What is Execution Count in User Level Analysis?

Similar Messages

• Any way to have email address of the user in user level analysis report?

  Hi,
  Is their any way to get the users email address column in User Level Analysis report Result..??
  Any way or settings to add custom columns or the email address column in the displayed columns of the report ??

  Hi Pranjal
  If it's not an option to add the column from the screen you would need to look at customising the scren
  Below is an example for a different screen layout scenario
  Customizing Access Control Screens
  Regards
  Colleen

• AC 10.1 Empty screen on User Level analysis

  Hi all,
  We have migrated our 5.3 Access Control System to 10.1 and all the post-installation steps are applied. We loaded the user and roles from our ERP System, created rules and generated them for our system. Parameter 1027 – Enable offline risk analysi is set to YES. We also ran the batch job for the risk analysis in Background (transaction GRAC_BATCH_RA). When we run the NWBC -> Access Management -> User Level for our System we get just an empty window – no error message, nothing. It doesn’t make a difference if we run it on action level, permission level with offline data or without, in foreground or background, the result is just an empty window. What might be the issue here ?
  Thanks in advance
  Bernd

  Hello Bernd,
  In GRC 10.1 there are a few new things. Can you tell which view you are running the report on? There are three in GRC 10.1; namely - Remediation view, Business View and Technical View. See screen below.
  Most problems are on Remediation View (which is selected by default when you start running the RA). For traditional risk analysis report please run on the "Technical View" and see if you get results.
  To fix the issue with the remediation view's blank screen please review following notes:
  2040204 - Remediation View does not show up while running risk analysis
  2035538 - Remediation view in Risk Analysis does not show any data
  2099999 - Remediation View screen shows blank while Risk Analysis
  Thanks
  Sammukh

• Inconsistency Data between Role Level & User Level Risk Analysis

  Hi,
  When we run Role Level Risk Analysis for a role (Ex: XYZ), there is no SOD conflicts. But when we try to run the user level analysis, this role shows SOD conflicts. I mean, XYZ is assigned with other roles. Combination of other roles access may bring SOD conflict, thats fine, but here the challenge is role XYZ itself has SOD conflicts. The same does not appear when we run Role Level Risk Analysis!!
  How could this happen??
  Thanks,
  Karthik

  Hi Karthik,
  The role might be mitigated at role level.
  In RAR Anayze tool, click -More options to expand the selection options
  Chose "Exclude Mitigated Risks: No"

• Running Risk analysis at User Level(CC)

  Hi
  Please Clear my query, wat is the difference between running the risk analysis at userlevel Violation count by Risk and Violation count by Permission.
  violation count by Permission, the total number of violations are 377,569.
  Violation count by Risk,the total number of violations are 11,716.
  Thanks & Regards

  Hi Karuna,
  When you perform Risk Analysis at User level and choose violation count by Permission/Risk. Here are the details of each analysis:
  1. Violation Count by Risk
  This analysis will display the count of how many SOD risks associated with the users existing in each business process like FI, HR, MM, PR, SD.
  It will display as a bar graph or pie chart. If you choose each of the business processes and drill down to the particular SOD risk,P001 then you can display how many users have that risk, P001
  2. Violation Count by Permission
  This analysis will display the count of SOD violations at the action/permission level associated with the users existing in each business process.
  If you choose the conflicting functions inside each SOD risk, and then expand on the permission tab you will understand why the huge number of violations it is showing.
  In the Risk information screen, in Conflicting Functions, click the AP02 u2013 Process Vendor Invoices link to display the SAP transaction codes and the authorization objects. There are 26 different transactions in SAP to Process Vendor Invoices and another 185 authorization object values u2013 all come preconfigured out of the box.
  Choose the Permission tab. Expand Action F-42. Open an authorization object to show field values. By looking at all possible permutations of actions/permissions of one business function with all actions/permissions of the second business function, you can understand how the system arrives at the number of violations.
  Hope this will help you understand better.
  Regards,
  Kiran Kandepalli.

