the GRC version, but the rule set. Of course, you have to upgrade the RTAs.
Cheers,
Diego.

Critical transactions in GRC RAR 5.3

Hi,
we have an option in GRC RAR 5.3 to fetch the critical action report in informer. how can i add some more critical actions into the GRC, is there a facility in GRC RAR to add critical transactions or this should be done through backend??. kindly advice.
thanks

Hi,
The process is very simple, identify your sensitive/critical transactions, make functions and then define risks as critical acttions in RAR. After generating rules, you will be able to run risk analysis for those critical/Sensitive transactions.
Regards,
Sabita

GRC RAR Alert Email Sender

Hi,
I am trying to work out how GRC RAR determines which email address to use when sending out RAR Alerts. I have a risk which has 3 Risk Owners, I have tried various combinations of assigning Risk Owners to the Risk, but cannot see any logic as to how RAR picks which one to send the email alert from.
If I just have one Risk Owner, then the Alert is sent from that user, however when multiple owners are attached there does not appear to be any logic as to which one from the list is chosen.
Any help would be much appreciated.
Thanks & Regards,
Stephen

Hi Stephen,
In GRC ARA 5.3, following is the logic which determines that who is sending the notification if there are multiple role owners.
The logic goes like this while sending the emails:-
1. It re-orders the role owner list so that alphabetically the last e-mail is treated as first.
For example:-
email of C01   say email is C01@ XYZ.com
email of B01   say email is B01@ XYZ.com
email of Z01    say email is A01@ XYZ.com
** Alphabetically C01 is last and will send the mails.
2. Now this last email of C01 becomes the e-mail id who will be set to send the mail to all other owners in list.
I hope this information helps.
Regards,
Yukti

GRC RAR function ids

Hi,
I have a question for GRC RAR functions ids.After uploading objects,do i have to create function ids and add tcodes and update permissions with the help of controllers/finance admin.I am not sure how it works.
Thanks
Mushu.

Dear Mushu,
You will get businessprocess, rule set, funciton, risks etc., text files for different systems like R/3, CRM & SRM along with the installation files. You can upload these files and generate your SOD rules. This is standard rule set available from SAP. You can customize this rule set later as per your business requirements by changing functions, risks etc.,
If you want to have totally customized rule set then you need to follow the procedure of creating functions, addition of t-codes, authorization obejcts (permissions) enablement and then generating rules. If the customized rule set is huge the better to use the text files - tweak them and upload into RAR tool
Thanks and Best Regards,
Srihari.K

GRC RAR

Hi,
When i ran user/role/profile synchronization job for oracle in GRC RAR.It's keep running and when i check log.It says:
com.virsa.cc.xsys.util.Lock lock
WARNING: It is used by the another owner: For current thread retrying to get lock : 1004
Please let me know,how it can be fixed.
Thanks
Mash

Basis has unlocked an object in the database for us and the user/role/profile full synchronization job for oracle in GRC RAR is now running and completed successfully
We scheduled full synch batch risk analysis job. But Job is failed due to ORA issue.
Below the Job log error message.
2012-02-23 04:01:35 Failed Error while executing the Job for Object(s) :CDELACK:Batch rolled back. Caused by java.sql.BatchUpdateException: ORA-00001: unique constraint (SAPSR3DB.SYS_C00157225) violate... (see log for details)
2012-02-23 05:40:20 Started Full Synch batch Risk ORA11IDEV started :threadid: 0

SAP GRC RAR 5.3 SP9 "Cannot execute BAPI UserList"

