Risk Analysis for SAP HR structural authorization

Hi experts, for those who are familiar with SAP HR structural authorization setup, can you advice what tools out there are able to implement risk based on Structural Authorization as well.
SAP RAR/CC is not able to do this at the moment, but i am not sure if tools like CSI has the capabilities.
Appreciate the advice.

Hi,
Structural Authorizations "sits" on Standard authorizations. These Structural Authorizations   will need to be defined manually ( as far as I know) depending on the "Evaluation Path".
Award points if answer was useful.
Thanks

Similar Messages

  • While doing risk analysis for profiles the web service is taking 20 minutes

    Hi All
    Iam using SAP GRC 5.2 ( As per clients requirement)
    Iam using  VirsaCCRiskAnalysisService web service
    For roles it is working fine
    But when iam doing risk analysis for profiles( S_A.DEVELOP and  S_CUS_CMP)  it is taking upto 20 minutes to give results back
    Is there any way in which we can reduce the time taken to fetch the results
    Thanks

    Hello Mph,
    This is mainly bcz these profiles are a bit heavy and have huge number of authorizations in each of them. Also since these are critical, these would be having a large number of risks which explains the reason for the delay.
    Now, besides what Harleen mentioned, what I would also recommend to you is to check the number of threads etc in the config you have done. These are the parameters which you can often change and update as per your requirements and have a great impact on the performance as well, without the need to deploy extra hardware, which is usually a pain for most organizations.
    Regards,
    Hersh.
    http://www.linkedin.com/in/hersh13

  • SAP HR Structural Authorizations

    Hi Experts,
    I need a help regarding SAP HR Structural Authorizations.
    Currently our HR System is set with structural authorizations were in
    users will be accessing HR Org structure with different pd-profile and HR relationships (with Org units ex:
    assistant relation, manager relation).
    Now we want to design the roles based on company codes, where users should be able to see
    all organization units within company code 'xyz'.
    Do we need to create new pd-profile or new HR relationships or just restrict within existing HR roles for
    accessing organizations units within different company codes.
    Please guide me steps to proceed with this requirement?
    Your early response is highly appreciated, thanks in advance......

    You will need to talk to the HR folks about this and whether any employee grouping on the HR side matches a company code unit on the FI side to use in the authorizations.
    This means that HR data and processes are also aligned to finance processes, which was often the case with local HR systems but less so with global ones.
    The answer is on your side in the data and the processes. There is no single field which you can use for both, let alone an org. level field known to structural authorizations.
    Cheers
    Julius

  • Risk Analysis for Third party ERP system

    We want to perform offline risk analysis for third party ERP(SRM) system.... We have already GRC system installed with Global rule set for SAP ERP & want to have another ruleset for offline risk analysis.
    Just would like to have a confirmation for below steps & estimated time for this.
    Activities Need to be performed from Our side(Client) :-
    1) Send the RAR format for Users/Roles/Actions & Permissions.
    2) Cross Verify the format.
    3) Create the connector for stored files.
    4) Upload the files via Data Extraction utility.
    5) Generate the ruleset for SRM(third party).
    6) Schedule the various background jobs.
    Activities Need to be Performed from Third Party - HUBWOO(Owns SRM ERP system) :-
    1) Convert users/action/roles and permissions files to RAR format.
    Activities need to be Performed  from SAP :-
    1) Provide the ruleset for HUBWOO SRM system.
    Please let me know if I missed any step above & estimated time to complete from our end & did anyone has come across ruleset for HUBWOO system..?
    Thanks in Advance!!

    Thanks all for your reply,
    Alpesh, but still I have small concern here, when SAP provide the ruleset files, it also provides for Oracle, People soft & JDE ERP.
    Though these are also third party ERP's for SAP...?
    Does it mean that we can'task for ruleset for other third party ERP from SAP...? or does SAP Charge something for it..?
    Thanks

  • Function Point Analysis for SAP BW Projects

    Hello All,
    Have been assigned a task to come up with Function Point
    analysis for SAP BW projects.
    Any help will be appreciated.
    Thanks,
    Mainak

    Hi Mainak,
      Function Point Analysis is independent of technology, methodology or platform, so there is no function point analysis specific for sap bw, rather you should familiarize with the fundamentals of FPA.
      And as you might know, FAP is used to determine whether a given a tool, an environment or a language is more productive when compared to others.
      I can send you good links if you can give me your email-id.
    Hope this helps...
    Thanks,
    Raj

  • How you complete impact analysis for SAP Universe

    hi,
    i want to know that how to how you complete impact analysis for SAP Universe

