Risco de Instalação do GRC no servidor do ECC

Similar Messages

• SAP GRC 10.0 on ECC

  Hi Guys,
  We are planning on implementing SAP GRC 10.0. Our Basis guy has suggested that we can use ECC (EHP 6) box for installing the add on(GRCFND_A) component for it. The reason for this is to avoid adding another system to the landscape and to reduce the cost of implementation
  Are there any known issues using this approach?
  Thanks in advance,
  Silver

  Hi
  the GRC project is totally IT driven.
  I get why you are having to drive this - especially when you have to respond to audit requirements and your focus is on support processes.
  However, GRC is all about business risk management - Governance, Risk and Compliance (well internal controls). The GRC System is just the tool to manage this. Without business buy in how is this going to be successful? Who will review business process to determine what a risk is? Who in a senior leadership position will determine what risks are acceptable? Who will determine appropriate controls, report on them, and more importantly enforce them? Who in a leadership position will champion the project and support why a user must work a certain why (including access removed from them)?
  I get that you are focussing on a POC and trying to minimise cost but what happens post POC? I've given recommendations where I've said don't put in GRC until you sort your process and culture. I've done this as much as the innner techy in me knows I won't get to play with a new toy because without all the business buy-in you will have a system built and deployed that gives you a false sense of security when it comes to managing access controls.
  Another way to look at the SP issues - what happens if it's on ECC and the functional team (aka the business representatives) demand an SP increase for their functionality? They proceed to increase SP and now your functionality stops working.. which then impacts the business as you can't process their access requests and give them timely access to the system (assume this is your business case). Are your basis team going to tell the business that they can't have the SP stack increase because IT needs the system on a certain level and they need to wait until next time it's compatible?
  Good luck with your POC. I understand it will allow you to use the tool and check what will work for the business. If you are still undecided on system landscape post POC, take care in having that decision made for you. As you go down the POC path and time runs out the project may move from POC to design/build and now that it's working there will be reluctance to move it to a separate system.
  Regards
  Colleen

• How to install BI-CONT 7.37 in SAP ECC system EHP 5

  Hi SAP Gurus,
  We recently upgraded BI_CONT in our BW landscape(SAP netweaver 7.3) from 7.36 to 7.37
  What is the strategy to upgrade BI _CONT or corresponding changes in SAP ECC system(EHP 5).
  Currently we don't have BI_CONT installed in our  ECC system.
  KIndly, let me know how to upgarde BI_CONT related objects.
  Earlier we used to use custom extractors and data sources in ECC system for BI_CONT now we business has planned to use all standard data sources.
  Question here is do we need to install BI_CONT in SAP ECC and what is the procedure?
  Thanks,
  Avadhesh
  +91 8095226536

  Hi Avadhesh,
  No need to upgrade or install add-on BI CONTENT in ECC system if you have already BI landscape for doing BI functions.
  BI content includes below functionality which can be installed as an add on in ECC when you dont have BI landscape.
  DataSources
  Process chains
  InfoObjects
  InfoSources
  Transformations
  InfoProvider (InfoCubes and DataStore objects)
  Variables
  Data mining models
  Queries
  Workbooks
  Web templates
  Roles
  Aggregation level
  Planning function
  Planning function type
  SAP Crystal Reports (BI Content Ext.)
  SAP BusinessObjects Dashboards (BI Content Ext.)
  Regards,
  Karthik

• LSO CP installed on a non Enterprise Portal or ECC (ABAP+JAVA) server

  Hello,
  Has anyone installed the LSO CP on anything besides SAP Enterprise Portal or ECC (ABAP +JAVA)? If so what are the requirements for determining an approprate server for installation. How was this deployed without the use of the JAVA deployment tool? What issues if any did you encounter when performing this installation and deployment?
  Cheers
  Alan

  Hi
  CP needs to be installed on the J2EE engine.
  The URL of the Content Player needs to be specified in the IMG.
  Hope this helps
  Best Regards
  Reddy

• GRC AC Install

  The installation Guide says Enterprise Portal is an optional component of SAP NetWeaver 7.0 (2004s) SP 12. It is required if you
  install the file VIREPRTA00_0.sca.
  Based on this statement, my question is since GRC AC 5.3 is an addon on standalone Netweaver 7.0 Java stack, should I use Usage types AS JAVA with EP &; EP Core during install
  "or"
  I will use only AS JAVA during install of standalone stack  and install EP on a seperate system.
  Thanks,
  Haleem.