Hi everyone,
After upgrading to 5.3 SP9, my client started experiencing some problems with RAR. I doubt it's linked to the upgrade, since I did all the testing and results were as expected. The problem is as follows:
Using RAR, for only one specific system (SAP ECC6 box), when running foreground AND background analysis for USERS, all analysis fails with the following error log (see below message). All ROLE analysis work as expected (SOD and critical actions/autorisations).
In the configuration tab, the connexion test is successful. I did some testing with a BASIS from the client and we identified that when running a successful analysis, we could log a RFC connection to the backend system (dont recall the transaction used though). When the analysis failed, no connexion was logged.
The client's GRC admin opened a ticket with SAP, but I was wondering if the collective knowledge of SDN could maybe help us identify the cause of our problems.
Any solution path is welcome
Kind regards
Jerome Fortin
========================================================================================
Jan 18, 2010 2:19:09 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Foreground : Analysis starts: XL1360
Jan 18, 2010 2:19:09 PM com.virsa.cc.comp.VirsaXSR3_01Interface execute
WARNING: VIRSAXSR3_01: Cannot execute BAPI UserList
java.lang.ArrayIndexOutOfBoundsException
     at com.sap.mw.jco.JCO$MetaData.getType(JCO.java:10211)
     at com.sap.aii.proxy.framework.core.JcoBaseTypeData.getElementValue(JcoBaseTypeData.java:503)
     at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClass.getRelatedModelObjects(DynamicRFCModelClass.java:787)
     at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClass.addRelatedModelObject(DynamicRFCModelClass.java:821)
     at com.virsa.cc.common.ModelNodeUtil._copyNodeTreeToModel(ModelNodeUtil.java:68)
     at com.virsa.cc.common.ModelNodeUtil.copyNodeTreeToModel(ModelNodeUtil.java:52)
     at com.virsa.cc.comp.VirsaXSR3_01Interface.execute(VirsaXSR3_01Interface.java:267)
     at com.virsa.cc.comp.wdp.InternalVirsaXSR3_01Interface.execute(InternalVirsaXSR3_01Interface.java:1341)
     at com.virsa.cc.comp.wdp.InternalVirsaXSR3_01Interface$External.execute(InternalVirsaXSR3_01Interface.java:1376)
     at com.virsa.cc.comp.BackendAccessInterface.executeBAPIModel(BackendAccessInterface.java:3415)
     at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:409)
     at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
     at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.executeBAPI(InternalBackendAccessInterface.java:4227)
     at com.virsa.cc.comp.BackendAccessInterface.searchUser(BackendAccessInterface.java:758)
     at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.searchUser(InternalBackendAccessInterface.java:4279)
     at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.searchUser(InternalBackendAccessInterface.java:4748)
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:548)
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.userIsIgnored(DataExtractorSAP.java:529)
     at com.virsa.cc.xsys.meng.MatchingEngine.getObjActions(MatchingEngine.java:702)
     at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:121)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1344)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:237)
     at com.virsa.cc.ui.UserSelection.onActionExecute(UserSelection.java:634)
     at com.virsa.cc.ui.UserSelection.onActionConfirmExecute(UserSelection.java:1858)
     at com.virsa.cc.ui.wdp.InternalUserSelection.wdInvokeEventHandler(InternalUserSelection.java:1287)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
     at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:332)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:219)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Jan 18, 2010 2:19:09 PM com.virsa.cc.xsys.meng.MatchingEngine matchActRisks
WARNING: Error :
com.virsa.cc.dataextractor.dao.DataExtractorException: Impossible d'extraire les donn?es du syst?me (P01R3S010) ; pour plus d'information, reportez-vous ? ccappcomp.n.log
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:551)
     at com.virsa.cc.dataextractor.bo.DataExtractorSAP.userIsIgnored(DataExtractorSAP.java:529)
     at com.virsa.cc.xsys.meng.MatchingEngine.getObjActions(MatchingEngine.java:702)
     at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:121)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1344)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:237)
     at com.virsa.cc.ui.UserSelection.onActionExecute(UserSelection.java:634)
     at com.virsa.cc.ui.UserSelection.onActionConfirmExecute(UserSelection.java:1858)
     at com.virsa.cc.ui.wdp.InternalUserSelection.wdInvokeEventHandler(InternalUserSelection.java:1287)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
     at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:332)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:219)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Jan 18, 2010 2:19:09 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
WARNING: Foreground : Failed to run Risk Analysis
java.lang.Exception: Impossible d'extraire les donn?es du syst?me (P01R3S010) ; pour plus d'information, reportez-vous ? ccappcomp.n.log
     at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:127)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1344)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:311)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:240)
     at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:237)
     at com.virsa.cc.ui.UserSelection.onActionExecute(UserSelection.java:634)
     at com.virsa.cc.ui.UserSelection.onActionConfirmExecute(UserSelection.java:1858)
     at com.virsa.cc.ui.wdp.InternalUserSelection.wdInvokeEventHandler(InternalUserSelection.java:1287)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.invokeEventHandler(DelegatingView.java:87)
     at com.sap.tc.webdynpro.progmodel.controller.Action.fire(Action.java:67)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doHandleActionEvent(WindowPhaseModel.java:420)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:132)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:332)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doPost(DispatcherServlet.java:53)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(AccessController.java:219)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)