• Error while performing Risk Analysis at user level for a cross system user

  Dear All,
  I am getting the below error, while performing the risk analysis at user level for a cross system (Oracle) user.
  The error is as follows:
  "ResourceException in method ConnectionFactoryImpl.getConnection(): com.sap.engine.services.connector.exceptions.BaseResourceException: Cannot get connection for 120 seconds. Possible reasons: 1) Connections are cached within SystemThread(can be any server service or any code invoked within SystemThread in the SAP J2EE Engine), 2) The pool size of adapter "SAPJ2EDB" is not enough according to the current load of the system or 3) The specified time to wait for connection is not enough according to the pool size and current load of the system. In case 1) the solution is to check for cached connections using the Connector Service list-conns command, in case 2) to increase the size of the pool and in case 3) to increase the time to wait for connection property. In case of application thread, there is an automatic mechanism which detects unclosed connections and unfinished transactions.RC:1
  Can anyone please help.
  Regards,
  Gurugobinda

  Hi..
  Check the note # SAP Note 1121978
  SAP Note 1121978 - Recommended settings to improve peformance risk analysis.
  Check for the following...
  CONFIGTOOL>SERVER>MANAGERS>THREADMANAGER
  ChangeThreadCountStep =50
  InitialThreadCount= 100
  MaxThreadCount =200
  MinThreadCount =50
  Regards
  Gangadhar

• Risk Analysis at user level shows nothing in all 3 views though at role level shows risks of global rule set

  I am configuring ARA 10.1 for a ECC 6.0 plug in development system and facing this issue. Risk Analysis at user level shows no data  in all 3 views though at role level shows risks of global rule set. I am using Global rule set. I generated all risks/functions & using connector group as SAP_ECCS_LG not SAP_R3_LG.I activated common, R/3 & ECCS BC sets. Added integration scenario for AUTH. Run all 4 sync jobs multiple times successfully. My system already has decentralised EAM 10.1 implemented & even used in production as BAU. I have checked at both chrome & IE. The misleading thing is that RFC is also working fine & I can see risks in Risk Analysis at role level & risky roles are even assigned to valid users.GRC is at SP4 & accordingly is the ECC 6.0 plug in. Thanks in Advance. Please  consider it urgent.

  Hi,
  Assign ECC connector to SAP_ECCS_LG group.
  Run the programs GRAC_PFCG_AUTHORIZATION_SYNCand GRAC_REPOSITORY_OBJECT_SYNC) in full synch mode(this might take time so better do this in background). Better do it sequentially.Check the logs of the jobs in SLG1 just to ensure everythings fine.
  Run ARA for a specific user and mention the connector for faster output. Ensure this user has the role with risks.Also as explained earlier check the GUID against user id in table GRACUSERROLE and using GRACROLE you can find out the technical name of the role updated in the table. This should be same as the backend role.
  Then run ARA and while doing so please ensure the selection screen doesnt have any unwanted default inputs. If followed correctly , this should be of help.  I am assuming the role analysis yielded correct risks as configured since this would mean that connector have correct actions and basic config is in place.
  Regards,
  Vivek

• Bandwidth montioring at the user level

  I'm considering a mac mini server with Snow Leopard. One of the things I want to implement is a user level bandwidth monitor and domain level monitor. I expect to at have at least 3 groups using the server. I want to monitor or even limit their monthly band width usage, so that the server doesn't go over it's monthly allotment from the host.
  Can anyone point me to how this could work? Is it ntop or squid or something else?
  Thanks,
  ChrisP.

