SoD Review Guide

Dear Forum goers,
It has been a long time coming, but we just released the SoD Review Guide on BPX.
You can find it here:
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/f01947f3-80d6-2c10-36a6-d4dad7cf1649?quicklink=index&overridelayout=true
Thanks!
Ankur
SAP GRC RIG

Alpesh,
To answer your questions,
Page 17: 1. Admin
Changes are not accepted from 'Track Changes' feature of Word. The changes still show up in 'RED'.
I do not understand this response.  The document looks fine to me on Page 17.
**Page 20: Lock, Forward To Next Stage:**
*Is "Lock, Forward To Next Stage" same as "Deactivate; Forward To Next Stage" or the users are only locked in "Lock, Forward To Next Stage"?
Yes, you are correct, the users are only locked in "Lock, Forward to Next Stage."  "Deactivate, Forward To Next Stage" sets the User assignment to the current date.
Page 43: Are the links for config guide etc. under Related Content suppossed to work?
We submit our documents to BPX as a word document, and then they convert it to PDF, so the links do not work after the conversion is done.  If you are interested in a link, let me know, and I will point you to the correct place.
Thanks!
Ankur
SAP GRC RIG

Similar Messages

  • SAP GRC 10.0 - SOD REVIEW

    Dear All,
    We are having a doubt related to the SoD review process available in GRC. Let us send you a couple of questions:
    We guess that the SOD review performs an analysis over the hole users at the target system. Is that correct? Or it is just limited to the users requested by the Access Request menu. That is toy say to the users created/modified through GRC?
    If we generate the data once and then the tasks are sent to the reviewers. If the Generate the Data again – just one minute later – will be send the same users to be reviewed to the Reviewer?
    Thanks in advance!!!!!!

    Jebeni,
    we haven't done any SOD review but from the user access review my experience is that..
    1.You should have an option to include a set of users for whom the review should be done.i.e only dialog.
    2.Yes..it will resend if you re-run the job again.
    we will wait to know more form the experts.

  • SoD Review

    Hi.
    I have problemes while generating SoD-Review-requests.
    No requests are generating, although I have made all changes like mentioned in the ConfigGuide.
    Any ideas?
    Thanks.

    Alexa,
    Can you please provide list of rule files you had uploaded.
    what's values in table VIRSA_CC_RISK*
    Regards,
    Surpreet

  • Reviewer's Online Demos download

    I need to download Reviewer's Online Demos flash presentations so I can view them offline.
    Please where can I download them?
    I'm specially interested on webservices on OC4J and JDeveloper, so if you kindly guide me thru this learning process.
    rubén

    Ruben,
    The viewlets are only available online. But you can download the reviewer guide PDF file.
    http://otn.oracle.com/products/jdev/collateral/papers/10g/reviewer/10g_ReviewersGuide.pdf
    Follow the steps in the tutorial - they are exactly what you see in the viewlet.

  • RAR: Alerts tables understanding

    Hi,
    After running alert generation role specifying just critical actions flag and a specific risk that includes a few transactions we have identified that the following tables are containing data:
    VIRSA_CC_ALLASTRUN: Dates and time when alert generation job finished
    VIRSA_CC_ALLISTHDR: Header data that is shown under alers' reports.
    VIRSA_CC_ALLISTDTL: Details for the alerts identified (in our case critical trnasactions)
    VIRSA_CC_ALTCDLOG: Last time a user executed a transaction within the period alert generation was executed
    VIRSA_CC_ACTUSAGE: All transactions executed by users (transactions are shown several times but differs on time) within the period alert generation was executed
    Our questions:
    1) When and where tables VIRSA_CC_ALTCDLOG and VIRSA_CC_ACTUSAGE are used within SAP GRC AC?
    2) Since we are executing alert generation job on a daily basis, tables VIRSA_CC_ALTCDLOG and VIRSA_CC_ACTUSAGE are increasing very fast. Which is the best practice and procees to manage this information? Is deletion performed? Is archiving performed?
    Many thanks in advance. Kind regards,
      Imanol

    Hello Imanol !
    I've never heard of deleting Alerts per say, but you can delete the Action Usage that is used to generate the alerts. in RAR, go to: Configuration --> Ulitities --> Purge Action Usage.
    I've never used the functionality yet, but my assumption is that deleting the action usage, would also impact the alerts and might possibly delete them too. There is some good information about positive/negative impact in the Configuation Guide "AC53_CG_Final_en_Aug_2010.pdf" on page 64.
    Per your original question, if I understood correctly, the collected action usage is used a lot in AC. The following reports make use of Action Usage:
    1. RAR --> Informer --> Security Reports --> Miscellaneous --> Action Usage by Role & Profile
    2. RAR --> Informer --> Security Reports --> Miscellaneous --> Action Usage by User
    3. ERM --> Informer --> Transaction Usage
    The third report is my favorite since it collects usage counts and which really helps for role re-enginneering.
    The UAR and SOD Review processes make use of action usage too.
    -Dylan