    EdPC-SCB,
    have you tried enabling auditing?
    - Yes, audit log only shows user's activities which isn't useful for us. Please let us know any audit log that might be helpful .
    For most of the servers listed in the CMC there is an "Audit" tab.  I'd say if you have the disk space in your database for Auditor available, then if in doubt turn it on (at least for a while) to see if it exposes what you are seeking to find out --that'd be the quickest way.  The documentation (xir2_bip_auditor_en.pdf) doesn't offer much in helping you to see a correlation between ticking on an Audit option in a Server and how it will populate in the Auditor DB -- most of us just hunt and peck until we get what we want.  Once you have the good stuff in each of the Servers ticked on you'll be able to track down which report recieves which object.  To help youself out initially, you should run every report that you can find so Auditor will get seeded.
    thanks,
    John

  • Error while doing risk analysis for a user

    Hi ,
    When i did risk analysis at user level for a particular user we are getting this error under level  ."Exception!!. No relavent language message available in database for :0292".I had reuploaded the the messages text file but still the error persists i have restarted the j2ee application but still the error is not going .any pointers please thanx in advance.When checked the file CC5.3_MESSAGES.txt it does not contain any entry corresponding to message code 0292.So how shud i proceed.
    Edited by: Ambarish annapureddy on Jan 21, 2009 12:54 PM

    Hi Ambarish,
        What is the patch level of GRC AC 5.3? Did you apply any service pack recently? Did the service pack contain any message file? There has to be some message file which contains message '0292'. If you can not find the message file then open a message with SAP support and they should be able to provide it to you.
    Regards,
    Alpesh

  • Risk Analysis for 2 open request in CUP

    Hi Team,
    If in CUP i have 2 open request by same user which individually may not give any Risk but collectively may have some risk assosiated with it how do i address this real time.
    (I iunderstand that this risks can be discovered in RAR but i want to address this in CUP itself)
    Scenarios:
    1]My Manager approves the request No. 1 and before this request is closed by Security he has another request ,request No. 2 by same user.
    2]Both the request by same user are pending with Manager.
    Is it possible to discover the risks in this 2 open request by Manager or say anyone in the path?.
    How should we handle such scenarios?
    Is there any way i can set a rule for open request.( The user should not be able to create same request type if he has an open request in this category)
    Please suggest.
    best regards,
    Charukesh

    Charukesh,
    I have not seen anyone configure risk analysis based upon consolidation of two pending requests.
    It would, of course, be possible to perform a manual simulation of the addition of the two roles.
    Or, once one is approved, the second would then trigger conflicts if re-run at the point of approval but I don't think that it is possible to configure automated analysis of one request while taking into account the other one which is also still pending.
    I would suggest contacting the Customer Advisory Group of SAP to get the confirmed answer to this though.
    Simon

  • Schedule of Risk Analysis for every month end

    Hi All,
    I'm trying to create monthly background job for Risk Analysis in the GRC CC. I notice that there is no option that I can select to create the job, such that it recognise automatically the last working day for the month. Any idea on this how to and if its possible??
    Another option that I can think of is maybe to create the job on the first working day of the new month instead of the last working day.
    Anyone encounter such request within yuor organisation or whats the best practise that you are exercising now?
    Thanks.
    Raymond

    Hi Raymond,
    https://www.sdn.sap.com/irj/sdn/go/portal/prtroot/docs/library/uuid/50cd7177-5c22-2a10-8cba-8e0c64bc4ea8
    Regards
    Gangadhar

  • Gap analysis for SAP project

    I am trained in SAP SD and currently  i am looking out for a job and can any one forward me a gap analysis identified during the requirement gathering phase.
    Edited by: tirumala kumandan on Feb 20, 2009 5:10 PM

    During the requirement gathering phase of looking for a job you need to look deep inside yourself and say: "Rajesh, what are your requirements?" ...

  • AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.

    Dear All,
    we have users that have regular day-today authorization and also FF authorization.
    Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
    Thanks
    Yudit

    ok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
    in that case, at what stage does the system checks for those combined risks ?
    is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
    thanks
    Yudit

  • ARA: Excluded Roles considered for Risk Analysis???

    Hi,
    There are certain role which are to be excluded from risk analysis or some business reasons. To achieve this, I have added entries for these roles in SPRO and saved them.
    Actually, these roles are available in all the systems. Therefore, under "System" column I have selected "ALL" and saved the entries.
    I ran risk analysis for a specific business process (above roles are belonging to this business group) and surprisingly found that, those roles which are maintained as "Excluded", as shown in the risk analysis report as violating!
    Thinking that "ALL" option does not work, I maintained (excluded) these roles for specific systems in SPRO. Ran risk anlaysis, but with no luck.
    Then I ran risk analysis for excluded role(s), I am still getting the violations for these excluded roles!
    May I know why system is considering these "excluded" roles at the time of risk analysis?
    Please advise.
    Regards,
    Faisal

