User risk analysis offline mode in RAR

Hello colleagues
We are in AC SP14 and trying to perform RA via risk analysis-> user level. When the offline analysis parameter is set to YES we don't receive results, when the offline analysis parameter is set to NO we receive results but they are partiialy in comparison the the results we receive for the same user in the management view -> user violation report.
So our question is:
1.     Why the offline analysis=YES is not showing any data when all the prerequisites were performed (the background RAR sync/risk analysis/management view jobs are finished successfully and the configuration parameter of offline analysis is set to yes)?
2.     Why the offline analysis=NO is not showing the same results as in the management view user violation report that was updated a just 10 minutes before?
We viewed notes number 1544338 and 1126251 and all is configured an maintained as needed.
Best Regards,
Shira

Hi Saurabh,
Kindly check the below SAP notes.
SAP note 1731579-- RAR 5.3 BRA job fails after about 4% - 6% of completion
1727751 - Alert generation job fails with message "Error in  Alert Generation
Hope this helps.
Best Regards,
Saksham

Similar Messages

  • Program batch risk analysis offline GRC AC 10.0

    Hello consultant:
    We have configurated GRC AC 10.0 RAR , when we executed risk analysis for Tx:NWBC  , the system run analysis(foreground or background) correctly but when we executed analysis for Tx:SPRO->Governance Risk and compliance->Access control->Batch Risk Analysis , the system run two jobs E:GRAC_SOD and GRAC_SOD but the jobs run only 1 second and finished sucesffully but the system no run analysis.
    Please could you help me?
    Thank you very much

    Please check view details in NWBC.
    or go to abap and select option and run it..
    and u can monitor the same using
    the tcode batch job for GRc monitor tcode dont remember u can check in guide.
    there it can show details.
    need tcodes and all ,please post
    Regards,
    Prasant

