Risk Analysis in GRC 10.0
Dear Experts,
I have configured RAR in GRC 10.0. Sync jobs are successful. Batch risk analysis is sucessful.
But when I tried to run a User/Role risk analysis I am not getting any result. I am not sure whether system has run risk analysis or not but I get the confirmation screen with blank result table. Please advise how to fix this issue.
I appreciate your help.
Thanks,
Raj
Hello Raj,
Check the below points related to risk analysis
1.check once the parameter id in configuration settings
2.BC set activation
3.while running risk analysis check backend system name and connector which is configured.
Similar Messages
-
Remote Risk Analysis in GRC 10
Dear Experts,
I am trying to configure Remote Risk Analysis in GRC 10.0.
Could you please let me know if there are any standard programs that extracts data from ERP system. Like we have below standard programs in 5.3 to extract from ERP system.
/VIRSA/DLOAD_AUTH_OBJS
/VIRSA/DLOAD_ROLE_AUTH_OBJS
/VIRSA/DLOAD_ROLES
/VIRSA/DLOAD_USRS.
If programs are not there in GRC 10.0, please advise how to get data for remote risk analysis.
Thanks,
RajHi Raj,
Check this programs:
/GRCPI/GRIA_DLOAD_AUTH_OBJS Download Authorization object
/GRCPI/GRIA_DLOAD_ROLE_AU_OBJS Role Authorization Object
/GRCPI/GRIA_DNLDROLES Download Roles
/GRCPI/GRIA_DOWNLOAD_SAPOBJ Download objects
/GRCPI/GRIA_R_DOWNLOAD_DESC Program /GRCPI/GRIA_R_DOWNLOAD_DESC
/GRCPI/GRIA_R_DOWNLOAD_USRS Program /GRCPI/GRIA_R_DOWNLOAD_USRS
/GRCPI/GRIA_ZVRAT_UPDWNLOAD updownload data
Cheers,
Diego. -
Risk analysis in GRC 10 error "Subnode COMPONENTCONTROLLER.1.SEARCH.RESULT"
HI
We have configured Risk analysis application within GRC 10. Also have executed the sync jobs. Now when i try to do SOD analysis i am getting an error "FPM application started without configuration" . this comes even before opening the link to SOD analysis is even open and this error comes for all type of SOD analysis like for user and role and HR object.
I check the logs file and in logs system is complaing that "Subnode COMPONENTCONTROLLER.1.SEARCH.RESULT_TABLE" does not exist.
Any idea why we getting this error message?
ParvenHI
Connector is working fine as sync jobs are running perfectly.
we have done the mimimum configuration setting as suggested by SAP guide ie Parameter 1023, 1024,1025 and 1026
For activating BC sets i think we need to do that only when you using out of box SOD rules. In our case we are using customised SOD rules. So i think we dont need to activate the BC set.
any other suggestion
Parveen -
Program batch risk analysis offline GRC AC 10.0
Hello consultant:
We have configurated GRC AC 10.0 RAR , when we executed risk analysis for Tx:NWBC , the system run analysis(foreground or background) correctly but when we executed analysis for Tx:SPRO->Governance Risk and compliance->Access control->Batch Risk Analysis , the system run two jobs E:GRAC_SOD and GRAC_SOD but the jobs run only 1 second and finished sucesffully but the system no run analysis.
Please could you help me?
Thank you very muchPlease check view details in NWBC.
or go to abap and select option and run it..
and u can monitor the same using
the tcode batch job for GRc monitor tcode dont remember u can check in guide.
there it can show details.
need tcodes and all ,please post
Regards,
Prasant -
Running Analysis in GRC AC 5.3 - RAR
Hi,
Can anyone let me know how to resolve the issue.
When i run the Risk Analysis in GRC AC 5.3 - RAR
Informer>Risk Analysis> Role Analysis--> Execute
This is the error message it gives:-
*VIRSAHR_01: Cannot execute BAPI RoleList: Error connecting using JCO.Client: null: Could not create JCOClientConnection for logical System: VIRSAHR_01_MODEL - Model: class com.virsa.cc.modelvirsahr_01.BAPI_VIRSAHR_01. Please assure that you have configured the RFC connections and/or logical system name properly for this model!: Error while obtaining JCO connection.: Failed to resolve JCO destination name 'VIRSAHR_01_MODEL' in the SLD. No such JCO destination is defined in the SLD. *
Please indicate what could be the possible solution for it.