    Alessanrdo,
    I think the "excluded" objects in path:
    SPRO->GRC->AC->ARA->BRA->Maintain Exclude Objects for Batch Risk Analysis
    itself says that the objects will NOT be considered while performing Batch Risk Analysis (Analytic Reports). It seems to be working fine for me.
    I dont think that the objects maintained in above path will have any importance while performing Risk Analysis from NWBC->AM->Roles Analysis) and will NOT be considered.
    Please correct me, if required.
    Secondly, I found 2 relevant posts here on SCN:
    SAP GRC Access Control: Offline-Mode Risk Analysis
    SAP GRC 10.0 Offline Risk Analysis
    Both of them are talking about the offline mode of running risk analysis. Actually I have not used it yet therefore, wanted to know the real usage of it. These posts seem to be giving the details of "Offline" mode analysis.
    I believe this will not be used in my scenario as there is no such requirement and real need. Therefore, I think I should disable it (Offline Data) option from the analysis screen just to avoid any confusion.
    Currently all our risk analysis is taking place "Online". There is no "real" need to use "Offline".
    May you please let me know in which scenario this would be useful?
    Regards,
    Faisal

  • Risk Analysis not highlighting SODs for critical transactions

    Hi,
    I am currently experiencing a problem when running risk analysis for critical transactions.
    SOD conflicts are not always being detected for critical transactions. This is happening both in role expert while creating a role and during role simulation in CC. For example risk BSSC, SU01 does not produce a violation when added to a role, but SOY1 does.
    It seems to be happening consistently. If  a transaction in risk BSSC has a permission object associated with it in the ruleset, a violation(at tcode or object level) is not detected by the risk analysis even when this authorisation object is maintained with the same value as in the rule set. If the transaction has no permission objects specified in the ruleset, then a violation is detected at tcode level analysis.
    These transactions are standard transactions in the ruleset and have not been changed in any way. I have checked the rules and there are critical action rules for both transactions.
    Has anybody experienced similiar problems?

    Hi..
    Check the note # SAP Note 1121978
    SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
    Check for the following...
    CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
    ChangeThreadCountStep =50
    InitialThreadCount= 100
    MaxThreadCount =200
    MinThreadCount =50
    Regards
    Gangadhar

  • Steps for creating structural authorization profile using trans. OOSP

    Dears,
    Could someone please guide to the steps for creating a structural authorization profile using transaction OOSP, to authorize on the HR Payroll Area.
    Thanks.
    Reda

    Hi,
    There are comprehensive guidelines on help.sap.com for creation of structural authorizations: http://help.sap.com/saphelp_erp2004/helpdata/en/34/49ba3b3bf00152e10000000a114084/content.htm
    However, please bear in mind that you cannot limit access to certain payroll area with structural authorization. For that you should use standard PA authorization object (you can use field organizational key to store Payroll Area VDSK1 in IT0001):
    P_ORGIN  http://help.sap.com/erp2005_ehp_02/helpdata/en/3e/b8b83b5b831f3be10000000a114084/content.htm
    Cheers

  • SAP GRC AC 5.3 - RAR Risk analysis Error Log

    Hi
    i have scheduled the background job for full sync risk analysis for the first time . the job ended with status error . critical analysis, user,role and profile action analysis is shown 100% . but the user permission analysis shows 49% , role and profile permission analysis show 97% each . where can i check the log for the errors . do i need to run the whole risk analysis job again ? when i check the management reports , risk violations are shown as zero . Please let me know how i can proceed at this stage . thanks
    Regards
    Prasad

    Thanks.
    First time please do for all users. I assume this was first time and it failed, so i will suggest you scheudle for all.
    once these are done, then periodic jobs should be increamental.
    few tips :
    - schedule user sync separate job and once it finish only then scheudle role sync and when role sync finishes, only then schedule profile sync
    - always select system ids from search help (which is F4 in ABAP)
    - best scheudle one job per system id, so that when failure occurs, so that error analysis is easy
    regards,
    Surpreet

Maybe you are looking for

  • Problem with FTP in SP14

    hi, i am doing a proxy to XI to FTP scenario on SP14. I dont get any errors as such but the flag in SXMB_MONI is green. i have checked my FTP connection on SP 9 and it works fine. But in SP14 i dont get any file in my target directory. Also as there

  • HT2045 I'm trying to sync an audiobook from iTunes (iPod Shuffle) but I keep getting error message.

    I bought an iPod Shuffle today and trying to sync 1 audiobook. Keep getting error message. If I try again, it looks like it's ok but then the device won't play it... What can I do?

  • Function module in Update rules

    I want to derive Fiscal period/year from Calendar day in update rule. i know i can do it through the formula, but i want to know if there is any function module that i can use. please let me know if i can use any function module in the update rules a

  • Both internal and USB mics not working

    Hi there, all. Long-time lurker, first-time poster. Starting last night, I have been having issues with microphone use on my iBook G4. Neither the internal mic nor my USB headset mic (Altec Lansing AHS302USB) are accepting input. The internal mic's f

  • How do I set up my kids itouch?

    I have one iTunes account with an iPhone 4s set up. I also have two kids...both with iTouch's. I am trying to set up their iMessaging but it wants to treat my kids iTouch as if it were mine. I have set up email addresses for them...but, we can't seem