Risk Analysis failure in CUP
Hi Experts,
We have upgraded our sandbox from GRC Access Controls v5.2 to version v5.3 SP7. I am now getting the following error when doing CUP Risk Analysis to RAR:
Risk analysis failed: Exception from the service : Risk Analysis failed
Any ideas?
The Connection Names are the same for CUP and RAR.
Here is the CUP log for the error:
2009-05-11 17:17:12,562 [SAPEngine_Application_Thread[impl:3]_36] ERROR com.virsa.ae.core.BOException: Exception from the service : Risk Analysis failed
com.virsa.ae.core.BOException: Exception from the service : Risk Analysis failed
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1073)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:300)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:109)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by: com.virsa.ae.service.ServiceException: Exception from the service : Risk Analysis failed
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:586)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Hello All,
I am having the same issue in CUP
EXCEPTION_FROM_THE_SERVICERisk Analysis failed
com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed.
The Password for the web service has not expired or the URI is the same as the CCRiskanalysis service and as well the connectors have the same name in RAR & CUP.
It worked till yesterday and stopped working suddenly. Any help is appreciated.
Similar Messages
-
Risk Analysis in a CUP request
Is there any way to run a Risk Analysis in a CUP request on different Rule Sets?
Letu2019s say you have 3 different Rule Sets like US - EU u2013 Global defined in RAR. Each one includes its own risks. In a CUP
request, it shows risks based on the u201CVirsaCCRiskAnalysisServiceu201D defined in your CUP config.
In our case we use the global Rule Set but the problem is for an EU request you can have US risks appearing that must be mitigated even if those risks are not relevant for EU.
It would be great if we could link the attributes Company or Functional Area directly to a specific rule set.
Please help/comment on this issue.
RegardsHi,
When we perform risk analysis on the request, ruleset for the risk analysis for CUP request is picked from RAR default values.
RAR-> Configuration-> Default Values-> Default rule set for risk analysis.
This rule set is picked by CUP to perform the risk analysis.
With the current design it is not possible to link the attributes Company or Functional Area directly to a specific rule set.
Kind Regards,
Srinivasan -
Hi,
We have same connector name in CUP and RAR but risk analysis failed and throws error "Risk analysis failed: ExceptionRisk Analysis failed"
have a look on detailed log as follows.
2012-01-03 17:54:54,044 [SAPEngine_Application_Thread[impl:3]_7] ERROR Ignoring exception : com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9923', Locale: 'en'
com.virsa.ae.service.messaging.MessageNotFoundException: Code: '9923', Locale: 'en'
at com.virsa.ae.service.messaging.MessageFormatter.formatAsText(MessageFormatter.java:103)
at com.virsa.ae.commons.utils.JSValidationUtil.getMessage(JSValidationUtil.java:467)
at com.virsa.ae.commons.utils.JSValidationUtil.formatMessage(JSValidationUtil.java:523)
at com.virsa.ae.commons.utils.JSValidationUtil.formatMessage(JSValidationUtil.java:548)
at jsp_common_import_export1321962467821._jspService(jsp_common_import_export1321962467821.java:60)
at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.include(RequestDispatcherImpl.java:509)
at com.sap.engine.services.servlets_jsp.server.jsp.PageContextImpl.include(PageContextImpl.java:176)
at jsp_cfg_support1321962466399._jspService(jsp_cfg_support1321962466399.java:148)
at com.sap.engine.services.servlets_jsp.server.jsp.JspBase.service(JspBase.java:112)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:566)
at com.sap.engine.services.servlets_jsp.server.servlet.JSPServlet.service(JSPServlet.java:190)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at
Thanks,
nayanaHi,
We have uploaded the latest xml files as per service pack still getting message risk analysis failed . Have a look on following log
and advice me.
