Rule set/mitigation control tables backups
I am working in GRC AC 5.3 with old SPs. How can I take backup of existing rule set and mitigation controls so that I can compare those after GRC AC SP upgrade. Please guide me in detail.
You can download the ruleset via rule architect -> utilities -> export and mitigation via mitigation -> utilities -> export.
Regards,
Alpesh
Similar Messages
-
Rule Sets to control application access
Oracle documentation mention Rule Sets to prevent authorized applications to read data from the database. E.g pl/sql developer.
http://docs.oracle.com/cd/B28359_01/server.111/b31222/cfseappr.htm
In Oracle Database Vault, you can create a secure application role that you enable with an Oracle Database Vault rule set. Regular Oracle Database secure application roles are enabled by custom PL/SQL procedures. You use secure application roles to prevent users from accessing data from outside an application. This forces users to work within the framework of the application privileges that have been granted to the role.
But I cannot find an example showing how to set this up? Could anyone point me in the right direction?
ThanksHi elOpalo,
elOpalo wrote:
One idea is ... You can assign a token to user and save it in session to test whether he can access the page (e.g. from bookmark)).
The second idea is to save a special attribute in request's scope and pass the user to pageX.jsp ... Of course You need to assign different attributes before each pageX.jsp.Can you please elaborate more? I am not able to understand because both approaches have in common is storing some token/attribute but in different scopes as below:
approach one suggest to *assign a token to the user and store in session*
approach two suggest to *save a special attribute and store in request scope*
I am explaining what I have understood and you please testifies it:
Approach a:
When ever user requests for any pageX.jsp, First check that weather all required data for requested page is available in session or not. If available let user access the page and if not forward him to correct flow. This requires lots of checking on each page and when there are large number of pages in the application it will be a tedious task to manage this check. I am not so sure about storing token in the session which you suggested.
Approach b:
As This looks similar to storing token as in approach a. I am not so sure about this also that what and how to do this?
Please explain more and you can also suggest me any tutorial or references you may have, I'll surely read that and try this out.
Thanking you,
Tejas -
Role level mitigating controls not affecting position level reports
Hi,
Here's the problem we're having with mitigating controls:
When I assign a mitigating control to a role, it correctly mitigates the risk when we perform a role level SoD analysis. However, when we perform a position level analysis, the same role shows up again in the report as not mitigated. Anyone else running into this issue? We are on CC5.2 with SP4. Is this fixed in later SPs?
Simple Example:
Role ABC has conflicting tcodes FBV0 and FBVB. We applied a mitigating control to this role and it doesn't show up anymore on the role level reports.
When running the position level SoD analysis, position number 50010000 contains role ABC and the same conflict shows up again even though the conflict is entirely within Role ABC and not with other roles that are in position 50010000.
Thanks,
RobertAll,
I opened a customer message with SAP and it seems that this issue is a limitation with CC 5.2 Mitigating at the role level will will not follow through to the position level reports. However, it seems that it will follow through to the user level as long as you have configured it under the Configuration->Additional Options tab. There is a setting there that will allow rule level mitigating controls to take affect at the user level.
Thanks,
Robert -
Access Control Rule Set deletion in GRC 10
Greetings,
Has anyone tried deleting rulesets or have experienced any issues while deleting rule sets in GRC 10. I have tried to delete them from SPRO as well as from Setup Tab in Access Control , however its not working for me . Even in SPRO , after chooseing the physical system and logical system infromation , it stays on that screen for ever and nothing happens.
Any help or guidance here will be much appreciated.
Thanks everyone for your valueable time.
VikasHey ,
There are no tricks or tips. It was something stupid on my part.
I Just had a look at the system again and found a function left in the system which was mapped to this Ruleset , so that was the only i was not able to delete the ruleset . As soon as i deleted that function , it worked .
So i was able to delete the entire rule set after deleting all the risks and functions mapped to this rule set.
Have a great day ahead ...
Vikas -
GRC AC10 Mitigation Control Temporary Tables
Hi everyone,
I'm trying to find the table where GRC stores the organizational unit for a new mitigation control before the request is approved. As I could see, after approval (when the control is created) they are moved to HRP1000, 1001, etc.
I've also tried with system trace (ST01 and ST05) but I could only find these tables: GRFNMWRTINST, GRFNMWRTINSTAPPL. Unfortunately I've checked them but they don't store OU data.
Maybe it is stored in an XML file and that's why I cant reach the table.