  I think you're confused about how this could work.
  Unless the server is acting as the internet gateway, there's no way this can work at all. Typically clients send their data directly to the network router and this traffic wouldn't be seen by the server at all, therefore there's no way to monitor it.
  If you use Squid you'd be able to track web usage per client, but that wouldn't count any traffic that doesn't go through the proxy (e.g. email, IM, P2P, DNS, FTP, etc., etc., etc.) - in other words it would only give you a partial picture.
  Even if the server was set as the gateway and could monitor all the traffic you still can't do this on a per user basis - all you know is that a specific client IP address generated (or received) a certain volume of traffic. You have no idea which user on that system generated the traffic.
  This might not be a big deal on machines used by individuals, but would be near impossible on a multi-user basis. Either way there's no 'group' concept.
  The way this is typically done is via traffic accounting systems built into your router and/or switch. The switch can monitor traffic throughput per port, so you can tell which machines send what volume of traffic. The router can do similar tracking, and should have the ability to track internal vs. external traffic (e.g. you might not charge for traffic to/from internal machines, only to/from the internet).

• Virsa CC Compliance Calibrator 5.2 Role Level Analysis Question

  Part 1
  I would like to know how to run a Role Level Analysis on all of our Role EXCEPT composite roles which all start with ZC:.
  Part 2
  I would also like to know why there is not a copy paste function. What if I have the names of 50 individual roles that I want to run a report on with all different naming conventions? Is there no way to paste these in? I know I can individual select these one at a time and add another add another etc. However if you have a lot of roles for one functional area I would reall y like to not have to type those in one at a time and one line at a time.
  Thanks to all for your help in advance.

  Hi Vince
  Unfortunatley there is no paste option in Netweaver , unlike the CC version 4.0 , not even in 5.3 I heard.
  Either you have run the risk analysis using ranges  where in you can say ZS00* to ZSZZ* ( by running this it should cover all the simple roles ,excluding the composite roles , provided your role naming convention is maintianed well)
  I know its quite annoying to key in each role , specailly when your naming convention is all over the place.
  you can key in the role names once and save variant for the next time to reuse it .
  probably you have noticed already there is custom user group in User analyis tabe ,i wonder why they havent  one in Role Anlysis , it would made a bit easier atleast.
  Regards
  Prem

• What is a "logged in user" on the "Active Sessions" report in CF8 Server Monitor?

  I was looking at the Active Sessions Report (The Chart View) and saw I have more "logged in users" than "active sessions".
  I had expected them to be nearly the same.    It's on our Intranet where I log users in (using cflogin and cfloginuser) at the begining of their session and users should be logged when the session ends.
  I couldn't find a detailed explaination of what a "logged in user" means.   There is a chance that the same user is logged into a nested application as well as the Intranet, but I don't think that is what I'm seeing.
  I also don't see a way to get a list of what CF is counting as a logged in user.  I can only see a way to get the total count.
  Any help is appreciated. 
  Thanks,
  Jeff

  Thank you Michael for the reply, but I don't think that is the issue.
  When a user opens their browser on the intranet, a session begins and they are logged in (using the cflogin and cfloginuser).    If they close their browser, the session should hang around for 20 min. (per the server setting).   I am assuming this is still considered an "Active Session" since I can see this behavior in the report.
  At first, the Active Sessions and Logged In Users are exactly the same.   When the sessions start to time out, the active sessions are reduced,  but the Logged In Users remain the same.    Then,  after a while, they start to move together.  So I have more Logged In Users than Active Sessions.
  I left the Server Monitor open last night and for most of the night, I had 0 sessions, but 57  "logged in users".   This morning, as people opened their browsers, the Active Sessions and Logged In Users moved together.   The gap of 57 looks consistent.
  It looks like people are remaining logged in after their session ended.
  I am really looking for a detailed explaination of "active session" and/or "logged in user" as used in the server monitor.  It would be really nice to find a way to list the details about each item counted in the "logged in user" and not just the total count. 
  Thanks Again for your reply.
  jsm

