SAP GRC AC 5.3 CUP Risk Analysis issue
Hi all,
I have assigned a new SoD Role to a user, who has been given previously other SoD Roles that were authorized to assingn, then I launched the Risk Analysis and it shows the risk between the previously SoD Roles, but I want to see the new posible risks between the new SoD Role and the others.
Is there any parameter into CUP to set up that controls the issue ? How must I do?
Thanks in advance.
Regards.
Hi Chinmaya,
Firstly, thanks for your help and support.
According to the post, I mean when the user manager or approver, receives the request to assign one role to a user, the approver has to decide the needs of the user to use that role.
Then the approver can check (clicking on Risk Analysis button) the number of concflicts or criticals risk that the user could violate. The issue is when the approver launched the anaylisis and it shows same conflict risks that have been mitigated in the previously assignment. It may show the possible risks between the new role and the others, isn´t it?, or instead of the case ,that the oldest risks are showed. Must that risks showed as mitigated?
Thanks, regards.
Similar Messages
-
SAP GRC AC 5.3 - RAR Risk analysis Error Log
Hi
i have scheduled the background job for full sync risk analysis for the first time . the job ended with status error . critical analysis, user,role and profile action analysis is shown 100% . but the user permission analysis shows 49% , role and profile permission analysis show 97% each . where can i check the log for the errors . do i need to run the whole risk analysis job again ? when i check the management reports , risk violations are shown as zero . Please let me know how i can proceed at this stage . thanks
Regards
PrasadThanks.
First time please do for all users. I assume this was first time and it failed, so i will suggest you scheudle for all.
once these are done, then periodic jobs should be increamental.
few tips :
- schedule user sync separate job and once it finish only then scheudle role sync and when role sync finishes, only then schedule profile sync
- always select system ids from search help (which is F4 in ABAP)
- best scheudle one job per system id, so that when failure occurs, so that error analysis is easy
regards,
Surpreet -
CUP Risk Analysis results are not shown, continues processing request
We have several users that complain the risk analysis in CUP never finishes. Requests do not contain risks or huge amount of risks which could explain a long runtime.
With one user we checked, the user is never getting the risk analysis result on his screen. Sitting together with the user shows that the progress bar at bottom of IE is completing analysis, however the screen is not updated to show the risk analysis result and continues to show the processing circle.
On other pc's CUP risk analysis result is shown as expected, so it must be some issue in local PC Internet Explorer settings.
Environment used is Windows XP with IE 8. GRC version is 5.3.
Have any of you experienced the same? And is there a solution available that will resolve this issue, by e.g. correcting settings in IE 8?Hello!
If you want to successfully use GRC 5.3 with IE8, you have two options:
1) Change a parameter in the server
2) use the compatibility mode.
3) Update NW
refer to [Note 1347768 - Web Dynpro and Microsoft Internet Explorer Version 8.0|https://service.sap.com/sap/support/notes/1347768]
I dismiss option 2, because it requires to change in every end user computer, so I've been working with option 1 without problems. Bear in mind that NW 7.01 is supported: [Note 1433940 - Access Control compatibility on Netweaver Java server 7.01|https://service.sap.com/sap/support/notes/1433940]
Cheers!
Diego. -
Hi Experts,
OUR GRC AC system configuration is: GRC AC 5.3 CUP Patch 7.0. One of our enduser has requested for a new role through CUP. While the manager performs the risk analysis, it is showing the following error: "Risk Analysis failed: Exception in getting the result from the webservice: service call exception, nested exception is: java.net.socket Timeout Exception: Read timout".
