Role Expert - Compliance Clibrator -Question
hi,
1. I Design My roles using the Role Expert.
2. I see that there are no confliciting roles in the in this creation.
Now, this being so Why Do I need the compliance calibrator ?? I understand that to make sure that the organisaton ids complaint. but in the first place, I hav eused RE and got a complaint state already hence If I say that the CC in this state is an over head.
please clear this !!
Hi Pratap
Compliance Calibrator is core to the GRC Access Control suite. Components like Role Expert & Access Enforcer hook into the central ruleset that is provided through the compliance calibrator.
If you have used the SoD checker in RE, then that references the rules in CC.
It sounds like you have built a set of compliant roles, what makes you think that they will never change or the business requirements lead to more roles to be developed? There should be a mechanism in place that allows the tracking of the SoD's in these cases. If not CC, what would you replace it with? Depending on your audit arrangements, your external auditors may place reliance on your use of CC to identify & remediate SoD's as part of business as usual. Get rid of it & you will have to find an alternative or the auditors will have to perform a lot more testing which will cost your company more.
Similar Messages
-
Configuring Role Expert Web services for Compliance Calibrator
Hi @all,
performing the configuration of Virsa Role Expert I've got a question regarding the settings for the various Web Service Info. for the Compliance Calibrator.
Apart from the Web Service URL, user name and password need to be declared. The user guide names 'sapgrc' and 'webuser' as account names.
My question: How do I setup these accounts? Is this an UME-Job - if so: what are the required roles and authorizations for these accounts?
Kind regards,
MartinHi,
the Web Services URLs are:
Web Service Info. for CC Risk Analysis: http://SERVER_NAME:PORT/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
Web Service Info. for CC Transaction Usage: http://SERVER_NAME:PORT/VirsaCCActionUsageService/Config1?wsdl&style=document
Web Service Info. for CC Mitigation Control: http://SERVER_NAME:PORT/VirsaCCMitigation5_0Service/Config1?wsdl&style=document
Web Service Info. for CC Functions: http://SERVER_NAME:PORT/VirsaCCFunction5_0Service/Config1?wsdl&style=document
Web Service Info. for AE Workflow: http://SERVER_NAME:PORT/AEWFRequestSubmissionService_5_2/Config1?wsdl&style=document
Does that answer your question?
Regards,
Martin -
Removing Role expert from the GRC Pad
Hi Guys
we are using three products of GRC ie RAR , SUP and Compliance user provisioning but NOT the Role Expert. Is there any way that I can show only these three tools in the GRC pad and remove the Role expert. At the moment it is grey out but still there.
ParveenHi Praveen,
All capabilities are integrated into Launch Pad which are part of VIRACLP****.ear file. And there is no way we can take it out for the current release.
Best Regards,
Sirish Gullapalli. -
when a role creation/change needs to be approved my understanding is that this kicks offs a workflow setup in Access Enforcer.
Question is how is the Approver notified (in AE, RE , outlook??) and where do they need to go to approve (AE, RE...??)
what are the configuration options?Access enforecer is a user provisioning tool which handles user request, user role request approvals and rejections through workflows. It doesnt do anything for ROLE CREATION or CHANGE.
What we can do in AE.,
1. Create, Change, Delete and passowrd change for the user ID in SAP
2. Define workflows for the above mentioned as per your business needs
3. Using the workflows achieve the approval process which used to happen through paper prior to AE. (Workflows through mail box)
4. AE keeps the audit log of each and everything including the approvals which is requirement for SoX.
5. Have the facility of auto provisioning in SAP without a need of human interaction (Thanks to BAPI's)
How RE play role in AE
1. Typically AE is used to create/change users in SAP which inlcudes requesting for roles
2. AE should be made aware of the roles that exist in the backend system so that they can be requested
3. This AE awareness can be achieved through manual process of uploading the excel sheet which has the information about the roles or made automated so that it picks from RE
Note : Not all the roles required to be uploaded in AE. You can ignore the SAP default roles and all the system critical roles to be loaded in AE so that it cannot be requested by the requestors.
RE can be used as role repository for AE and added it helps automate all the SoD related activities at the role and role assignment level.
To make the AE and RE get along each other and work together, certain steps has to be followed. Follow this thread where I explained how to make this work.,
Thread Topic : <b>Approving Roles created in role expert</b>
Thanks,
Muthu Kumaran KG -
GRC - Role Expert v5.2: how does the Transaction Usage functionality work
Hi All,
re: GRC - Role Expert v5.2: how does the Transaction Usage functionality work
We are implementing GRC suite v5.2, but specifically my question is regarding Role Expert:
SAP documentation states that it is possible to use Role Expert to do the following: for roles allows you to see if, or how much, a transaction is being used, when it was last used, and who used it.