• Issue in User Level Simulation in GRC 10.0

  Hello Every one,
  Before i Jump into the question, please find below the screen shot which tells about the B.P(Business process),Functions created in test system(GRC 10.0), where as the roles and corresponding users which have been created in back end system connecting to GRC 10.0.
  Now when i am trying to run a risk analysis on user TEST_RISK(TEST_ROLE_RISK role is assigned and pfa the authorizations in the role), i will be shown the Risk R001.
  Now i am trying to run user Level Simulation on the above user TEST_RISK and i am trying to simulate by adding a new role TEST_ROLE_RISK3 as shown in the below screenshot at Action level,Permission Level,Critical Action level ,Critical permission level.
  Even though i select the option, Risk from Simulation only, when i try to execute at action level , it is also showing me the risk which coming from the actual role assigned but not from the simulating one.
  Thanks and Regards,
  Naga.

  Hi Naga,
  there are some notes which might help to fix the problem. Especially the first might fix your problem.
  http://service.sap.com/sap/support/notes/1895502
  http://service.sap.com/sap/support/notes/1953347
  Please let us know if it helped.
  Regards,
  Alessandro

• How to hide the columns at the end user level thru personalization

  Hi all
  how I can hide the columns that are displayed on the portal. Any personalize option for the end user? Any righ click or some thing?
  I am looking at hiding columns not while developing the iViews / Pages, But in the browsers as the end user.
  i can hide the columns what ever i want while creating the iViews for MDM data. but we cant provide the content administrator role to the end user for hiding the columns what ever they want. they want to hide the columns thru pesonalization option at the end user level.
  Can you please let me know whether we can able to hide the columns at the end user level thru personalization ?? is it posible with standard iViews??
  Regards
  Sunil

  Hi Sunil,
  I understood your requirement properly and seems valid and I tried this at my end but i didnt get the solution. Field list is not visible in Personalize option. I dont think it is possible with MDM standard iViews.
  I was thinking an alternative is if some how we manage to give the permissions to end user only on Result Set iView but if it would be possible it will not be a good design.
  Lets wait for some inputs from others.
  Regards,
  Jitesh Talreja

• Ideas for Providing User Level Data Backup and Restore

  I'm looking for ideas for implementing a user level application data backup and restore in an Apex app.
  What would be great is to have a user be provided an export file and a way to import this file. A bit overkill but hopefully never needed.
  Another option that is perfectly doable is a report that simply provides a means to create an export of the data. Since I already have an interface I can use an export to interface an export.
  Any thoughts?
  Hopefully I'm missing something already there for an end user to use.

  jlincoln wrote:
  "Do you mean "export" and "import" colloquially, or in the specific sense of the exp/imp/datapump utilities?"': I mean as in imp/exp Oracle utilities. Generally speaking, it would be neat to be able to export and import via an Apex an application. In this hosted environment I don't have that access but would this be a bad idea if you don't care about the existing data in the schema in which the data resides?I can envisage a mechanism using <tt>exp/imp</tt>, but since it requires <tt>dbms_scheduler</tt> external jobs and access to the file system it's highly unlikely to be possible in a hosted environment. (Unless you're doing the hosting?)
  Backup: Necessary for piece of mind and flexibility. I am working on a VB/Access user who does this today to get to the point when they can be comfortable with the backups occurring regularly and by the hosting site's DBA group.
  Restore: Like I said. I am working on a VB/Access user who does this today to get to the point when they can be comfortable with the backups occurring regularly and by the hosting site's DBA group. This is a very small data set. A restore would simply remove existing data and replace it with the new data.My opinion is that time would be better spent working on the user rather than a redundant backup and restore feature. Involve them in a disaster recovery exercise with whoever is hosting the environment to prove that their data is safe. Normally the inclusion of data in regular, effective database backups is sold as a major feature of APEX solutions.
  "What about security/privacy when this data ends up in uncontrolled environments?": I don't understand the point of this question. The data should not end up in uncontrolled environments. Just like the data in the database or its backups.Again, having data in a central, shared location protected by multiple levels of application, database, and OS security is usually seen as a plus for APEX over VB/Access. Exporting the data in toto to a PC/laptop that can be stolen or lost, and where it can be copied to USB drives/phones/email loses this protection.
  User Level: Because the end user must have access to the backup and restore mechanisms of the application.
  Application Data: The application data. Less than 10MB. Very small. It can be exported in a flat file downloaded by the end user. This file can then be used to upload and import via an existing application interface. For example.
  "I'm struggling to parse this for meaning.": When I say I have an existing interface I am referring to a program residing in the Apex application that will take data from a flat table structure (i.e. interface table), validate the data, derive data, and load into the target table structure.Other than the report export capability linked to above, there's nothing built-in to APEX that comes close to your requirement. If the data is simple enough that it can be handled in such a report, and you have a process that can read and recreate this export, then you have your backup/restore capability. If the data can't be handled in a simple report, then you'll need a more complex PL/SQL process to generate the file.

