SOD violation as per sizing guide

Hi All,
I have a query regarding sizing for GRC server. As per sizing guide, there are few inputs like total roles and total users in system landscape, which are to be connected to GRC and total violations during per peak hour etc.
I want to know what violation count means in this context -
Is it SOD violation before GRC implementation occuring in system?
Or is it SOD voilation count when GRC is established and we assume that either most of the risks are mitigated and / or remediations are done.
Does this count SATs as well?
Thanks & Regards,
Sabita

Hi Experts,
Please excuse me for re-opening this message. Our client wants clear understaning on sizing and I want confirmation before I can convince them.
Here are my queries-
1. When we do sizing for RAR, what activities are covered under " Daily Transactional Sizing per hour". We do incremental Sync and Batch risk Analysis, but they run in nights when system is less loaded. So what does it mean"during peak hour"? What else are under transactional sizing-do webservice calls from ERM or CUP are included in it and does Alert Monitor job also falls under it?
2. What does it mean voilations in context of Risk Analysis? Does it mean actual violations in daily backend transactions or it is only voilations based upon Role/User authorizations? What kind of voilation it includes-permission level all line items(like ME21N ACTVT 01, 02, 03 are 4 voilations or it is only one for one risk?
3. Under which criteria or parametr should we do sizing for Adhoc risk analysis ( run from Informer tab) .
4. There is parameter for "initial load" in RAR and CUP. We would like to know why there are two parameters for "initial load" and "daily transactional". They may overlap for sizing purpose because when we do initial it means system is not ready to perform daily tasks. And when we say " Transactional" it means initial load is done. So in this case, the SAPS used in initial load is released for daily transactional task.
Thanks in advace.
Regards,
Sabita

Similar Messages

  • SPM SOD Violations Report

    Should the SPM SOD Violations Report populate if you don't have Risk Terminator enabled?
    If so, I'm not sure I have the correct configurations in place. Whenever I click the report in SPM I get the following message: "No match nor conflict found". I have other reports that are function correctly, which makes me belive this is not a connector issue. Am I supposed to run some background job?
    Please advise.
    Thanks,
    Kunal

    Kunal
    did you imported the default rules and risks before connecting the system? And than did the sync job?
    The sequence has to be followed as per the config guide
    Nesimi

  • GRC 10.1 - Routing at Request Submission in case of SOD violations

    I am trying to configure MSMP workflow or risks analysis while creating userid
    1. No Risks >> User created and access assigned automatically
    2. Risks found >> forward to security team to review and approve
    I have checked the standard functional module - GRAC_MSMP_DETOUR_SODVIOL cannot be used in AC 10.0 . This is  only be used as Routing Rule after first stage approval and at subsequent stages as per Note - 1783157 - Routing at Request Submission in case of SOD violations
    Can anyone advise the standard SAP delivered rule / functional module we can use in GRC AC 10.1 to achieve the outcome at the time of request submission ??

    Hi Anil,
    You have enable riak analysis at submission buy setting parameter and the need to have a first stage as dummy where risk analysis result can be analysed and have a detour at this dummy stage so that in case of risk request is forwarded to next stage.
    Hope that helps..
    Regards
    Ashish

  • Business Objects XI Release 3.0/3.1 Enterprise Sizing Guide

    Is there a Business Objects XI Release 3.0/3.1 Enterprise Sizing Guide available yet...?
    We are trying to plan our hardware budget for next year.
    I have reviewed both the BusinessObjects Enterprise XI 3.0 Deployment Planning Guide, and the BusinessObjects Enterprise XI 3.0 Deployment Planning Guide - but neither one gives you the actual counts of concurrent and simultaneous connections supported per CPU/Service in 3.0/3.1.
    Edited by: Mark Richardson on Sep 16, 2008 4:49 PM

    Hello,
    In the deployement document for XI 3.O : "xi3_bip_deploy_plan_en.pdf",
    Page 81, one reads : "It is also recommended that you contact your Business Objects sales
    representative and request information about the BusinessObjects Enterprise
    Sizing Guide. A Business Objects Services consultant can assess your
    reporting environment and assist in determining the configuration to best
    integrate with your current environment."
    Therefore, such a document should exist.
    Any news since the last post?
    Thx in advance