  Thanks Alpesh for helping me out. I have one more question for you.
  So, my understanding is that, after I will install (3) EP RTA on the standalone WAS system (with usage types AS JAVA, EP, EP Core), where I have already installed GRC AC 5.3 Add-On. next, I will install RTA on backend systems such as (ECC, HR, BI etc).
  My 2 queries are
  1. Can I install another EP RTA on a seperate EP System (considering this seperate stanalone EP System as another backend system just like ECC, HR, BI etc)?
  If my above statement holds right, then it would mean I will have EP RTA on front end ( containing AS JAVA, EP, EP Core with GRC AC 5.3 Add-on) as well EP RTA on backend system (locaton of standalone EP Server).
  2. Does SAP support the GRC Architecture having EP RTA on the front-end as well as EP RTA on the back-end?
  Pl. correct me if I am wrong.
  Thanks,
  Haleem.

• Highest version for fresh GRC install?

  Is 8.6.5.1616 the highest version of GRC that can be installed from scratch? Or is some version of 8.6.4 required with patches to get to the latest version?
  Thank you.
  mf

  No.
  8.6.5.1616 is a base patch, which can be installed as Fresh GRC setup on your environment.
  Latest available patch is 8.6.5.600 for which you  need to follow the upgrade path
  - Naveen

• Utilização de dois servidores PI

  Boa Tarde a todos,
  Na empresa que estou trabalhando, já existia um servidor PI 7.0 para sistemas legados e no projeto de implementação do GRC NFe, a consultoria optou por efetuar a instalação em um outro servidor PI dedicado para o GRC.
  Por política da empresa, os servidores serão migrados de datacenter, e surgiu uma dúvida na preparação dessa migração. Já verifiquei em outros posts, ser possível a instalação em somente 1 servidor, mas a pergunta é:
  Existe uma "recomendação" formal da SAP para que sejam utilizados 2 servidores?
  Abraços
  Migdon

  Sao duas discussoes:
  1. usar o PI corporativo ou um PI exclusivo pra NFE:
  O ponto aqui é o impacto de negocio. Interfaces de NFE, caso falhem, impedem a empresa de faturar. Em muitas empresas, o PI é um sistema nao estabilizado ainda com diversos erros de interface ao longo do tempo, e devido às filas das msgs assincronas, se parar uma interface, para "tudo". Tendo PIs separados, vc evita q problemas de interfaces menos prioritarias impactem em processos mais criticos como NFE; provavelmente foi essa a visao da sua consultoria. Claro que isso tem um lado negativo, que é aumentar a complexidade do seu landscape, aumentando o custo de manutencao.
  2. Instalar os 3 componentes (SLL-NFE, SLL-NFE-JWS e XI Content) em uma unica instancia ou usar instancias separadas.
  Existe uma recomendacao formal de nao se instalar outro aplicativo junto com o PI (verifique isso no master guide do Netweaver). Mas isso nao tem nada a ver com NFE, eh uma recomendacao padrao devido ao alto consumo de recursos pelo PI.
  Claro que se a empresa faz um sizing capaz de suportar a demanda de recursos, nada impede tecnicamente de instalar tudo junto.
  Note que sao 2 pontos distintos.
  Mesmo usando 1 PI pra NFE separado do PI corporativo, vc pode ainda ter tudo nessa mesma instancia de PI NFE ou instalar os componentes ABAP e Java em outras instancias, assim como se vc usa o PI corporativo tb pra NFE, vc poderia tb instalar os componentes ABAP e Java juntos ou em outra instancia.
  Abs,
  Henrique.

• Rule set migration from GRC 5.3 to GRC 10.0

  Hello everyone,
  I ask you this question: if I want to migrate from GRC 5.3 to GRC 10.0, can I keep my old custom rule set with no modification or I have to make some changes to it to import in GRC 10?
  Thankyou in advance for the answers
  Greetings
  Gianluca
  Edited by: Gianluca Mocini on Apr 1, 2011 5:33 PM

  Hi,
    The migration utility is very simple. You install it on GRC 5.3 box and then select the items you want to migrate. It will generate tab limited text files and you can use those files to import data into 10.0 box.
  Regards,
  Alpesh

