User Level SOD Report - Batch

Similar Messages

• Any way to have email address of the user in user level analysis report?

  Hi,
  Is their any way to get the users email address column in User Level Analysis report Result..??
  Any way or settings to add custom columns or the email address column in the displayed columns of the report ??

  Hi Pranjal
  If it's not an option to add the column from the screen you would need to look at customising the scren
  Below is an example for a different screen layout scenario
  Customizing Access Control Screens
  Regards
  Colleen

• Issue with Total Number of SODs at user level.

  Friends,
  Quick question -
  We are using GRC 5.3 Production on NT 20003 server. and back end systems are ECC 6.0
  1.We added the Additional Role to one of the business users in ECC 6.0
  2.We ran the FULL synch after adding this role in backend.
  Issue : The total number of SODs did not change for users, even though the SODs for this business users did increase about 300.
  Locations of Screen
  Informer Tab ->> Risk Violoations.
  Analysis Type -> Users
  Does anyone has any idea how this numbers get interpreted?
  The Total number of Violations for permission should increase, if user level SOD gets increased, as per our understanding.
  PT

  It should be in below sequence -
  1. Full or incremental sync for user/role/profile
  2. Full or incremental batch risk analysis for role/user/profile
  3. Management report
  The view you see is management report, which is based upon above jobs. FIrst jobs does high level sync like user/role/profile addition/deletion etc. Second job actually does risk analysis. Third one fills up the management view. If your batch risk analysis was run on  Aug 30 aug 10 and management report after completion of the same, the report will show the same data till you run these jobs again even there are many changes in backend authorization.
  Hope it clarifies your query.
  Regards,
  Sabita

• What is Execution Count in User Level Analysis?

  Hi,
  Can anyone through a light on that what is Execution Count Column means in User Level Analysis Report ,If it is the number of counts of the users execte the action then how we can discover or from when it counts the number of count ....??
  is it count from the starting of the user using that tcode or action?

  Hi Pranjal,
  Yes, Prashant is correct it counts from the first job run, but as it takes data from STAD, so the counting is actually as per the STAD data store setting.
  So if STAD store data for 4 days and if you run job in today it will count from 17.05.2014, make sure you have this job running regularly, if you miss this job run for more days than the retention period of STAD data, you may miss execution count for those days.
  Hope this clears your query.
  BR,
  Mangesh

• User Analysis at Permission Level - Detail Report (RAR SP12)

  Hello All,
  I have having question regarding the User Level Analysis at Permission level report. Currently, we are on GRC Access control 5.3 SP12.
  Per my understanding when you execute the User level analysis at Action level, you get SOD conflict reports based on T-code level and not on authorization / permission level. But, if you execute the user level analysis at permission level then SOD report is based on the authorization / permission object level.
  But now, when I execute the user level analysis at PERMISSION LEVEL in the Informer tab, in the report I am only able to see "Transaction Code Check at Transaction Start" name in the Permission Object Column and "Transaction Code" name in the Field column.
  Look forward to hear from you all.
  Thanks in advance,
  Regards,
  Angelica

  Hi Angelica,
  This behaviour is ok for those risks in which you have not enabled any Object/Field value. It will pick S_TCODE Object and show you the risk.
  This is useful because -
  1. If you have risks defiend at Tcode level - you can still catch them while running risk analysis at permission level.
  2. If you have Object Values defined in risk and you are running permission level analysis it will show risk only if Object Values meet. In that case permission level risk anlysis will not show risk if there is no actual risk.
  3. Running risk analysis at Action level can show false positives when risk is defined ta Object level. So, it is always better to r
  un alanysis at permission level, it will bring all actual risks skipping false positives.
  4. You can run only one level risk analysis in CUP and ERM and permission level covers all risks.
  If you have risk defined at Object Level and the role/user is not fulfilling all values, it should not show in permission level. In your case, if it is showing only "Transaction code check at start"  and the risk is defined at Object Level, then sure it is a bug.
  Regards,
  Sabita

• How to understand Permission level SoD analysis reports?