Below is the system log of CUP for futher reference:
2009-12-02 11:08:41,428 [SAPEngine_Application_Thread[impl:3]_12] ERROR com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
com.virsa.ae.core.BOException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1073)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:300)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:109)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:271)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
Caused by:
com.virsa.ae.service.ServiceException: Exception in getting the results from the web service : Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:343)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:451)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:569)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Caused by:
java.rmi.RemoteException: Service call exception; nested exception is:
java.net.SocketTimeoutException: Read timed out
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:90)
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:99)
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.getViolations(RiskAnalysisWS53DAO.java:311)
... 28 more
Caused by:
java.net.SocketTimeoutException: Read timed out
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:153)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:200)
at java.io.BufferedInputStream.read(BufferedInputStream.java:218)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.readLine(HTTPSocket.java:806)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getInputStream(HTTPSocket.java:341)
at com.sap.engine.services.webservices.jaxm.soap.HTTPSocket.getResponseCode(HTTPSocket.java:250)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.HTTPTransport.getResponseCode(HTTPTransport.java:362)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.outputMessage(MimeHttpBinding.java:553)
at com.sap.engine.services.webservices.jaxrpc.wsdl2java.soapbinding.MimeHttpBinding.call(MimeHttpBinding.java:1432)
at com.virsa.ae.service.sap.ws53.Config1BindingStub.execRiskAnalysis(Config1BindingStub.java:83)
... 30 more
Could anyone please analyze, where it went wrong.
Thanks a lot in advance.
Regards,
GurugobindaWe are facing this issue as well. This is seen in requests where there are a lot of conflicting roles requested, or if the user on the backend already has many SoD conflicts.
How many risk violations did show up in the RAR simulation? Seems that above 1000 you will get performance issues in CUP risk analysis.
We are also on SP7 and we did receive a reply from SAP that the risk violation threshold can be changed in RAR as of SP9:
=======================================================
From CUP 5.3 SP9 onwards, we have one parameter in RAR in
'Configuration>Risk Analysis>Performance Tuning' which will
enable you to set threshold violation limit for the Risk Analysis web
service. The name of the attribute is 'Threshold Violation Limit for webservice' and default value of this attribute is 1000.
When you perform risk analysis from CUP and the violation data count
exceeds this limit then error message will appear.
Setting this attribute will help tuning your performance.
==========================================================
Regards,
Stefan. -
Did CUP risk analysis change with SP7?
Dear GRC experts,
I am pretty sure when we tested CUP 5.3 SP4 when doing risk analysis it would only show new risks caused by new roles selected in request (like Risks from Simulation Only YES in RAR). Exisitng risks for that user would not be shown.
Now with CUP 5.3 SP7 fix1 we get the existing risks shown as well not in any way related to the role(s) selected, which will be confusing to the role approvers. E.g. role request is display role, approver needs to run risk analysis and gets existing risks shown. He/she can not deselect roles to remove risks as only display role is in request. There might be no mitigating controls for those risks (creation of new mitigating controls is blocked). This would end up in requests with risks even though the requested role is not risk relevant, or even request gets stuck because no mitigatign control exists and config is set to do not allow approval of requests with risks.
Please confirm if indeed only new risks where shown in CUP risk analysis in previous support pack levels or rel. 5.2, or that I am mistaken and all risks where always shown at risk analysis in CUP.
Principally I think existing risks should be focus of GET CLEAN effort. Risk analysis in CUP should focus on preventing new risks at part of STAY CLEAN phase.Hi,
When we run Risk Analysis for the user, it will show the existing violations as well as the violation which are there with new roles also.
When we click on Risk Analysis under Simulation tab we can find Risk Violation details.
Here I have a doubt, how to deselect violation role while approving request. I m unable to find that option. Please advice.
Thanks & regards,
KKRao.
Edited by: KKRao_2020 on Oct 9, 2009 9:22 AM
Edited by: KKRao_2020 on Oct 9, 2009 9:27 AM -
SAP GRC AC 5.3 (CUP) connecting to module of R/3 (HR)
Hello,
I have a problem.
I want to monitor from the SAP GRC AC 5.3 (CUP) some event or activation or trigger when someone create or does some modificaction to an employee from the module HR. Maybe from the Tcode PA20, AP30 or PA40.
IS there a "how to" or a manual to configure this from the SAP GRC AC 5.3?
Thank you in advance
Best Regards...
Pablo Mortera.Pablo,
I am not clear on what exactly you want but as far as I know there is no monitoring capability in CUP. If you want to monitor something, you will have to write your own Java code (for CUP front-end) or ABAP code (SAP back-end) to access particular database tables.
