Rule Sets for ICM in CC 4.0

Similar Messages

• SAP GRC 5.2 Compliance Calibrator rule sets for HR module

  HI All,
  The company i am working for has done installation of GRC 5.2. I would like to download the SAP out of box Compliance Calibrator rule sets for HR function module in a spreadsheet format.
  I would like to download the rule set for risks at Function level, Tcode level and also at authorization object level in ABAP and Roles, actions and permissions in JAVA.
  I will discuss with the BPAs, internal auditors and come up with a new rule set exclusively for my company needs with the help of the above spreadhseet.
  Please tell me what steps i need to do to get this thing done.

  Please go through the process but save these as txt files for UNIX. I am not sure about 5.2 but CC4 was not uploading rule files correctly if file was not saved for TXT for UNIX.
  Regards,
  Harry Sidhu

• Same rule set for two apply processes

  Hi!
  Can anyone tell me whether it is possible to use the same rule set and all rules in it for two apply processes? It would be easy for me to use such configuration, because sometimes I create LCRs myself, sometimes Oracle captures them. They're exactly the same.
  And second question - I tried the above configuration, but the apply process for user created LCRs aborts when it sees first message. Error is: "ORA-00600: internal error code, arguments: [knlcfpactx:any_knlso], [], [], [], [], [], [], []". Oracle MetaLink and Google know nothing about this error. I also don't know if it's somehow connected with these rule sets or is it a problem within my procedure which creates LCRs.
  Greetings

  I'm answering myself. Yes, it is possible, to use the same rule set for different processes. It is said in the documentation. It is also possible to use one rule in several rule sets according to documentation.
  And it seems that it has nothing to do with my ORA-00600 error.

• Standard rule-set for IS-H solution

  Hello all,
  I would like to have the standard rule-set for IS-H solution (Healthcare). I know that it should be developed by the business owners, technical team and auditors, but It will be a helpfull resource as a start point.
  I would appreciate if any of you may share with me.
  Thanks and regards!

  Hi Marina,
  The basis rule set will contain only basis relevant risks, which as you say will apply only for the backend.
  There are no default rulesets for reports. I am pretty sure you could create a custom ruleset for BW reports, if you wanted to.
  Regards,
  Chinmaya

• What is Completion Rule Setting for Item Category KBN?

  Hi,
  In the standard SAP configuration, what is the setting of Completion Rule for
  Item Category KBN?  In our system, currently it's set to "B".
  Thanks!

  Dear Mari
  In Standard, item category <b>KBN</b> will have "<b>A</b>" as billing relevance.
  "A" Indicates what the basis for billing should be.
  Billing is based on the outbound delivery. Billing status is only updated in the outbound delivery. 
  For information, in standard, both <b>KBN</b> and <b>KEN</b> item categories will have "<b>A</b>" as Billing Relevance and in <b>KEN, "W"</b> will be maintained in the field "<b>Special Stock</b>". 
  Thanks
  G. Lakshmipathi

• Downloading a single rule set out of N rule sets.

  HI All,
  We have defined 4 Rule sets for one particular system. Out of these one is the global rule set. Now, my requirement is to have oe more rule set, with 80% rules from global and then add the rest 20% myself. Would like to know if there is any way we can achieve this efficiently, other than creating manually all the 80% rules from GLOBAL rule set.
  Thanks a lot in advance.
  Regards,
  Hersh

  HI Jose,
  Well what you guided was perfectly fine an true in case of making changes to GLOBAL rule set. But any idea how we can make a new rule set out of the custom rule set i have already made.
  I have , in all 4 rule sets present at the moment in GRC - GLOBAL, CUST -1,2 and 3. Now, my requirement is to have a copy of CUST1 into new rule set CUST4, and I manually later on need to update CUST4 for some more risks in it. The problem i am facing is whenever i download the existing rule sets, it is not giving me an option to download just CUST1, but all of four rule sets get downloaded together. Whereas, i need just a copy of CUST1. Any ideas on this?
  Regards,
  Hersh.