  Hi ,
  We would like to confirm whether our understanding is correct in analysing the SoD analysis reports at Permission Level
  Below is an example on how functions are configured at permission level
  Under Function 0C0004 we have t-code as below
  VA01 - Create Sales Order with Auth Objects
  B_USER_STAT  - ACTVT 01 AND
                              ACTVT 06 AND
  K_CKBS_CO-PC - ACTVT 01 AND
                               ACTVT 06 AND
  V_VBAK_AAT - ACTVT 01 AND 02 AND 06 etc.,
  Similarly we have another Function GA0001  with t-code as below
  F-03- Clear G/L Account
  F_BKPF_BLA  - ACTVT 01 AND
  F_BKPF_BUK -  ACTVT 01 AND
  F_BKPF_KOA - ACTVT 01 AND
  We have defined Risk betwee GA0001 & OC0004 with RISK ID 0045.
  Does this means that a User / Role which are having t-code VA01 with the above permission values should be thrown as a conflict if the same user/ role is having t-code F-03 with the above permission values.
  Do we need to understand the conflicts are only  between two transaction codes and their permission values? or
  Do we need to understand within the transaction code permission values also there are conflicts i.e. if a user is having  01,02 & 06 for V_VBAK_AAT in VA01 also.
  When SoD reports are thrown for a User/ Role it just provides the Rule ID number and the t-codes conflicting followed by the permission values of the t-codes as below
  004500101 : Transaction Code Check at Transaction Start  Transaction Code     Create Sales Order (VA01)   OC00004
  004500101 : Transaction Code Check at Transaction Start  Transaction Code      Clear G/L Account (F-03)      OCA00001
  004500101:  B_USERSTAT : ACTVT : Activity      Delete(06)                          OC00004
  004500101:  F_BKPF_BLA : ACTVT : Activity      Create or generate(01)      GA00001
  004500101: B_USERSTAT : ACTVT : Activity      Create or generate(01)      OC00004
  004500101: F_BKPF_KOA : ACTVT : Activity      Create or generate(01)      GA00001
  004500101: V_VBAK_VKO : ACTVT : Activity      Create or generate(01)      OC00004
  In the above scenario what exactly we need to understand ? Whether the conflicts are between t-codes & their respective permission values or the conflicts are intra conflicts i.e between permission values as well?  User should not posses both 01 & 06 for Auth Object B_USERSTAT and remove the access to any of them.
  Please provide your suggestions in our understanding.
  Thanks and Best Regards,
  Srihari.K

  Hi Sri,
            In RAR the conflict is always between Actions not permission. Permission level data is only for your info. All permission level details out of the box are not configured you have to activate it and fill in the value in the field. Now based on the value you feed in it will pull out the details.
  eg: if you enter * it will show all values, If you enter 01 it will show all  values with 01. 
         So to summarize the permission level details you need to configure based on needs and are not linked to conflicts they just show AS IS permission level details.
  Thanks,
  Darshan

• User level settengs for Report Painter GR55

  HI All,
  When user is trying to extract a cost center report from Report Painter GR55. User is not getting the values for few line items for last FI year (2010) and he is able to see the values for current year (2011).
  Tried with parameters, authorizations and settings with other user (able to see the report) who is having same roles authorizations.
  Please suggest if there are any user level setting related to above.
  Regards,
  Hamed

  did you check in transaction RPC0?
  Maybe you have some value at user settings level.
  br, Guido

• How to lock a user with a report in batch?

  Hi experts,
  is it possible to lock a range of users with a report which runs in batch? I decide to modify the report EWULKUSR, because I can't run this report in batch. But maybe there is any other report?
  Any idea?
  Thanks and best regards
  Max

  Hi Sim,
  I mean, locking the user in the system.
  Thanks for your answer.
  Best regards,
  Max

• Management report doesnt show violations at user level.