• GRC 4.0 running with GRC 10.1 plugins

  Hi Everyone,
  I am commencing a GRC Access Control 10.1 migration Proof of Concept for my current customer. We do not have the luxury of a project environment or of system copying the ERP Development system. GRC AC 4.0 content is currently in use in ERP Production, so the ERP Development system is the configuration master for the GRC 4.0 content.
  One of the ealry steps in the migration guide is installing the GRC 10.1 plugins. I have searched on here and on SAP notes but cannot find a definitive answer, though there are a number of threads which come very close to what I need.
  My question is simple: once I have installed  the 10.1 plugins will the GRC AC 4.0 content still function?
  This is important to us since there is no knowing whether out Proof of Concept will be approved to become a full project. If installing the GRC 10.1 plugins breaks the GRC AC 4.0 content and the project is not approved to continue, we will then have a broken system landscape.
  If anyone has any personal experience of this scenario I would greatly appreciate hearing what you have to say. I assume that experience of the 10.0 plugins will be relevant if that is what you have.
  Looking forward to hearing from you,
  Kind regards,
  Andy

  Thanks for your response Harinam. Must admit I thought more people on here would have had experience of this jump, but clearly most people went from 4 to a 5.x system. In some ways it is a very good thing the customer has held back from jumping to Java.
  Anyway, I had logged a message with OSS in parallel to posting here, thought I would get a good balance of views doing both.
  Here is the official answer we received :
  Once the GRC 10.1 plugin will be installed on the GRC 4.0 system,
  though the 4.0 product is still accessible and the data will still
  remain in the tables, it is no longer supported and it must be clear
  to your users and administrators that the 4.0 product is not to be
  used with the v10.1 plugin.
  SAP Active Global Support
  SAP Labs Palo Alto
  So although I could argue that 4.0 is unsupported so what is the difference, this response is useful to our project team as it further justifies the need to upgrade.
  I am still interested in hearing from anyone who has done this migration path and tried the old tcodes, to know for sure what the result would be.
  I assume also based on the response from OSS we should lock the 4.0 tcodes to make sure no-one hits an old favourite, seeing as they clearly are not removed as part of the migration process.
  cheers,
  Andy

• GRC AC 5.3 Hardware RAM specification of 1 J2EE system.

  Hello,
  I have a hardware doubt... We want to install the SAP GRC AC 5.3. The four application in the same SAP NW 7.0 AS Java instance.
  I have read some specification about each application, it talked about the SAPs that it need it each one.
  The question is... Do I have tu add all the RAM of each application, or do I have to get only the bigger RAM application???
  What I mean is do I have to add the RAR, ERM, CUP & SPM RAM of each other, or do I have to get the bigger RAM to use in the J2EE system???.
  Best Regards...
  pablo Mortera.

  Hi Pablo,
     It depends on which functionalities you will be executing at same time or simulataneously.
  It should be mentioned in the AC 5.3 sizing guide at
  https://websmp208.sap-ag.de/~form/sapnet?_SHORTKEY=00200797470000071612&_SCENARIO=01100035870000000112&_OBJECT=011000358700000435122007E
  Did you use T-shirt sizing or Expert sizing? My personal recommendation is to have enough SAPs available for Risk analysis in RAR, CUP and ERM and management report. All other activities are mostly initial synchronization.
  Regards,
  Alpesh

