Virsa CC Compliance Calibrator 5.2 Role Level Analysis Question

Part 1
I would like to know how to run a Role Level Analysis on all of our Role EXCEPT composite roles which all start with ZC:.
Part 2
I would also like to know why there is not a copy paste function. What if I have the names of 50 individual roles that I want to run a report on with all different naming conventions? Is there no way to paste these in? I know I can individual select these one at a time and add another add another etc. However if you have a lot of roles for one functional area I would reall y like to not have to type those in one at a time and one line at a time.
Thanks to all for your help in advance.

Hi Vince
Unfortunatley there is no paste option in Netweaver , unlike the CC version 4.0 , not even in 5.3 I heard.
Either you have run the risk analysis using ranges  where in you can say ZS00* to ZSZZ* ( by running this it should cover all the simple roles ,excluding the composite roles , provided your role naming convention is maintianed well)
I know its quite annoying to key in each role , specailly when your naming convention is all over the place.
you can key in the role names once and save variant for the next time to reuse it .
probably you have noticed already there is custom user group in User analyis tabe ,i wonder why they havent  one in Role Anlysis , it would made a bit easier atleast.
Regards
Prem

Similar Messages

  • Anyone have Virsa/SAP Compliance Calibrator documentation?

    I'd really like a Virsa "Owners Manual", but for now I'd just settle for an explanation of all the parameters contained in table /VIRSA/ZVRATCNFG.  Some are self explanatory, some are not.  To maintain this table do the following:
    1.  tcode /n/virsa/zvrat
    2.  execute
    3.  menu:  compliance calibrator > configuration option
    I'd like to know what each parameter does, the possible entries, and the cause and effect result of each entry.  Any help will be appreciated. 
    Thanks,
    Marshall

    Dave,
    It appears to me that the only credentials required to access that site are SAP Service Marketplace logon (the so-called 'S number').  You can obtain these from the person in your company that administers your SAP licence (usually a basis person).  Or, you can apply yourself at http://service.sap.com/request-user .
    It is forbidden in this forum to send copywrited documents from user to user.
    Best Regards,
    DB49

  • Convert from Compliance Calibrator 4.0 to Risk Analysis and Remediation 5.2

    Hello Forum,
    I'm looking for other opinions on converting Compliance Calibrator (CC) 4.0 to Risk Analysis and Remediation (RAR) 5.2 (formerly CC)
    I have inherited responsibility for RAR and need to upgrade it to the 5.2 level; our current ECC level prevents us from going to 5.3
    I found a process that will unload the data from CC 4.0 and be imported into RAR 5.2
    I want to understand the definitions that comprise the RAR and was thinking about recreating the definitions in 5.2 based on what is already defined in the CC 4.0 system; I have time to do this since there is no definitive deadline that would make it impossible to meet
    Currently, I have the following definitions:
    Business Process 6 entries
    Functions 47 entries
    Risks 147 entries
    Mitigating Controls 40 entries
    Would others find this approach acceptable and reasonable even though I would be entering all the information? Basically, it would be like defining the data for the very first time if this was NEW software
    I would expect to come away with a good understanding of how everything ties together; at this point, I am only looking to create the necessary data that would allow for producing SOD reports that show all users with "risks" have been mitigated with acceptable controls
    Thanks for your responses in advance
    Jerry
    Ryerson, Inc
    630-758-2021

    Thanks for the reply
    I have the migration guide and have reviewed it; I have actually played around a bit with obtaining the file from CC 4.0; I found that the data records may need some adjustments to be compatible with RAR 5.2; one of the reasons that may be leading me to do everything from scratch
    The definitions currently defined were completed by an outside source and the mitigated controls were defined by the Internal Audit area
    I'm not sure if they were mixed with the defaults
    I'm not sure at this point what impact or changes I would experience if I use the "default" supplied rules set but I expect to find out
    Thanks again for your reply
    Jerry

