Rule set Version

Hi ,
  How to find out , rules set version a particular RAR( CC) system have , If a logged into RAR( Or CC) of some one else system,
To be specific I wanted to know which Rule Set Version?( Rules)  they are using (Like Q1 2007 , Q3 2007, Q2 2008 or Q2 2009 Rule Update etc) irrespective of application version they are using ( Like 5.1 ,5.2 or 5.3 ) .
Thanks & Regards
Uma Shankar T

Hi Uma,
The ruleset versions are normally shipped as part of support packs.
However, you would only normally implement the ruleset version when doing a clean implementation as uploading a completely new version could overwrite any changes which you have made for your own organisation.
I do not know of any technical settings to identify exactly which version was uploaded into the system as the ruleset is shipped as a data file.
You can track the released versions via the SAP Notes though.
Simon

Similar Messages

  • Deployment Rule Sets do not properly launch the latest available version from the JRE6 family when the jpi-version is specified by the RIA

    Issue Summary
    In Java 1.7 Update 71, Java 1.7 Update 72 and Java 1.8 Update 25 Deployment Rule Sets do not properly launch the latest available version from the JRE6 family when the jpi-version is specified by the RIA.  We've noticed this with Oracle Forms and Reports 11g where we have forms that specify Java 1.6 Update 20.  We used to be able to specify Java 1.6 Update 26 in our Ruleset, but now the only version a that works in our ruleset is Java 1.6 Update 20 which is the same version requested by the JPI-Version attribute of the jar.  The long term solution would be to upgrade Oracle Forms and Reports, however this isn't currently in the cards.
    RuleSet.xml Test
    Ruleset.xml

    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    <ruleset version="1.0+">  
    <rule>
       <id location="*.javatester.org" />
       <action permission="run" version="1.6*" />
    </rule>
    <ruleset version="1.0+">
    <rule>
       <id location="*.internaldomain.name" />
       <action permission="run" version="1.6*" />
    </rule>
    </ruleset>
    Test 1 (Control)
    Installed Java Versions:
    – 1.7 Update 51 b13 (both x86 and x64 however x86 is invoked)
    – 1.6 Update 26 b03 (both x86 and x64 however x86 is invoked)
    Deployment Ruleset works as expected for both URLs
    Test 2
    Installed Java Versions:
    – 1.7 Update 72 (both x86 and x64 however x86 is invoked)
    – 1.6 Update 26 b03 (both x86 and x64 however x86 is invoked)
    The RuleSet works for JavaTester.org however on internaldomain.name we get the following error:
    With the trace logging turned on, I suspected the version attribute supplied by the RIA. I was able to trick Java by adding the following to my system deployment.properties file:
    deployment.javaws.jre.0.product=1.6.0_20
    deployment.javaws.jre.0.path=C\:\\Program Files (x86)\\Java\\jre6\\bin\\javaw.exe
    deployment.javaws.jre.0.enabled=true
    Because the RIA requests 1.6.0_20 it matches 1.6* from the deployment ruleset sooner than 1.6.0_26. However, if 1.6.0_20 is not available 1.6.0_26 should match according to the Deployment Rule Set documentation:
    http://docs.oracle.com/javase/7/docs/technotes/guides/jweb/security/deployment_rules.html
    The version of the JRE that is used is determined by the following order of precedence:
    1. The current version of the JRE is used if it is available and matches both the version attribute and the version requested by the RIA.
    2. The latest available version of the JRE is used if it matches both the version attribute and the version requested by the RIA.
    3. The current version of the JRE is used if it is available and matches the version attribute.
    4. The latest available version of the JRE is used if it matches the version attribute.
    If no version is available that meets the criteria, then the RIA is blocked, and a message is shown to the user. To provide a custom message, include the message element.
    As a result:
    If Java 1.6.0_20 is listed in the version requested by the RIA and 1.6.0_20 is listed in the deployment.properties file, #1 matches.
    If Java 1.6.0_20 is listed in the version requested by the RIA, but 1.6.0_20 is NOT listed in the deployment.properties file the #1 SHOULD match, but doesn’t. It used to match up-to and including JRE 1.7 Update 51 however the ruleset appears to no longer match in subsequent versions.
    #2 should never match with our current Deployment Ruleset. It would match if we specified 1.7* as a version in the Ruleset.xml.
    #3 used to be broken as well after JRE 1.7 Update 51 however this bug has been marked as fixed. See: http://bugs.java.com/view_bug.do?bug_id=8032781
    I have reproduced this issue with Java 1.7 Update 71, Java 1.7 Update 72, and Java 1.8 Update 25 when one of these versions are installed with Java 1.6 Update 26.