• GRC 10.1, AC - BC set with Warnings and no data

  Hi Gurus,
  We are on GRC 10.1. We activated the BC set GRAC_RA_RULESET_SAP_R3, which ended with warnings, but no errors. Warning messages in two sets as below:
  1.
  VC_GRFN_CCI_TS_CONNECTOR
  Customizing object VC_GRFN_CCI_TS_CONNECTOR passed to activation
  VC_GRFN_CCI_TS_CONNECTOR
  View V_GRFNCONNTYPE: View cluster VC_GRFN_CCI_TS_CONNECTOR does not contain data at all levels
  VC_GRFN_CCI_TS_CONNECTOR
  View V_GRFNCCICONNECT: View cluster VC_GRFN_CCI_TS_CONNECTOR does not contain data at all levels
  VC_GRFN_CCI_TS_CONNECTOR
  View V_GRFNCONNGRPTYP: View cluster VC_GRFN_CCI_TS_CONNECTOR does not contain data at all levels
  VC_GRFN_CCI_TS_CONNECTOR
  View V_GRFNCGRPCONLNK: View cluster VC_GRFN_CCI_TS_CONNECTOR does not contain data at all levels
  VC_GRFN_CCI_TS_CONNECTOR
  Activation of customizing object VC_GRFN_CCI_TS_CONNECTOR ended with warning
  2.
  Object
  Message Text
  GRFNVC_CCI_TS_CONNECTOR
  Customizing object GRFNVC_CCI_TS_CONNECTOR passed to activation
  GRFNVC_CCI_TS_CONNECTOR
  View V_GRFNCONNTYPE: View cluster GRFNVC_CCI_TS_CONNECTOR does not contain data at all levels
  GRFNVC_CCI_TS_CONNECTOR
  View V_GRFNCCICONNECT: View cluster GRFNVC_CCI_TS_CONNECTOR does not contain data at all levels
  GRFNVC_CCI_TS_CONNECTOR
  View V_GRFNCCISSEQCON: View cluster GRFNVC_CCI_TS_CONNECTOR does not contain data at all levels
  GRFNVC_CCI_TS_CONNECTOR
  View V_GRFNCONNGRP: View cluster GRFNVC_CCI_TS_CONNECTOR does not contain data at all levels
  GRFNVC_CCI_TS_CONNECTOR
  View V_GRFNCGRPCONLNK: View cluster GRFNVC_CCI_TS_CONNECTOR does not contain data at all levels
  GRFNVC_CCI_TS_CONNECTOR
  Activation of customizing object GRFNVC_CCI_TS_CONNECTOR ended with warning
  When we go and look for the ruleset files, which ideally should have been populated after the ruleset for the BC set is generated, we see only the Risks being populated in NWBC. Neither the functions or the ruleset names appear there and same is the case for the Business Processes, which are still not populated.
  Anyone has any clue how to resolve this?
  Thanks & Regards,
  Hersh

  Thanks for your response Harinam. Must admit I thought more people on here would have had experience of this jump, but clearly most people went from 4 to a 5.x system. In some ways it is a very good thing the customer has held back from jumping to Java.
  Anyway, I had logged a message with OSS in parallel to posting here, thought I would get a good balance of views doing both.
  Here is the official answer we received :
  Once the GRC 10.1 plugin will be installed on the GRC 4.0 system,
  though the 4.0 product is still accessible and the data will still
  remain in the tables, it is no longer supported and it must be clear
  to your users and administrators that the 4.0 product is not to be
  used with the v10.1 plugin.
  SAP Active Global Support
  SAP Labs Palo Alto
  So although I could argue that 4.0 is unsupported so what is the difference, this response is useful to our project team as it further justifies the need to upgrade.
  I am still interested in hearing from anyone who has done this migration path and tried the old tcodes, to know for sure what the result would be.
  I assume also based on the response from OSS we should lock the 4.0 tcodes to make sure no-one hits an old favourite, seeing as they clearly are not removed as part of the migration process.
  cheers,
  Andy

• GRC AC CUP 5.3 -don't have all pre configured configuration settings

  Hi All,
  we installed all the GRC AC 5.3 components. In the CUP component we see all the WF types (in the miscellaneous screen) but we do not have all their WF definitions (meaning initiator, stages, paths...) - we have those definitions only for the ERM WF.
  Any ideas why is that and can we solve this ?
  Thanks
  Yudit

  Hi Yudit,
  You need to create all of them in CUP according to your company scenarios.
  These are default workflow types through which your workflow will work, but you need to create workflows.
  Even for ERM, you need to create workflows.
  Please refer to Config Guide for AC 5.3, goto -
  https://websmp102.sap-ag.de/~form/sapnet?_SHORTKEY=01100035870000718172&
  In left hand side, click - SAP GRC Access Control - SAP GRC Access Control 5.3 - Configuration Guide - SAP GRC Access Control 5.3
  Hope it helps.
  Thanks & Regards,
  Sabita

• GRC: Landscape and Installation

  Dear All,
  My Company want to implement SAP GRC Access Control, in many of source i've found that SAP GRC is divided into 3 sequences:
  1. Get Clean
  2. Stay in Clean
  3. Stay in Control
  My Question is:
  1. What is the software files to implement each of them sequences?
  Actually i've read the master guide and installation guide from market place for this installation but still confused about this landscape of this installation, Please help me to install fresh SAP GRC 5.3 all above sequences? any other references?
  Thanks in advance.