Regards,
Alpesh -
GRC 5.3: CUP risk analysis VS. RAR risk analysis
I've installed and configured RAR and CUP. When I do a risk analysis simulation in RAR on a user for adding a role, it comes back with no conflicts. When I go into CUP and make a new request for adding the same role to the same user, it comes back with risk violations, but it looks like they are critical actions that are being flagged. Why is there a discrepancy, and how do I go about getting the same risks in CUP as I do in RAR?
>
Frank Koehntopp wrote:
> I guess the behaviour is on purpose.
>
> In RAR, you can do a selective analysis on only one kind of risk. You usually only need to do that in the remediation process, where this kind of selection is helpful to track down the root cause (although I'd like to have an ALL option in RAR as well...)
>
> In CUP, you do want to see any kind of risk that might arise from a role assignement to a user.
>
> I have to say, I can not really understand why you'd want to switch off critical action or permission risks here. The user analysis in RAR and CUP serve two different purposes, hence I cannot see a bug here. If you have defined critical risks, why would you not want to see them???
Hi Frank,
I understand your point, but we are in the same situation as the others. We do not want to see Critical Action Risks in CUP because this is a separate process (for us) than Permission Level Risks Analysis piece. With our current structure, our Security Admins use RAR to run Permission Level Risk Analysis and mitigates appropriately. A separate compliance group uses the Critical Action reports to see who has what Critical tcodes, etc. We do not mitigate these "risks," we more or less use it as a report.
I do not understand what you mean when you say "The user analysis in RAR and CUP serve two different purposes" - I feel it should be the same purpose, to ultimatley simulate if adding security to a user will cause SOD violations. If I have CUP configured to do Permission Level Analysis, that's all I want to be seeing in CUP.
Let me know if I need to clarify further. -
Hi,
Risk analysis give risk status result in balls like red in critical, light red in high,orange in medium.we want,it should say critical,high,medium and low intead of balls and simulate also give same result as risk analysis.we also don't want if critical conflict then it should not allow that role/roles/request to be approved by approver.In stages it already set as "no" for approve roles despite any conflict and also in mitigation too in configuration.
Thanks
Mushu.Hi Mushu,
None of these is possible in 5.x. You can not customize any of the screens or the process. Go for GRC 10.0 which will be going on ramp-up by end of december as that would allow you to customize most of the screens.
Alpesh -
GRC AC 10.0 Mass risk analysis vs. Role level analysis
Hello GRC experts,
I urgently need your advice on the issue with deactivated permission objects which are identified as risks in the mass role analysis.
For example, in one role we have deactivated the permission object: S_ARCHIVE, and there are No activities maintained.
But in the mass role risk analysis and in the CUP request this object S_ARCHIVE with the ACTVT 01 is displayed as risk. As you can see in the screenshot, there are no activites maintained at all. We have created the MSMP workflow where all CUP requests with risks should go the the Security Stage. Now we have the situation that even though our roles are clean, they are forwared to the Security stage. It is a huge problem, because our security stage has no even more to to, than before using GRC! Because the dectivated objects are identified as risks.
Please advise me, how to solve the problem. Did I missed some config parameters or is it a well known problem?
We are on SP14, AC 10.0.
At the single role level there are no risks displayed.
Thanks in advance,
regards
SabrinaHi Sabrina,
check note
http://service.sap.com/sap/support/notes/2036645
Please let me know if it works.
Regards,
Alessandro -
CUP : RISK ANALYSIS FAILED for Multi systems
Greetings,
Risk Analysis through CUP is failing on a request containing multi system access.
There are 2 systems requested on the same CUP request form. At the stage of Risk analysis is to be performed the risk analysis errors out as the risk analysis is performed on the entire request across both the systems, After the receiving the error when an individual system is selected the RA is performed with out any failure on both the systems independent of each other
I have check already check the below and they seem working fine without any issue
1. The admin passwords have been checked in both the systems (backend) as well as in the UME.
2. The risk analysis web service works as expected and there is no failure.
3. The connectors have the same name both in CUP & RAR no difference
4. SAPJCO connectors are appropriately setup in the SLD for both the systems and they work when tested out.
5. The URI is setup correct and no issue identified there.
6. Both the systems request have the same stage/path and the custom approver determination appropriately setup
When the approver tries to approve the request Risk analysis is setup as a mandatory task and when the RA is performed the system takes the default "ALL" and errors out, when you choose a specific system and perform you get the required results without any failure. Below is the java dump for the error.