If you have any idea or any experience to share, I would really appreciate it!
Thanks and regards,
FernandoHi Fernando
Maybe it is stored in an XML file and that's why I cant reach the table.
I was trying to figure out the same thing and suspected that was the case. Or if there might be a temporary text file
I hope someone here can clear it up. But it's a bit annoying in the approach as you cannot tell what changes have been requested or compare changes to current. Hope SAP eventually cleans this up.
Might need to trace it to identify the function module that is used by approver to view the request?
Regards
Colleen -
Table for mitigation control frequency
Hi,
We are trying to build a program to be able to send notifications to mitigation monitors. For this I am trying to find the tables where the relevant details of the mitigation controls are located.
I need the following information from the tables:
1. Mitigation ID - I have found this in HRP5354
2. Mitigation Name - I have found this in HRP1000
3. Mitigation Monitor - I have found this in HRT5320
4. Tcode in Reports - I have found this in HRT5320 + GRACACTION
5. Frequency - I have NOT found this.
The #5 - frequency of the report action is something that I am still missing. Please help me with the info, also suggest if there is a better way to get this information. Thanks!!
Thanks,
SammukhHi Sammukh,
you can find the frequency in table GRFNCNREPORT.
In general you can easily find the tables with SE11 to check where the object is used.
Hope this helps.
Regards
Alessandro -
Business unit in mitigation control and business process in rule architect
Dear Friends
Can any one please tell me the difference between business unit configuration in mitigation control and business process in rule architect.
If they are same, why we are configuring the same two times.
full points awarded for good answer.
Thanks and Regards
A.Rama Krishna.
Edited by: Ramakrishna Ailanani on Nov 25, 2008 10:02 AMHello Ailanani,
The use for these entities solely depends on the business and has to be decided between the implementors and the BPOs. This can vary a lot from organization to organization and thus cant be generally stated.
Also, as this would be an integral part of the implementation, would advice you to be sure and clear once you define them or take help from some GRC AC consultants who can guide you on the same. Without a clear definition of the BPs and the BU's you may end up putting a lot of time, money and resource for a thing which probably you might have to reverse later.
Regards,
Hersh. -
Hi,
Can you provide me the tables used for rule sets, activities, task etc in EMHi Dipak,
Below are the EM tables requested.
Regards,
Jonathan Hansen
/SAPTRX/ACTIVITY – Activity Header Table
/SAPTRX/ACTIVTXT – Activity Text Table
/SAPTRX/ACT_TASK – Multi-Task Activity Task Table
/SAPTRX/ACT_TSKT - Multi-Task Activity Task Text Table
/SAPTRX/EM_RLSET – Rule Set header table
/SAPTRX/EM_RLSTX – Rule Set text table
/SAPTRX/EM_RULE - Rule table (Rule Set item)
/SAPTRX/EM_RULET – Rule Set text table -
How to copy FDM setting (import format, dimension mapping, control table)
Dear All,
How to copy FDM setting (import format, dimension mapping, control table) from application to another application.
I found that only dimension mapping can be imported. Is there any way to copy FDM application quickly?
Thanks your helpIf you get a chance try the following script, it's so simple and easy to extract all the map data to XML and will help in to import back through Import script.
Sub MapExtractor()
'UpStream WebLink Custom Script:
'Created By: SatyaK
'Date Created: 12/08/09
'Purpose: This Script will produce a Account Map File for
' the current location.
'Execute the export
strFilePath = API.IntBlockMgr.InterfaceMgr.fExportMapToXML("File Path", PPOVPeriod)
End Sub
------------- -
Hi,
when loading rule set information from files..in which table are the FUNCTION ACTION and the FUNCTION PERMISSIONS stored?
Thanks in advance
FedeXFedeX wrote:
Thanks guys,
>
> I would apreciate one exact table name...by the table description I am not able to identify what I am looking for.
>
> Thanks
> FedeX
GRACFUNC and GRACBPROC.....As Simon pointed out, they are not that difficult to find via SE16.
Hope that helps and all the best for the future. -
How to set colors to table control?