    I can't seem to edit this post anymore, for some odd reason.
    So here goes;
    I found this post in NVIDIA's knowledge base;
    When installing an after-market graphics card into a certified Windows 8 PC with UEFI enabled, the s...
    The interesting parts in this post are as follows;
    When an after-market graphics card is installed into a motherboard with UEFI enabled in the system BIOS, or if the system is a certified Windows 8 PC with Secure Boot enabled, the system may not boot.
    UEFI is a new system BIOS feature that is provided on most new motherboards. A UEFI system BIOS is required in order for the Windows 8 Secure Boot feature to work. Secure boot is enabled by default on certified Windows 8 PCs.
    In order to get the PC to boot with a graphics card that does not contain UEFI firmware, the end-user must first disable the secure boot feature in the system's SBIOS before installing the graphics card.
    Note: Some system SBIOS's incorporate a feature called compatibility boot. These systems will detect a non-UEFI-enabled firmware VBIOS and allow the user to disable secure boot and then proceed with a compatibility boot. If the system contains a system SBIOS the supports compatibility boot, the user will need to disable secure boot when asked during boot process
    This leads me to believe that the BIOS update that wrecked my setup was 9SKT58A/9SJT58A, which only contains one change;
    "Adds support for updating BIOS from a WIN7 BIOS to a WIN8 BIOS".
    I've just ordered a cheap UEFI-compatible GT640 from Gainward, so I hope I'll be able to try that out this weekend.

  • I have messages in mail that are color-coded as if by a rule, but I have no rules set. How can I correct this?

    The only rule that I ever had in Mail was the default one that color coded messages from Apple blue. I notice that some messages are color-coded brown and I have no rules set at al (hence no rule to turn off.)  Some of the messages are related to viewing online magazine, but not all.  How can I stop this?

    Hi. Thanks for your message.
    Well, I understand what you are trying to say but I thought it was easier to categorize in Apple Mail.
    On Entourage I just click twice on a sender address, record it on Address book and give it a colour that I previously defined as "Work", "Personal", "Customers", "Suppliers", "Friends" or whatever.
    As Apple Mail don't have Address Book as part of it but an outside feature it's very annoying. Of course I am used to use a software and I don't expect now Apple Mail do everything as Entourage but... as someone said it seems Apple Mail stopped in time. The recent version seems the first one ever issued. I hate the way Mail.app handles attachments by placing big chunky previews right in my email. I prefer them to be named attachments listed somewhere else, out of the content of my email. I don't if I can change this via terminal commands? Can you tell me if that is possible?
    I don't understand why Apple Mail have lots of plugins instead of a great improvment from the backstage.
    I use Apple computers since ever and I love this machines but sometimes I don't understand this lake of improvments.
    Take a look at this link:
    http://scottworldblog.wordpress.com/2009/10/12/microsoft-entourage-vs-apple-mail /
    Of course I don't agree 100% with him but some things are true...

  • Do you trust the SAP standard rule set ?