  Dear all,
  I have a problem that the management report in 5.3 SP04 doesnt show violations at user level. At role level it works fine.
  I've tried full sync and generated a new management report. The problem remains.
  No. of Users Analyzed 859
  Users with no Violations 859 100%
  Users with Violations 0 0%
  Number of Roles Analyzed 2,986
  Roles with no Violations 2,510 84%
  Roles with Violations 476 16%

  Hi Vit,
    Follow both the notes mentioned by Sahad. Check the data in virsa_cc_prmvl table. Run the following script and see if you can see any data:
  select * from virsa_cc_prmvl where genobjtp=1
  If you don't have any data then there was some issue with user analysis so you will have to run the analysis again. If there is data then run the management report again and you should see the data.
  Regards,
  Alpesh

• User level privileges to discoverer reports

  Hi All,
  I am facing a very strange problem.
  One of my users is running a discoverer report. He complains that he cannot see a particular row.
  When I open the report with the same responsibility but using my user name, I can see that row.
  Does it depend on the user name? Is it because, I am using the 'Owner Name' ?
  I know that we can set the privileges at responsibility level...but can we set them at user level?
  I will appreciate any idea/solutions on this.
  Thanks,
  Yogini

  Sounds like the view it's accessing at the database level has security built-in (as Rod alluded to).
  Is it a BIS view (ie: prefix is something like: xxFG_ (like ARFG_ or GLFG_))? If so, view security could well be the situation.
  Alternatively, the only way you could see 'more' info in the report if it wasn't a database level view thing, VPD, etc., would be that your Oracle Apps username in the EUL had more 'power' than his. Discoverer will connect an Apps user with their Oracle Apps name and / or responsibility AND always take the method that gives the connectee with the most 'power'. That's why I always recommend to only set privs, security, and report sharing with responsibilities and not Oracle Apps usernames.
  Russ

• AC 10.1 Empty screen on User Level analysis

  Hi all,
  We have migrated our 5.3 Access Control System to 10.1 and all the post-installation steps are applied. We loaded the user and roles from our ERP System, created rules and generated them for our system. Parameter 1027 – Enable offline risk analysi is set to YES. We also ran the batch job for the risk analysis in Background (transaction GRAC_BATCH_RA). When we run the NWBC -> Access Management -> User Level for our System we get just an empty window – no error message, nothing. It doesn’t make a difference if we run it on action level, permission level with offline data or without, in foreground or background, the result is just an empty window. What might be the issue here ?
  Thanks in advance
  Bernd

  Hello Bernd,
  In GRC 10.1 there are a few new things. Can you tell which view you are running the report on? There are three in GRC 10.1; namely - Remediation view, Business View and Technical View. See screen below.
  Most problems are on Remediation View (which is selected by default when you start running the RA). For traditional risk analysis report please run on the "Technical View" and see if you get results.
  To fix the issue with the remediation view's blank screen please review following notes:
  2040204 - Remediation View does not show up while running risk analysis
  2035538 - Remediation view in Risk Analysis does not show any data
  2099999 - Remediation View screen shows blank while Risk Analysis
  Thanks
  Sammukh

• How to find Level 1, Leve 2, Level 3 reporting manager

  Hi Experts,
  How to find Level 1, Level2, Level 3 reporting manager for an employee.
  pernr--> leve1 manager --> leve2 manager --> leve3 manager .
  Thanks in Advance.
  Regards,
  IFF

  Hi,
  For fetching Level 1 manaer, there are 2 options:
  1.You can use FM RH_GET_LEADER for PERNR,Position or User
  2.Use FM RH_READ_INFTY with Subtype = A008.
  For Fetching level2 manager,
  1. fetch Level 1 manager.
  2. Get Level1 manager's Org.
  3. Get Level2 manager using FM RH_GET_LEADER.
  Thanks,
  Dharitree

• Ideas for Providing User Level Data Backup and Restore

  I'm looking for ideas for implementing a user level application data backup and restore in an Apex app.
  What would be great is to have a user be provided an export file and a way to import this file. A bit overkill but hopefully never needed.
  Another option that is perfectly doable is a report that simply provides a means to create an export of the data. Since I already have an interface I can use an export to interface an export.
  Any thoughts?
  Hopefully I'm missing something already there for an end user to use.