Yes, I am aware there might be an issue with the BAPI USER list execution, it is pretty excplicit in the message.
I was wondering if anyone has seen this error before and if someone can help me trace the source of the error. A message was already open with SAP before christmas and no solution was identified at the moment.
Impossible d'extraire les donn?es du syst?me (P01R3S010) ; pour plus d'information, reportez-vous ? ccappcomp.n.log at com.virsa.cc.dataextractor.bo.DataExtractorSAP.searchUser(DataExtractorSAP.java:551) at
This can be translated to: Cannot extract data from the system P01, for more information look at the log file xxxx..
Edited by: Jerome Fortin on Jan 19, 2010 9:15 AM

SAP GRC RAR Rules Generation Job Error - SP13 application

Hello,
we applied SP 13 on GRC and RAR Rule Generation job is always in "error" status; below I list an example of job log:
INFO: -
Scheduling Job =>237----
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob run
INFO: --- Starting Job ID:237 (RULE_GENERATION) - generate f113
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.util.Lock lock
FINEST: Lock:1007
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 237 Status: Running
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
1@@Msg is generate f113 started :threadid: 1
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=237, status=1, message=generate f113 started :threadid: 1
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.util.Lock unlock
FINEST: Unlock:1007
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob ruleGeneration
INFO: @@@--- Rule ruleGeneration Started ....237
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob run
WARNING: *** Job Exception: null
java.lang.NullPointerException
     at com.virsa.cc.xsys.bg.BgJob.ruleGeneration(BgJob.java:1245)
     at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:609)
     at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:363)
     at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:375)
     at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:92)
     at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:444)
     at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1236)
     at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
     at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
     at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
     at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
     at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
     at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
     at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:333)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:741)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:694)
     at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:253)
     at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
     at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
     at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
     at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1060)
     at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
     at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
     at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
     at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
     at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
     at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
     at java.security.AccessController.doPrivileged(Native Method)
     at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
     at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 237 Status: Error
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
2@@Msg is Error while executing the Job:null
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=237, status=2, message=Error while executing the Job:null
Apr 4, 2011 1:36:12 PM com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob scheduleJob
INFO: -
Complted Job =>237----
Apr 4, 2011 1:36:13 PM com.virsa.cc.xsys.util.Lock lock
WARNING: It is used by the same owner: For current thread retrying to get lock : 1001
Apr 4, 2011 1:36:13 PM com.virsa.cc.xsys.util.Lock lock
FINEST: Lock:1001
Apr 4, 2011 1:36:13 PM com.virsa.cc.xsys.util.Lock unlock
FINEST: Unlock:1001
Is there someone that can help me?
I checked and it seems that "Use NetWeaver Logical Lock" in config tab has to be set to "No"...is it correct for you or have you got other tips?
Thx to all

Hello,
actuallt current values are:
Row CNFGPARAM| CNFGSEQ| CNFGVALUE|
35 250 0 NO
36 251 0 YES
Value for 250 is ok based on your feedback.
Value for 251 is based on SNOTE 1508611, even if SDN forum suggests "0" against the note.
Have you got any tips?