    Hello all,
    I have the impression that, too often, the SAP standard ruleset has been taken for granted : upload, generate and use. Here is a post as to why not to do so. Hopefuly, this will generate a interesting discussion.
    As I have previously stated in other threads, you should be very careful accepting the SAP standard rule set without reviewing it first. Before accepting it, you should ensure that your specific SAP environment has been reflected in the functions. The 2 following questions deal with this topic :
    1. what is your SAP release  ? ---> 46C is different than ECC 6.0 in terms of permissions to be included in the function permission tab. With every SAP release, new authorization objects are linked to SAP standard tcodes. Subsequently some AUTHORITY-CHECK statements have been adapted in the ABAP behind the transaction code. So, other authorizations need to provided from an implementation point of view (PFCG). And thus, from an audit perspective (GRC-CC), other settings are due when filtering users' access rights in search for who can do what in SAP.
    2. what are your customizing settings and master data settings ? --> depending on these answers you will have to (de)activate certain permissions in your functions. Eg. are authorization groups for posting periods, business areas, material types, ... being used ? If this is not required in the SAP system and if activated in SAP GRC function, then you filter down your results too hard, thereby leaving certain users out of the audit report while in reality they can actually execute the corresponding SAP functionality --> risk for false negatives !
    Do not forget that the SAP standard ruleset is only an import of SU24 settings of - probably - a Walldorf system. That's the reason SAP states that the delivered rule set is a starting point. 
    So, the best practice is :
    a. collect SAP specific settings per connector in a separate 'questionnaire' document, preferably structured in a database
    b. reflect these answers per function per connector per action per permission by correctly (de)activating the corresponding permissions for all affected functions
    You can imagine that this is a time-consuming process due to the amount of work and the slow interaction with the Java web-based GRC GUI. Therefore, it is a quite cumbersome and at times error-prone activity ...... That is, in case you would decide to implement your questionnaire answers manually. There are of course software providers on the market that can develop and maintain your functions in an off-line application and generate your rule set so that you can upload it directly in SAP GRC. In this example such software providers are particularly interesting, because your questionnaire answers are structurally stored and reflected in the functions. Any change now or in the future can be mass-reflected in all (hundreds / thousands of) corresponding permissions in the functions. Time-saving and consistent !
    Is this questionnaire really necessary ? Can't I just activate all permissions in every function ? Certainly not, because that would - and here is the main problem - filter too much users out of your audit results because the filter is too stringent. This practice would lead too false negatives, something that auditors do not like.
    Can't I just update all my functions based on my particular SU24 settings ? (by the way, if you don't know what SU24 settings are, than ask your role administrator. He/she should know. ) Yes, if you think they are on target, yes you can by deleting all VIRSA_CC_FUNCPRM entries from the Rules.txt export of the SAP standard rule set, re-upload, go for every function into change mode so that the new permissions are imported based on your SU24 settings. Also, very cumbersome and with the absolute condition that you SU24 are maintained excellent.
    Why is that so important ? Imagine F_BKPF_GSB the auth object to check on auth groups on business areas within accounting documents. Most role administrator will leave this object on Check/Maintain in the SU24 settings. This means that the object will be imported in the role when - for example - FB01 has been added in the menu.  But the role administrator inactivates the object in the role. Still no problem, because user doesn't need it, since auth groups on business areas are not being used. However, having this SU24 will result in an activated F_BKPF_GSB permission in your GRC function. So, SAP GRC will filter down on those users who have F_BKPF_GSB, which will lead to false negatives.
    Haven't you noticed that SAP has deactivated quite a lot of permissions, including F_BKPF_GSB ? Now, you see why. But they go too far at times and even incorrect. Example : go ahead and look deeper into function AP02. There, you will see for FB01 that two permissions have been activated. F_BKPF_BEK and F_BKPF_KOA.  The very basic authorizations needed to be able to post FI document are F_BKPF_BUK and F_BKPF_KOA.  That's F_BKPF_BUK .... not F_BKPF_BEK. They have made a mistake here. F_BKPF_BEK is an optional  auth object (as with F_BKPF_GSB) to check on vendor account auth groups.
    Again, the message is : be very critical when looking at the SAP standard rule set. So, test thoroughly. And if your not sure, leave the job to a specialized firm.
    Success !
    Sam

    Sam and everyone,
    Sam brings up some good points on the delivered ruleset.  Please keep in mind; however, that SAP has always stated that the delivered ruleset is a starting point.  This is brought up in sap note 986996     Best Practice for SAP CC Rules and Risks.  I completely agree with him that no company should just use the supplied rules without doing a full evaluation of their risk and control environment.
    I'll try to address each area that Sam brings up:
    1.  Regarding the issue with differences of auth objects between versions, the SAP delivered rulset is not meant to be version specific.  We therefore provide rules with the lowest common denominator when it comes to auth object settings.
    The rules were created on a 4.6c system, with the exception of transactions that only exist in higher versions.
    The underlying assumption is that we want to ensure the rules do not have any false negatives.  This means that we purposely activate the fewest auth objects required in order to execute the transaction.
    If new or different auth object settings come into play in the higher releases and you feel this results in false positives (conflicts that show that don't really exist), then you can adjust the rules to add these auth objects to the rules.
    Again, our assumption is that the delivered ruleset should err on the side of showing too many conflicts which can be further filtered by the customer, versus excluding users that should be reported.
    2.  For the customizing settings, as per above, we strive to deliver rules that are base level rules that are applicable for everyone.  This is why we deliver only the core auth objects in our rules and not all.  A example is ME21N. 
    If you look at SU24 in an ECC6 system, ME21N has 4 auth objects set as check/maintain.  However, in the rules we only enable one of the object, M_BEST_BSA.  This is to prevent false negatives.
    3.  Sam is absolutely right that the delivered auth object settings for FB01 have a mistake.  The correct auth object should be F_BKPF_BUK and not F_BKPF_BEK.  This was a manual error on my part.  I've added this to a listing to correct in future versions of the rules.
    4.  Since late 2006, 4 updates have been made to the rules to correct known issues as well as expand the ruleset as needed.  See the sap notes below as well as posting Compliance Calibrator - Q2 2008 Rule Update from July 22.
    1083611 Compliance Calibrator Rule Update Q3 2007
    1061380 Compliance Calibrator Rule Update Q2 2006
    1035070 Compliance Calibrator Rule Update Q1 2007
    1173980 Risk Analysis and Remediation Rule Update Q2 2008
    5.  SAP is constantly working to improve our rulesets as we know there are areas where the rules can be improved.  See my earlier post called Request for participants for an Access Control Rule mini-council from January 28, 2008.  A rule mini-council is in place and I welcome anyone who is interested in joining to contact me at the information provided in that post.
    6.  Finally, the document on the BPX location below has a good overview of how companies should review the rules and customize them to their control and risk environment:
    https://www.sdn.sap.com/irj/sdn/bpx-grc                                                                               
    Under Key Topics - Access Control; choose document below:
        o  GRC Access Control - Access Risk Management Guide   (PDF 268 KB) 
    The access risk management guide helps you set up and implement risk    
    identification and remediation with GRC Access Control.

