Would you implement GRC for just 2500 users

Hi
I've tried searching but my brain hurts so I'll probably get a roasting for asking a stupid and basic question
If you have a 4.6C system with around 2.5k users in it how would you establish the cost effectiveness of buying and implementing RAR 5.3 (AC10) initially?
Okay, I've hidden under the desk ready for abuse!
Cheers
David

David Berry wrote:
You would start with 10 singles to sort out and, by the time you had analysed who had what in which user group there would be 30 shiny new singles bobbing up and down and eager to go to PRD.
Exactly that is why I don't like them and why they also popup all over the place when you remediate a single role used by several composites and you don't know what the dependencies are.
You should only split roles because of Org-Levels.
The music (as far as authority-checks are concerned) are in the singles (with generated profiles).
Luckily (or not when remote enabled and the user can influence input parameters) newer concepts allow you substitute the org-level with programatic validations (for example "Business Partner" assignment of the "Person" mapped to the sy-uname).
I have 3 million users in a system with only 3 roles. How is that for a ratio?
GRC has a great value for backend config, support, development, etc such as other ABAP based authorization object concepts and you can map services and other applications to "actions" as if they were transactions, and you can do this logical system independently.
It is still tempting, but not really a hard requirement to be able to control the access and combinations in a limnited number of systems. It is certainly independent of the number of users!
A good build is always better - which is what GRC RAR will ultimately tell you anyway...
Cheers,
Julius
ps: The "blue boxes" are like this:
{quote} David said that composite roles are a dog's breakfast {quote}
Result =
David said that composite roles are a dog's breakfast

Similar Messages

  • Have you made arrangements for Classified system users of Adobe Creative Cloud products?

    I am a classified system user of the Adobe CS6 Suite of tools.  Am I shut out from the Creative Cloud updates going forward?  Have you arranged accomodations for us classified users or do we need to switch to other software over time as CS6 becomes obsolete?

    Bob Atwell wrote:
    Since I know that Adobe isn't in the business of intentionally alienating its customers I'd like to see this same kind of option made available to casual users in some way that could minimize Adobe's costs.  Adobe has always been the upscale product and even casual users of your software might benefit from not having to phone home more than once a year if they chose to pass on updates.
    Note also that since the new CC version came out in June, now an Internet connection is only needed once every 99 days for annual memberships:
    "For annual members, you can use the apps for up to 99 days in offline mode. Month-to-month members can use the software for up to 30 days in offline mode"
    Another solution for individual/everyday/casual customers would be to buy a year (or more) of Creative Cloud in advance using a prepaid 12-month membership card...  Then (as you said Bob) no online checks would occur for one full year, after the initial (one-time) product activation took place.

  • In which steps would you implement SCM APO?

    A company want to use the APO applications DP, SNP, PP/DS and GATP in the future.
    In which sequence would you implement these applications?
    Thanks for feedback.

    Hi,
    There is no written down procedure for implementing any of the modules it depends on the business requirement
    and the maturity levels of the Organization in handling SAP APO.
    If organization is already on SAP ECC system the best thing to do is GO Live with all the models since then the
    requirment gathering exercise and Blue Printing Exercise can be done in one shot and integration of each modules can be also done in one shot, this means that it reduces the efforts. However understanding of the APO system for the Business is a must
    so that right fuctionalities can be selected in each modules to meet the business requirments.
    Thanks,
    Harsh

  • How would you implement equals ()

    For complex classes with many data members, my dilema is:
    1. equals should return true only if all fields of the two objects are
    equals.
    2. equals should return true if the key(s) of the two objets are equal.
    For instance, we have the Class Person, that contains dozens of
    data: ID, name, age, job, salary, children, more 1000 items.
    Person is like a record in a DB table. There can not be two persons
    with the same ID.
    In this case, how would you implement equals, and why?
    thanks

    What I'm trying to say is: what is equality foryou?
    Two objects are equal if all there contents areequals
    or is it enough
    to compare their keys?
    In the latter case, there can happen, by somereason,
    that we can end
    up with two objects with the same keys, but all the
    rest of
    the contents different.i think you meant to say that:
    In the latter case, there can happen, by somereason,
    that we can end
    up with two objects with different keys, but
    all the rest of the contents the same.and the answer is, and listen carefully, it totally
    depends on the application you are writing. there
    is no hard definition of equality where custom classes
    are concerned... that is the answer.If this question arises, you should revisit your design.
    If two entities have equal keys, they should be considered to be equal. Otherwise the attributes you call keys are in the fact normal attributes and no keys.