• GRC AC Rule Sets

  Hi
  We have a requirement of building up a custom rule set for our organization. The current requirement is to have a central rule set across for all system and have subsequent system specific Risks identified in addition.
  Scenario: Letu2019s say we have identified around 100 risks across the enterprise, however only 50 risks out of 100 risks are applicable for one system. While for the second system there are around 70 risks applicable. Finally for the third one all 100 risks are applicable.
  Should we have system specific rule sets to address the above scenario or should we have a common rule set for the enterprise.
  Appreciate your inputs about the approach for building up of rule set for such scenarios.
  Question: With GRC 10.0, can we run risks for a system on multiple rule set IDs at one time.
  Thanks.
  Anjan Pandey

  Hi,
  Most of the clients will prefer to go with one rule set. However System can allow create/maintain multiple rule sets.
  Anyway your requirement is to have one central rule set across all systems u2013 For that, Create Logical system and maintains one Rule set is the right approach and it gives flexibility for future usage to add /remove required systems. You can maintain risks by system specific, not required to maintain multiple rule sets.
  Refer  GRC Access Control Effective Rule Set Design document,  it gives some good explanation of Rule Set Design&typical Scenarios, Logical & Physical systems approach..etc.
  Regards,
  Ram
  Edited by: ram komma on Apr 13, 2011 1:55 PM

• GRC 10: Default Rule sets

  Hi All.
  i am wondering whether we have default rule set for GRC10 as we found with GRC 5.3. Where do I find them in GRC 10 software download?
  rEgards,
  Faisal

  In GRC10 default rule set are available by BCset :
  GRAC_RA_RULESET_COMMON
  GRAC_RA_RULESET_JDE
  GRAC_RA_RULESET_ORACLE
  GRAC_RA_RULESET_PSOFT
  GRAC_RA_RULESET_SAP_APO
  GRAC_RA_RULESET_SAP_BASIS
  GRAC_RA_RULESET_SAP_CRM
  GRAC_RA_RULESET_SAP_ECCS
  GRAC_RA_RULESET_SAP_HR
  GRAC_RA_RULESET_SAP_NHR
  GRAC_RA_RULESET_SAP_R3
  GRAC_RA_RULESET_SAP_SRM

• Improving CAPTURE rule set performance

  Hi -
  I am capturing and streaming 10 schema and about 10 tables on different schema.
  Approach 1 :
  Setup rule for each schema and rule for each table ( 20 rules total) add them to one rule set for the capture process.
  Approach 2: Have one rule for all the schema with rule condition saying
  where schema_name in ('SCHEMA1','SCHEMA2',... SCHEMA10')
  and another similar rule for tables.
  Is there a performance advantage on either of the approach ?
  thanks.

  My experience will suggest you to create one rule for all the schemas and another for your tables. This will give you more flexibility for future updation. I wont suggest you to create one rule each for all the schema and tables unless there is vast diversity in your requirment.
  Kapil

• Multiple rule sets - impacts in GRC modules

  Hi,
  We are currently running CC 5.2 on our European perimeter.  We would like to extend in the near future to our US perimeter.  For that, we have to take into consideration a complete new set of rules.
  I presume there will be no issue to handle multiple sets of rules in CC but I was wondering what could be the potential impacts/problems for the other GRC modules?
  i.e.: in Role Expert, for the US roles we would like to avoid getting potential risks from European rule sets,...
  Has anybody some attention points or good practice to share on that ?  It would be a great help for us.
  Thanks & Regards

  Different installation of GRC Solutions for different regions is certainly not recommended and not even required.  It is important to design your cross system landscape efficiently considering different regions in mind and create different rule sets for different regions. In a cross system landscape you can have multiple systems from different regions with entirely a different set of modules and data. Obviously the risk will be different, for that purpose you have to create different rule sets for sure.
  Now when you are performing risk analysis for a particular region you have to select the considered system/connector and a rule set respectively so that you get the risks on targeted system only.
  Bill-
  as you asked, if there are chances of potential impacts/problems for the other GRC modules or not,
  The answer is, There will be no impact at all because you are considering them as separate entities within a landscape. It is the beauty of GRC Access Controls to have multiple system connectors, logical systems and cross system landscape that provides almost every feature to cover all regional perimeters.
  Regards,
  Amol Bharti

• Invalid Rule set

  We recently dropped a table level rule and now the following rule sets are invalid:
  APPLY_QUEUE_R
  CAPTURE_QUEUE_R
  These are rule sets for the following contexts:
  AQ$_CAPTURE_QUEUE_V
  AQ$_APPLY_QUEUE_V
  Now when we run a streams healthcheck report, it errors out with an ORA-07445 on the gv$rule table.
  How do we validate these rulesets? There is no pertinent info on Metalink.
  We have an SR pending, but any information would be appreciated.
  Thanks all!
  Adam

  We figured out the issue. You need to first remove a rule from its rule set before dropping it.
  STRMADMIN@str_dev>
  begin
  dbms_rule_adm.remove_rule( rule_name => 'strmadmin.bug_task404', rule_set_name=> 'strmadmin.apply_rule_set');
  end;
  PL/SQL procedure successfully completed.
  STRMADMIN@str_dev>
  begin
  dbms_rule_adm.drop_rule(rule_name => 'strmadmin.bug_task404', force => false );
  end;
  STRMADMIN@str_dev>select count(*) from user_objects where status = 'INVALID'
  COUNT(*)
  0
  --IF WE DROP IT FORCE:
  STRMADMIN@str_dev>
  begin
  dbms_rule_adm.drop_rule(rule_name => 'strmadmin.bug_task405', force => true );
  end;
  1* select object_name, status from user_objects where status = 'INVALID'
  STRMADMIN@str_dev>/
  OBJECT_NAME STATUS
  APPLY_QUEUE_R INVALID
  Hope this helps anyone who might have encountered this issue.