2012-01-04 23:45:45,273 [SAPEngine_Application_Thread[impl:3]_32] ERROR com.virsa.ae.core.BOException: ExceptionRisk Analysis failed
com.virsa.ae.core.BOException: ExceptionRisk Analysis failed
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1167)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:381)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:118)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by: com.virsa.ae.service.ServiceException: ExceptionRisk Analysis failed
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:591)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Thanks,
nayana -
CUP 5.3 (SP12) Risk Analysis Errors in CUP
Hello Experts,
When I run risk analysis in CUP for user provisioning. I get an error message:
Risk analysis failed: Exception in getting the results from the web service : Service call exception; nested exception is: java.lang.Exception: Incorrect content-type found 'text/html'
Connector names are the same across all the components. We have a CUP test environment with SP11, and we did not have this kind of errors. I virtually tried everything I could.
If you can, please assist me.
HMHello HM,
I had this error when I first upgraded to SP12 but I don't know if it is a SP issue or not.
My CUP --> RAR SOD Analysis works for me on SP12.
You might try double checking the following:
1. Check all CUP configuration Web Service parameters in CUP --> Configuration --> 1) Risk Analysis & 2) Mitigation.
2. Check that you uploaded the latest UME roles that were delivered with SP12.
3. Check the UME user that is configured in CUP for risk analysis to make sure the password is still correct and that it has enough assigned roles.
4. Make sure you uploaded all the required XML configuration files to CUP --> Configuration --> Initial System Data. -
How to verify Risk Analysis done for CUP request?
We are on GRC 5.3 SP 13.
Is there a way to verify whether a Risk Analysis was performed during a stage for a CUP request?
We have a CUP request that should have generated a SOD Risk when it was processed. However the closed request shows no risk or mitigations on it. The approvers say they ran a Risk Analysis, and the workflow stage does have that set as mandatory. Also, you do get SODs if you run a User Analysis for this userid in RAR directly, so it looks like the request should have had them also.
Is there any way to verify whether a Risk Analysis was actually performed in the CUP request workflow stage?
At this point I don't know if this is a problem with the CUP Risk Analysis, or if the user just didn't run one and the system let that slip thru somehow.
Thanks.I bellieve you can log into RAR>RAR Debugger>View Server Log>You can search on Analysis. If your are getting any errors they will also show up here.
Example:
INFO: Foreground : Analysis starts:
Mar 9, 2012 3:44:23 PM com.virsa.cc.xsys.meng.ObjAuthMatcher <init>
FINEST: ObjAuthMatcher constructed: 0ms, #singles=11, #ranges=0, #super=0
Mar 9, 2012 3:44:23 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Foreground : Analysis done: 55550000 elapsed time: 49 ms
Mar 9, 2012 3:44:23 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Foreground : 1 out of 1 (100%) done
Mar 9, 2012 3:44:23 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
INFO: Foreground : All Analysis done, elapsed time: 64 ms , memory usage: free=782M, total=2048M
Mar 9, 2012 3:44:23 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis -
Hello Team,
we got GRC 5.3 SP11, we have now started modifying our roles from ERM, the issue we are facing now is Risk analysis failing for any role from ERM.. please find the log content below and help!!
2010-12-30 07:30:29,703 [SAPEngine_Application_Thread[impl:3]_38] ERROR Risk Analysis failed for sytem: 'TRDCLNT200'; Return Message: 'Risk Analysis failed'
2010-12-30 07:30:29,703 [SAPEngine_Application_Thread[impl:3]_38] ERROR Risk Analysis failed
java.lang.Throwable: Risk Analysis failed
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getObjViolations(RiskAnalysisEJBDAO.java:871)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingObjects(RiskAnalysisEJBDAO.java:637)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingObjects(RiskAnalysisEJBDAO.java:674)
at com.virsa.re.bo.impl.RiskAnalysisBO.performObjLvlRiskAnalysis(RiskAnalysisBO.java:918)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysisOnSystem(RiskAnalysisBO.java:212)
at com.virsa.re.role.actions.RiskAnalysisAction.performRiskAnalysisOnMultipleRoles(RiskAnalysisAction.java:604)
at com.virsa.re.role.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:427)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:358)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2010-12-30 07:30:29,704 [SAPEngine_Application_Thread[impl:3]_38] ERROR com.virsa.re.role.actions.RiskAnalysisAction
java.lang.Throwable: Risk Analysis failed
at com.virsa.re.bo.impl.RiskAnalysisBO.performObjLvlRiskAnalysis(RiskAnalysisBO.java:975)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysisOnSystem(RiskAnalysisBO.java:212)
at com.virsa.re.role.actions.RiskAnalysisAction.performRiskAnalysisOnMultipleRoles(RiskAnalysisAction.java:604)
at com.virsa.re.role.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.framework.NavigationEngine.execute(NavigationEngine.java:273)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:230)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:427)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:358)
at com.virsa.framework.servlet.VFrameworkServlet.service(VFrameworkServlet.java:286)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.runServlet(FilterChainImpl.java:117)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:62)
at com.virsa.comp.history.filter.HistoryFilter.doFilter(HistoryFilter.java:43)
at com.sap.engine.services.servlets_jsp.server.runtime.FilterChainImpl.doFilter(FilterChainImpl.java:58)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:384)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)Hi,
Is the connector name ''TRDCLNT200'' same in ERM and RAR? Make sure to maintain webservice URL with right username and password. Also, check to see if the password is not expired or not an initial password.