  • GRC AC 10.0 Mass risk analysis vs. Role level analysis

    Hello GRC experts,
    I urgently need your advice on the issue  with deactivated permission objects which are identified as risks in the mass role analysis.
    For example, in one role we have deactivated the permission object: S_ARCHIVE, and there are No activities maintained.
    But in the mass role risk analysis  and in the CUP request this object S_ARCHIVE with the ACTVT 01 is displayed as risk. As you can see in the screenshot, there are no activites maintained at all. We have created the MSMP workflow where all CUP requests with risks should go the the Security Stage. Now we have the situation that even though our roles are clean, they are forwared to the Security stage. It is a huge problem, because our security stage has no even more to to, than before using GRC! Because the dectivated objects are identified as risks.
    Please advise me, how to solve the problem. Did I missed some config parameters or is it a well known problem?
    We are on SP14, AC 10.0.
    At the single role level there are no risks displayed.
    Thanks in advance,
    regards
    Sabrina

    Hi Sabrina,
    check note
    http://service.sap.com/sap/support/notes/2036645
    Please let me know if it works.
    Regards,
    Alessandro

  • Is Compliance Calibrator the same as GRC Access Control?

    I have been asked to look at<b> Compliance Calibrator </b>and am getting confused about what functionality is offered. I have done the basic e-learning course for Compliance Calibrator (GRC200): this was all about separation of duties etc. Fair enough. But I also have a Document called "<b>SAP GRC Access Control</b>" which talks about the same S.O.D compliance functionality but also talks of "roles triggering workflows", "users creating roles", "automated approvals for roles" eg:
    "SAP GRC Access Control streamlines access requests by filling each request automatically with user identity information from a lightweight directory access protocol (LDAP) directory or HR database, thereby eliminating the need for user intervention. Approvers receive an e-mail with a direct hyperlink to the request inside the application, where they can easily view and approve the request. The application then checks for security violations before updating accounts  automatically."
    None of this was covered on the Compliance Calibrator course, so what product offers this? I can see another product by Virsa called <b>Access Enforcer</b> but have no info on this... can anyone enlighten me?

    SAP GRC Access Control is the SAP application that comprises the former Virsa products Compliance Calibrator, Access Enforcer, Risk Terminator, Firefighter and Role Expert.

  • Need some practical Scenarios to test Compliance Calibrator, FF and AE

    Hi Experts,
    I have installed Compliance Calibrator 5.2 / Access Enforcer and Firefighter on a test System. However i am looking for some practical scenarios / Examples to test the functionlity of these installations. If any of you is currently working on these technologies i appreciate if you c an provide 2 3 scenarios to test my installation and functionality .
    Thanks in advance.
    Your help is much apprecaited..
    SK

    Hi SK,
    Testing the functionality of CC
    1. I would recommend to create some test roles where in you plug in some conflicting tcodes
        which can pose a sure SoD Risk, lets say Create Vendor Invoice(FB01) and Make an
        Automatic Payment(F110).
    2. Now run the Risk Analysis by choosing the Default SAP GRC ruleset library and do a  
        Role level Analysis.Then Assign the Test Roles to Test Users and then do a User Level Analysis.
    3. You may have create some Custom Rule sets with appropriate naming of Conflicting functions
        like Creation of Purchase Order (P001), Approve Purchase Order(P002)
        in different Application Areas like Purchase 2 Pay(P2P), Order 2 Cash (O2D) and try to do
        the same as above two steps.
    4. Test the functionality of Risk Remediation by removing the conflicting tcodes and do the
        Risk Analysis.Your previous Risk Roles must not appear
    5. Test the functionality of Risk Mitigation by placing a mitigation Control on the Conflicting tcodes
       and do the Risk Analysis.Your previous Risk Roles must not appear if you have properly
        configured your CC
    Testing the functionality of FF
    1. I would say create a few Firefighter IDs in different functional areas like FI, SD, MM, and then
       create some test users for Firefighter Owners, Controllers and Firefighters who can use
       the functionality of FF.
    2. Create some FF roles which have exceptional access in those functional areas
        encompassing transaction codes and authorization objects that are not used in normal incidents.
    3. Assign each of the FF roles to the respective FF IDs and then to the test Firefighters.
    4. Pull the log reports in FF and see if it gives exact details of the FF usage.
    5. You may have take some assistance of the Functional team members to do the testing.
    Testing the functionality of AE
    1. Create a workflow scenario of hiring a new user.
    2. Create the request under a test requestor. Assign the request to some test approver
    3. Also Assign some roles and test the functionality.
    Hope this helps for a good start
    Regards,
    Kiran Kandepalli.