  • GRC AC V10 - UAR config steps

    Hi together,
    I didn't find any config guide or input for the configuration of UserAccessReview UAR.
    Can anybody mention the most import steps and jobs?
    The RKT info is not that detailed.
    Thanks,
    Alexa

    Hi Alexa,
    I am not sure how much I'll be able to help you without a proper documentation.I'll try my best.
    Go to SPRO->GRC0->Access Control->Maintain Configuration settings. Please maintain these values as required.
    Parm Group        ParmID     Parm value                            Description
    UAR Review        2004     011             Request Type for UAR
    UAR Review        2005     004             Default Priority
    UAR Review        2006     MANAGER             Who are the reviewers?
    UAR Review        2007     YES             Admin. review required before sending tasks to reviewers
    SOD Review     2016     010             Request Type for SoD
    SOD Review     2018     RISK OWNER      Who are the reviewers?
    SOD Review     2023     YES             Is actual removal of role allowed
    Then go to Go to SPRO->GRC0->Access Control->Workflow for Access Control-> Maintain MSMP workflow. Customize the Processid SAP_GRAC_USER_ACCESS_REVIEW. Maintain all the required details. Save and activate it. Now you are ready for review.
    For issues follow the SAP Notes: Note 1620495 - GRC 10.0 UAR - Submission failure of request &   1620493 - GRC 10.0 UAR Background Job stuck
    Don't forget to implement the note 1622281 after your configuration.  Get back if you have any issues further.
    All the very best
    Regards,
    Guru

  • Alert Generation, Control Monitoring

    Hi,
    I am trying to understand how the Alert Monitoring background jobs work. I understand that Alert monitoring for Confliction Actions and Critical Actions will generate allerts when conflicting actions or critical actions actually are performed, but how is this for the Control Monitoring? Will it create allerts when users/roles with conflicts are actually assigned a mitigating control, or will alerts also be created when mitigating controls are created but not assigned to a specific users/roles risk violation?
    Thank you!
    Ingar Steinsvik

    Did you check the documenation on this ("Scheduling Alert Generation" section in GRC 5.3 config guide):
    Control Monitoring:
    This alert type is a mitigation level analysis, which generates mitigation alerts.
    During the generation of alerts, the user and transaction information is passed to the risk
    analysis. If you select the Consider Mitigated Users option, alerts are generated on user who
    are associated with a mitigated risk. The generation of these alert types are useful for
    transaction usage in Segregation of Duties (SoD) Review and User Access Review (UAR).
    You can also set up a background job for sending alert notification via email based on the
    alert type. By selecting Conflicting Actions and/or Critical Actions alert types, notifications are
    sent to Risk Owners. Selecting Control Monitoring alert type sends notification to the
    Management Approver of the Mitigating Control.
    Thanks
    Himadama

  • CUP 5.3 SP6: UAR Config not visible

    Hi there,
    I have gone through the AC 5.3 Config guide and AC 5.3 UAR guide but I cannot
    procede as I do not have the possibility to select function Configuration > User Review
    in our 5.3 CUP application. This function is simply not available in the Config tab list!
    Additionally I have reloaded the xml files from VIRAE and VIRRE and entered the correct URLs for UAR and SOD-Review in Configuration > Miscellaneous.
    Anyhow I guess that our versions AC-RAR 5.3_06.0 and AC-CUP 5.3_06.0 need to be upgraded at least to SP 6 Patch 1 or better SP 7 or 8 to have this function available even the patch notes do not comment on the issue I have described.
    Did anyone experience this issue in the past?
    Regards,
    Markus

    Markus,
        Did you have any version of CUP/AE before? It seems you may have upgraded your CUP from earlier version but have not modified the UME roles to include the action for UAR config. You can check the AEAdmin roles and see if it contains 'ViewSODReviewHistoryReportAction', 'ViewUserReviewStatusReportAction' and 'ViewUARReviewHistoryReportAction'. If it does not then add the action and you will be able to see. If it does then there can be some other issue and you might want to upgrade to latest SP (SP8 Patch1) or talk to SAP about it.
    Regards,
    Alpesh

  • How can I print using my hp officejet 4500 wireless I just bought

    From my Ipad 2 how can i print wireless using my hp officejet 4500

    Read this: http://support.apple.com/kb/ht4356
    and this: http://digiex.net/guides-reviews/guides-tutorials/mobile-devices/8187-how-enable -airprint-any-printer-mac-osx-allow-your-ipad-iphone-use.html
    and also look at the HP iPad printing App or some of the other iPad printing Apps: printcentral, printopia, print n share, etc.

