SAP GRC 10.0 - Risk Analysis - Define global variant
Hi Experts,
We are implementing SAP GRC 10.0 and we have a question about variant management in Access Risk Analysis.
When we saved a variant, it seems that this variant is user specific.
Is it to possible to define this variant as default for all users?
Thanks.
Best regards,
Nicolas RICHARD
Hi,
I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery.
Similar Messages
-
SAP GRC 10.0 Risk Management - Forecasting Horizon Scoring Analysis Mode
Hi everyone,
In SAP GRC 10.0 Risk Management Support Package 7, we need to assess a corporate risk by performing an automatic analysis aggregation based on a scoring analysis profile.
The problem is that corporate risks must be created based on a forecasting horizon.
So, can we create forecasting horizons with scoring analysis mode? How? Must be enabled through customizing or applying a SAP note?
Best Regards,
Chema TravesoHi,
I think this is still user-specific, as it was in 5.X. I have checked the new GRC authorisation object parameters delivered within the roles and also tried to see if a Admin user was able to see all the variants created by the different users, but so far I have not found a solution.
It may be worthwhile to raise this in "IdeaPlace", hoping it gets enough votes and SAP's attention for implementing in a future Support Pack delivery. -
GRC AC 10 - risk analysis : No rules were selected
Hi,
In GRC AC 10, when I do a risk analysis (user level for example).
For each userid the result shown in the column action is "No rules were selected "
any idea ?
Thanks
Aurélien.Hi Vikas,
Further to your comment above, I would like to point you to my thread here and specifically ask you about the following statement:...
3. Open your GRC functions and make sure you have correct back end system updated for them. Check the status of all your GRC functions and make sure they all are active.
I opened up the Functions from NWBC and realized that all the systems for each function were as follows:
1. SAP Basis
2. SAP CRM
3. SAP ECCS
4. SAP HR
5. SAP R3 NON HR Basis Logical Group
6. SAP R3
7. Logical Group
AND ALSO
8. The DESCRIPTION of my RFC Connector ?!
Now my question is as follows:
1. Where in the Pre/Post/GRC300 documents does it say that one must configure each function with the backend system as you state above....should the configurations Connector/Connector/etc etc already mapped the functions to the backend system ?
2. Also Why is the description of my RFC Connector available as a drop down menu from " System" tab on the function edit mode - see attached screenshot.
Your advice would be appreciated.
Best regards,
Paul -
GRC 5.3 Risk Critical Action reports return "no matches or conflicts"
When running GRC 5.3 Risk Analysis Critical Action reports on either the user level or role level getting the message no matches or conflicts.
However, Permission level reports are successfully returning correct results on the user and role level.
This is a new installation of GRC 5.3 with latest SP. Is there any set up that has to be done to run critical action analysis reports in GRC 5.3?
This is also using the SAP default Global ruleset with no customisation.
I have used GRC 10 to run the critical action reports and these work with using the critical risks as defined in the ruleset. Does GRC 5.3 work a different way? Is there any additional set up that has to be performed? I just want to see the risks on role level or user level that relate to just the critical access risks (just 1 function).
Please advise.Hi Trinadh
Thank you for the response. I did not know that you had to define the critical actions in 5.3 as I don't think you have to do it 10 - it seems to work on what is defined in the ruleset. Where do you define the critical actions or check if it has been defined?
Thanks -
GRC Gurus,
I have configured GRC10.0 for AC and trying to run the risk analysis for role/user level but no data is showing up. I could select the connector and roles, but after running the risk analysis no results are coming up.
Any help is appreciated.
Thanks.Hello Bhanu,
Will you please let me know the solution ??
Even we are facing the same problem.
We can see the system , also see the roles , the users and also ran the background job to execute the risk analysis to perform user, role ,profile analysis from SPRO.
Also note that we have already uploaded txt files for SOD rules.
When we run the report for any user or any role the result is nill .