  • Issue with Compliance Calibrator 5.2 SP9 Background Jobs

    Hello,
    I'm having an issue with Compliance Calibrator 5.2 SP9 where If I run a role analysis as a background job that has the same parameters as a previously run role analysis background job, the second job that is run will display a failure message.  It does not appear to matter if the similar background jobs were run by the same individual or separate individuals.  As long as the job that was previously run is still in the background job history, than any job with the same parameters run by a user will fail. 
    Is this normal operation for CC? 
    Is there a configuration change that could allow a job to be rerun in the background multiple times?
    Is there a fix for this issue in a later support pack or with upgrade to 5.3?
    Thanks for the help it's much appreciated,

    To better clarify what is occurring, the 1st job will run and complete successfully and return/display the appropriate results correctly.  The 2nd job will than be subsequently kicked off and finish same as with the previous job except when you open the background results no data is displayed and the message at the bottom reads: Failed to display result.  To make more sense of what Iu2019m doing, these are the logical steps Iu2019m following:
    1.  Select Role Level analysis
    2.  Enter parameters for analysis
    3.  Schedule background job to run immediately
    4.  View background job results (successful job and correct results)
    5.  Select Role Level analysis (with same or any other user)
    6.  Enter same parameters as step 2 for analysis
    7.  Schedule background job to run immediately
    8.  View background job results (successful job, but the error message: u2018Failed to display resultu2019, instead of seeing the CC reports)
    I believe the error is somewhere in the running of a job with the same parameters (Same Role and same Report Type).  If I delete the previous jobs from the background history that have the parameters Iu2019m using and try the analysis again, a third time, with the same parameters as before, it will run successfully and display the correct results.
    Is this normal and acceptable operation for CC5.2 SP9?
    Is there a configuration change that would allow a job to be run in the background multiple times with the correct CC results?
    Is there a fix for this issue in a later support pack or with upgrade to 5.3?

  • Configuring Role Expert Web services for Compliance Calibrator

    Hi @all,
    performing the configuration of Virsa Role Expert I've got a question regarding the settings for the various Web Service Info. for the Compliance Calibrator.
    Apart from the Web Service URL, user name and password need to be declared. The user guide names 'sapgrc' and 'webuser' as account names.
    My question: How do I setup these accounts? Is this an UME-Job - if so: what are the required roles and authorizations for these accounts?
    Kind regards,
    Martin

    Hi,
    the Web Services URLs are:
    Web Service Info. for CC Risk Analysis:     http://SERVER_NAME:PORT/VirsaCCRiskAnalysisService/Config1?wsdl&style=document
    Web Service Info. for CC Transaction Usage: http://SERVER_NAME:PORT/VirsaCCActionUsageService/Config1?wsdl&style=document
    Web Service Info. for CC Mitigation Control: http://SERVER_NAME:PORT/VirsaCCMitigation5_0Service/Config1?wsdl&style=document
    Web Service Info. for CC Functions: http://SERVER_NAME:PORT/VirsaCCFunction5_0Service/Config1?wsdl&style=document
    Web Service Info. for AE Workflow: http://SERVER_NAME:PORT/AEWFRequestSubmissionService_5_2/Config1?wsdl&style=document
    Does that answer your question?
    Regards,
    Martin