Allowed variables in SAP GRC RAR messages

Hi experts,
I'm using SAP GRC AC 5.3.
In RAR, I want to configure message 0269 in cc_messages.txt file in order to change text including the description of the mitigation control.
Does anybody knows what's is this variable name ? Or even, where can I find a list of allowed variables for insertion in messages ?
Thanks,
Roque.

Roquevalder,
I understand your question now. I see the message you are talking about:
VIRSA_CC_MSG     0269     EN     error     The mitigating control was updated by #_!USERID#_! on #_!DATE#_! at #_!TIME#_!. This email serves a notification that you have been #_!STATUSCHANGED#_! as the monitor for : #_!LINESEP#_! #_!LINESEP#_! #_!LINESEP#_! #_!CONTROLIDTEXT#_! #_!CONTROLID#_! #_!LINESEP#_! #_!HROBJTYPELINE#_! #_!LINESEP#_! #_!OBJECTTYPE#_! #_!OBJECTID#_! #_!LINESEP#_! #_!ORGRULELINE#_! #_!LINESEP#_! #_!RISKIDTEXT#_! #_!RISKID#_! #_!LINESEP#_! #_!LINESEP#_! #_!MONTEXT#_! #_!MONITOR#_! #_!LINESEP#_! #_!LINESEP#_! #_!VALIDFROMTEXT#_! #_!VALIDFROM#_! #_!VALIDTOTEXT#_! #_!VALIDTO#_! #_!LINESEP#_! #_!LINESEP#_! #_!STATUSTEXT#_! #_!STATUS#_!
But at the end of the file you have something like this:
D     VIRSA_CC_MSGPRMS     0269     EN     CONTROLIDTEXT     CONTROLIDTEXT
D     VIRSA_CC_MSGPRMS     0269     EN     CONTROLID     CONTROLID
D     VIRSA_CC_MSGPRMS     0269     EN     HROBJTYPELINE     HROBJTYPELINE
D     VIRSA_CC_MSGPRMS     0269     EN     ORGRULELINE     ORGRULELINE
D     VIRSA_CC_MSGPRMS     0269     EN     RISKIDTEXT     RISKIDTEXT
I guess if you want to add a value in the message you have also to define it at the tail of the file.
My advice is to open a OSS message to ask for this functionality. You shouldn´t change it manually. Take into account that this file must be uploaded each time you update your GRC java components. So, if you make a custom change, you have to repeat that change every time you update. So I think you should ask SAP for this. They will probably include this field in next patches.
Regards,
Diego.

GRC RAR Simulate issue

Folks, I wonder if you can help...
We are running GRC 5.3 and I'm currently validating RAR. I have just tried to test the 'Simulate' functionality in User Level Risk Analysis but get a problem:
I am trying to test Action Level Simulation and therefore want to enter a transaction in the 'Value' field - (in order to include or exclude the transaction from the analysis), when I click on the selection icon at the side of the Value field to enter the search screen -I can then select the system I need to search, but then when I perform an unrestricted search ( to return all possible values of transactions). I get a total of 22000 values returned stopping at transactions beginning with M* - NOT the expected amount of some 90000 transactions in our system.
I have performed a download/upload of the Static text and SU24 Objects into the GRC system as part of the post installation steps and the text files produced show all the transactions objects in the system. Is there anything else I need to do in order to configure GRC to see all the transactions.
your help will be most appreciated.

Hello Wei,
Here are responses to your queries:
1. When running a RAR incremental role report with 4 rulesets, we encounter a status error on some roles, why is the status showing error while others are complete?
-> When you run batch risk analysis system runs analysis on multiple roles/users/profiles. Whenever it encounters error for one of the object (role/user/profile), system goes on to next object in sequence and does not stop there. This way risk analysis does not stop if you error for a particular object and tries to complete as much as it can. Now the reason for error on some of the objects can be found later. Try to run risk analysis on that particular object only which failed and then try to troubleshoot the problem with it. check the logs after you run on that particular object.
2. And also, from 0 - 19% seems to be quite fast, but after that it is running very slow, and i see the CPU comp and Memory uti is very high, any idea what might be the cause?
-> The time taken to perform risk analysis on objects may vary depending upon the number of auth. objects available with the object. If A role has 30 objects and B role has 2000 then system will take different amonut time to run risk analysis on each one of them. risk analysis on A will complete faster than that of B. In addition to that, since you ar using 4 rulesets , system tries to analysis the objects for all the rulesets. This will increase the risk analysis time considerably.
Regards,
Varun