  • SAP Adapter has a problem, SOD violations will not be checked

    Hi,
    In our ides server whenever i click save button in su01 i get the following error ,
    "SAP Adapter has a problem, SOD violations will not be checked !
    Please check with your system Administrator
    Technical Info:
    Error when opening an RFC connection "
    we didn't have this problem before . can anybody help me to resolve the issue
    Also I am getting this error only if I click save in su01. in other t code. I don't get this error
    Thanks in Advance
    Edited by: gajula jhansi on Apr 11, 2011 11:28 AM

    You need to restart your sap adapter in GRC front end from configurations tab-->Sap adapter >choose the one for your back end system> if it's grayed out or even green still, click on it and let it restart and turn green again.
    Then you go back to your backend ECC system and in SM59 , choose the RFC connection for the Risk Terminator (the one you have saved in the Risk Terminator transaction /VIRSA/ZRTCNFG in backend system).. and test the connection. It should pass the connection test if your adapter is working and set up correctly. Then when you do save in SU01 or make changes in PFCG and have Risk Terminator activated for the backend system, it will check the SOD violations against those transactions from RAR front end.
    If you don't want Risk Terminator to check for SOD violations in front end RAR, then you need to set your settings to 'NO' for all in the Risk Terminator transaction. You can get all this info in the GRC config guide for RAR and SPM area.
    Regards,
    Alley

  • SPM "SoD Violation Report"

    Hi all,
    We are trying to find details documentation for user SPM report "SoD Violation Report" but there is any in 5.3 configuration and user guide.
    What is the purpose of such report? Which is the expected result? Are they the SoD conflicts within FF authorizations? OR SoD conflicts of transactions executed by FF?
    Many thanks in advance. Best regards,
      Imanol

    Yes, Imanol. it will show the  SoD conflicts of transactions executed by FF
    The Segregation of Duties (SoD) Conflicts Report captures the data from the selected system for
    each designated firefighter ID. The data is grouped by firefighter and by violated risk. The report
    lists the SoD Conflicts that arise for each login event.
    The report displays the following information for each firefighter ID:
    · Name of the firefighter using the firefighter ID.
    · The Risk ID associated with the conflict.
    · The name of the transaction.
    · The date that the conflict occurred.

  • Error in Role level SoD violations Dashboard

    Hi All,
    We are running on GRC V10 SP06.
    When role level SoD violations dashboard is opened there is no relation between Number of role analyzed (X) in system and Number of roles with violations(Y).
    In our case Y is far greater than actual X.
    Even the percentage of roles with and without violatons together doesnt constitute 100  % ...
    Please help what may be a solution to fix it.
    -Thanks

    Hi All,
    We are running on GRC V10 SP06.
    When role level SoD violations dashboard is opened there is no relation between Number of role analyzed (X) in system and Number of roles with violations(Y).
    In our case Y is far greater than actual X.
    Even the percentage of roles with and without violatons together doesnt constitute 100  % ...
    Please help what may be a solution to fix it.
    -Thanks

  • Work Manager 6.1 Sizing Guide Query

    Hi,
    Looking at the official Work Manager 6.1 sizing guide and comparing it to the Work Manager 6.0 guide and it seems there has been a large jump in the suggested hardware for SMP.
    I understand the WM6.0 runs on SMP 2.3 and WM6.1 is on SMP 3.0, but I'm surprised that the difference seems so large.
    E.g. For a medium landscape with 1000 syncs/hour:
    Work Manager / SMP
    SMP SAPS (suggested)
    Work Manager 6.0
    2,000
    Work Manager 6.1
    55,500
    Could someone clarify why this would be?
    Thanks,
    Stephen

    The Sizing Document has been updated for the SMP Server and appear to be much more reasonable.
    The SAP ABAP & DB Server recommondations are still the same and don't seem right.
    E.g
    Large Data Volume & 2000 syncs/hr
    SAP DB Server -  393,500 SAPS
    SAP ABAP Server - 127,500 SAPS
    From the Sizing benchmarks an IBM Server with 271,080 SAPS has 8 Processors / 120 Cores / 1TB of RAM
    Cheers,
    Stephen

  • BSI TaxFactory 8.0 server sizing guide?