  • Access to update the GRC rule set is limited

    Hello - What is the process (tcode) to see who has access to update the GRC rule set?
    Thanks!

    Hi Sam,
       What is the version of your RAR (CC)? If it is CC 4.0 then you enter the product via tcode and go to rule architect to make changes. If you have CC 5.X then you go through the web browser and go to Rule architect to make changes to the rule set.
    The process to change a rule set is as below:
    1) Creats Function
    2) Create risk
    3) Create Rule
    Regards,
    Alpesh

  • Need information on the new RAR Rule Architect/Rule Set functions

    Does anyone have any information on the new 5.3 functions listed under Rule Architect/Rule Sets, specifically the Compare function?
    My 5.3 Config manual mentions this area but doesn't describe anything about it.  I have a request from our user group and need to determine if this can fit that request.
    What they are looking for is an easy way to compare our RAR Rule Set with the latest SAP version (Q2 2010 is the most recent I believe).  Just from the screen shots, it looks like we could maybe use the Rule Sets functions for that.  Load the new SAP one into RAR as a separate ruleset and then run this Compare function.  However I haven't been able to find any documentation on this function, so I don't know if it really does what we are looking for.
    Thanks.

    Hi,
    the error 'NullPointerException ' is very common error in GRC.
    kindly search, you will find lots of threads and notes on thi.
    check you permission TXT file. It contain null value some where.
    especially check SD01 & SD02 tcodes.
    Also open permission file in word and check all TAB's and ENTER's in technical view.
    Regards,
    Surpreet

  • Deployment Rule Set broken with Java 7u55

    Hello!
    I'm using Deployment Rule Set in my company environment, its signed by code signing certificate that is given out by internal CA. After I upgraded to Java 7u55, the Deployment Rule Set does not recognize older statically installed Java version.
    Versions I have:
    7u45 - install directory: C:\Program Files\Java\jre1.7.0_45
    7u51 - install directory: C:\Program Files\Java\jre1.7.0_51
    7u55 - install directory: C:\Program Files\Java\jre1.7.0_55 or C:\Program Files\Java\jre7\ - neither does not work
    When I go to site described in Ruleset and that has to use Java 7u45, then I receive an message "Deployment Rule Set required Java version 1.7.0_45 not available. In the same way it doesn't recognize 1.7.0.51 or even Java version 6.
    When I uninstall Java 7u55, everthing works fine again.
    My ruleset looks like this:
    <ruleset version="1.0+">
         <rule>
              <id location="first.site.com" />
              <action permission="run" version="1.7.0_45" />
         </rule>
         <rule>
              <id location="second.site.com" />
              <action permission="run" version="1.7.0_51" />
         </rule>
         <rule
              <id />
              <action permission="default" />
         </rule>
    </ruleset>
    Anyone knows what's wrong or is it a bug?