Thanks in advance.
NazeerHI ,
Why dont you check the SLD is running fine or not.These are the steps to be followed ,
Check out the URL : http:
<localhost>:50000/sld
When you enter the sld screen then click on administration and there you will see whether sld server is running or not.If it is stopped then start.
Then check whether in visual administrator check for sld data supplier under server node under services node.There on the top there will be a button as trigger sld data supplier .We should get a succesul message.
In the Jco connections click on test option one should get a test message succeful.To see the JCo connections path launch j2ee home page URL : http:
<localhost>:50000/.After that click on web dynpro then on content administrator and then maintain JCo connections.There check out the JCo connections.IF the JCo connections are not working fine then check out the RFC 'c configured in the backend system are testing successfully.
SLD_UC
SLD_NUC
LCRSAPRFC
SAPSLDAPI
If u still face any problem plz let me know. -
ARA: Excluded Roles considered for Risk Analysis???
Hi,
There are certain role which are to be excluded from risk analysis or some business reasons. To achieve this, I have added entries for these roles in SPRO and saved them.
Actually, these roles are available in all the systems. Therefore, under "System" column I have selected "ALL" and saved the entries.
I ran risk analysis for a specific business process (above roles are belonging to this business group) and surprisingly found that, those roles which are maintained as "Excluded", as shown in the risk analysis report as violating!
Thinking that "ALL" option does not work, I maintained (excluded) these roles for specific systems in SPRO. Ran risk anlaysis, but with no luck.
Then I ran risk analysis for excluded role(s), I am still getting the violations for these excluded roles!
May I know why system is considering these "excluded" roles at the time of risk analysis?
Please advise.
Regards,
FaisalAlessanrdo,
I think the "excluded" objects in path:
SPRO->GRC->AC->ARA->BRA->Maintain Exclude Objects for Batch Risk Analysis
itself says that the objects will NOT be considered while performing Batch Risk Analysis (Analytic Reports). It seems to be working fine for me.
I dont think that the objects maintained in above path will have any importance while performing Risk Analysis from NWBC->AM->Roles Analysis) and will NOT be considered.
Please correct me, if required.
Secondly, I found 2 relevant posts here on SCN:
SAP GRC Access Control: Offline-Mode Risk Analysis
SAP GRC 10.0 Offline Risk Analysis
Both of them are talking about the offline mode of running risk analysis. Actually I have not used it yet therefore, wanted to know the real usage of it. These posts seem to be giving the details of "Offline" mode analysis.
I believe this will not be used in my scenario as there is no such requirement and real need. Therefore, I think I should disable it (Offline Data) option from the analysis screen just to avoid any confusion.
Currently all our risk analysis is taking place "Online". There is no "real" need to use "Offline".
May you please let me know in which scenario this would be useful?
Regards,
Faisal -
GRC AC 10 - risk analysis : No rules were selected
Hi,
In GRC AC 10, when I do a risk analysis (user level for example).
For each userid the result shown in the column action is "No rules were selected "
any idea ?
Thanks
Aurélien.Hi Vikas,
Further to your comment above, I would like to point you to my thread here and specifically ask you about the following statement:...
3. Open your GRC functions and make sure you have correct back end system updated for them. Check the status of all your GRC functions and make sure they all are active.
I opened up the Functions from NWBC and realized that all the systems for each function were as follows:
1. SAP Basis
2. SAP CRM
3. SAP ECCS
4. SAP HR
5. SAP R3 NON HR Basis Logical Group
6. SAP R3
7. Logical Group
AND ALSO
8. The DESCRIPTION of my RFC Connector ?!
Now my question is as follows:
1. Where in the Pre/Post/GRC300 documents does it say that one must configure each function with the backend system as you state above....should the configurations Connector/Connector/etc etc already mapped the functions to the backend system ?