Hi all,
can we set colors to tables columns and rows?? How can we acieve this? Any help please
Thanks,
Madhan.Hi All
thanks for your replies..
data tab type IF_main_view=>Elements_segment.
data line type IF_main_view=>Element_segment.
data node_info type ref to if_wd_context_node_info.
data attribute_info type wdr_context_attribute_info.
data attr_value type WDR_CONTEXT_ATTR_VALUE.
data wd_standard_cell type ref to cl_wd_table_standard_cell.
data component like line of cl_abap_structdescr=>components.
data wd_table_column type ref to cl_wd_table_column.
node_info = lo_nd_segment->get_node_info( ).
attribute_info = node_info->get_attribute( 'CELL_DESIGN' ).
if component-name = 'SEGMENT'.
wd_standard_cell->set_cell_design( CL_WD_ABSTR_MASTER_TABLE_COL=>E_CELL_DESIGN-BADVALUE_MEDIUM ).
endif.
i am trying to set color for some colomns, but i am not getting any colors??? anything wrong in this.. please help
thanks,
Madhan. -
Mulltiple Rule Sets in GRC 10.0 for one System
Hi All,
We do have 2 different companies working on one system and by that 2 different rule sets that are applicable.
Due to that we are facing different problems we don't know how to solve yet but lets start with the first one dealing with the rule set that should be used in the access request.
We want to determin which rule set should be used over the requested role (e.g. if role name contains 0001 use rule set 0001, if role name contains 0002 use rule set 0002).
We have alerady tried several different senarios in BRF+ without success.
Does anybody have a solution or at least an idea for this topic?
Thank you all very much in advance!
EvaHi Ashish ,
Thanks for your time . Let me explain you my requirement and would really appreciate if you would have some inputs here which would help me to design this .
The actual client requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If this group decides to apply mitigating controls to the issues, the workflow must then go to the compliance group for them to review for appropriateness. Requirement is do a SoD analysis for every role change/add request , so that this group takes the appropriate action based on the SoD Analysis . For all my CUP request raised , i want system to do a SoD analysis and let this group know whenever there is a SoD found or just end the workflow if there is no risk.
I am aware of the Risk analysis process for GRC 10.0 , however i want it to happen as a part of this work flow requirement.
The requirement is to configure the access request work flow so that the end goal of work flow is just facilitation of an SOD review. I hope i was able to explain my requirement . Thanks again for your help.
Your valuable guidance would be really appreciated.
Vikas -
Hi all,
We have configured Mitigation Controls and mitigated some of the users. We have the following queries in this regard:
a) When we run the SoD anlaysis for that particular user we could able to see only half description of the Mitigation Control.
Is there any limitation for the space or the parameters for the Mitigation Control Description.We are unable to see the entire description of the Mitigation Control (If the mitigation control is more than 7-8 lines) in the Detailed Report screen as well. Even after downloading into a spreadsheet also we are getting only the part of the mitigation control and not the entire description of the mitigation control
b) A risk ID can be addressed by 2 or 3 mitigation controls. In this scenario,we have assigned 2-3 mitigation controls to one Mitigated user for mitigation. When we run SoD analysis we could able to see only the latest mitigation control assigned to the user in the report format (say out of 3 assigned only the 3rd one assigned is being shown).
But when we did a search for Mitigation controls with the Risk ID & User ID combination then it is throwing all the 3 mitigation controls. But the same is not shown in SoD violations reports
Is there anything to do with the parameters set up or at the configuration side to resolve this.
Please provide the procedure also in case of any changes to be made at configuration level.
Thanks and Best Regards,
SriHi Vit,
Thanks for your reply. We crosschecked and you are correct that the space limitation is only for 132 characters in this table.
Is there a way to get the mitigation control whole description or do we need to stick to this limitation itself.
Also, when we did a search for Mitigation Control it gives only Mit.ID, Mit Control Desc, BU and Management approver. Whether there are any tables (from SAP Backend) or reports where we can get the Risk Ids including the above addressed by the mitigation controls.
Thanks and Best Regards,
Sri -
Hi,
When I initiate control file backup it is struck. Pls. see my Rman configuration.