    costlow - I disagree.  If I'm using IE, then I only need the internal certficate used to sign the jar to be also insalled on the machine in question in the windows CA Certs store.  If the cert was the issue, why does it work with 7u51.  If it was a bad cert, it should fail with every version.  Plus, I think the pop up has a different error message if it has a cert issue.
    I'm having the exact same issue as the OP described and it all started with 7u55.  Here's what I've found:
    - With 7u55 or 7u60 installed, the error will come up rergardless of what prior version is being requested.
    - If 7u51 is the latest installed, it works
    -  If 8u05 is installed with 7u55 and/or 7u60, it works
    - If I install the 7u60 EA b15, it works
    Something in the final release is being added that blocks this functionality, but for some odd reason only in the 7 family starting with 7u55.
    Any insight you could give would be very helpful.  In the meantime, I am deploying 8u05 to cover this up, but it does pose issues for some apps that don't work with the new 8 family plugin.

  • Calc Manager - RULE SET

    In order to bundle up some Business rule so I want to use RULE SET in calc manager.
    When I go in Calc Manager, I can see Consolidation, Planning, and Essbase. But, I can not go beyond Planning or Essbase. I have 2 options Export and Refresh, I tried those but nothing changes really... Please Help...

    Did you get this issue resolved? If not what version are you running? Do you have any EPMA or Classic apps already created?
    ~SM

  • Getting Deployment Rule Sets to work

    So, I'm struggling trying to get Java deployment rule sets working as follows:
    Here is my simple ruleset.xml:
    <ruleset version="1.0+">
      <rule>
        <id location="javatester.org" />
        <action permission="run" version="1.6.0_35" />
      </rule>
    </ruleset>
    I have gotten this same ruleset working using 3 different older versions of jre7 (7u45, 7u35, 7u9) where javatester.org website will display the specified version, even when a newer version is present.  However, this seems to break when I try to specify a jre6 version (tried both 6u35 & 6u27).
    For example, when I try 6u35, the javatester.org website displays
    Error.  Click for details
    When I click, a blank pop up windows briefly pops up then disappears, with a title bar "Application Error".  I have made the Java console visible for testing purposes, and both the 1.7.0_51 & 1.6.0_35 consoles pop up, but I can't find anywhere why this might not work.  I am assuming it's not a certificate issue, as I imported my self-signed certificate into the Signer CA store and can see it in both the Java 7u51 control panel, and the Java 6u35 control panel.
    Any thoughts?  Anyone else get this working?

    Hello,
    can you show me your "ruleset.xml"?
    I had similar problems when I had an error in there (invalid XML). You have to be extra careful that it is valid UTF-8 too. I already got a problem because of an invalid umlaut,
    Regards
    Markus

  • RAR: Global Rule set

    Hi,
    I am wondering if the latest global rule set contains the tcodes, authorization objects and values based on the latest version of SAP? If yes, can this global rule set be applicable for SAP version 4.7 ?
    Thanks,
    Debbie

    Hello Rajesh,
    Hope this information from SAP helps you.RAR Rule Update - Documentation
    It is not possible to programmatically send out updates to the default ruleset (i.e. via transports or STMS). 
    This is because rule uploads only overwrite and not append.  As every company should have made changes to their ruleset, SAP cannot send out rule updates as this would overwrite the customization done by each company
    Since the SAP acquisition of Virsa, there have been seven updates to the supplied ruleset which are described in detail in SAP notes below.
    1061380 u2013 Q2 2006
    1035070 u2013 Q1 2007
    1083611 u2013 Q3 2007
    1173980 u2013 Q2 2008
    1326497 u2013 Q2 2009
    1446680 u2013 Q2 2010
    1604722 u2013 Q3 2011
    These notes provide a company a detailed Word document that summarizes the changes made. 
    The company must go through these changes to evaluate if they agree with the SAP supplied change. 
    If they agree, the company will have to make the change manually via the Rule Architect.
    To get more details, please refer to note#986996
    Regards,
    Renuka

  • Drop rule set

    Hi,
    I have only the following object (rule set) on my schema.
    OBJECT_NAME     OBJECT_TYPE
    DEV_QUEUE_R     RULE SET
    I tried to drop with with following syntax:
    exec DBMS_RULE_ADM.DROP_RULE_SET(
    rule_set_name => 'DEV1.DEV_QUEUE_R',
    delete_rules  => false);
    But following error shown:
    ORA-24170
    string.string is created by AQ, cannot be dropped directly
    Cause: This object is created by AQ, thus cannot be dropped directly
    Action: use dbms_aqadm.drop_subscriber to drop the object
    And I couldn't find the exact syntaxt of this. Can anyone help me with the exact syntax of DBMS_AQADM.DROP_SUBSCRIBER?
    Thanks.
    BANNER
    Oracle Database 11g Release 11.1.0.6.0 - 64bit Production
    PL/SQL Release 11.1.0.6.0 - Production
    CORE     11.1.0.6.0     Production
    TNS for Linux: Version 11.1.0.6.0 - Production
    NLSRTL Version 11.1.0.6.0 - Production
    Edited by: Nadvi on Jul 22, 2010 4:03 PM