Regards,
Alpesh -
Risk analysis failed: Exception from the service : Invalid System
I'm trying to get the risk analysis performed for CUP requests. When I'm in the process of creating a request, and I add roles to the request and then click on the risk analysis button, I get the above error.
I checked the URI that I've included in the Risk Analysis section of the configuration and I believe it is correct:
http://<server>:<port>/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
I've selected 5.3 web service, and I have provided a user ID that has admin rights.
What do you think is the reason this error is being thrown?
The error in the log is:
2009-11-19 15:04:31,821 [SAPEngine_Application_Thread[impl:3]_39] ERROR com.virsa.ae.core.BOException: Exception from the service : Invalid System
com.virsa.ae.core.BOException: Exception from the service : Invalid System
Thanks,
SantoshFrank,
Thanks for your response. I was thinking along these lines already and so I have tried to do as you suggest. However it didn't work and the log indicated that it didn't like my connector name (even though the connector name is now the same as in RAR).
Caused by: com.sap.tc.webdynpro.services.exceptions.WDRuntimeException: Failed to resolve JCO destination name 'SANDBOX' in the SLD. No such JCO destination is defined in the SLD.
However, I looked at one of the online post installation checklists for CUP and I gathered that it might be necessary to have the JCo itself renamed at the backend to reflect the name used in RAR, and that should populate into my connector list within CUP (when you click on the magnifying glass).
I'm waiting to try that out, but I'm not sure about any secondary impact of making a change to the JCo name.
Let me know what you think about that move.
Thanks,
Santosh -
CUP : RISK ANALYSIS FAILED for Multi systems
Greetings,
Risk Analysis through CUP is failing on a request containing multi system access.
There are 2 systems requested on the same CUP request form. At the stage of Risk analysis is to be performed the risk analysis errors out as the risk analysis is performed on the entire request across both the systems, After the receiving the error when an individual system is selected the RA is performed with out any failure on both the systems independent of each other
I have check already check the below and they seem working fine without any issue
1. The admin passwords have been checked in both the systems (backend) as well as in the UME.
2. The risk analysis web service works as expected and there is no failure.
3. The connectors have the same name both in CUP & RAR no difference
4. SAPJCO connectors are appropriately setup in the SLD for both the systems and they work when tested out.
5. The URI is setup correct and no issue identified there.
6. Both the systems request have the same stage/path and the custom approver determination appropriately setup
When the approver tries to approve the request Risk analysis is setup as a mandatory task and when the RA is performed the system takes the default "ALL" and errors out, when you choose a specific system and perform you get the required results without any failure. Below is the java dump for the error.
Please let me know if I have missed anything?
Line: -
2011-03-09 10:16:11,264 [SAPEngine_Application_Thread[impl:3]_28] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2011-03-09 10:16:11,278 [SAPEngine_Application_Thread[impl:3]_28] ERROR Exception during EJB call, Ignoring and trying Webservice Call
com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
... 28 more
2011-03-09 10:19:32,401 [SAPEngine_Application_Thread[impl:3]_28] ERROR com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.virsa.ae.service.ServiceException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:587)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Edited by: Angara Rao on Mar 9, 2011 5:15 PMGreetings,
Risk Analysis through CUP is failing on a request containing multi system access.