Please suggest how did you resolve the issue ??
Can you also tell me how can you generate "rule Id" manually for uploaded risk id ?? from NWBC or SPRO
We tried via SPRO>GRC>AC-->Access Risk Analysis >Sod Rules>Generate SOD Rules
It ran successfully but the rpeort does not give any output !!
Thanks in advance.
Regards,
Victor -
Re: Unable to see the required Bus. transaction to define screen variant.
Hello Sap mates,
I am trying to define screen variant per business transaction, but i do not see the required business transaction (RKU3) in the drop down list.
Could somebody of you please help me with that.
Thank you.
Regards,
Pabbi.Yes... It is not possible to see the Custom things in recording...
You have to enter the Custom Screen data into tables using UPDATE statements or some other way through your program.
Reward if helpful... -
SAP GRC AC: Organizational rules at Batch risks analysis and Dashboards
Dear All.
I would like to know GRC AC is able to consider the organizational rules defined (for example: risk only affected to Company, BUKRS 0001) at the Batch risks analysis and at the Dashboard. I already know that for the ad-hoc reporting you can filter by the Org.rules created but i would like to know if this filter is also able for the Batch risks analysis.
Thanks and regards.Dear all.
As per my knowledge this parameter only sets the flag of Consider Org.Rules at the filters. This is what the guide indicates:
"Setting the value to YES automatically selects the Consider Org Rule checkbox on the Risk Violations tab of the Access Request and
Role Maintenance screens."
So how are you so sure about that indicating this flag to YES will take into consideration the org rules at the Dashboards?
Regards -
SAP GRC 10.0 ARA - Risk Analysis Job naming
Dear all,
Once i trigger a risk analysis in background, a job with a very strange name (serial number) is scheduled at backend. But at Business Client i put a specific naming for hits role. It could be possible to change this backends namings? It is impossible for me recognised which job is which...
thank you in advanced,Hi Sara,
please check table TASKPLAN_GRP_NAM in GRC backend system. This table lists all scheduled background jobs by ID (field TASKPLAN_GRP_ID) and job name per business client (field TASKPLAN_GRP_NAM)
Regards,
Markus -
SAP GRC AC 5.3 - RAR Risk analysis Error Log
Hi
i have scheduled the background job for full sync risk analysis for the first time . the job ended with status error . critical analysis, user,role and profile action analysis is shown 100% . but the user permission analysis shows 49% , role and profile permission analysis show 97% each . where can i check the log for the errors . do i need to run the whole risk analysis job again ? when i check the management reports , risk violations are shown as zero . Please let me know how i can proceed at this stage . thanks
Regards
PrasadThanks.
First time please do for all users. I assume this was first time and it failed, so i will suggest you scheudle for all.
once these are done, then periodic jobs should be increamental.
few tips :
- schedule user sync separate job and once it finish only then scheudle role sync and when role sync finishes, only then schedule profile sync
- always select system ids from search help (which is F4 in ABAP)
- best scheudle one job per system id, so that when failure occurs, so that error analysis is easy
regards,
Surpreet -
SAP GRC AC 5.3 CUP Risk Analysis issue
Hi all,
I have assigned a new SoD Role to a user, who has been given previously other SoD Roles that were authorized to assingn, then I launched the Risk Analysis and it shows the risk between the previously SoD Roles, but I want to see the new posible risks between the new SoD Role and the others.
Is there any parameter into CUP to set up that controls the issue ? How must I do?
Thanks in advance.
Regards.Hi Chinmaya,
Firstly, thanks for your help and support.
According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that risks showed as mitigated?
Thanks, regards. -
GRC AC 10:How to generate Access Rule? No output from User or Risk Analysis
Hello Gurus,
We have done configuration of GRC AC 10, and uploaded files via
SoD rules -->Upload Rules
After that we generated SoD rules for Risk Id : B001 and B002
Now when we go to NWBC --> Reports & Analytics >Access Dashboards>Access Rule Library
The report shows (for Group Rule level : Action)
Number of Active rules : 0
Number of Disabled Rules : 0
Number of Functions : 151
Where as for Group Rule level : Action Risk
The report shows
Number of Active Risk : 42
Disabled risk : 161
Nmr. of functions : 151 .