    Ok, I found the solution.
    select * from user_objects;
    OBJECT_TYPE OBJECT_NAME STATUS
    ------------------------------ RULE AQ$WF_DEFERRED_QUEUE_M$1 VALID
    RULE SET AQ$WF_DEFERRED_QUEUE_M$1 INVALID
    1.Set the following event at session level:
    alter session set events '25475 trace name context forever, level 2';
    2. Drop rule:
    execute DBMS_RULE_ADM.DROP_RULE('.AQ$WF_DEFERRED_QUEUE_M$1',TRUE);
    commit;
    3.Drop rule set :
    execute DBMS_RULE_ADM.DROP_RULE_SET('AQ$WF_DEFERRED_QUEUE_M$1');
    commit;
    4. Connect as SYSTEM or SYSDBA and try to drop user again.
    drop user <user> cascade;
    Thanks

  • Com.bea.p13n.rules.manager.RuleSetNotFoundException: The rule set with URI /segments/GlobalClassifications.rls could not be located by the class named com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager

    Hi,
    I am getting below exceptions in weblogic portal 10.3.5 which is upgraded from 10.3.4 portal. I have a datasync project .when try to run from workshop(eclipse IDE) getting below error.
    com.bea.p13n.servlets.jsp.JspException: DivTag: The retrieved advice is incomplete. See the processing error list for more information.
    com.bea.p13n.advisor.internal.AdviceImpl@299d48
    Identifier: 1377808035572
    Complete: true
    Last Result: null
    ProcessingError List:
    (1) com.bea.p13n.advisor.internal.ProcessingErrorImpl@1504ee
    Description: Exception evaluating ruleset.
    Source: com.bea.p13n.rules.advislets.RulesAdvisletImpl@e6d518
    Advisor: com.bea.p13n.advisor.internal.AdvisorImpl@b04a4e
    Metadata: com.bea.p13n.common.internal.MetadataImpl@1de62ee
    Name: UnmappedRulesAdvislet
    Description: Advislet that can evalaute a ruleset and return the instantiated objects.
    Author: BEA Systems
    Version: com.bea.p13n.common.internal.VersionImpl@13130a2 Description: WLP 9.2 Number: 9.2, Build Number 1.
    Parameters: {ruleset-name=/segments/GlobalClassifications.rls, ignore-rule-name=false}
    User data: null
    Exception: com.bea.p13n.rules.manager.RuleSetNotFoundException: The rule set with URI /segments/GlobalClassifications.rls could not be located by the class named com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager.
    at com.bea.p13n.rules.manager.internal.RuleSetPersistenceManager.getRuleSet(RuleSetPersistenceManager.java:408)
    at com.bea.p13n.rules.manager.internal.ContextPool.<init>(ContextPool.java:149)
    at com.bea.p13n.rules.manager.internal.ContextPoolFactory.getContextPool(ContextPoolFactory.java:214)
    at com.bea.p13n.rules.manager.internal.RulesManagerImpl.getContext(RulesManagerImpl.java:480)
    at com.bea.p13n.rules.manager.internal.RulesManagerImpl.evaluate(RulesManagerImpl.java:353)
    at com.bea.p13n.rules.manager.internal.RulesManagerImpl.evaluateRule(RulesManagerImpl.java:194)
    at com.bea.p13n.rules.manager.internal.RulesManager_jswjkk_EOImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at com.bea.p13n.rules.manager.internal.RulesManager_jswjkk_EOImpl.evaluateRule(Unknown Source)
    at com.bea.p13n.rules.advislets.RulesAdvisletImpl.getAdvice(RulesAdvisletImpl.java:190)
    at com.bea.p13n.advisor.internal.AdvisorImpl.getAdvice(AdvisorImpl.java:74)
    at com.bea.p13n.advisor.internal.CompoundAdvisletImpl.getAdvice(CompoundAdvisletImpl.java:88)
    at com.bea.p13n.advisor.internal.AdvisorImpl.getAdvice(AdvisorImpl.java:74)
    at com.bea.p13n.advisor.internal.EjbAdvisorImpl.getAdvice(EjbAdvisorImpl.java:62)
    at com.bea.p13n.advisor.internal.EjbAdvisor_t707wa_EOImpl.__WL_invoke(Unknown Source)
    at weblogic.ejb.container.internal.SessionRemoteMethodInvoker.invoke(SessionRemoteMethodInvoker.java:40)
    at com.bea.p13n.advisor.internal.EjbAdvisor_t707wa_EOImpl.getAdvice(Unknown Source)
    at com.bea.p13n.servlets.jsp.taglib.DivTag.includeBody(DivTag.java:103)
    at com.bea.p13n.servlets.jsp.taglib.DivTag.doStartTag(DivTag.java:169)
    at jsp_servlet._portlets._footerlinks.__footerlinks._jspService(__footerlinks.java:247)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at org.apache.beehive.netui.pageflow.PageFlowPageFilter.continueChainNoWrapper(PageFlowPageFilter.java:455)
    at org.apache.beehive.netui.pageflow.PageFlowPageFilter.runPage(PageFlowPageFilter.java:432)
    at org.apache.beehive.netui.pageflow.PageFlowPageFilter.doFilter(PageFlowPageFilter.java:284)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at com.bea.netuix.servlets.filters.IncludeSecurityFilter.doFilter(IncludeSecurityFilter.java:103)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:524)
    at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