    My company is installing BSI TaxFactory 8.0 for the first time on an AIX / Oracle platform.
    Is there a server sizing guide for how CPU and memory usage I need to plan for when payroll is running?  I realize it will vary based on number of employees.
    The only thing I can find on SAP Service Marketplace and BSI's web site is how much database space it requires (approx 2 gig).
    I've read all the notes; including 1064089 - Installing TaxFactory 8.0, but not as an upgrade.
    Our Basis Team Lead doesn't want it installed on the SAP Oracle db server.
    Thanks in advance,
    Mark Perrey

    Mark :
    If you're talking about BSI executable (i.e. tf80server.ksh for AIX / UNIX environment), this should be on the drive accessible by all SAP applications/db servers so it could be executed indepently of which server user is loggin on (due to load balance).
    If you're talking about BSI database, I don't see any issues with having this on the same SAP ORACLE dbase server (whether same instance or not). BSI dbase is relatively small (around 70 tables), and I would imagine database resource is probably minimum as most of the tax calucations are probaly done at the BSI application level.
    Rgds.

  • Cisco Prime Infrastructure 1.2 - Remote FTPrepository Sizing Guide

    Can anyone provide a link to a sizing guide for remote FTP repository for backing up Cisco Prime Infrastructure 1.2 to a remote FTP server?                  

    A personal observation; In PI 1.1, with the small ova we were running around 300 AP's and I had noticable slowness and issues.  At that time, TAC mentioned that I should go with the medium as it was a known problem  Now, despite being on 1.2 and alot of the issues resolved (and now new ones), if faced with the need to start over and I could spare the hardware, I would still go with the medium.   My personal opinion is that Cisco VM's require way to much.  On the other hand, knowing that it's relying on a built in Oracle DB, which from my experience with virtual servers, databases in VM = bad, it's understandable.  Not everyone agrees with this point from vm gurus to db geniuses, and I'm not a professional vm guy, just play one on tv, but personally i shove as much hardware as I can afford from my host at it if it's a db in a vm.  This comes from being in an enterprise with multiple oracle db's in multiple vm environments.  My 2cents.

  • XI Sizing Guide scenarios

    Hi,
    I need to baseline our hardware using the scenarios described in the XI Sizing Guide before testing the performance of our own integration scenarios.
    Would you know where are available the design packages of the integrations used for the XI Sizing Guide?
    Thanks for your help,
    Adalbert

    Thanks Prabhu,
    Indeed this can be another approach.
    Mine was to baseline our dev box with a scenario referenced in the XI Sizing Guide, and then measure the performance with our own scenario and deduce the required number of SAPS for our scenarios to obtain a given range of results.
    I believe the use of the XI Quick Sizer is better as it can handle complex scenarios.
    I would have 2 questions concerning The Quick Sizer:
    -     how to indicate the <b>Lookups (using the XI Lookup API) overhead</b> we implemented in the mappings
    -     how to indicate a <b>self developed JCA adapter</b> in the adapter fields (outbound or inbound): XI J2EE or Thirdparty? what is the impact?
    -     What means “Acknowledgments: additional Acknowledgment” fields? in addition to standard iDoc ack?
    Thanks for your help
    Adalbert

  • SAP DOCUMENT ACCESS BY OPENTEXT Sizing guide

    Could you please help me to find the sizing guide for SAP DOCUMENT ACCESS BY OPENTEXT? I've been looking for it but I just found the Installation guide.
    Any tip that you could give me will be appreciated.
    Thank you all.

    Hi ,
    You can get sizing inputs at Open Text Knowledge center. For this you need to have login credentials to access the Knowledge Center. It has all the updated information about Open Text Installation planning and roadmaps.
    Hope this helps.
    Regards,
    Deepak Kori