  • MSMP Work flow in GRC 10.0

    Hi Experts,
    I have a work flow requirement and would appreciate if you guys can please help me here . The actual requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If there is no SOD issue found, the workflow should end. The requirement is to configure the access request so that the end goal of work flow is just facilitation of an SOD review.  There would be no actual provisioning of users at the end of the path.
    I am wondering if this would work flow can be initiated with an function module based rule or i would have to create a BRF Rule for this . As per my understanding the flow should be Start > Access Request > Sod Analysis done > If Sod , Go to Central team otherwise end > Central team will decide on the assignment of SoD Resolution > This Team will either Assign MC or wont approve the Role assignment > Both Cases the work flow ends and request is closed.
    Would really appreciate if you guys can assist me as i am new to work flow and this is one of project deliverables . Thank for your valuable time and help .
    Vikas

    Hi Ashish ,
    Thanks for your time . Let me explain you my requirement and would really appreciate if you would have some inputs here which would help me to design this .
    The actual client requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If this group decides to apply mitigating controls to the issues, the workflow must then go to the compliance group for them to review for appropriateness. Requirement is do a SoD analysis for every role change/add request , so that this group takes the appropriate action based on the SoD Analysis . For all my CUP request raised , i want system to do a SoD analysis and let this group know whenever there is a SoD found or just end the workflow if there is no risk.
    I am aware of the Risk analysis process for GRC 10.0 , however i want it to happen as a part of this work flow requirement.
    The requirement is to configure the access request work flow so that the end goal of work flow is just facilitation of an SOD review.  I hope i was able to explain my requirement . Thanks again for your help.
    Your valuable guidance would be really appreciated.
    Vikas

  • Mulltiple Rule Sets in GRC 10.0 for one System

    Hi All,
    We do have 2 different companies working on one system and by that 2 different rule sets that are applicable.
    Due to that we are facing different problems we don't know how to solve yet but lets start with the first one dealing with the rule set that should be used in the access request.
    We want to determin which rule set should be used over the requested role (e.g. if role name contains 0001 use rule set 0001, if role name contains 0002 use rule set 0002).
    We have alerady tried several different senarios in BRF+ without success.
    Does anybody have a solution or at least an idea for this topic?
    Thank you all very much in advance!
    Eva

    Hi Ashish ,
    Thanks for your time . Let me explain you my requirement and would really appreciate if you would have some inputs here which would help me to design this .
    The actual client requirement is to design a CUP Workflow and If there are SOD issues identified, the workflow will need to go to a central team for them to address each issue. If this group decides to apply mitigating controls to the issues, the workflow must then go to the compliance group for them to review for appropriateness. Requirement is do a SoD analysis for every role change/add request , so that this group takes the appropriate action based on the SoD Analysis . For all my CUP request raised , i want system to do a SoD analysis and let this group know whenever there is a SoD found or just end the workflow if there is no risk.
    I am aware of the Risk analysis process for GRC 10.0 , however i want it to happen as a part of this work flow requirement.
    The requirement is to configure the access request work flow so that the end goal of work flow is just facilitation of an SOD review.  I hope i was able to explain my requirement . Thanks again for your help.
    Your valuable guidance would be really appreciated.
    Vikas

  • GRC 10 Work Inbox Notification or Universal Work List instead of SMTP

    Hi,
    I wanted to check with you all if there is a possibility to get SAP internal Work Inbox or UWL notification instead of outlook/SMTP notification.
    The scenarios this will be required for us are
    1. User ID details communication at the end of the request.
    2. Notification if access is approved/ rejected.
    3. Notification for Firefighter approved or rejected.
    4. BRM role approval notification
    Kindly let me know if we can pull the notification from Outlook/SMTP to internal SAP Mailbox.
    Regards,
    Prasad Chaudhari

    Hi Guru,
    If I am not wrong the items mentioned send notification to outlook/smtp and not work inbox. The work inbox will get request for approval and uar/sod review.
    Are you talking of some parameter/settings to change this behaviour?
    Thanks,
    Prasad Chaudhari

  • Creating Mitigation Control from CUP

    Hi Guys,
    Is this feature implemented in Access Control???? Or Stills as enhancement