  jlincoln wrote:
  "Do you mean "export" and "import" colloquially, or in the specific sense of the exp/imp/datapump utilities?"': I mean as in imp/exp Oracle utilities. Generally speaking, it would be neat to be able to export and import via an Apex an application. In this hosted environment I don't have that access but would this be a bad idea if you don't care about the existing data in the schema in which the data resides?I can envisage a mechanism using <tt>exp/imp</tt>, but since it requires <tt>dbms_scheduler</tt> external jobs and access to the file system it's highly unlikely to be possible in a hosted environment. (Unless you're doing the hosting?)
  Backup: Necessary for piece of mind and flexibility. I am working on a VB/Access user who does this today to get to the point when they can be comfortable with the backups occurring regularly and by the hosting site's DBA group.
  Restore: Like I said. I am working on a VB/Access user who does this today to get to the point when they can be comfortable with the backups occurring regularly and by the hosting site's DBA group. This is a very small data set. A restore would simply remove existing data and replace it with the new data.My opinion is that time would be better spent working on the user rather than a redundant backup and restore feature. Involve them in a disaster recovery exercise with whoever is hosting the environment to prove that their data is safe. Normally the inclusion of data in regular, effective database backups is sold as a major feature of APEX solutions.
  "What about security/privacy when this data ends up in uncontrolled environments?": I don't understand the point of this question. The data should not end up in uncontrolled environments. Just like the data in the database or its backups.Again, having data in a central, shared location protected by multiple levels of application, database, and OS security is usually seen as a plus for APEX over VB/Access. Exporting the data in toto to a PC/laptop that can be stolen or lost, and where it can be copied to USB drives/phones/email loses this protection.
  User Level: Because the end user must have access to the backup and restore mechanisms of the application.
  Application Data: The application data. Less than 10MB. Very small. It can be exported in a flat file downloaded by the end user. This file can then be used to upload and import via an existing application interface. For example.
  "I'm struggling to parse this for meaning.": When I say I have an existing interface I am referring to a program residing in the Apex application that will take data from a flat table structure (i.e. interface table), validate the data, derive data, and load into the target table structure.Other than the report export capability linked to above, there's nothing built-in to APEX that comes close to your requirement. If the data is simple enough that it can be handled in such a report, and you have a process that can read and recreate this export, then you have your backup/restore capability. If the data can't be handled in a simple report, then you'll need a more complex PL/SQL process to generate the file.

• Remove Personalization at User Level - Saved Searches

  All,
  There is a problem in the Saved Searches. We are on 11.5.10. The page immeditely throws error when a custom view is created using "Save Search" button.
  It says,
  ## Detail 0 ##
  java.lang.NullPointerException
  at oracle.apps.fnd.framework.webui.OADataBoundValueCustomization.getValue (OADataBoundValueCustomization.java:191)
  I am not able to revert this view created through save search. I tried by setting the Disable Self-Service Personal to Yes at that user level where i created the view and bounced apache. But the error still exists.
  Is there any means like by "Functional Administrator" responsibility where these views can be removed?
  Thanks,
  Padmaja

  Pl see if a similar issue reported in MOS Doc 859190.1 (Personal Worklist Returns NullPointerException When 'Disable Self - Service Personal' Is Set To Yes) can help
  HTH
  Srini

• Running Risk analysis at User Level(CC)

  Hi
  Please Clear my query, wat is the difference between running the risk analysis at userlevel Violation count by Risk and Violation count by Permission.
  violation count by Permission, the total number of violations are 377,569.
  Violation count by Risk,the total number of violations are 11,716.
  Thanks & Regards

  Hi Karuna,
  When you perform Risk Analysis at User level and choose violation count by Permission/Risk. Here are the details of each analysis:
  1. Violation Count by Risk
  This analysis will display the count of how many SOD risks associated with the users existing in each business process like FI, HR, MM, PR, SD.
  It will display as a bar graph or pie chart. If you choose each of the business processes and drill down to the particular SOD risk,P001 then you can display how many users have that risk, P001
  2. Violation Count by Permission
  This analysis will display the count of SOD violations at the action/permission level associated with the users existing in each business process.
  If you choose the conflicting functions inside each SOD risk, and then expand on the permission tab you will understand why the huge number of violations it is showing.
  In the Risk information screen, in Conflicting Functions, click the AP02 u2013 Process Vendor Invoices link to display the SAP transaction codes and the authorization objects. There are 26 different transactions in SAP to Process Vendor Invoices and another 185 authorization object values u2013 all come preconfigured out of the box.
  Choose the Permission tab. Expand Action F-42. Open an authorization object to show field values. By looking at all possible permutations of actions/permissions of one business function with all actions/permissions of the second business function, you can understand how the system arrives at the number of violations.
  Hope this will help you understand better.
  Regards,
  Kiran Kandepalli.