There are 2 systems requested on the same CUP request form. At the stage of Risk analysis is to be performed the risk analysis errors out as the risk analysis is performed on the entire request across both the systems, After the receiving the error when an individual system is selected the RA is performed with out any failure on both the systems independent of each other
I have check already check the below and they seem working fine without any issue
1. The admin passwords have been checked in both the systems (backend) as well as in the UME.
2. The risk analysis web service works as expected and there is no failure.
3. The connectors have the same name both in CUP & RAR no difference
4. SAPJCO connectors are appropriately setup in the SLD for both the systems and they work when tested out.
5. The URI is setup correct and no issue identified there.
6. Both the systems request have the same stage/path and the custom approver determination appropriately setup
When the approver tries to approve the request Risk analysis is setup as a mandatory task and when the RA is performed the system takes the default "ALL" and errors out, when you choose a specific system and perform you get the required results without any failure. Below is the java dump for the error.
Please let me know if I have missed anything?
Line: -
2011-03-09 10:16:11,264 [SAPEngine_Application_Thread[impl:3]_28] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2011-03-09 10:16:11,278 [SAPEngine_Application_Thread[impl:3]_28] ERROR Exception during EJB call, Ignoring and trying Webservice Call
com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
... 28 more
2011-03-09 10:19:32,401 [SAPEngine_Application_Thread[impl:3]_28] ERROR com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.virsa.ae.service.ServiceException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:587)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Edited by: Angara Rao on Mar 9, 2011 5:15 PM -
CUP 5.3: risk analysis in workflow impossible due to web service performance?
Hello experts,
We are facing a huge challenge within a AC 5.3 implementation.
Here, AC has been used successfully with CUP and RAR for quite some time now. However, the RAR analysis has not yet been integrated into the CUP workflow. We would like to integrate the RAR analyis in CUP now.
Based on the existing role concept (that uses functional master roles and derived roles per company code, with ca. 30 company codes in place) and the shared service operations in some areas such as FI, there is a large number of users with many roles and consequently, many SoD risks (of course, they are all "repeat" risk per company code).
This leads to a long RAR analysis run time, but it's still acceptable. Analysis on permission level for such "power users" runs about 1 minute, on action level about 5-6 seconds.
However, the web service between RAR und CUP is a problem and cannot cope with our violations. We have currently set the threshold to 75000. In this case, the analysis + web service runs 1-2 minutes. However, we have some users with 200-300.000 violations. In this case, if we deactivate the threshold, we will experience a web service time-out eventually, even with analysis on action level because the amount of violations the web service has to process is the same (or even higher with some false positives).
We also have compensating controls in place for these power users, which will of course reduce the web service run-time considerably. However, this is not applicable to NEW user requests because for those, the compensating controls will be assigned only AFTER the risk analysis has taken place and the risk manager receives the workflow item.
Has anyone experienced this in the past and found a viable solution or work-around? We are basically short of options and considering dropping the project.
Note: An upgrade to 10.X is not (currently) a solution because this upgrade is scheduled and budgeted only for later.
Thanks a lot and best regards
PatrickAny opinions on this?
Cheers and thanks
Patrick -
Risk analysis after approval in CUP
Hi,
Can it be possible? CUP to do automatic risk analysis after the request is approved by the role approvers. If there are no risks, roles will get provisioned. If risks exist based on the risk ID to have the request forwarded to the risk owner where the mitigation control, monitor details are entered.
Please provide your inputs.
Thanks
R RNot a good idea, generally.
What you can do is have the risk analysis performed automatically on request submission. The approvers would see the risks, but you can allow them to ignore them and have a detour on the last approval step.
This has a few quirks:
- if your last approval is a role approver, i.e. there may be a split approval to several people, the detour is tricky.
- if one of the approvers changes something in the request, the risk analysis is invalid.
I would also question the general idea - usually in case of risks, one of the approvers should also take action. If all they do is approve, get them out of the way.
Unfortunately there is no step that says "automatic risk analysis, no manual approval required". That's an enhancement I would also welcome.