When we perform Risk Analysis at User Level or Role Level, the output is empty !!!
Note: All the background jobs have run successfully.
Also the SoD files also have been uploaded successfully.
Will you please guide how can i activate the "rules" for the uploaded risk ??
regards,
VictorHello Victor/ Inder,
For Risk ID B001functions are BS02 and BS11 if you open any one of them you can see system maintained as SAP BASIS which is SAP_BAS_LG (logical connector group).
Post installation you can check in SPRO>Governance, Risk and Compliance-> common Component---> integration framework-> maintain connector and connector types->select SAP and click Define connector Group.
BUSINESS Business Roles SAP
SAP_BAS_LG SAP Basis SAP
SAP_CRM_LG SAP CRM SAP
SAP_ECC_LG SAP ECCS SAP
SAP_HR_LG SAP HR SAP
SAP_NHR_LG SAP R3 - NON HR Basis Logical Group SAP
SAP_R3_LG SAP R3 SAP
SAP_SRM_LG SAP SRM SAP
(If not present then manually you can create the same)
Select SAP_BAS_LG and put connector type as SAP, select SAP_BAS_LG and click Assign Connector group to group types as AM & LG, then click on Assign Connector to connector group and maintain you connector.
Post this activity re generate SOD for B001 and then check for user level and role level analysis.
Hope it will resolve your issue.
Regards,
Sudesh -
Enterprise Risk Management Approach in SAP GRC
Hi All,
Can you please let me know as to what is the approach followed for implementation of Enterprise Risk Management (ERM) in SAP GRC. Also please tell me how the internal control frameworks like COSO, COBIT is mapped to ERM in SAP GRC.
Regards
VivekDear Vivek,
While assigning roles to users, you will be displayed the risks that are identified with those roles, if any. You can either mitigate or remove the roles.
The process covered by GRC Risk management includes the following steps:
-Risk Planning: Determines the approach to risk management in each business area or project. This includes setting up the risk management organization and defining risk thresholds . This phase is partially supported by a software application.
-Risk Identification and Analysis: Identifies the risks in order to analyze and prioritize them along different attributes, such as probability of occurrence and potential total loss associated to the risk.
-Risk Response: Decides on actions needed to respond to a risk. One action could be to actively mitigate the risk to reduce probability of occurrence and/or potential impact.
-Risk Monitoring: Includes the regular update of risk information and the risk reporting to monitor progress along the risk management process.
The Risk Management application provides a set of different reporting capabilities based on the individual needs of the target groups:
-A set of built-in reports that are delivered with the application. These reports allow risk managers to review the current risk state.
-Visual Composer based dashboards that provide information about the current risk status on an aggregated basis. The dashboards fulfill the risk reporting needs of senior managers and line managers.
Step 1: You maintain the Risk structure
1. You set up the organizational hierarchy
2. You set up the Activity Hierarchy
3. You set up the Risk Hierarchy
Step 2: You perform the Risk Assessment
1. You identify the risks
2. You analyze the risks
3. You respond to risks
4. You document the Incidents
Step 3: You analyze risk reports
1. You generate risk reports
2. You report the incidents
Step 4: You analyze the dashboards
Refer SAP documentation on GRC for more information.
Regards,
Naveen. -
GRC AC 10.1 - Risk Analysis: No rules were selected
Hi All,
I'm currently configuring the ARA module in GRC AC 10.1, and an facing this issue. When I run my User Analysis, its throwing an error message "No rules were selected'.