  • Faield to run Batch Risk Analysis BG JOB in RAR

    Dear Expert,
    While doing batch risk analysis (Including all User/Role/Profile  Action and Permission level analysis with Management Report), often we are getting the following error , that we found from the log.
    Feb 7, 2009 8:32:23 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
    WARNING:  Job ID:188 : Failed to run Risk Analysis
    java.lang.Exception: Cannot extract data from system (ECQCLNT360); for more details, refer to ccappcomp.n.log
         at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:118)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1104)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:297)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchRiskAnalysis(BatchRiskAnalysis.java:1047)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchSyncAndAnalysis(BatchRiskAnalysis.java:1369)
         at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:402)
         at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:264)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:240)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:80)
         at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:436)
         at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1225)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
         at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
         at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
         at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Feb 7, 2009 8:32:23 AM com.virsa.cc.xsys.bg.BatchRiskAnalysis performBatchRiskAnalysis
    WARNING: Error: while executing BatchRiskAnalysis for JobId=188 and object(s):T-EQ462534: Skipping error to continue with next object: Cannot extract data from system (ECQCLNT360); for more details, refer to ccappcomp.n.log
    Feb 7, 2009 8:32:23 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
    FINEST: --- @@@@@@@@@@@ Updating the Job History -
    2@@Msg is Error while executing the Job for Object(s) :T-EQ462534:Cannot extract data from system (ECQCLNT360); for more details, refer to ccappcomp.n.log
    Feb 7, 2009 8:32:23 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
    INFO: -
    Background Job History: job id=188, status=2, message=Error while executing the Job for Object(s) :T-EQ462534:Cannot extract data from system (ECQCLNT360); for more details, refer to ccappcomp.n.log
    Feb 7, 2009 8:32:23 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis
    INFO:  Job ID:188 : Exec Risk Analysis
    Feb 7, 2009 8:32:23 AM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis
    INFO:  Job ID:188 : Analysis starts: T-EQ462535
    Feb 7, 2009 8:32:24 AM com.virsa.cc.comp.VirsaXSR3_02Interface execute
    WARNING: VIRSAXSR3_02: Cannot execute BAPI AuthForProf
    com.sap.tc.webdynpro.modelimpl.dynamicrfc.WDDynamicRFCExecuteException
         at com.sap.tc.webdynpro.modelimpl.dynamicrfc.DynamicRFCModelClassExecutable.execute(DynamicRFCModelClassExecutable.java:107)
         at com.virsa.cc.comp.VirsaXSR3_02Interface.execute(VirsaXSR3_02Interface.java:279)
         at com.virsa.cc.comp.wdp.InternalVirsaXSR3_02Interface.execute(InternalVirsaXSR3_02Interface.java:1341)
         at com.virsa.cc.comp.wdp.InternalVirsaXSR3_02Interface$External.execute(InternalVirsaXSR3_02Interface.java:1376)
         at com.virsa.cc.comp.BackendAccessInterface.executeBAPIModel(BackendAccessInterface.java:3393)
         at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:407)
         at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.executeBAPI(InternalBackendAccessInterface.java:4227)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.executeBAPI(InternalBackendAccessInterface.java:4692)
         at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjActions(DataExtractorSAP.java:213)
         at com.virsa.cc.dataextractor.bo.DataExtractorSAP.getObjActions(DataExtractorSAP.java:105)
         at com.virsa.cc.xsys.meng.MatchingEngine.getObjActions(MatchingEngine.java:770)
         at com.virsa.cc.xsys.meng.MatchingEngine.matchActRisks(MatchingEngine.java:112)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.performActPermAnalysis(AnalysisEngine.java:1104)
         at com.virsa.cc.xsys.riskanalysis.AnalysisEngine.riskAnalysis(AnalysisEngine.java:297)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchRiskAnalysis(BatchRiskAnalysis.java:1047)
         at com.virsa.cc.xsys.bg.BatchRiskAnalysis.performBatchSyncAndAnalysis(BatchRiskAnalysis.java:1369)
         at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:402)
         at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:264)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.scheduleJob(AnalysisDaemonBgJob.java:240)
         at com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob.start(AnalysisDaemonBgJob.java:80)
         at com.virsa.cc.comp.BgJobInvokerView.wdDoModifyView(BgJobInvokerView.java:436)
         at com.virsa.cc.comp.wdp.InternalBgJobInvokerView.wdDoModifyView(InternalBgJobInvokerView.java:1225)
         at com.sap.tc.webdynpro.progmodel.generation.DelegatingView.doModifyView(DelegatingView.java:78)
         at com.sap.tc.webdynpro.progmodel.view.View.modifyView(View.java:337)
         at com.sap.tc.webdynpro.clientserver.cal.ClientComponent.doModifyView(ClientComponent.java:481)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.doModifyView(WindowPhaseModel.java:551)
         at com.sap.tc.webdynpro.clientserver.window.WindowPhaseModel.processRequest(WindowPhaseModel.java:148)
         at com.sap.tc.webdynpro.clientserver.window.WebDynproWindow.processRequest(WebDynproWindow.java:335)
         at com.sap.tc.webdynpro.clientserver.cal.AbstractClient.executeTasks(AbstractClient.java:143)
         at com.sap.tc.webdynpro.clientserver.session.ApplicationSession.doProcessing(ApplicationSession.java:321)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessingStandalone(ClientSession.java:713)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doApplicationProcessing(ClientSession.java:666)
         at com.sap.tc.webdynpro.clientserver.session.ClientSession.doProcessing(ClientSession.java:250)
         at com.sap.tc.webdynpro.clientserver.session.RequestManager.doProcessing(RequestManager.java:149)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doContent(DispatcherServlet.java:62)
         at com.sap.tc.webdynpro.serverimpl.defaultimpl.DispatcherServlet.doGet(DispatcherServlet.java:46)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:102)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:172)
    Could you please let me know why does it happening ? During installation of the system I have done Performance Optimization according SAP Notes. Instead of this again and again we are facing this problem.
    But If I do Batch Risk Analysis One by One, let say First we have done User Analysis with Mgmt Report next has been done Role Analysis then profile, according to that we got the successfull result.
    Thanks & Regards
    Pavel Das
    PwC India
    +919874886293

    Dear Alpesh,
    Good to hear you from sdn.
    Yes, It works properly when I have scheduled some of the profile and some of the Roles along with Management Report.
    It does not work when I have shecduled all the Roles and Profile together.
    So what would be your suggestion for Batch Risk Analysis ?
    Thanks
    Pavel

  • Different Risk Analysis Results with the same user from 2 different RAR

    Hi..
    I've loaded the same Risks, Rules, etc, into 2 GRC RAR environments (Sandbox and Quality systems); both of them are connected with the same SAP ECC system. But when I do a User Risk analysis (authorization level), the result from Sandbox is different from Quality system. I donu2019t have users or roles mitigated yet, users are synchronized, rules are exactly the same and I donu2019t know what happen??... Please, help me.
    Thanks...