Frank. -
CUP Risk Analysis results are not shown, continues processing request
We have several users that complain the risk analysis in CUP never finishes. Requests do not contain risks or huge amount of risks which could explain a long runtime.
With one user we checked, the user is never getting the risk analysis result on his screen. Sitting together with the user shows that the progress bar at bottom of IE is completing analysis, however the screen is not updated to show the risk analysis result and continues to show the processing circle.
On other pc's CUP risk analysis result is shown as expected, so it must be some issue in local PC Internet Explorer settings.
Environment used is Windows XP with IE 8. GRC version is 5.3.
Have any of you experienced the same? And is there a solution available that will resolve this issue, by e.g. correcting settings in IE 8?Hello!
If you want to successfully use GRC 5.3 with IE8, you have two options:
1) Change a parameter in the server
2) use the compatibility mode.
3) Update NW
refer to [Note 1347768 - Web Dynpro and Microsoft Internet Explorer Version 8.0|https://service.sap.com/sap/support/notes/1347768]
I dismiss option 2, because it requires to change in every end user computer, so I've been working with option 1 without problems. Bear in mind that NW 7.01 is supported: [Note 1433940 - Access Control compatibility on Netweaver Java server 7.01|https://service.sap.com/sap/support/notes/1433940]
Cheers!
Diego. -
GRC 5.3: CUP risk analysis VS. RAR risk analysis
I've installed and configured RAR and CUP. When I do a risk analysis simulation in RAR on a user for adding a role, it comes back with no conflicts. When I go into CUP and make a new request for adding the same role to the same user, it comes back with risk violations, but it looks like they are critical actions that are being flagged. Why is there a discrepancy, and how do I go about getting the same risks in CUP as I do in RAR?
>
Frank Koehntopp wrote:
> I guess the behaviour is on purpose.
>
> In RAR, you can do a selective analysis on only one kind of risk. You usually only need to do that in the remediation process, where this kind of selection is helpful to track down the root cause (although I'd like to have an ALL option in RAR as well...)
>
> In CUP, you do want to see any kind of risk that might arise from a role assignement to a user.
>
> I have to say, I can not really understand why you'd want to switch off critical action or permission risks here. The user analysis in RAR and CUP serve two different purposes, hence I cannot see a bug here. If you have defined critical risks, why would you not want to see them???
Hi Frank,
I understand your point, but we are in the same situation as the others. We do not want to see Critical Action Risks in CUP because this is a separate process (for us) than Permission Level Risks Analysis piece. With our current structure, our Security Admins use RAR to run Permission Level Risk Analysis and mitigates appropriately. A separate compliance group uses the Critical Action reports to see who has what Critical tcodes, etc. We do not mitigate these "risks," we more or less use it as a report.
I do not understand what you mean when you say "The user analysis in RAR and CUP serve two different purposes" - I feel it should be the same purpose, to ultimatley simulate if adding security to a user will cause SOD violations. If I have CUP configured to do Permission Level Analysis, that's all I want to be seeing in CUP.
Let me know if I need to clarify further. -
Hi Experts,
OUR GRC AC system configuration is: GRC AC 5.3 CUP Patch 7.0. One of our enduser has requested for a new role through CUP. While the manager performs the risk analysis, it is showing the following error: "Risk Analysis failed: Exception in getting the result from the webservice: service call exception, nested exception is: java.net.socket Timeout Exception: Read timout".
Below is the system log of CUP for futher reference:
2009-12-02 11:08:41,428 [SAPEngine_Application_Thread[impl:3]_12] ERROR com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1073)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:300)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:109)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
com.virsa.ae.service.ServiceException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:343)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:451)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:569)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Caused by:
java.rmi.RemoteException: Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:90)
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:99)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:311)
... 28 more
Caused by:
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:153)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:200)
at java.io.BufferedInputStream.read(BufferedInputStream.java:218)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.readLine(HTTPSocket.java:806)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getInputStream(HTTPSocket.java:341)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getResponseCode(HTTPSocket.java:250)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getResponseCode(HTTPTransport.java:362)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:553)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1432)
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:83)
... 30 more
Could anyone please analyze, where it went wrong.
Thanks a lot in advance.