RMAN> show all;
RMAN configuration parameters are:
CONFIGURE RETENTION POLICY TO REDUNDANCY 1; # default
CONFIGURE BACKUP OPTIMIZATION OFF; # default
CONFIGURE DEFAULT DEVICE TYPE TO DISK;
CONFIGURE CONTROLFILE AUTOBACKUP ON;
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE DISK TO '/oracle/rmanbkup/cf%F';
CONFIGURE CONTROLFILE AUTOBACKUP FORMAT FOR DEVICE TYPE SBT_TAPE TO '%F'; # default
CONFIGURE DEVICE TYPE 'SBT_TAPE' PARALLELISM 2 BACKUP TYPE TO BACKUPSET;
CONFIGURE DEVICE TYPE DISK PARALLELISM 1 BACKUP TYPE TO BACKUPSET; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE SBT_TAPE TO 1; # default
CONFIGURE DATAFILE BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE SBT_TAPE TO 1; # default
CONFIGURE ARCHIVELOG BACKUP COPIES FOR DEVICE TYPE DISK TO 1; # default
CONFIGURE CHANNEL DEVICE TYPE DISK FORMAT '/oracle/rmanbkup/%U';
CONFIGURE MAXSETSIZE TO UNLIMITED; # default
CONFIGURE ENCRYPTION FOR DATABASE OFF; # default
CONFIGURE ENCRYPTION ALGORITHM 'AES128'; # default
CONFIGURE ARCHIVELOG DELETION POLICY TO NONE; # default
CONFIGURE SNAPSHOT CONTROLFILE NAME TO '/oracle/S01/102_64/dbs/snapcf_S01.f'; # default
RMAN> backup current controlfile;
Starting backup at 28-JUN-09
using channel ORA_DISK_1
It is in this situation since 4 Hrs.
I had set all the permissions as mentioned in the SAP Note : 113747. Backup was happening as normal till 25th June thru DB13.
My observation is, I had alter the oracle parameter as per the quiry results. ( i.e added the events .. I had executed the script attached in the S.Note : 1171650. ST04 --> Performance --> Additional Function --> SQL Command Editor )
O/S : AIX 5.3,
DB : Oracle 10.2.0.2.0
ECC 6.0
Backup in all other servers are happening without any problem..
I appreciate your expert suggestions.
Thanks!
Sundaresh SuryanarayanHi Surendara Jain,
Still this problem persisting.. I have tried all.. I checked all the relevent S-Notes. I updated the brtools version also..
Even if I execute BRBACKUP it starts.. It creates the folder. But, the folder will be empty.. Pls. see the *.and file below..
MBES01:oras01 10> more beayrvav.and
BR0051I BRBACKUP 7.00 (41)
BR0055I Start of database backup: beayrvav.and 2009-07-07 08.12.17
BR0484I BRBACKUP log file: /oracle/S01/sapbackup/beayrvav.and
BR0477I Oracle pfile /oracle/S01/102_64/dbs/initS01.ora created from spfile /oracle/S01/102_64/dbs/spfileS01.ora
BR0101I Parameters
Name Value
oracle_sid S01
oracle_home /oracle/S01/102_64
oracle_profile /oracle/S01/102_64/dbs/initS01.ora
sapdata_home /oracle/S01
sap_profile /oracle/S01/102_64/dbs/initS01.sap
backup_mode ALL
backup_type online
backup_dev_type disk
backup_root_dir /oracle/S01/sapbackup
compress no
disk_copy_cmd rman
cpio_disk_flags -pdcu
exec_parallel 0
rman_compress no
system_info oras01/oras01 MBES01 AIX 3 5 00CD16724C00
oracle_info S01 10.2.0.2.0 8192 2959 21202296 MBES01 UTF8 UTF8
sap_info 700 SAPSR3 0002LK0003S010011E21297128880015Maintenance_ORA
make_info rs6000_64 OCI_102 Apr 8 2009
command_line /usr/sap/S01/SYS/exe/run/brbackup -p initS01.sap -d disk -t online -m all -k no -e 0 -o dist,time -l E -U
BR0116I ARCHIVE LOG LIST before backup for database instance S01
Parameter Value
Database log mode Archive Mode
Automatic archival Enabled
Archive destination /oracle/S01/oraarch/S01arch
Archive format %t_%s_%r.dbf
Oldest online log sequence 2956
Next log sequence to archive 2959
Current log sequence 2959 SCN: 21202296
Database block size 8192 Thread: 1
Current system change number 21209894 ResetId: 674792151
BR0118I Tablespaces and data files
Tablespace TS-Status F-Status File Size Id. Device Link Type
MaxSize IncrSize BlkSize