Estimation for efforts and man days for GRC RAR

Hi,
I am new to GRC implemetation. I have to estimate number of person days or efforts required to implement RAR at clients place.
Requirements are like..
Implementing only RAR
Have their own rule set,
Have 1600 users and 300 roles.
Can anybody give some inputs on how to go with this ?
Regards,
Bindu

Hi Bindu,
As per my consulting experience, this implementation would take from 1 month to 3 months. It doesn't matter how many users the client has but the implementation will depend upon some of following criterias:
1) Is the rule set already built or do you need to build it?
2) How many violation do you expect? Do you expect most of violatons to remediate or mitigate during the course of implementation?
3) Will there be a constant help available from client side?
4) What functionalities of RAR client wants to use?
5) Does client have exposure to NW and Java?
Regards,
Alpesh

GRC RAR -Rules Updates

Hello All,
Q1- How we add one new physical system to the Rules (how we generate same rules for the new physical system), Please let me know the steps
Q2-In my current RAR System rules are generated on the basis of physical system, now I want to import same rule to New RAR System and generate rules for the logical system, Please let me know which steps I need to follow.
Thanks in advance.
Jagat

Hi Jagat,
guessing you talk ab AC 5.3.
Q1: Under configuration generate the rules after you added the system
Q2: Use import/export function under configuration.
Both described in the config guide.
Best,
Frank

GRC RAR Issue

Hello All,
How to get populate the list of System in RAR, when we want to run Role level based Risk Analysis for the particular system.
The drop down list for the System above the Role Name Tab.
I have tried to Dig out on the RAR but unable to find where to configure the same.
Thanks,
CB

Hello,
you can select the parcticler system while scheduling the background jobs at user level/role level.
there is a system selection tab->search->execute-> you can get the list of systems,and then select the particler system run the risk analysis against the user/role.
Regards,
Arjuna.

GRC RAR Action Rules

Hi ,
How many action rules will be available in Global rueset ??
I am getting : Total no. of rows : 135486 in RAR Screen ??? Is it normal to have this many?
Also, the query was taking so long...
( I know we can use filter, but even though the querie is taking so long)

The answer is difficult, because the nuumber changes depending upon which release/version of the global ruleset you have loaded, and whether you have loaded the set of files that include all applications or whether you have loaded the individual files for each module as they are all diffewrent in their contents.
You will need to explain which version you are using of the ruleset files, ie: whch version of AC 5.2 or 5.3 and SP etc.
Also how many systems/connectors did you load the files against.
Edited by: Simon Carty on Dec 21, 2010 8:57 AM

How to add profiles to critical roles & profiles table in GRC RAR

Hello,
As per Note# 1034117, it says Add "SAP_ALL" type security roles and the SAP profiles, see list below for profiles, to the Critical Roles and Critical Profiles table.
SAP_ALL All Authorizations For The SAP System
SAP_NEW All Authorizations For Newly Created Objects
S_A.ADMIN Basis Operator
How do we add the profiles, to the Critical Roles and Critical Profiles table in RAR.
Thanks,

Hi,
I configured the critical roles & profiles in rule architect.
But when I schedule the background job for batch risk analysis, it is taking all the users, roles & profiles.
Is there a way to exclude users, roles & profiles? (I have already configured the excluded users, roles and profiles in exclude option), but still when I schedule the background job and say show parameter, it shows the User Range as '*'. It is not showing the excluded users.
Can you please update how to exclude the list of users, from the batch risk analysis?
Thanks,

Remediation in GRC RAR

Similar Messages

Maybe you are looking for