  • Spool printing takes a long time for just one user

    Hello,
    Could someone please guide on what could be the reason that spool printing takes a long time for just one user ?
    I've monitored all the spool processes through SM50, and I've found that a very long time elapses before the printing job appears in one of the four spool processes.
    Thanks in advance.
    Reda

    Hi,
    very long time elapses before the printing job appears in one of the four spool processes.
    can u check the trace file(Red color error) of that spool process. Also can u see if there are any system logs in SM21 related to that spool request.
    Also see how many pages the user is giving print @ 1 shot. Suppose if the printer to whcih the user is giving print is a network printer, see the network response time.
    Have u tried to ask the same user to give print to some other printer. Also have u asked some other user to print to that problematic printer. Check the responses under this scenario also.
    Regards,
    Ravi

  • Generating RAR Alerts for just certain user groups

    Is there any way to limit a RAR Critical Actions Alert to just certain users?  Or, only if these users access certain data?
    We've had a request to monitor and send out a notification for some transactions, but only for certain users.  These transactions are available to many employees, but it is only a concern if someone from a certain group uses them.  Even then, it's only a concern if they access certain data.
    As an example (this is not the actual request), you have a transaction like say XD 03 (Customer Display) and its available to most everyone in the company.  You also have customers assigned to different company codes.  The issue then is that you have a certain group of users that are only supposed to look at customers for just one specific company code.  Ideally, you would want to be notified if they use this transaction to look at customers for other company codes.  At the very least, you want to know when they use this transaction so you would know to check on their usage.
    If this can't be done using the RAR Alerts, is there maybe another way to perform this montoring/notification?
    Thanks.

    Hi Bob,
    GRC RAR would not help you in this case. However you can restrict the Users through Roles which are assigned to them.
    For example : for tcode XD03 check maintain the authorization object F_KNA1_BUK with Activity 03 and Company code 1000 (depending upon your requirement). Assign the Role to User who require the access to view the Customers for the company 1000.
    Hopefully this may meet your expectations.
    Regards,
    Nikita Sharma.

  • Why do not you implement support for inpu type = "date" ?

    When writing sites I often faced with the need to use html code component <input type = "date">. But your browser does not support this type of data entry. Implement, please add support the <input type = "date">.

    hi vladslav, this support forum is primarily run by the community, developers won't read here - we are normal users like you. implementing new features in the browser is not in our power. if you want to suggest those please either use https://input.mozilla.org/feedback or vote on the appropriate existing bug reports on bugzilla.mozilla.org to get those features implemented (please just vote but do not comment on bugzilla unless you have something substantial to add).
    thank you!

  • How does one install Firefox on Windows 7 for just one user, so separate users can have completely independent Firefox installations?

    I'd like to create a new user, and install firefox for that user completely separate in all respects from the existing user's installation, so that there is no interaction at all between the two installations, with separate copies of the program files as well as separate Firefox profiles.

    I was asking about how to have multiple Windows user accounts, and how to install Firefox independently for different Windows user accounts.
    Firefox does not ask if you want to install it for everyone or just the current user, unlike many programs.
    I tried switching to the newly created Windows user account, which was able to use the Firefox installed by the other user account, and installing Firefox, and although there's no indication that it's installing a user specific copy of Firefox, it is. Now the original user account sees it's installation of Firefox and the second user account sees it's installation of Firefox and no longer runs the first users installation of Firefox.
    Creating separate Firefox profiles is what I was trying to say I didn't want to do. That's why I mentioned wanting completely separate copies of the program files, not one copy of the program files running two instances simultaneously.

  • VI Analyzer - How Would You Configure It for This Use Case?

    My group has different people working on different LVPROJs for each software deliverable we have. Each LVPROJ uses our user.libs and instr.libs, as well as an overall "framework" that is the same for most LVPROJs.
    I really think the VI Analyzer toolkit would be powerful for code reviews, but only if I can configure it in a way where which tests I run and what the criteria are can be saved and used on any project. I can't seem to get this to work for me. I want to save all those configurations, and use it on new LVPROJs easily - the easier I can make this process, the more inclined others will be to use this for code review. How would you do it? (if it's even feasible)
    Solved!
    Go to Solution.

    I suggest creating a .cfg file without a project linkage, but with all the tests selected and configured as you want...so a .cfg file with no "Items to Analyze" specified. Then, when working on an individual project, open that CFG file, add the project's top-level folder to the analysis, then save that CFG file with that project. This means you can't have the project linkage in your CFG file, but assuming your project is all within some top-level folder, that shouldn't be much of an issue, since the CFG file will be "linked" at that point to the top-level folder containing your project.
    Darren Nattinger, CLA
    LabVIEW Artisan and Nugget Penman

  • On one mac, is it possible for just one user to download and use windows, or will it force all the users to use windows?

    I want to download windows on the guest identity, so that I can play pc games (which only work on windows), but I dont want to have to use windows on my regular user identity. Does anyone know if it will only download for the one user?

    no user is forced to use Windows.