    at com.bea.netuix.servlets.controls.content.JspContent.beginRender(JspContent.java:558)
    at com.bea.netuix.nf.ControlLifecycle$7.visit(ControlLifecycle.java:485)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:518)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:220)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:326)
    at com.bea.netuix.nf.UIControl.render(UIControl.java:582)
    at com.bea.netuix.servlets.controls.PresentationContext.render(PresentationContext.java:488)
    at com.bea.netuix.servlets.util.RenderToolkit.renderChild(RenderToolkit.java:152)
    at com.bea.netuix.servlets.jsp.taglib.RenderChild.doStartTag(RenderChild.java:62)
    at jsp_servlet._framework._skeletons._ceoportal.__flowlayout._jspService(__flowlayout.java:139)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
    at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
    at com.bea.netuix.servlets.controls.application.laf.JspTools.renderJsp(JspTools.java:148)
    at com.bea.netuix.servlets.controls.application.laf.JspControlRenderer.beginRender(JspControlRenderer.java:72)
    at com.bea.netuix.servlets.controls.application.laf.PresentationControlRenderer.beginRender(PresentationControlRenderer.java:65)
    at com.bea.netuix.nf.ControlLifecycle$7.visit(ControlLifecycle.java:481)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:518)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:220)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:352)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:326)
    at com.bea.netuix.nf.UIControl.render(UIControl.java:582)
    at com.bea.netuix.servlets.controls.PresentationContext.render(PresentationContext.java:488)
    at com.bea.netuix.servlets.util.RenderToolkit.renderChild(RenderToolkit.java:152)
    at com.bea.netuix.servlets.jsp.taglib.RenderChild.doStartTag(RenderChild.java:62)
    at jsp_servlet._framework._skeletons._ceoportal.__gridlayout._jspService(__gridlayout.java:357)
    at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:183)
    at weblogic.servlet.internal.RequestDispatcherImpl.invokeServlet(RequestDispatcherImpl.java:526)
    at weblogic.servlet.internal.RequestDispatcherImpl.include(RequestDispatcherImpl.java:444)
    at com.bea.netuix.servlets.controls.application.laf.JspTools.renderJsp(JspTools.java:148)
    at com.bea.netuix.servlets.controls.application.laf.JspControlRenderer.beginRender(JspControlRenderer.java:72)
    at com.bea.netuix.servlets.controls.application.laf.PresentationControlRenderer.beginRender(PresentationControlRenderer.java:65)
    at com.bea.netuix.nf.ControlLifecycle$7.visit(ControlLifecycle.java:481)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:518)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walkRecursiveRender(ControlTreeWalker.java:529)
    at com.bea.netuix.nf.ControlTreeWalker.walk(ControlTreeWalker.java:220)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:399)
    at com.bea.netuix.nf.Lifecycle.processLifecycles(Lifecycle.java:361)
    at com.bea.netuix.nf.Lifecycle.runOutbound(Lifecycle.java:208)
    at com.bea.netuix.nf.Lifecycle.run(Lifecycle.java:162)
    at com.bea.netuix.servlets.manager.UIServlet.runLifecycle(UIServlet.java:465)
    at com.bea.netuix.servlets.manager.UIServlet.processControlTree(UIServlet.java:373)
    at com.bea.netuix.servlets.manager.PortalServlet.service(PortalServlet.java:993)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
    at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
    at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
    at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:300)
    at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at com.bea.content.manager.servlets.ContentServletFilter.doFilter(ContentServletFilter.java:178)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at com.bea.portal.tools.servlet.http.HttpContextFilter.doFilter(HttpContextFilter.java:60)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at com.bea.p13n.servlets.PortalServletFilter.doFilter(PortalServletFilter.java:336)
    at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:60)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.wrapRun(WebAppServletContext.java:3729)
    at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3695)
    at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
    at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
    at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2285)
    at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2184)
    at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1459)
    at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
    at weblogic.work.ExecuteThread.run(ExecuteThread.java:178)