My question is how without Audit Log or RBE?
Let me know if you have ever used this functionality and if it requires the SAP Back-End Audit Log to be turned on or RBE.
Thanks in advance!Hi Gary,
You dont need a RBE tool activation to get the successful transaction usage log with Role Expert.
Role Expert functionality allows you to log all the transactions that have been added/deleted to the role that is changed. Also when you create a new role via the Role Expert then automatically the transaction log starts.
If you go the "History" tab in the Role Expert, then you can find all the last changes made to the role.
Also you can go to the "Risk Analysis" tab to find the log of Risk Analysis performed with the added tcodes.
Hope this helps.
Thanks,
Kiran Kandepalli. -
Error on miscellaneous tab in Role Expert (a web dynpro application)
Hi,
When i click on Miscellaneous option within configuration tab in role expert. Page is not getting displayed, error is "The page cannot be found".
I am attaching the print screen also.
Please suggest the solution for it.
Thanks in Advance.
Regards,
Pravin
The page cannot be found
The page you are looking for might have been removed, had its name changed, or is temporarily unavailable.
Please try the following:
If you typed the page address in the Address bar, make sure that it is spelled correctly.
Open the sapfapci.eame.syngenta.org:51700 home page, and then look for links to the information you want.
Click the Back button to try another link.
Click Search to look for information on the Internet.
HTTP 404 - File not found
Internet ExplorerCan you please tell us what files were missing. We are facing the same issue during our upgrade. Misc page cannot be found error.
-
GRC AC 5.3 - Role Expert / Enterprise Role Management Dev Environ Connect
We are looking to start using Role Expert/Enterprise Role Management. As I am working through the planning process, I am looking at where to connect our ERM DEV/QA/PROD environments. We want the ERM Production environment to our R/3 Development environment, so we can transport the roles from R/3 DEV to Q/A to PROD. So, if our production ERM system is connected to the R/3 DEV, where do I connect the ERM DEV and QA environments? I still think it's important to have those environments, so we can test support pack upgrades as well as use for the initial deployment/connections. Any suggestions? How have others done this?
Found Answer - SAP provided Access Control Landscape Diagram on SAP.com.
-
Hello ,
I have an issue with Role expert. We want to have 2 workflows one for the creation of new role and the other for the changes to the existing role.I have configured the same and try uploading the roles into role expert which has taken the workflow as i designed.
After i have uploaded the roles with the worklow i have deisgned my business people have come up with a new workflow for the existing roles and which made me to change the design as per the business requirements.Now i notice the change in the workflow is not affetcing the roles which is already been upladed onto role expert and is applicalble only for the roles i am uploading newly.
Can any one help me in this regard???
Regards,
Raghu.I think you cannot directly change it since some of the roles are associated with your old workflow.
However, you can contact SAP for the same and ask for the script.
Regards,
Faisal -
Role Expert Workflow Approval Criteria
Hi,
I am trying to add workflow approval criteria to Role Expert
I have gone to the configuration menu -->workflow --> approval criteria
I have set-up an approval expression 'Functional Area' = Finance. However when I go to search for an approver or alternate approver no results are returned. i have AE approvers set up in UME. Where does Role Expert pull this list of users information from?
Thanks GaryI think you cannot directly change it since some of the roles are associated with your old workflow.
However, you can contact SAP for the same and ask for the script.
Regards,
Faisal -
Role Expert Role Approval Error
Hi ,
When i am trying to change role and click on approval tab in Role Expert....I am getting the following error.
Unknown error occured while performing operation (Service call exception; nested exception is: com.sap.exception.io.SAPIOException: <Localization failed: ResourceBundle='com.sap.exception.io.IOResourceBundle', ID='Could not create SSL socket:java.net.UnknownHostException r--.https', Arguments: []> : Can't find resource for bundle java.util.PropertyResourceBundle, key Could not create SSL socket:java.net.UnknownHostException r------.https)
Is there some thing we do in Visual Administrator like maintaining destinations...
Please help me with this...
Thanks in advance.Guru-
After further investigation of your error, it looks like you are calling the wrong Webservice URI.
Make sure you are using the correct URI in the Configuration - Misc of RE. You have you enter the AEWFRequestSubmissionService_5_2 URI. Copy the shortcut from the Document file.
Try that, and see if it works...