    Hi...
    If I do a Full Sync of users to the same ECC system from both RAR boxes, I got different number of users loaded (i.e. 18757 vs. 18141), similar case with the full sync of roles. (13100 vs.  13150).
    If I load exactly the same set of functions to both RAR systems and I generate the rules, I got the same problem, different number of rules is generated.
    I've verified both RAR configuration and they are the same (excluded users, roles mitigated, etc.)
    Is it a normal behavior? What could be wrong?
    Thanks in advance!!

  • Exclusion of separated users in Risk analysis

    Dear All
    While running User Risks analysis, I need to exclude all the separated users in the Mgt report. We have already configured HR triggers for locking the Users on separation, but how GRC is able to distinguish whether the locked user is because of separation or incorrect logons.
    Please suggest
    Thanks
    Abhijeet

    Hi Abhijit,
       RAR will exclude all the loced users if you configure RAR to exclude them. If you want to exclude only separated users then may be you can exclude only the user group of those users (if you have a different user grooup when user is separated).
    Regards,
    Alpesh

  • Risk Analysis Batch Job Stuck in Ready State

    Hi,
    I am not able to schedule  Risk Analysis Batch job in RAR.The job is getting stuck on READY state(for unlimited period) and not performing any actions.
    Nothing is displayed under job history or job logs with job ID.I have check background job demaon ,connectors and other miscell. options but not abl to find any clue.
    Even i am executing risk analysis for single user,it's not happening.
    Rgds,
    Mukesh

    For your problem, of job not getting schedule....it seems Deamon is not running.
    To delete status of job which are in hung status
    change VIRSA_CC_SCHEDULER job id should with status five will show job aborted.
    are you using connection type 'Adaptive RFC', don't use it, use SAP JCO.
    and restart your GRC box.
    Regards,
    Surpreet
    please do check backend system, for VIRSANH is installed or not.
    Edited by: Surpreet Singh Bal on Jan 28, 2011 10:32 AM

  • Issue with risk analysis report in GRC10.0

    Hi All,
    We are running the user risk analysis report from NWBC: Reports and Analytics -> Access Risk Analysis Reports -> User Risk Violation report.
    This report is not fetching all the data even though user has all the required authorizations.
    We are getting the data when we execute the dashboard reports.
    Any one has idea?
    Cheers
    Hari

    Alessandro,
    Thanks for the reply. I am aware of this.
    Problem is when dash board report is showing the risk for the user but risk anaylsis report in Reports and Analytics is not showing the risks to that user.
    As per our investigation, the risk data that is displaying in the risk anaylsis report in Reports and Analytics is incomplete. We didn't find any errors in SLG1. Also there is no issues from authorizations side.
    Regards
    Hari

  • Microstrategy Mobile App crashing on iOS 8.1.2 and above in offline mode

    Hi,
    Running iOS 8.2 on iPad Air, 2nd Gen
    One of the functionalities of our Microstrategy mobile reports is to enable offline access for its users. As such, the whole data is pre-cached into the device when connected, and this cache is used to power the dashboards when there is no network access.
    Until iOS 8, this functionality was working fine. Since the iOS 81.2 update, as soon as the user goes in offline mode and tries to navigate through the dashboards, the Microstrategy app crashes. We are using different models of iPad notably the iPad air.
    I tried using a 3rd party tool to monitor the free RAM and observed that RAM falls below 20MB during such navigation on the dashboard in offline mode.
    It would be really helpful if someone can suggest a solution.
    Thanks.

    Hi Rachit,
    Please contact Microstrategy Support team. They could be solve the issue.

  • GRC Access Control 5.3 - RAR Risk Analysis in offline mode

    Hi expert,
    I'm trying to do RAR Risk Analysis in offline mode following this guide (https://www.sdn.sap.com//irj/sdn/go/portal/prtroot/docs/library/uuid/20a06e3f-24b6-2a10-dba0-e8174339c47c). But to generate User Action file the ABAP have a problem when try to get a COMPOSITE ROLE field for a Role that is asociate to many Composite role as the unique record consists of fields IDUSER, ROLE and ACTIONFROM . Someone know how we can solve this conflict?
    Best Regards!