  • Update on Management View in VIRSA Compliance Calibrator 5.2

    Hello,
    is there a way to delete the Data for the Management View in VIRSA Compliance Calibrator 5.2 and then make a full new data load.
    When I select Full Synchronisation and Management Reports in the Schedule Analysis, the system does not update the Management View correctly, the Management Report shows still roles which are already deleted in the SAP-System.
    Thanks

    Hi,
         You can do a Full sync of Users and Roles first which will be ovewrite and then run the Batch Risk Analysis Management Reports.
          You can try this exercise first if it does not work then go ahead with Alpesh's advice.
    Thanks
    Darshan

  • 4.6C to ECC 6.0 upgrade - Issue with Virsa Compliance Calibrator

    The issue is that phase IS_SELECT during the PREPARE is not detecting VIRSA as an add-on. This of course will result in VIRSA not being upgraded and the system will be unstable ( note 989368 ). Also, I can't choose to delete the add-on either.
    We installed the compliance calibrator before SAP purchased VIRSA. So, the tool was installed through transports, not SAINT. I assume this is why phase IS_SELECT is not seeing the tool.
    Any ideas?
    -Scott

    Received a reply from SAP. Since VIRSA was installed through STMS the IS_SELECT phase will not see the add-on. I had to do the ECC 6 upgrade as normal and then install VIRSA 4.0 for SAP 700 systems through SAINT.
    I had to clear SPDD and SPAU as much as possible for /VIRSA/* objects. However, there were six objects I could not clear. This did not cause any issues.
    Notes 1006083 and 985617 are needed for this procedure.
    Thanks for all the suggestions.
    -Scott

  • Deleted Roles appearing in Compliance Calibrator (Informer Tab)

    Hi
    We had deletd some roles from SAP . These roles still show up on complaince calibrator as having high risk violations.
    This role was delted a month ago and we also have completed as full sync of the system . Still the roles are appearing in compliance calibrator in the informer tab.
    Coudl you please let me know how we can avoid this?

    instead of running a full synch I would attempt running an incremental synch and run the management reports again.  I believe this should do it.  I am not sure why the full synch would not work.

  • SAPu00AE COMPLIANCE CALIBRATOR BY VIRSA SYSTEMS

    Hello all,
    My company are thinking of implementing the above for auditing purposes to comply with Sarbanes-Oxley and compliance. I have read some documentation from the SAP website and this documentation states that:
    "Because SAP Compliance Calibrator by Virsa Systems is embedded in your SAP system, no additional hardware or software is required."
    Has anyone implemented this soultion? If so is there any additional documentation available for it?
    Cheers,
    Bernard.

    David,
    As We are in the process of implementing this virsa tool but we are not sure as to what are the exact steps that we should extract  to. Do you have a step by step guide (apart from the VIRSA install guide) which would guide us through the complete install and configuration. We have ECC 6.0 ,Portal,BI 7,CRM 5
    Would you be kind enough to send the information to me asap.
    Please forward me the doc to following id , I will be very much appreciate if you could do the help ..
    [email protected]
    Thanks
    Laxmi

  • Re: Virsa Compliance Calibrator & Pre-defined SOD Rule Set

    Hi All,
    We have installed the Virsa Compliance calibrator 5.1 in our sandbox environment. When we goto the "Rule Architect" tab under Compliance calibrator using tcode /virsa/zvrat it brings up the page with Rules information.
    Per the Virsa documents that i read they have mentioned that there are pre-defined SOD Rules (Transaction codes and Tcode objects) that we can use in the Rule Architect.
    My question is how do i enable and use those pre-set SOD Rules that Virsa provides by default. I do not see them under the Rule architect tab though. Can someone give some pointers to use these pre-set SOD rules.
    Thanks & Regards
    -Murali