    Hi Alpesh
    In order to your answer... Can you help me to identify what I doing wrong when I want to approve a mitigate control in CUP.
    Path 1 : Approve request
    Stage 1: Request
    Stage 2: Security
    Stage 3: Role Owner
    Detour Path:
    Type: CUP
    Stage: Role Owner
    Condition: SoD Review
    Detour Path: Path 2
    Path 2:
    Stage 1: Approval -- > CAD : Mitigation Monitor
    The request is send to the Mitigation Monitor but when we try to approve request show the next error:
    2010-03-30 14:10:26,390 [SAPEngine_Application_Thread[impl:3]_25] ERROR  Mitigation control TEST_5.1 could not be saved for user PRUEBAGRC_6
    com.virsa.ae.core.BOException: Exception from the service : Mitigation record doesn't exist
         at com.virsa.ae.accessrequests.bo.MitigationControlBO.insertMitigationControl(MitigationControlBO.java:207)
         at com.virsa.ae.accessrequests.bo.MitigationControlBO.saveMitigationControls(MitigationControlBO.java:321)
         at com.virsa.ae.accessrequests.bo.RequestBO.callAEExitService(RequestBO.java:6993)
         at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:6748)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:6600)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:6393)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:949)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:104)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Caused by: com.virsa.ae.service.ServiceException: Exception from the service : Mitigation record doesn't exist
         at com.virsa.ae.service.sap.MitigationControlWS52DAO.checkForSuccess(MitigationControlWS52DAO.java:832)
         at com.virsa.ae.service.sap.MitigationControlWS52DAO.executeUpdateUserMitigation(MitigationControlWS52DAO.java:287)
         at com.virsa.ae.service.sap.MitigationControlWS52DAO.insertUserMitigation(MitigationControlWS52DAO.java:309)
         at com.virsa.ae.accessrequests.bo.MitigationControlBO.insertMitigationControl(MitigationControlBO.java:195)
    Can you help me please?? All URI are OK.
    Thanks !!!!
    Edited by: Karen_sans on Mar 31, 2010 7:45 PM

  • JDeveloper ADF Deployment to OC4J

    Have developed a UIX/JSP in JDeveloper 9.0.5.2. It works fine as expected with the JDeveloper embedded OC4J server.
    JSP is a master detail page, can scroll through master records and see detail lists. Deployment is successful to standalone OC4J...But it does not work there, behaviour is this: on startup, first master record is displayed, but no details...then next button(s) do not work. Have deployed a WAR, have gond through JDev library installations for OC4J, etc....but page initially displays first master record, then does nothing else.
    Where can I find a detailed deployment how-to page for deploying to OC4J? I have been through several already, but something is still missing.
    Regards,
    Mark R

    Try the steps detailed in the reviewer guide for JDeveloper. (page 26). http://otn.oracle.com/products/jdev/collateral/papers/10g/reviewer/reviewerguide.html

  • Actions and Forms Struts

    Anybody help me about as know how to developer using Actions and Form with JDeveloper.
    Thank´s
    Carlos Magno
    [email protected]

    What specifically are you looking for?
    If you are looking for a basic Struts Form that calls a Struts Action check out the JDeveloper Reviewer Guide
    http://otn.oracle.com/products/jdev/collateral/papers/10g/reviewer/reviewerguide.html
    Look at the Struts sample of a login form.

Maybe you are looking for

  • Reg. PDF file stored in oracle server directory

    Dear All , How to stored PDF generated file in oracle server directory. Thanks & Regards shailesh

  • Completion and approval workflows in line item based SC approval scenario

    Hi SRM experts, We are on SRM 7 ECS , support pack SAPKIBKV08 We are designing line item based SC approval workflow. We also have completion workflow. i.e after requester creates a shopping cart, it goes to buyer as per completion workflow( if the SC

  • Transparency set as overlay won't show in .pdf

    First of all, I'm not completely sure that this question isn't really for Adobe Acrobat.  Also, I am using CS5 with Windows 7. I have drawn grey lines to cross out text in my book.  The 100% lines were too dense for the characters to show through, so

  • Getting error when trying to expose the java class as webservice

    I am new to webservices and ESB. I have two custom schemas. LegacyCustomer.xsd and CommonCustomer.xsd. I am compiling these schemas using JAXP. I am trying to map one custom data to another data using java class. I am trying to expose this java class

  • Installing Eye Candy 5 Impact

    Whenever I try to install Eye Candy 5 Impact on a mini I get the following error: You cannot open the application "EyeCandy 5 Impact.app" because it is not supported on this architecture" Anyone shed any light on this ?