• SAP IS-Media SoD Rule Set

  Hi Everyone
  I would like to know if anyone have a rule set for the IS-Media SAP solution, specially for the M/SD and M/PS modules

  Hi Ricardo,
  A few years ago I was looking for IS specific rule sets also, but it seems that there is no SAP standard developed version openly available. I know some GRC implementing specialists (and audit companies) have built up so called "Starter" rule sets for IS solutions, but to get your hands on it, you would have to involve them in your project and allow them to devise a custom governance framework and rule set for your company (i.e. pay for their services and intellectual property).
  From personal experience, if you have a confident understanding of the SAP standard rule set, you could relate IS specific t codes to the standard ECC tcodes and make custom functions and risks similar to the ones in the SAP standard rule set.
  In addition, I would also get function specialists, Internal and External Audit involved and see if any risks have been reported in regards to your IS-Media transactions/processes and see if you can write your own rules up with the information at hand.
  If you feel you have little confidence in trying to device your custom rules and instead need the professional help, it may be worth reaching out to your auditors or the GRC specialists to help you devise the ruleset.
  Hope that helps.

• Mulltiple Rule Sets in GRC 10.0 for one System

  Hi All,
  We do have 2 different companies working on one system and by that 2 different rule sets that are applicable.
  Due to that we are facing different problems we don't know how to solve yet but lets start with the first one dealing with the rule set that should be used in the access request.
  We want to determin which rule set should be used over the requested role (e.g. if role name contains 0001 use rule set 0001, if role name contains 0002 use rule set 0002).
  We have alerady tried several different senarios in BRF+ without success.
  Does anybody have a solution or at least an idea for this topic?
  Thank you all very much in advance!
  Eva

  Hi Ashish ,
  Thanks for your time . Let me explain you my requirement and would really appreciate if you would have some inputs here which would help me to design this .
  The actual client requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If this group decides to apply mitigating controls to the issues, the workflow must then go to the compliance group for them to review for appropriateness. Requirement is do a SoD analysis for every role change/add request , so that this group takes the appropriate action based on the SoD Analysis . For all my CUP request raised , i want system to do a SoD analysis and let this group know whenever there is a SoD found or just end the workflow if there is no risk.
  I am aware of the Risk analysis process for GRC 10.0 , however i want it to happen as a part of this work flow requirement.
  The requirement is to configure the access request work flow so that the end goal of work flow is just facilitation of an SOD review.  I hope i was able to explain my requirement . Thanks again for your help.
  Your valuable guidance would be really appreciated.
  Vikas

• Best practice for the Update of SAP GRC CC Rule Set

  Hi GRC experts,
  We have in a CC production system a SoD matrix that we would like to modified extensively. Basically by activating many permissions.
  Which is a best practice for accomplish our goal?
  Many thanks in advance. Best regards,
    Imanol

  Hi Simon and Amir
  My name is Connie and I work at Accenture GRC practice (and a colleague of Imanolu2019s). I have been reading this thread and I would like to ask you a question that is related to this topic. We have a case where a Global Rule Set u201CLogic Systemu201D and we may also require to create a Specific Rule Set. Is there a document (from SAP or from best practices) that indicate the potential impact (regarding risk analysis, system performance, process execution time, etc) caused by implementing both type of rule sets in a production environment? Are there any special considerations to be aware? Have you ever implemented this type of scenario?
  I would really appreciate your help and if you could point me to specific documentation could be of great assistance. Thanks in advance and best regards,
  Connie

• SAP BPM Flow Rule set error: Result for ResultSet is required.

  Hi ,
  I want to create of Rule set or Flow rule set inside "Process development" perspective.
  I have defined one process under "Processes" folder. After this, I want to create a rule set under "Rule Sets" folder.
  While creating a rule set, it prompts for "Result for ResultSet is Required" but I don't get anything in drop down select. Please help me whats going wrong here.
  Regards,
  Aman

  Hi Aman,
  Have you mentioned the Return Type in signature while creating RuleSet ?
  Refer the document : SAP NetWeaver Business Process Management Resource Center
  -Abhijeet