    Hi Laziz,
    Thanks for your patience in replying to my CC 5.1 queries. I did follow your steps for the Generate Rule & Background Job-> Schedule Analysis and scheduled the job immediate.
    However, when i looked up the status of the scheduled analysis Background Job-> Search pulls up the job i scheduled at the top it reads "Job scheduler Status: unknown error" . I clicked on "View Log" button and it shows some messages as shown below (Note: I am just posting some parts of the error msgs below. but it still goes for 1 page...)
    May 16, 2007 1:09:07 PM com.virsa.cc.xsys.bg.BgJobDaemon init
    INFO: *** BgJobDaemon loaded
    May 16, 2007 1:11:09 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
    WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
    java.lang.NullPointerException
         at com.virsa.cc.common.util.ConfigUtil.setDefaultJ2EEParam(ConfigUtil.java:203)
         at com.virsa.cc.common.util.ConfigUtil.getBgJobStartURL(ConfigUtil.java:192)
         at com.virsa.cc.xsys.bg.AnalysisDaemonThread.run(AnalysisDaemonThread.java:45)
         at java.lang.Thread.run(Thread.java:534)
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.ReportPack50SP1_01 class: com/virsa/cc/extreport/ReportPack50SP1_01/ReportPack50SP1_01.class
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: Jar Entry length=1568 compressed size=1568 actual read=1568
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtActbyRsk_Act_RskLvl class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtActbyRsk_Act_RskLvl.class
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: Jar Entry length=13210 compressed size=13210 actual read=13210
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtRolbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtRolbyRsk.class
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: Jar Entry length=19287 compressed size=19287 actual read=19287
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.CrtProfbyRsk class: com/virsa/cc/extreport/ReportPack50SP1_01/CrtProfbyRsk.class
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: Jar Entry length=12807 compressed size=12807 actual read=12807
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: class name: com.virsa.cc.extreport.ReportPack50SP1_01.UsersbyOrgLevels class: com/virsa/cc/extreport/ReportPack50SP1_01/UsersbyOrgLevels.class
    May 16, 2007 1:24:37 PM com.virsa.cc.extreport.JarClassLoader loadClassData
    FINEST: Jar Entry length=18557 compressed size=18557 actual read=18557
    May 16, 2007 1:24:59 PM com.virsa.cc.common.util.ConfigUtil setDefaultJ2EEParam
    WARNING: Cannot get Application URL: null. PLEASE SET 'Background Daemon URL' IN CONFIGURATION TAB
    java.lang.NullPointerException
    I am not sure whats causing this and it's been 2hrs since i scheduled the user analysis but i don't see any data still appearing in the fron-end..Any pointers again???
    Thanks
    -Murali

  • Virsa compliance calibrator

    Hi All
    Can anyone help. I want to know if anyone has any documentation/ and or screen shots on Versa, as I know nothing about it.
    Thanks in advance. You can send info to [email protected]
    Mark

    Hi Leandro
    Thank you for your reply. I require as much info on 5.1 as you can get. I know nothing about the compliance calibrator and I want to rectify that.
    Thanks
    Mark

  • SAP GRC 5.2 Compliance Calibrator rule sets for HR module

    HI All,
    The company i am working for has done installation of GRC 5.2. I would like to download the SAP out of box Compliance Calibrator rule sets for HR function module in a spreadsheet format.
    I would like to download the rule set for risks at Function level, Tcode level and also at authorization object level in ABAP and Roles, actions and permissions in JAVA.
    I will discuss with the BPAs, internal auditors and come up with a new rule set exclusively for my company needs with the help of the above spreadhseet.
    Please tell me what steps i need to do to get this thing done.

    Please go through the process but save these as txt files for UNIX. I am not sure about 5.2 but CC4 was not uploading rule files correctly if file was not saved for TXT for UNIX.
    Regards,
    Harry Sidhu

Maybe you are looking for