• User Level SOD Report - Batch

  Hi GRC Experts,
  Every day my company runs a User Level SOD analysis against every user in ERP or HRP.  Here is the criteria for ERP (there is a connector):
  System:  Our defined ERP connector
  Risk Level:  All
  Rule Set:  Global
  User is not DDIC
  User Type:  Dialog
  Format: Detail      Technival View
  Access Risk Analysis at the Permission Level
  Show All Object
  This job is run in Background, and the report output is downloaded from Background Jobs.
  Is there a way to schedule this job using SE38 and a variant?  We would like to start using a automated scheduling tool.
  The program run is GRFN_BP_SCHEDULER with variant &0000000001569
  I looked at the variant, and it looks for I_PLANID and I_UPDTSK.
  Is all the criteria I selected stored in a table as a PLANID?
  Thanks in advance.
  Donna Wiley

  Hello Plaban,
  Thank you for the info!  How do you set up the variant for the "Report" options?  We need two reports for "User Level".  In the Report Options section, we need one report with a Format = Detail and one with a Format = Management Summary. Both reports should be in the Format = Technical View.
  Thank you and kind regards,
  Janice

• Automount SSHFS drive in user-level systemd session

  Hello,
  I'm able to automount a network drive through SSHFS using the following .mount unit in the system-level systemd session:
  [Unit]
  Description=adama shared drive
  [Mount]
  What=[email protected]:/home/shared
  Where=/home/koral/remote/adama
  Type=fuse.sshfs
  Options=_netdev,noauto,users,idmap=user,IdentityFile=/home/koral/.ssh/id_rsa,allow_other
  [Install]
  WantedBy=default.target
  As is, the network drive is mounted at system start-up and it is read/write-able by any user logged into the local system.
  I'd like the drive to be mounted only when my $USER logs-in and read/write-able only by my $USER, so I considered moving the .mount unit to my user-level systemd session, but now the automounting fails with an unhelpful error message:
  systemd[1969]: Mounting adama shared drive...
  systemd[1969]: home-koral-remote-adama.mount mount process exited, code=exited status=1
  systemd[1969]: Failed to mount adama shared drive.
  systemd[1969]: Unit home-koral-remote-adama.mount entered failed state
  I guess there is a permission issue somehow, could you please help figuring it out ?
  Note: I'm still using systemd-204 as the user-level session is kind of broken in later versions as described here.
  Kind regards.
  Last edited by koral (2014-03-30 17:54:45)

  xtian wrote:I can mount using the manual command `$sshfs [email protected]:/ /mnt/mrwizard.local`
  According to the above your username is xtian, which it isn't in your fstab entry:
  xtian wrote:[email protected]:/ /mnt/mrwizard.local ...
  So without having looked for further errors nor knowing anything about sshfs, I would suppose to change this.
  Sometimes simple spelling errors are actually the hardest to solve. – Like I always try to '#include <some_library.c>'.