Please let me know if I have missed anything?
Line: -
2011-03-09 10:16:11,264 [SAPEngine_Application_Thread[impl:3]_28] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2011-03-09 10:16:11,278 [SAPEngine_Application_Thread[impl:3]_28] ERROR Exception during EJB call, Ignoring and trying Webservice Call
com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
... 28 more
2011-03-09 10:19:32,401 [SAPEngine_Application_Thread[impl:3]_28] ERROR com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.virsa.ae.service.ServiceException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:587)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Edited by: Angara Rao on Mar 9, 2011 5:15 PMGreetings,
Risk Analysis through CUP is failing on a request containing multi system access.
There are 2 systems requested on the same CUP request form. At the stage of Risk analysis is to be performed the risk analysis errors out as the risk analysis is performed on the entire request across both the systems, After the receiving the error when an individual system is selected the RA is performed with out any failure on both the systems independent of each other
I have check already check the below and they seem working fine without any issue
1. The admin passwords have been checked in both the systems (backend) as well as in the UME.
2. The risk analysis web service works as expected and there is no failure.
3. The connectors have the same name both in CUP & RAR no difference
4. SAPJCO connectors are appropriately setup in the SLD for both the systems and they work when tested out.
5. The URI is setup correct and no issue identified there.
6. Both the systems request have the same stage/path and the custom approver determination appropriately setup
When the approver tries to approve the request Risk analysis is setup as a mandatory task and when the RA is performed the system takes the default "ALL" and errors out, when you choose a specific system and perform you get the required results without any failure. Below is the java dump for the error.
Please let me know if I have missed anything?
Line: -
2011-03-09 10:16:11,264 [SAPEngine_Application_Thread[impl:3]_28] ERROR java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
2011-03-09 10:16:11,278 [SAPEngine_Application_Thread[impl:3]_28] ERROR Exception during EJB call, Ignoring and trying Webservice Call
com.virsa.ae.service.ServiceException: Exception in getting the results from the EJB service : com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:295)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:419)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.determineRisks(RiskAnalysisEJB53DAO.java:527)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:103)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
java.lang.VerifyError: com/virsa/cc/xsys/ejb/RiskAnalysis.execRiskAnalysis(Lcom/virsa/cc/xsys/webservices/dto/WSRAInputParamDTO;)Lcom/virsa/cc/xsys/webservices/dto/RAResultDTO;
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.execRiskAnalysis(RiskAnalysisEJB53DAO.java:305)
at com.virsa.ae.service.sap.RiskAnalysisEJB53DAO.getViolations(RiskAnalysisEJB53DAO.java:277)
... 28 more
2011-03-09 10:19:32,401 [SAPEngine_Application_Thread[impl:3]_28] ERROR com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
com.virsa.ae.core.BOException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:199)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1108)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:335)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:112)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
Caused by:
com.virsa.ae.service.ServiceException: EXCEPTION_FROM_THE_SERVICERisk Analysis failed
at com.virsa.ae.service.sap.RiskAnalysisWS53DAO.determineRisks(RiskAnalysisWS53DAO.java:587)
at com.virsa.ae.service.sap.RiskAnalysis53DAO.determineRisks(RiskAnalysis53DAO.java:119)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
... 24 more
Edited by: Angara Rao on Mar 9, 2011 5:15 PM -
ERM & CUP: Risk Analysis Error
Hello everyone,
Will someone please urgently help us with this issue? Any suggestions are greatly appreciated! : )
We are on AC v5.3 SP 8. In RAR, we are able to run a Risk Analysis both in the foreground and background across all users and roles. However, when we try to run a Risk Analysis in ERM or CUP, we get an error saying that the "Risk Analysis Failed". The other strange thing is that the error does occur for every role in ERM--just most of them. Also, the ERM management dashboard reflects the correct number of roles in the SAP back-end system, but it says that there are 0 risk violations, which is incorrect.