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_1/sr3.data1 2579505152 4 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_10/sr3.data10 1069555712 13 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_2/sr3.data2 2558533632 5 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_3/sr3.data3 3334479872 6 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_4/sr3.data4 3984596992 7 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_5/sr3.data5 3166707712 8 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_6/sr3.data6 2998935552 9 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_7/sr3.data7 2977964032 10 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_8/sr3.data8 2852134912 11 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3 ONLINE* ONLINE+ /oracle/S01/sapdata2/sr3_9/sr3.data9 2810191872 12 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3700 ONLINE* ONLINE+ /oracle/S01/sapdata3/sr3700_1/sr3700.data1 3523223552 14 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3700 ONLINE* ONLINE+ /oracle/S01/sapdata3/sr3700_2/sr3700.data2 4299169792 15 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3700 ONLINE* ONLINE+ /oracle/S01/sapdata3/sr3700_3/sr3700.data3 3607109632 16 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3700 ONLINE* ONLINE+ /oracle/S01/sapdata3/sr3700_4/sr3700.data4 3428851712 17 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3DB ONLINE* ONLINE+ /oracle/S01/sapdata4/sr3db_1/sr3db.data1 2097160192 19 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3DB ONLINE* ONLINE+ /oracle/S01/sapdata4/sr3db_2/sr3db.data2 2097160192 20 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3DB ONLINE* ONLINE+ /oracle/S01/sapdata4/sr3db_3/sr3db.data3 1048584192 21 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPSR3USR ONLINE* ONLINE+ /oracle/S01/sapdata4/sr3usr_1/sr3usr.data1 20979712 18 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPTEMP ONLINE# ONLINE+ /oracle/S01/sapdata1/temp_1/temp.data1 1017126912 -1 3276802 NOLINK FILE 104
85760000 20971520 8192
PSAPUNDO ONLINE- ONLINE+ /oracle/S01/sapdata1/undo_1/undo.data1 2705334272 2 3276802 NOLINK FILE 104
85760000 20971520 8192
SYSAUX ONLINE* ONLINE+ /oracle/S01/sapdata1/sysaux_1/sysaux.data1 230694912 3 3276802 NOLINK FILE 104
85760000 20971520 8192
SYSTEM ONLINE* SYSTEM+ /oracle/S01/sapdata1/system_1/system.data1 513810432 1 3276802 NOLINK FILE 104
85760000 20971520 8192
BR0119I Redo log files
File Size Group Device Status Link Type
/oracle/S01/origlogA/log_g11m1.dbf 52429312 1 3276802 INUSE NOLINK FILE
/oracle/S01/mirrlogA/log_g11m2.dbf 52429312 1 3276802 INUSE NOLINK FILE
/oracle/S01/origlogB/log_g12m1.dbf 52429312 2 3276802 INUSE NOLINK FILE
/oracle/S01/mirrlogB/log_g12m2.dbf 52429312 2 3276802 INUSE NOLINK FILE
/oracle/S01/origlogA/log_g13m1.dbf 52429312 3 3276802 INUSE NOLINK FILE
/oracle/S01/mirrlogA/log_g13m2.dbf 52429312 3 3276802 INUSE NOLINK FILE
/oracle/S01/origlogB/log_g14m1.dbf 52429312 4 3276802 INUSE NOLINK FILE
/oracle/S01/mirrlogB/log_g14m2.dbf 52429312 4 3276802 INUSE NOLINK FILE
BR0120I Control files
File Size Id. Device Link Type
/oracle/S01/origlogA/cntrl/cntrlS01.dbf 14368768 0 3276802 NOLINK FILE
/oracle/S01/origlogB/cntrl/cntrlS01.dbf 14368768 0 3276802 NOLINK FILE
/oracle/S01/sapdata1/cntrl/cntrlS01.dbf 14368768 0 3276802 NOLINK FILE
BR0616I Tablespaces in table TSORA for SAP owner SAPSR3:
PSAPSR3, PSAPSR3700, PSAPSR3USR
BR0379I Distribution of files on volume #1:
Position Size Rate Compressed Duration Speed Name
[m:s] [MB/h]
1 2579505152* 2:19 63712 /oracle/S01/sapdata2/sr3_1/sr3.data1
2 1069555712* 0:59 62238 /oracle/S01/sapdata2/sr3_10/sr3.data10
3 2558533632* 2:19 63194 /oracle/S01/sapdata2/sr3_2/sr3.data2
4 3334479872* 2:48 68143 /oracle/S01/sapdata2/sr3_3/sr3.data3
5 3984596992* 3:19 68744 /oracle/S01/sapdata2/sr3_4/sr3.data4
6 3166707712* 2:49 64332 /oracle/S01/sapdata2/sr3_5/sr3.data5