2. Also Why is the description of my RFC Connector available as a drop down menu from " System" tab on the function edit mode - see attached screenshot.
Your advice would be appreciated.
Best regards,
Paul -
GRC AC 10.1 - Risk Analysis: No rules were selected
Hi All,
I'm currently configuring the ARA module in GRC AC 10.1, and an facing this issue. When I run my User Analysis, its throwing an error message "No rules were selected'.
As per your suggestions from discussions, i double checked all the below activities
Activate the BC sets
Run Sync Jobs
Run Batch Risk Analysis
After all this I found that the functions are not mapped to the logical groups(Back-end Systems) I have defined. Can you please let me know how to make sure you have correct back end system(logical Group) updated for the functions in the setup? Doesn't the configurations Connector/Connector Groups etc already mapped the functions to the back-end system? It would be a hell of work to do all the system mapping on function level manually.Hi Narsimha
You need to map your connectors to the logical systems that are used in the function definitions
Look at your integration framework Setup in the IMG.
Governance, Risk and Compliance > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types
Also, for 10.1 there was an issue with logical systems. It may be that your configuration is correct: Re: GRC 10.0 SP14 - Poblems when generating rules for logical systems
Regards
Colleen -
Risk analysis Report Error in GRC AC 10.0
Dear GRC,
I had problem with Risk analysis Report in GRC Access Request form
When i run the Risk analysis report on Action Level , Permission Level , Critical Action Level and Critical Permission Level then report showing as "No Violations" but if i run the Risk analysis report only on Critical Action Level and Critical Permission Level then report showing too many Violations.
I maintained Action Level , Permission Level , Critical Action Level and Critical Permission Level as default risk analysis type in SPRO Configuration Parameters settings.
i am not understanding why system behaves like this. Could you please help me on this.
System Details : GRC AC 10.0 , SP-12
Thanks a lot for swift response.
Best Regards,
RKHi GRC Team,
Please help me on this. I am waiting for your replay.
Regards,
KR -
GRC AC 10.0 Mass risk analysis vs. Role level analysis
Hello GRC experts,
I urgently need your advice on the issue with deactivated permission objects which are identified as risks in the mass role analysis.
For example, in one role we have deactivated the permission object: S_ARCHIVE, and there are No activities maintained.
But in the mass role risk analysis and in the CUP request this object S_ARCHIVE with the ACTVT 01 is displayed as risk. As you can see in the screenshot, there are no activites maintained at all. We have created the MSMP workflow where all CUP requests with risks should go the the Security Stage. Now we have the situation that even though our roles are clean, they are forwared to the Security stage. It is a huge problem, because our security stage has no even more to to, than before using GRC! Because the dectivated objects are identified as risks.
Please advise me, how to solve the problem. Did I missed some config parameters or is it a well known problem?
We are on SP14, AC 10.0.
At the single role level there are no risks displayed.
Thanks in advance,
regards
SabrinaHi Sabrina,
check note
http://service.sap.com/sap/support/notes/2036645
Please let me know if it works.
Regards,
Alessandro -
SAP GRC 10.0 ARA - Risk Analysis Job naming
Dear all,
Once i trigger a risk analysis in background, a job with a very strange name (serial number) is scheduled at backend. But at Business Client i put a specific naming for hits role. It could be possible to change this backends namings? It is impossible for me recognised which job is which...
thank you in advanced,Hi Sara,
please check table TASKPLAN_GRP_NAM in GRC backend system. This table lists all scheduled background jobs by ID (field TASKPLAN_GRP_ID) and job name per business client (field TASKPLAN_GRP_NAM)
Regards,
Markus -
GRC 10 - Risk Analysis in legacy system
Hi everybody,
I have a problem with legacy connectors in GRC 10. I implemented the note 1594963. So, I created the legacy files and storage it in GRC server.
When I run the user synch, the legacy connector only synch the first record.
Someone can help me? Someone did implement a risk analysis for legacy systems?
Regards,Hi Claudio Ekel
Can you share some inputs on the Legacy Risk Analysis.
We have configured the Legacy Connector as per the note 1594963 ; Placed the files on the server & tried running Synchronization Jobs. But the data is not getting uploaded to GRC10 .