  Hello
  You are right, that the SAP GRC Access controls implementation is generally shown in three stages.
  1.Get clean
  2.Stay clean
  3.Stay-in-control
  We have four products / modules in SAP GRC Access controls :
  1. Risk Analysis and Remediation (RAR)
  2. Enterprise Role Management (ERM)
  3.Compliant User Provisioning(CUP)
  4.Superuser Privilege Management (SPM)
  GET-CLEAN : The access and authorization management starts with installation and configuration of RAR. RAR helps to identify all the existing SOD (segregation of duty) violations in the backend ERP systems. Once the SOD violations are identified, these will be addressed either by removing the risks from the system or introducing mitigation controls for the risks.
  STAY-CLEAN : We have three products here to install and configure in this stage, i.e ERM, CUP and SPM.
  ERM : It helps in preventing further introduction of SOD violations in to the system, by making the risk analysis of roles at the point of creation itself.
  CUP : Ensures the user management (assignment of roles ) is free of SOD violations
  SPM : Ensures the actions of superusers free of SOD violations by tracking and controlling their activities effectively
  RAR, ERM, CUP and SPM have many more benefits which will be helpful in effective access and authorization management and I mentioned only the relevant points here.
  Further, all these four  products are independant of each other and the sequence of configuration depends on the client's requirement. However, the integration of these products helps to reap the complete benefits of access control suite.
  The general sequence of configuration would be:
  RAR -> SPM -> CUP -> ERM
  The  Master, security, configuration guides of these products can be found @ http://help.sap.com/  businessobjects/accesscontrols and  the best practices @ SDN
  STAY-IN-CONTORL : Involves continuous review of existing access and cuthorization managment to ensure that the ERPs are free of SOD violations.
  Regards
  Swarna

• SAP ECC upgrade - Impact to GRC

  Hi Forum guru's,
  We have a client that is currently using all 4 components of GRC AC Version 5.3 running on ERP 4.7.  The client will be upgrading shortly to ECC6 and I would like to ascertain some important tasks required from a GRC functional point of view and the components that will be the most impacted.
  1) New connectors will be created for each component. 
  2) RA&R: Re-upload of auth objects and full re-generation of rules.
  3) ERM: New connectors to be added to the current landscapes and roles uploaded.
  4) SPM: Component to be fully re-configured on the new system
  5) CUP: Existing workflows will apply as they do not use the "system" as the initiators.
  Is there any other important steps from a functional point of view that I am missing?. Please advise.
  Rgds,
  Prevo

  Hello Prevo,
  1) New connectors will be created for each component.
  -> Not required. Existing Connectors created in each of the component of GRC for 4.7 system will work. Just need little modifications.
  2) RA&R: Re-upload of auth objects and full re-generation of rules.
  ->  Right.
  3) ERM: New connectors to be added to the current landscapes and roles uploaded.
  -> No new connectors required and can use the existing connector after little modification.
  4) SPM: Component to be fully re-configured on the new system.
  -> Upgrade of RTA component will upgrade the SPM component as well.
  5) CUP: Existing workflows will apply as they do not use the "system" as the initiators.
  -> right.
  To enable AC5.3 to be used with ECC system, you will need to install the RTA of 5.3 for ECC 6.0 system. You can download this RTA from the SAP service market place and then install them. This will ugprade your existing RTA component installed for SAP 4.7 to RTA for ECC6.0.
  You can follow instructions on Upgrade guide for more information about the upgrade. Also, there are SAP Notes available which you can use.
  Regards, Varun

• Latest Support Packs for GRC 5.3

  Hi,
  What are the support packs do we need to install for SAP GRC 5.3 in R/3 level and J2E level?
  Are those VIRSAHR 530_700 and VIRSANH 530_700?
  Other than that do we need to install any other latest packs which belongs to Basis and ABAP etc.
  Please check and advice in this.
  Thanks & Regards,
  KKRao.

  Hi,'
  In GRC System , we need to deploy the software using JSPM.
  The latest patch level for GRC Acess control  5.3 is sp08
  In the ECC system we need to install addon RTA
  VIRSAHR 530_700---patch level is SP06 SAPK-53306INVIRSAHR
  VIRSANH 530_700---patch level is SP08 SAPK-53308INVIRSANH
  you can download from
  http://service.sap.com/swdc
  Support Packages and Patches>SAP Solutions for Governance, Risk and Compliance> SAP GRC Access Control> SAP ACCESS CONTROL> SAP GRC ACCESS CONTROL 5.3> RTA on ERP 2005
  Hope this will help you.
  Thanks & Regards
  Gangadhar