    I'm sorry, I think I haven't made myself clear enough. The thing is that the User Action File has a "Composite Role" field and we don't know how fill it when the Single Role belongs to multiple Composite Roles. This is because of the primary key, we can't make multiple records for each userid/role combination, each one with one different Composite Role, such as the following example:
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE2
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLEN
    Should we instead do only one record with all the composite roles? What character should we use to separate the composite role names? A ",", a ";"? For example:
    USERIDX/ROLEX/ACTIONX/ACTIONX/PROFILEX/COMPOSITEROLE1_,_ COMPOSITEROLE2_,_ COMPOSITEROLE3
    Hope I explained myself. Thanks for your help.

  • RAR Risk Analysis Issue in Background Mode - "Failed to Display Result"

    Hi,
    I have strange problem in RAR.
    When I run risk analysis for 20 users in background mode, the job got successful but the spool file is empty. But at the bottom of page there is a message:  "Failed to Display Result".
    The Job log is showing the following message couple of times:
    WARNING: ./virsa/bgJobSpool/19.i (No such file or directory)
    java.io.FileNotFoundException: ./virsa/bgJobSpool/19.i (No such file or directory)
         at java.io.FileInputStream.open(Native Method)
         at java.io.FileInputStream.<init>(FileInputStream.java:129)
         at java.io.FileInputStream.<init>(FileInputStream.java:89)
         at java.io.FileReader.<init>(FileReader.java:62)
    But When I try to run for few users (like 6 memebrs where selection criteria is AUDIT*) in same way, the spool details got displayed this time. But the log is showing strange error messages this time:
    Nov 15, 2010 3:53:53 PM com.virsa.cc.common.util.ExceptionUtil logError
    SEVERE: null
    java.lang.NullPointerException
         at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IAuthForUserInputElement.wdGetObject(IPublicBackendAccessInterface.java)
         at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
    Nov 15, 2010 3:53:55 PM com.virsa.cc.dataextractor.bo.DataExtractorSAP getObjPermissions
    FINEST: getObjPermissions: elapsed time=1436ms
    Nov 15, 2010 3:53:55 PM com.virsa.cc.common.message.util.MessagingHelper getMessage
    INFO:
    ********msg: 'com.virsa.cc.common.message.dao.dto.MessageDTO@34d834d8'
    Any ideas please?

    Hi Alpesh,
    You are correct. The issue is due to multi node environment.
    But when I tried to define a custom spool folder path: usr/sap/<SID>/<Instance No>/log/virsa/bgJobSpool (in RAR - Miscellaneous - spool files location for background jobs) & run the risk analysis report in background mode, still RAR is saving the spool files in default location only.
    Can you suggest me if I am wrongly defining the location of folder?
    Should we define the complete location of the folder i.e starting with drive letter or path starting with user/* is sufficient?
    Regards,
    Dasarad

  • Offline-Mode Risk Analysis

    Hello,
    We are planning for Offline-Mode Risk Analysis. I read a few documents and links, but I couldn't find the method(Tcode) to extract data from the ERP system.
    Could someone tell me the process to extratc the data from the ERP system?
    Regards,
    Gautam.

    Hi Gautam,
    The fact is that the document doesn't contain the detailed steps to extract the data, but provides information on which data is required to perform offline mode risk analysis.
    You may use the standard GRC programs to download the basic information:
    /VIRSA_ZCC_DOWNLOAD_DESC - Static Text (Transaction, Field Descriptions, Organizational level, Object descroptions, and field value descriptions.
    /VIRSA/ZCC_DOWNLOAD_SAPOBJ - SU24 data
    If GRC is not configured in the box, then you have to look manually in the USR, USH, and AGR*, USORG, USOBT_C, USOBX_C tables. Extract the data and prepare the files manually.
    I know it is a tedious and tough task. So the challenge is either to get GRC up or do all these tasks manually.
    Last recommendation - Your comment in the article may help others too. Please spare time to leave it.
    Regards,
    Raghu

  • Batch Risk Analysis in Full Sync mode with special user groups not working

    Dear All,
    we start Batch Risk Analyse Job in Full Sync with special User groups (use Range). In the Joblog I can see, that he selecet lesser users as in jobs before. But after all is finished (also managment job) when I go in Informer, he shows me also this user groups I have no analysed in Backgroudjob... Also he shows me in the detailed anlayse the date from a run before.. And we have deactivated some Risk - these are still in the analysis.
    Have some one a information for me what here is wrong..
    Best Regards
    Gabriele Herr

    to old..