I have checked that the connectors into RAR successfully connect. I have confirmed the servers. I have re-run all of the background jobs in RAR, ERM and CUP, but nothing seems to be working.
Is there anybody that can please help us?
Thank you!
JohonnaHello Amol,
Thank you for your suggestions. I have confirmed that the connectors, etc. are correct. Here are some of the error logs u2026 any ideas?
Thank you!
Johonna
95 12/15/09 12:20:51 PM Running Risk anaysis for role ZAU:FF_VFAT_ADMINISTRATOR failed
95 12/15/09 12:21:21 PM Running Risk anaysis for role ZAU:FF_VFAT_ROLE_ADMINISTRATOR failed
95 12/15/09 12:21:43 PM Running Risk anaysis for role ZAU:FF_VFAT_ROLE_CONTROLLER failed
95 12/15/09 12:23:13 PM Running Risk anaysis for role ZAU:FI_AA_CLERK_AGN failed
95 12/15/09 12:26:07 PM Running Risk anaysis for role ZAU:FI_AA_CLERK_GFA successful
2009-12-15 14:36:17,889 [Thread-7999] ERROR Risk Analysis failed
java.lang.Throwable: Risk Analysis failed at com.virsa.re.bo.impl.RiskAnalysisBO.performObjLvlRiskAnalysis(RiskAnalysisBO.java:733)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysis(RiskAnalysisBO.java:234)
at com.virsa.re.backgroundjobs.RiskAnalysis.execute(RiskAnalysis.java:73)
at com.virsa.service.backgroundjobs.BackgroundTask.run(BackgroundTask.java:53)
at java.util.TimerThread.mainLoop(Timer.java:432)
at java.util.TimerThread.run(Timer.java:382)
2009-12-15 14:36:24,811 [Thread-7999] ERROR Risk Analysis failed for sytem: 'PRD'; Return Message: 'Risk Analysis failed'
2009-12-15 14:36:24,811 [Thread-7999] ERROR com.virsa.core.service.ServiceException: Risk Analysis failed
java.lang.Throwable: Risk Analysis failed
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getTranViolations(RiskAnalysisEJBDAO.java:331)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingTransactions(RiskAnalysisEJBDAO.java:171)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingTransactions(RiskAnalysisEJBDAO.java:205)
at com.virsa.re.bo.impl.RiskAnalysisBO.performTranLvlRiskAnalysis(RiskAnalysisBO.java:483)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysis(RiskAnalysisBO.java:229)
at com.virsa.re.backgroundjobs.RiskAnalysis.execute(RiskAnalysis.java:73)
at com.virsa.service.backgroundjobs.BackgroundTask.run(BackgroundTask.java:53)
at java.util.TimerThread.mainLoop(Timer.java:432)
at java.util.TimerThread.run(Timer.java:382)
2009-12-15 14:36:34,561 [Thread-7999] ERROR Risk Analysis failed for sytem: 'PRD'; Return Message: 'Risk Analysis failed'
2009-12-15 14:36:34,561 [Thread-7999] ERROR com.virsa.core.service.ServiceException: Risk Analysis failed
java.lang.Throwable: Risk Analysis failed
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getObjViolations(RiskAnalysisEJBDAO.java:812)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingObjects(RiskAnalysisEJBDAO.java:596)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingObjects(RiskAnalysisEJBDAO.java:633)
at com.virsa.re.bo.impl.RiskAnalysisBO.performObjLvlRiskAnalysis(RiskAnalysisBO.java:693)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysis(RiskAnalysisBO.java:234)
at com.virsa.re.backgroundjobs.RiskAnalysis.execute(RiskAnalysis.java:73)
at com.virsa.service.backgroundjobs.BackgroundTask.run(BackgroundTask.java:53)
at java.util.TimerThread.mainLoop(Timer.java:432)
at java.util.TimerThread.run(Timer.java:382)
2009-12-15 14:36:34,561 [Thread-7999] ERROR Risk Analysis failed
java.lang.Throwable: Risk Analysis failed
at com.virsa.re.bo.impl.RiskAnalysisBO.performObjLvlRiskAnalysis(RiskAnalysisBO.java:733)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysis(RiskAnalysisBO.java:234)