Regards,
GurugobindaWe are facing this issue as well. This is seen in requests where there are a lot of conflicting roles requested, or if the user on the backend already has many SoD conflicts.
How many risk violations did show up in the RAR simulation? Seems that above 1000 you will get performance issues in CUP risk analysis.
We are also on SP7 and we did receive a reply from SAP that the risk violation threshold can be changed in RAR as of SP9:
=======================================================
From CUP 5.3 SP9 onwards, we have one parameter in RAR in
'Configuration>Risk Analysis>Performance Tuning' which will
enable you to set threshold violation limit for the Risk Analysis web
service. The name of the attribute is 'Threshold Violation Limit for webservice' and default value of this attribute is 1000.
When you perform risk analysis from CUP and the violation data count
exceeds this limit then error message will appear.
Setting this attribute will help tuning your performance.
==========================================================
Regards,
Stefan. -
SAP GRC AC 5.3 CUP Risk Analysis issue
Hi all,
I have assigned a new SoD Role to a user, who has been given previously other SoD Roles that were authorized to assingn, then I launched the Risk Analysis and it shows the risk between the previously SoD Roles, but I want to see the new posible risks between the new SoD Role and the others.
Is there any parameter into CUP to set up that controls the issue ? How must I do?
Thanks in advance.
Regards.Hi Chinmaya,
Firstly, thanks for your help and support.
According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that risks showed as mitigated?
Thanks, regards. -
Did CUP risk analysis change with SP7?
Dear GRC experts,
I am pretty sure when we tested CUP 5.3 SP4 when doing risk analysis it would only show new risks caused by new roles selected in request (like Risks from Simulation Only YES in RAR). Exisitng risks for that user would not be shown.
Now with CUP 5.3 SP7 fix1 we get the existing risks shown as well not in any way related to the role(s) selected, which will be confusing to the role approvers. E.g. role request is display role, approver needs to run risk analysis and gets existing risks shown. He/she can not deselect roles to remove risks as only display role is in request. There might be no mitigating controls for those risks (creation of new mitigating controls is blocked). This would end up in requests with risks even though the requested role is not risk relevant, or even request gets stuck because no mitigatign control exists and config is set to do not allow approval of requests with risks.
Please confirm if indeed only new risks where shown in CUP risk analysis in previous support pack levels or rel. 5.2, or that I am mistaken and all risks where always shown at risk analysis in CUP.
Principally I think existing risks should be focus of GET CLEAN effort. Risk analysis in CUP should focus on preventing new risks at part of STAY CLEAN phase.Hi,
When we run Risk Analysis for the user, it will show the existing violations as well as the violation which are there with new roles also.
When we click on Risk Analysis under Simulation tab we can find Risk Violation details.
Here I have a doubt, how to deselect violation role while approving request. I m unable to find that option. Please advice.
Thanks & regards,
KKRao.
Edited by: KKRao_2020 on Oct 9, 2009 9:22 AM
Edited by: KKRao_2020 on Oct 9, 2009 9:27 AM
Maybe you are looking for
-
How do I sync voice memos and notes?
I use windows and will never use a MAC as I hate them and only like apples Iphone. I have an Iphone 5 and use version 11.0.2.26 of itunes. I had an older Iphone 4g with lots of voice memos on it and I cannot for the life of me figure out how to
-
Before updating software (10.6.8), in Mail, clicking a message in the inbox caused the message to appear in its own separate window-- not just in the pane below the inbox. I'm not sure why this function is no longer available. I guess I could delete
-
Contacts and calendar disappeared?
All my contacts and calendar events have just disappeared. I only have the iPad mini so I am not connected to any other device. I can't even enter a new event on my current blank calendar. How do I get my info back? Thanks
-
Events added on my iPhone calendar do not sync back to my mac calendar
I run a business and it is imperative that my phone and mac calendars match. If they do not, I can double book myself and as much as I wish I could be in 2 places at once, I have not yet figured out cloning. I have the latest version of IOS8 on my i
-
I cant receive international messages on my e63
please help me find out what could be the problem with my messaging.i cannot receive international messages on my e63 but i can send international messages. I can receive local and send local plus international but i cant receive international messag