  • AC 5.3 RAR - combined risk analysis reports for regular auth. and SPM auth.

    Dear All,
    we have users that have regular day-today authorization and also FF authorization.
    Does the Batch Risk Analysis takes into account both authorizations when doing the risk analysis for those users ? will we see it in the reports ?
    Thanks
    Yudit

    ok, so basically the answer is no, in the RAR components we do not have risk analysis for the combinations of the roles assigned to the user and to his FF ID.
    in that case, at what stage does the system checks for those combined risks ?
    is it checked when we manage the risk analysis phase in the CUP request that is asking to assign the FF ID to the user ?
    thanks
    Yudit

  • RAR - Risk Analysis - Permission Level - V_VBAK_AAT||AUART - Error

    I have a trouble related with risk analysis at permission level, when the V_VBAK_AAT||AUART is activated in two functions of my customized GRC rule-set (VIRSA_CC_FUNCPRM) for controlling some "document types" for tcodes VA01 and VA02. When I execute this customization in RAR, the system says "No match / No conflicts" for the risks where these functions appear, however performing some queries in the back-end systems, I have realized there are more than 80 users in conflict for some of them, given the fact that they have value '*' in object/field V_VBAK_AAT||AUART.
    At a first time I thought that most probably would be related with the fact that these functions are part of risks that combine 3 and 4 functions at the same time, with OR logical activated in document types, but when I searched for the rules generated for these risks I noticed that only 34.000 rules were generated and this no overpass the limit of 45566 rules defined at RAR. Anyway, I performed some tests reducing the number of possible combinations and, basically, whenever the following line is activated, the outcome is u201Cno conflictsu201D:
    D VIRSA_CC_FUNCPRM FN15 VA01 GRC-C21 V_VBAK_AAT||AUART ZSO ZSO OR 0 null
    If this line is disabled, then, several users with conflicts are reported. As mentioned above, these users have value '*'   for object/field V_VBAK_AAT||AUART, so I do not understand why those users are not reported when the line above is activated.
    I have done the following checks, all of them correct:
    - The user/role/profile synchro has been done and all the users has been stored in table VIRSA_CC_
    - All the lines in VIRSA_CC_FUNCPRM part of my customized rule-set have been correctly inserted in the same Oracle table
    - All the combinations of rules has been created (including VA01 and VA02 with V_VBAK_AAT||AUART)
    Any suggestions?
    Thanks in advance

    I've detected the same problem for the following authorization objects:
    - F_BKPF_BLA||BRGRU
    - V_VBRK_FKA||FKART
    - M_MSEG_BWE||WERKS
    RAR reports no conflicts (at authoriztion level) when these objects are activated (of course having users with these conflicts in back-end systems)
    This problem has been proved in the installation of different customer with SAP GRC Access Control 5.3 SP12.
    Anybody else has experienced this issue????

  • Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

    I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data  in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please  consider it urgent.

    Hi,
    Assign ECC connector to SAP_ECCS_LG group.
    Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
    Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
    Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help.  I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
    Regards,
    Vivek

Maybe you are looking for

  • K7T Turbo limited - USB not working

    I have a K7T turbo limited edition motherboard. The rear usb ports work fine.  There are two USB ports on the front which do not work.  appreciate any ideas on how to clear up this problem.

  • How to transfer the files from one server to another through pl/sql...?

    I want to transfer all the files from source server with respective directory to designation server with respective directory (designation server - oracle reside server). Is it possible to ftp from one server to another server(designation server - or

  • Changing a jsp in application

    I have a java web application that is running on Sun's web server for a few years. It consists of jsp pages. In one of the jsp pages, there is a string for database. The database location and name is changing. I can change the jsp page in notepad wit

  • Problem in calling Bounded Taskflow

    Hi All, I have two bounded task flows, I am calling second task flow from first The code for calling the second task flow is-- <task-flow-call id="CreateOrder"> <task-flow-reference> <document>/WEB-INF/dms/ui/transaction/flow/CreateUpdateOrderFlow.xm

  • Importing photos from mail to iphoto in 10.3.9? any programs?

    Anyone know of any program or Applescript that will automatically add photos to iPhoto from an email? I know Tiger has this built in, but my grandmother has 10.3.9 on an old iMac and has trouble remembering how to save attachments and import them int