    The following document describes about how datasync data is deployed in various scenarios.
    http://download.oracle.com/docs/cd/E13218_01/wlp/docs100/prodOps/preparing.html#wp1029497
    Assuming you are making use of workshop for creating the user segment and deploying to a single server which is in development mode, I would recommend you check if you have hit any OOM issues on the server or not, and try restarting the server, and redeploying your app. Generally this should resolve the issue.
    If the server to which you are deploying is running in production mode / deploying as an EAR then the above referred doc will guide you on the next steps.

  • GRC - Rule Set Library

    Hello,
    Does the GRC deliver rule set library for compliance calibrator? If yes, how it delivers this package, is it includes in the installation of the package itself or separate one. What are the factors do we need to consider when customizing or modifying the standard library to accommodate to any client requirement?
    I appreciate any help on this.
    Thanks in advance!
    Eric

    Each customer is unique therefore their ruleset should be unique.
    Afterall how can the out of the box ruleset meet all of the Internal Control requirements for all different industries in all countries for all legislations for all versions of SAP, it can't!
    Your next question is how long does it take to build your own ruleset, I have clients that have take 2 weeks and others that are still working on it after 15 years!!
    The most important people to include in your ruleset review process are:
    External audit
    Internal audit/Compliance
    Business Process Experts
    without these people on board you will design a ruleset and remediate/mitigate issues that are not actually considered to be issues!!

  • SAP IS-Media SoD Rule Set

    Hi Everyone
    I would like to know if anyone have a rule set for the IS-Media SAP solution, specially for the M/SD and M/PS modules

    Hi Ricardo,
    A few years ago I was looking for IS specific rule sets also, but it seems that there is no SAP standard developed version openly available. I know some GRC implementing specialists (and audit companies) have built up so called "Starter" rule sets for IS solutions, but to get your hands on it, you would have to involve them in your project and allow them to devise a custom governance framework and rule set for your company (i.e. pay for their services and intellectual property).
    From personal experience, if you have a confident understanding of the SAP standard rule set, you could relate IS specific t codes to the standard ECC tcodes and make custom functions and risks similar to the ones in the SAP standard rule set.
    In addition, I would also get function specialists, Internal and External Audit involved and see if any risks have been reported in regards to your IS-Media transactions/processes and see if you can write your own rules up with the information at hand.
    If you feel you have little confidence in trying to device your custom rules and instead need the professional help, it may be worth reaching out to your auditors or the GRC specialists to help you devise the ruleset.
    Hope that helps.

  • FBL5N - in Rule set - It is a Display customer line items

    Dear All,
    We observed that FBL5N - Display customer line items in Standard SoD rule set under function AR07  addressing a risk of S022.
    Unless there are t-codes of FD03 or FB02 this t-code does not allow to change the payment terms of the customer.
    We are having a challenge from the client that FBL5N is a display t-code and why it is there in rule set.
    Has anybody came across this scenario? If yes, what is the underlying risk for this FBL5N independently.
    Is there any SAP Note for this t-code like ME23N from SAP.
    Thanks and Best Regards,
    Srihari.K

    Hi Christian,
    We checked the authorization objects as well enabled in GRC rule set as below:
    F_BKPF_BUK - Docume t Authorization document for company codes - 01 or 02 - Enable.
    Inspite of this access, FBL5N cannot be used to change the document for payment terms and assignments without FB02 t-code
    assignment in the role.
    Independently FBL5N cannot be used for any change or create activity except Display customer line items.
    Please advise
    Thanks and Best Regards,
    Srihari.K

Maybe you are looking for