As per your suggestions from discussions, i double checked all the below activities
Activate the BC sets
Run Sync Jobs
Run Batch Risk Analysis
After all this I found that the functions are not mapped to the logical groups(Back-end Systems) I have defined. Can you please let me know how to make sure you have correct back end system(logical Group) updated for the functions in the setup? Doesn't the configurations Connector/Connector Groups etc already mapped the functions to the back-end system? It would be a hell of work to do all the system mapping on function level manually.Hi Narsimha
You need to map your connectors to the logical systems that are used in the function definitions
Look at your integration framework Setup in the IMG.
Governance, Risk and Compliance > Common Component Settings > Integration Framework > Maintain Connectors and Connection Types
Also, for 10.1 there was an issue with logical systems. It may be that your configuration is correct: Re: GRC 10.0 SP14 - Poblems when generating rules for logical systems
Regards
Colleen -
GRC AC 10.0 Mass risk analysis vs. Role level analysis
Hello GRC experts,
I urgently need your advice on the issue with deactivated permission objects which are identified as risks in the mass role analysis.
For example, in one role we have deactivated the permission object: S_ARCHIVE, and there are No activities maintained.
But in the mass role risk analysis and in the CUP request this object S_ARCHIVE with the ACTVT 01 is displayed as risk. As you can see in the screenshot, there are no activites maintained at all. We have created the MSMP workflow where all CUP requests with risks should go the the Security Stage. Now we have the situation that even though our roles are clean, they are forwared to the Security stage. It is a huge problem, because our security stage has no even more to to, than before using GRC! Because the dectivated objects are identified as risks.
Please advise me, how to solve the problem. Did I missed some config parameters or is it a well known problem?
We are on SP14, AC 10.0.
At the single role level there are no risks displayed.
Thanks in advance,
regards
SabrinaHi Sabrina,
check note
http://service.sap.com/sap/support/notes/2036645
Please let me know if it works.
Regards,
Alessandro -
Issue in ERM - GRC AC 10 - Is risk analysis not mandatory
Hi,
We have defined our Role Methodology in 10 as Define Role - Maintain Authorizations - Analyze access risks - Derive role - approval - generation
When we defined the role and maintained authorization data and proceeding without running risk analysis the role is moving to the next stage without stating any warning that "Risk Analysis is Mandatory". Upon click on Save & COntinue it is proceeding to further stages.
Is there any parameter which needs to be set to throw a warning message for Risk Analysis to be run before the role is moved to next stage.
We arleady set the paramater 3011 as YES - Conduct Risk Analysis before Role Generation.
Thanks and Best Regards,
Srihari.KHi,
Note the definition of the parameter 3011 as per "Maintaining Configuration Settings Guide - SAP AC 10.0":
"Set the value to YES to automatically perform risk analysis when the user generates roles."
This parameter applies only at generation stage.
Cheers,
Diego.
Maybe you are looking for
-
User POV does not pop up from Report in task list
Hello, I've created a report within Related Content in HFM and added it to a task list--the problem I'm experiencing is when I run the report the User POV does not pop up, rather it simply uses the default POV (ie, whatever is set up in data grids or
-
C309a all-in-one printer gets message: wireless radio is not functioning, contact HP support.
Wireless connectivity lost this morning. Don't know why. When running diagnostics, I get message: The wirelss radio is not functioning. Contact HP support.
-
Nikon D7000 .MOV files in Premiere Pro and After Effects CS5.5
I recently upgraded from Production Premium CS5 to CS5.5. Initially Nikon D7000 .MOV files used in previous CS5 Premiere Pro project would not play well in CS5.5. Now .MOV files do work in both PP and AE CS5.5. Here are the steps I followed. Not reco
-
Error 'RecoveryMgr.exe is not a valid Win32 application' when trying to restore in Win7
I really hope someone can help as this is driving me mad! System details - G62 Notebook running Windows 7 The notebook crashed after a Windows update and wouldn't boot up. I made it into the recovery manager and back my files before restoring to fac
-
How many sessions and how many screens in a session can open
max no of screens in each session?