7 2998935552* 2:38 65165 /oracle/S01/sapdata2/sr3_6/sr3.data6
8 2977964032* 2:39 64302 /oracle/S01/sapdata2/sr3_7/sr3.data7
9 2852134912* 2:28 66162 /oracle/S01/sapdata2/sr3_8/sr3.data8
10 2810191872* 2:29 64752 /oracle/S01/sapdata2/sr3_9/sr3.data9
11 3523223552* 2:49 71574 /oracle/S01/sapdata3/sr3700_1/sr3700.data1
12 4299169792* 3:38 67707 /oracle/S01/sapdata3/sr3700_2/sr3700.data2
13 3607109632* 3:09 65524 /oracle/S01/sapdata3/sr3700_3/sr3700.data3
14 3428851712* 2:48 70072 /oracle/S01/sapdata3/sr3700_4/sr3700.data4
15 2097160192* 1:59 60504 /oracle/S01/sapdata4/sr3db_1/sr3db.data1
16 2097160192* 1:58 61017 /oracle/S01/sapdata4/sr3db_2/sr3db.data2
17 1048584192* 0:59 61017 /oracle/S01/sapdata4/sr3db_3/sr3db.data3
18 20979712* 0:06 12005 /oracle/S01/sapdata4/sr3usr_1/sr3usr.data1
19 2705334272* 2:19 66820 /oracle/S01/sapdata1/undo_1/undo.data1
20 230694912* 0:19 41686 /oracle/S01/sapdata1/sysaux_1/sysaux.data1
21 513810432* 0:38 46422 /oracle/S01/sapdata1/system_1/system.data1
22 14368768 0:00 0* /oracle/S01/sapbackup/cntrlS01.dbf
Total: 51919052800* 45:29 65317
BR0284I BRBACKUP time stamp: 2009-07-07 08.12.19, elapsed time: 0:00
BR0057I Backup of database: S01
BR0058I BRBACKUP action ID: beayrvav
BR0059I BRBACKUP function ID: and
BR0110I Backup mode: ALL
BR0077I Database file for backup: /oracle/S01/sapbackup/cntrlS01.dbf
BR0061I 22 files found for backup, total size 49513.867 MB
BR0143I Backup type: online
BR0112I Files will not be compressed
BR0130I Backup device type: disk
BR0106I Files will be saved on disk in directory: /oracle/S01/sapbackup/beayrvav
BR0284I BRBACKUP time stamp: 2009-07-07 08.12.19, elapsed time: 0:00
BR0256I Enter 'c[ont]' to continue, 's[top]' to cancel BRBACKUP:
BR0284I BRBACKUP time stamp: 2009-07-07 08.12.54, elapsed time: 0:35
BR0257I Your reply: 'c'
BR0259I Program execution will be continued...
BR0370I Directory /oracle/S01/sapbackup/beayrvav created
end **************************************************
it won't move furthe after this.. I checked and compared SPFILE & init<SID>.sap with other servers (DEV,QA & PRD) all are same.. But, backup is happening on those server without any problem.
Can anybody help me on this..
Thanks!
Sundaresh Suryanarayan -
GRC AC RAR: Comprehension question Mitigating Controls
Hello all,
I have a small comprehension question regarding Mitigating Controls.
Situation:
We have identified some authorization roles that contained lots of risks and we decided that they should not be used anymore. I therefore had our admins remove those roles from all the userIDs and update the role descriptions so it is clear that these roles are obsolete and must not be used anymore. For specific reasons we are currently not able to archive those roles in order to remove them from the system (can't delete them either for unclarified data retention questions).
What has been done:
1. I have created the necessary userIDs for Management Approver, Monitor, etc. in tab Mitigation -> Administrators -> Create
2. I have created the necessary business unit and assigned to userIDs created in 1. in tab Mitigation -> Business Units -> Create
3. I have created a Mitigation Control "Obsolete Roles" in tab Mitigation -> Mitigating Controls -> Create
4. Within the Mitigatin Control I have mitigated all associated risks in tab "Associated Risks", added a userID in tab "Monitors" and I have added all the obsolete roles using the button "Mitigate roles"
What I want to achieve:
- Roles should not show up in the analysis anymore -> I've checked that and it works as expected
- I now want the userID I added in tab "Monitors" and when mitigating the roles to regularly check in the SAP system whether the mitigated roles have been assigned to any userIDs again (using PFCG or any other suitable report in the system).