We made sure that text files are in UTF-8 format
Is it mandatory to load all the 11 files that are provided in the note 1594963? We have excluded the Profile related files
Can you share a sample of Legacy file formats that you have used for the sync.
Can you throw some light on what could be the possible issues for data not getting uplaoded to GRC10?
Regards,
Pavan Muthyala -
SAP GRC 10.0 - Risk Analysis - Define global variant
Hi Experts,
We are implementing SAP GRC 10.0 and we have a question about variant management in Access Risk Analysis.
When we saved a variant, it seems that this variant is user specific.
Is it to possible to define this variant as default for all users?
Thanks.
Best regards,
Nicolas RICHARDHi,
I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery. -
GRC AC 10.0 Risk Analysis -Risk Terminator Vs BRM-Role Management
Hi All,
After having seen the configuration for Risk Analysis- Risk Terminator and Role Management , I observed that there is very little difference for eg parameters 1085 and 3011 ,3014 . If we configure all three parameters to TRUE which one would take effect ?Can anyone let us know under what circumstances we must configure RT and Role Management . BRM to has a whole lot of new features which supercede RT.
Best Regards,
VishalHi Vishal,
The parameters will be invoked in different scenarios. 1085 is specific to when roles are generated in the SAP Backend system using risk terminator and therefore this will have no impact if you are using BRM to generate the roles.
3011 & 3014 are specific to BRM and govern different behaviours. 3011 will facilitate the risk analysis prior to triggering the generation steps in the methodology and 3014 will allow the roles to be generated despite any permission risks that are returned.
They are not exclusive and actually work together. For instance, you may want to have a block on generation of roles when there are open conflicts identified and therefore you should have 3011 set to YES and 3014 set to NO. If both are set to YES, then you could propagate conflicts in the roles.
You can use Risk Terminator if you wish to continue to develop roles within the SAP system itself rather than to rely on the GRC BRM system wholly.
There are still wide discussions and differing opinions about which represents the best approach for this and so it depends on your organisation as to which process you follow.
The parameter descriptions in question are:
1085 - Stop Role Generation if violations exist
3011 - Conduct Risk Analysis before Role Generation
3014 - Allow role generation with Permission Level violations
Regards, Simon -
SAP GRC AC: Organizational rules at Batch risks analysis and Dashboards
Dear All.
I would like to know GRC AC is able to consider the organizational rules defined (for example: risk only affected to Company, BUKRS 0001) at the Batch risks analysis and at the Dashboard. I already know that for the ad-hoc reporting you can filter by the Org.rules created but i would like to know if this filter is also able for the Batch risks analysis.
Thanks and regards.Dear all.
As per my knowledge this parameter only sets the flag of Consider Org.Rules at the filters. This is what the guide indicates:
"Setting the value to YES automatically selects the Consider Org Rule checkbox on the Risk Violations tab of the Access Request and
Role Maintenance screens."
So how are you so sure about that indicating this flag to YES will take into consideration the org rules at the Dashboards?
Regards
Maybe you are looking for
-
I purchased songs from Itunes store and I would like to record a CD to my parents with specific songs but when introduce the cd a message appears that the songs are not in MP3 format, how could I convert them?
-
Update a site column dynamically to Approval Status
Hello all this is what I have; InfoPath form with Form Status field (Form Status promoted to SP form library as site column) form switches to read only view when Form Status = Approved SharePoint form library set to require content approval Copied an
-
Working newly under windows 7, suddenly I cannot install or activate addons any more.
After having installed Windows 7 Prof on a new desktop PC, I also installed Firefox with (almost) the same addons as on my old PC. Initially all went OK, but a week ago I realised. that my addons did not function any more. I was able to deactivate th
-
A little background: I work for an agency and have a peripheral responsibility for updating our website, so I am learning everything on Dreamweaver from square 1 basically. So bear with me as I muddle through this. A couple years ago a former employe
-
We have a standard Java iView in Portfolio and Project Management on Portal. I need to hide a button on that Page, so that no user across company sees it. Can we do this through PCD? Or is it a code change? We are on NW04s Pls suggest any ideas/thoug