Ankur
GRC Consultant -
Error in Mass role import in Role Expert
Hi,
While configuring role expert, in mass role import ,I am able to import the bulk download file but its import is getting failed and error is "<b>File is in invalid format</b>"
If I alter the downloaded file, another error is generated saying "<b>Cannot write to Upload Directory
ursula\sap_temp\ROLEIMPORT or Directory does not exist.</b>
Please help me out!
Regards,
AnubhaHi Michael,
I am not able to import the SAP roles properly.
I downloaded the roles from backend properly. But while importing them I am getting a list of backend roles and against each of them following message <b>Error in processing role infomation. Role not imported</b>.
What could be the possible mistake? I have set <b>Upload Directory</b> = ursula\sap_temp.
One more problem, while creating a new role I am able to reach successfully till the risk analysis phase. After that, as soon as I click on approval , i am getting message <b>Error in creating request</b>.
I suppose the control should go to Access Enforcer from here.I have already set AC Workflow URL for role approval in Configuration -> miscellaneous.
Thanks in advance!
Anubha -
Hi,
I want to download Role Expert 5.2 for WAS 700 system. Can someone please tell me the path on the SAP service marketplace to download it.
SAP OSS -> Installations and Upgrades -> Entry by Application group -> SAP GRC -> SAP GRC Access Control
After this I get only Virsa CC. No other option is available.
Also, I could successfully download Virsa CC and also installed and configured it.
Please help.
Thanks.
Edited by: Subodh Jambhekar on Feb 11, 2008 9:16 AMHello Catherine,
I just stumbled to your post and found it interesting. I am working on the similar issue and I used table USORG to resolve my issue.
Warm Regards,
Jagraj Singh. -
Role Expert Profile generation error
Hi All,
I am getting the following error in Role Expert Profile Generation tab.
When i click Generate tab, I am geting "Name or Password is incorrect(Repeat Login)" Can any body explain what user id is generally triggered when generate profile using role expert?
Thanks,
ChandraHi there,
to be more precise. You have to use the password from the account which you use to maintain the roles in the system you want to generate the role.
Kind regards,
Richard -
Generation of Role in Role Expert
Hi all,
I have created role in Role Expert and after clicking the generation button it is asking UME password
even so i entered the correct password it is showing that name or password is incorrect (repeat logon)Hi Karunkar,
Try creating a user in backend (R/3) and give all authorizations and set the password as well.
Then when it is asked in RE, please enter the password of the above created user in R/3.
Hope this will solve your problem
Regards,
Faisal -
Hi All,
I have created Roles in Quality Back-end R/3 system.Wat is the Procedure to Reflect all these Roles in the Front End Role Expert application.
Please Guide me . Its most important task for me.
Kindly do the needful.
Thanks & RegardsKaruna,
You have 2 options to complete the uploading roles into AE.
Select Configuration>Roles>Import Roles
Option 1:
1. Select system
2.Select "All Roles" to import all roles(standard and custom roles) or Select "Selected Roles" and enter custom roles(Z*) in Role Name box.
2.Click on Import button. The system gives you a status message how many roles imported after completion of upload.
You should change all roles business process, sub process for all roles to populate your roles when you are creating a request. For this,
4. Roles-->Search Role
5. Enter System
5.Click Search button
6.Select roles and then Click Export button.
7.Save file
8. Complete the template with your roles,system, business process, sub process, critical level, etc...
9.Select "From File " option and select the file and click Import button.
10. Check the status message for successful completion of roles upload.
Option 2:
1. Click on "Download Template"
2. Save file.
3. Complete the template with your roles,system, business process, sub process, critical level, etc...
4.Select the "From File " option and select the file and click on Import.
5. Check the status message for successful completing of roles upload.
I would rather go for option 2.
Thanks
Himadama
Maybe you are looking for
-
How to move a report from one account to another account
Dear all , How to move a reports from one account to another account. These are reports sent automatically. Unfortunately, I do not know where to find them and how to export to another account. Puru
-
External hard drive not readable
I have a Seagate 60 GB and a WD 120 external hard drives that have been using on my macbook for about a year and it's formated to work on a mac. Recently, whenever I plug it in, it says that the disk is not readable. It shows up on disk utility, but
-
Is it possible for the next IOS 6 update for the music album art to display on the homescreen as a backround image when music is playing?
-
How do I add text and edit my PDF file?
how do i add text and edit my pdf file
-
Hi, I'm new to lion. I tried to manipulate the guest user account so it would function as a guest user (deleting all the private stuff after log out) but keeping my preferences like dock, desktop, grid settings, ... I used this link: http://www.micha