at com.virsa.re.backgroundjobs.RiskAnalysis.execute(RiskAnalysis.java:73)
at com.virsa.service.backgroundjobs.BackgroundTask.run(BackgroundTask.java:53)
at java.util.TimerThread.mainLoop(Timer.java:432)
at java.util.TimerThread.run(Timer.java:382)
2009-12-15 14:36:42,218 [Thread-7999] ERROR Risk Analysis failed for sytem: 'PRD'; Return Message: 'Risk Analysis failed'
2009-12-15 14:36:42,218 [Thread-7999] ERROR com.virsa.core.service.ServiceException: Risk Analysis failed
java.lang.Throwable: Risk Analysis failed
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getTranViolations(RiskAnalysisEJBDAO.java:331)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingTransactions(RiskAnalysisEJBDAO.java:171)
at com.virsa.re.service.sap.dao.RiskAnalysisEJBDAO.getConflictingTransactions(RiskAnalysisEJBDAO.java:205)
at com.virsa.re.bo.impl.RiskAnalysisBO.performTranLvlRiskAnalysis(RiskAnalysisBO.java:483)
at com.virsa.re.bo.impl.RiskAnalysisBO.performRiskAnalysis(RiskAnalysisBO.java:229)
at com.virsa.re.backgroundjobs.RiskAnalysis.execute(RiskAnalysis.java:73)
at com.virsa.service.backgroundjobs.BackgroundTask.run(BackgroundTask.java:53)
at java.util.TimerThread.mainLoop(Timer.java:432)
at java.util.TimerThread.run(Timer.java:382) -
Hello GRC Community,
I have a following issue:
When I use mass risk analysis the deactivated authorization objects in the role are displayed as result. At the same time, when I use Role Level Risk Analysis the role with deactivated critical authorization objects doesnt appear.
Does anybody know how to solve this issue? Is there any configuration parameter to be adjusted?
thanks
best regards
SabrinaPrasant,
here are the screenshots of the Job result:
1. Mass role Risk Analysis
2. Risk Analysis on the (Single) Role Level
Im Backend you can see that the role contains lots of deactivated autorization objects.
I have run all sync Jobs, but seemingly it doesnt help.
Thanks,
Sabrina -
RAR Risk Analysis Issue in Background Mode - "Failed to Display Result"
Hi,
I have strange problem in RAR.
When I run risk analysis for 20 users in background mode, the job got successful but the spool file is empty. But at the bottom of page there is a message: "Failed to Display Result".
The Job log is showing the following message couple of times:
WARNING: ./virsa/bgJobSpool/19.i (No such file or directory)
java.io.FileNotFoundException: ./virsa/bgJobSpool/19.i (No such file or directory)
at java.io.FileInputStream.open(Native Method)
at java.io.FileInputStream.<init>(FileInputStream.java:129)
at java.io.FileInputStream.<init>(FileInputStream.java:89)
at java.io.FileReader.<init>(FileReader.java:62)
But When I try to run for few users (like 6 memebrs where selection criteria is AUDIT*) in same way, the spool details got displayed this time. But the log is showing strange error messages this time:
Nov 15, 2010 3:53:53 PM com.virsa.cc.common.util.ExceptionUtil logError
SEVERE: null
java.lang.NullPointerException
at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForUserInputElement.wdGetObject(IPublicBackendAccessInterface.java)
at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
Nov 15, 2010 3:53:55 PM com.virsa.cc.dataextractor.bo.DataExtractorSAP getObjPermissions
FINEST: getObjPermissions: elapsed time=1436ms
Nov 15, 2010 3:53:55 PM com.virsa.cc.common.message.util.MessagingHelper getMessage
INFO:
********msg: 'com.virsa.cc.common.message.dao.dto.MessageDTO@34d834d8'
Any ideas please?Hi Alpesh,
You are correct. The issue is due to multi node environment.