Can I achieve that by using tab "Reports" within the Mitigating Control ?
If I provide the system in column "System", provide "PFCG" in column "Action", "Use PFCG to check is role is assigned again" in "Description", add the userID in tab "Monitor" and set Frequency to "4" this would mean that that userID needs to check whether the roles have been used again at least every 4 weeks ?
Will the system automatically send a reminder eMail to that userID every 4 weeks or does the user have to check the RAR manually in order to see "his/her" tasks ?
Regards,
BenjaminHi Jwalant,
sorry for my late reply, but I have waited for a few weeks to make be sure wheather the way you described works or not.
- The background job gets executed once a week and finishes without any error.
- The only thing that doesn't work is that the userID that I maintained in clolumn "monitor" and for which I defined a mitigation control which has to be executed every 2-weeks (using column "report") does NOT get a mail from the system that reminds him/her to execute the mitigating control.
Log of background job execution:
INFO: -
Scheduling Job =>16----
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob run
INFO: --- Starting Job ID:16 (GENERATE_ALERT) - Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 16 Status: Running
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
1@@Msg is Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION started :threadid: 2
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=16, status=1, message=Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION started :threadid: 2
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Alert Generation Started @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Conflict Risk Input has 1 records @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Critical Risk Input has 1 records @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@ Mitigation Monitor Control Input has 1 records @@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
INFO: @@@@@ Backend Access Interface execution has been started @@@@@
Mar 28, 2011 4:00:00 AM com.virsa.cc.common.util.ExceptionUtil logError
SEVERE: null
java.lang.NullPointerException
at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IStatRecInputElement.wdGetObject(IPublicBackendAccessInterface.java)
at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)
at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
at com.virsa.cc.comp.BackendAccessInterface.get_TcodeLog_Rec(BackendAccessInterface.java:2800)
at com.virsa.cc.comp.BackendAccessInterface.alertGenerate(BackendAccessInterface.java:1940)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.alertGenerate(InternalBackendAccessInterface.java:4355)
at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.alertGenerate(InternalBackendAccessInterface.java:4824)
at com.virsa.cc.xsys.bg.BgJob.alertGen(BgJob.java:1666)
at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:697)
at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:362)
here it keeps ranting on for pages about Null Pointer Exceptions
I'll just leave that part out
Mar 28, 2011 4:00:29 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
INFO: -
No of Records Inserted in ALTCDLOG =>16 For System =>XXX_xxx -
Mar 28, 2011 4:00:29 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
INFO: ==$$$===Notif Current Date=>2011-03-28==$$$==Notif Current Time=>04:00:00===$$$===
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.mgmbground.dao.AlertStats execute
INFO: Start AlertStats.............
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob alertGen
INFO: @@@=== Alert Generation Completed Successfully!===@@@
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob setStatus
INFO: Job ID: 16 Status: Complete
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
FINEST: --- @@@@@@@@@@@ Updating the Job History -
0@@Msg is Job Completed successfully
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
INFO: -
Background Job History: job id=16, status=0, message=Job Completed successfully
Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob scheduleJob
INFO: -
Complted Job =>16----
- Anothjer thing I noticed is that the job always adds some entries to table "ALTCDLOG" which I guess means something like "Alert T-Code Log".
It always adds entries like:
581 XXX_XXX userID#1 SE16 2011-03-21 07:49:44 xxx 5
582 XXX_XXX userID#1 SM37 2011-03-21 07:55:44 xxx 5
Where does the system get the information which T-Codes are "bad" and for which it needs to create those entries ? I have never configured anything like that in the system.
Or is this an indicator that the authorization roles I mitigated have been used again ?
Regards,
Benjamin
Maybe you are looking for
-
IPod Touch wont connect to youtube.
Every time i try to watch a video (any video) it says "The Movie Could not be played". I really dont want to restore my iPod because of all the settings i have for Wi-Fi. Any ideas what might be causing this?
-
I can't transfer purchased books from my Sony Reader Library to ADE. Can anyone help
-
Delete saved interactive reports
Seems there is a lot of discussion about migrating and sharing "saved" interactive reports, but how do you delete them? thanks, Drew
-
Lock button doesn't work since update, any ideas?
All my lock button does is mute, will not lock the screen orientation. Does anyone have any ideas to fix this?
-
How can I find out if my Vista Home OS is 32 or 64 bit's? And whether or not it is BETA?