  • GRC CUP 5.3 SP16, detour path not working for SOD violations

    Hi,
    Something bazaar is going on in our requests processing and not sure if that's the way SAP has set it up.
    We configured a detour path for requests with SOD violations to go to the additional stage of 'SOX Approver' but the first stage (manager) does the risk analysis and Mitigation assignment and then it goes to Role owner approver that approves the roles access. Once the role owner approves the roles , if the request had SOD violations, even if the mitigation was selected and approved by the manager stage, it needs to go to the SOX approver stage to approve the mitigation assignment before the request can be auto provisioned for any requests that had sod violations.
    But it seems to skip the sox approver detour path stage after the role owner approval and go directly to auto provisioing. I thought that any requests that had sod violations inspite of having mitigation assignment in a previous stage can be detoured to the next path for SOX approval and then auto provisioned. Since SAP doesn't give different approval option to approve mitigation vs. approve roles, wherever you make the risk analysis mandatory, that's where the mitigation controls have to be assigned. But we want the option to detour the path to SOX approver to approve those mitigation controls b4 auto provisioning the request.
    Any idea of how to fix this?
    Is the detour only going to work if the mitigation wasn't assigned? But then how can you get approval for the mitigation on a different stage if the same person has to assign and approve that?
    Will appreciate any feedback in this.
    Thanks,
    Alley

    I was actually able to resolve the issue by adding the role approver stage first to the sox approver detour path.. this way..if the manager has roles with sod violations and updates mitigations for it, it goes to the role approver via detour path as well first and then to the sox approver stage b4 auto provisioining. So, that solved our problem. And if the request doesn't have SOD violations then it just goes to the next stage without detour which also has the role approver as the last stage.
    Since I couldn't get the sox approver stage to show up after the role approver as originally anticipated since the request already had mitigation assigned at the manager level, we did the above scenario to fix the issue.
    Requestor>Manager->Role Approver-->auto provisioning (without SOD violations)
    Requestor>Manager> Detour (Role Approver>SOX Approver)->Auto Provisioning (with SOD violations)

  • ERM: Exceeding SoD violations treshold

    Hi all,
    In ERM role definition, when exceeding the SoD violations treshold, it is not possible to continue the role definition since next stage doesn't get active.
    Has anyone of you face this before? How do you tackle it?
    Many thanks ion advance. Kind regards,
      Imanol

    this was known issue with SAP on older SP's...
    not sure if it was resolved or not.
    however why are you creating role with so many violations...
    as workaround  create two separate roles (with min conflicting tcodes...)
    so two roles can be assigned to a user in end... and role will be created in ERM also
    regards,
    Surpreet

  • SOD Violations at R/3 Backend

    Hi all,
    we are using GRC 5.2 version,and Backend R/3 is ECC6.0,wen i am changing at user level i.e in su01 if i add any role it is showing that
    Checking SOD Violations at Object Level with Time stamp at Status bar.
    But when i am changing any thing in PFCG it is not showing violations.
    Really it shows SOD Violations at R/3 Backend.
    Kindly clarify my Query

    Hi,
    When I executed * /n/VIRSA/ZRTCNFG*, I got the following options:
    Stop generation if violations exist
    Comments are required in case of violations
    Send notification in case of violations
    Default analysis level
    I did not get anything like PFCG Plug in value
    Could you please tell me actually what is the use of  these?
    Regards,
    Faisal

Maybe you are looking for

  • How do I stop iMessage from automatically opening my conversation with a person when they message me?

    iMessage problem on my ipod. Whenever someone messages me on imessage and my ipod is locked it'll come up on my lock screen and even if I don't swipe the message, imessage automatically pops up and opens the conversation. How do I stop this?

  • Why some albums cover does not show in coverflow mode?

    even when i sync my albums with its cover, when i turn to coverflow mode some of them does not appear and i dont know why

  • Have to "clear arp" table to get traffic to pass

    I have a very unusual problem that I can't figure out. We have a 2800 series router we are using as our voice gateway. It has been running fine for about 6 months but then a few days ago, it started dropping off the network every 10 minutes or so. We

  • Batch Keyword Removal Advice

    Aperture 2.0 seems to have way too many windows, bars, HUDs, panes for keywording, and yet I cannot for the life of me figure out how to easily remove one or more keywords from a group of selected photos. Today I selected thirty images and added a ke

  • MPN Material with excise

    Dear All SAP Gurus, I am purchasing MPN material with exicse duties , but while capturing invoice following error is coming, Please check excise base for the item is zero ! Message no. 4F121 Please sugget me solution Thanks in advance Mahesh