But when I tried to define a custom spool folder path: usr/sap/<SID>/<Instance No>/log/virsa/bgJobSpool (in RAR - Miscellaneous - spool files location for background jobs) & run the risk analysis report in background mode, still RAR is saving the spool files in default location only.
Can you suggest me if I am wrongly defining the location of folder?
Should we define the complete location of the folder i.e starting with drive letter or path starting with user/* is sufficient?
Regards,
Dasarad -
CUP Risk analysis bad error message for TooManyViolationsException
Hello,
We are running CUP GRC-SAC-SAE 5.3_13.0 ( Build ID:04080510 ) with Compliance Calibrator 4.0 in our R/3 systems. We recently had a situation where the number of conflicts identified by CC was too large for CUP to handle. Instead of getting a serious error message that was meaningful, we got "x Access to all actions". The request was approved (manually) for SODs, and the user ended up with an account that was outlandish.
Has anyone else had this problem? Is there some threshhold that we could raise in CC?
Any help or advice would be appreciated.
Thank you.
Jennifer
The log shows the following:
2011-04-25 19:03:15,023 [SAPEngine_Application_Thread[impl:3]_7] ERROR com.virsa.ae.service.TooManyViolationsException: Too many violations found.
com.virsa.ae.service.TooManyViolationsException: Too many violations found.
at com.virsa.ae.service.sap.RiskAnalysisDAO.determineRisks(RiskAnalysisDAO.java:224)
at com.virsa.ae.accessrequests.bo.RiskAnalysisBO.findViolations(RiskAnalysisBO.java:182)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doRiskAnalysis(RiskAnalysisAction.java:1161)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.doAnalysis(RiskAnalysisAction.java:381)
at com.virsa.ae.accessrequests.actions.RiskAnalysisAction.execute(RiskAnalysisAction.java:118)
at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
at java.security.AccessController.doPrivileged(AccessController.java:219)
at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)CUP denies requests with SAP_ALL, the message Access to all actions is typically the one you get when you have a user with SAP_ALL. When you say the request was approved manually do you mean you handeled it out of the CUP system or CUP approved the request despite giving you the error message?
Regards,
Chinmaya -
SAP GRC Compliant User Provisioning (CUP) Password Self Service
Hello everyone,
I am setting up Password Self Service within CUP. For those users that do not already have access to the UME frontend, I know that I need to create a user ID in the UME frontend for each user so that they can access the Password Self Service option. Since I only want the user to access the Password Self Service option, what UME role do I assign to them to ensure that they cannot access anything else within CUP?
Thank you!
JohonnaJohonna,
The 3 defined roles are only those suggested by SAP.
You can create your own roles by assigning the various actions as needed to provide access or restrict as your organisation requires.
However, depending on your patch level, you may find that certain actions are dependant on others to work properly.
Also, you either grant access to the functionality or not. There is no partial or display only setting in the java stack.
Enjoy!
Simon
Maybe you are looking for
-
How can i sync music from different computer without losing pictures??
my phone randomly "deleted" all of my music. It all shows up in itunes when I plug it into a computer. The only problem is MY compuer is currently out of commision and wont be fixed for at least a month. What Im trying to do is plug it into my friend
-
Made the change to 4.5, now a browser issue
hello, ok i upgraded to 4.5, now when i try and go to the mobile.blackberry.com website on my device for apps and such, i get a warning message stating that this site was designed for blackberry browsers, so whats up with that? thnx in advace for any
-
How can I get back my text tone?
After updating to 7.0.2, my 4S no longer makes a sound when text comes through. I checked all settings and even changed the tones a couple times. This phone was perfect before the update! Annoying, to say the least. I have to keep checking to assure
-
I am trying to return finished books to the library and it comes up with an error message e-bad loan
I am trying to return finished books to the library it comes up with a message e-bad loan id
-
Can any one please tell me in easy language about performance tuning methods. Please don't give online doc as a reference.