  • How do you separate bookmarks for two different users on the same computer?

    My wife and I use the same desktop and the same Firefox browser. Is there a way to have separate bookmark lists for each of us? We don't really need subtopics or other organizers, just two separate lists.

    Either separate Windows User Accounts or separate Firefox Profiles will give you separate bookmarks lists, but all your personal data will be separate - passwords, extensions, browsing history, etc. I haven't seen an addon that will give you separate bookmarks storage within the same Firefox Profile.
    https://support.mozilla.com/en-US/kb/Profiles

  • How would I implement a FOR loop in real time?

    I am using a cRIO and would like to have several processes running in parallel.  A main functin will have a loop in it which will count up and an certain time intervals pass data to a parallel process.  I am not sure how LV will check the current time value and determine if it is time to send the parallel process information (it will send the parallel process a command to start at time X and stop at time Y).  I see the code in C as:
    for (i; i <= 60; i++)
         if (i==30)
            Function(1); //send "1" to function to  start action, equivalent of setting a variable in LV and continuously reading that variable in the parallel function
         if(i==45)
            Function(0); //send "0" to function to stop condition
        delay(1second);
    I am confused about how to create a loop that has a predetermined (changeable) time period that allows me to compare the timer to set times (i.e. 30 and 45) and perform a function if they are equal.  I can handle that compare part but I am not sure how to implement the loop.  Any help would be greatly appreciated.

    Hi,
    Why don't you use "Elapsed time.vi" ? Compare it with the time you require. Also you can use register event function to let the other process know a certain condition has occurred.
    Gaurav k:smileyhappy:
    Gaurav k
    CLD Certified !!!!!
    Do not forget to Mark solution and to give Kudo if problem is solved.

  • Which would you choose MBP for FCP7

    Ok here is my question. 
    I am looking to invest in a refurbished 15in MBP.  I cannot afford a new one at thist time.  Below is what I am planning to use it for and I will give you the two models I am looking at, I would really be thankful if any of you experts out there can give me a had in the selection.  Ok here it goes.
    Uses
    FCP7 (I will be shooting in AVCCAM(Both 1080 and 720p) and transfering it to Pro-Res 422(LT)
    Photoshop CS5 or CS6 (Using smaller images taken with an 8MP Camera, not looking to edit images over 12MP at this time.)
    Adobe Lightroom
    Some small use of After Effects.
    Surf The Web
    Watch a movie or two.
    Here are the two machines I am looking at.
    the October 2011 15inch MBP with 2.2Ghz Quar Core...I am planning to upgrade the memory to 8GB
    OR
    the April 2010 15inch MBP with 2.8 Intel Core i7....This model will have the matte Hi-Res screen not the glossy one I will get on the one above.  I am also planning to upgrade the memory to 8GB.
    I know these are not the AWSOME new machines that Apple is making, I cant afford them and cannot see ever being able to drop more then 1400 on a machine at this time.  I am not a real power user either.  I guess I am curious with these two processors and the two different displays what you all think is more important.
    Thanks everyone

    yv,
    Have you actually seen this "graininess" issue for yourself? I only ask because I was very hesitant about buying a MBP for that reason. I went into the Apple Store, compared screens between MacBook, MacBook Pro and iMac. The MacBook screen was clearly inferior. The MacBook Pro (15") and the iMac screen looked comparable in quality. I saw no graininess.
    I went to CompUSA the following week. I brought my wife with me. She's a graphic designer, works on very good quality monitors all day--in fact she makes the purchasing decisions for the graphics department of a Fortune 500 company. We compared the same three sets of monitors. She came to the same conclusion as me: the MacBook monitor is inferior. The MacBook Pro and iMac monitors are not noticeably different in quality. In fact, she even thought the MacBook Pro was every bit as good as the Apple Cinema Display they had. I bought a MacBook Pro right there.
    I've been using it for about 6 weeks now. Its the best laptop screen I've ever used-better than my daughter's PowerBook G4 (last generation), better than my wife's high-end PC laptop (I think its a Toshiba), better than my son's PowerBook G4 (second to last generation). I also compare it to my higher end 22" external monitor (more expensive Gateway version). Sure, the external is better, but it isn't designed for a laptop.
    So, maybe I got lucky, and all the MacBook Pros at the Apple Store, and the ones at CompUSA and the one I purchased all happened to be the few that don't have this problem (mine was manufactured during the last week of November or the first week of December). Or, this is a relatively rare problem with one of the earlier batches. Or it is exaggerated to begin with. Take a look for yourself.

  • Would you recommend Gumbo for production release?

    I'm working on an enterprise solution comprising of customer facing, crm, reporting and back office solutions. The guis are slated to be built entirely in Flex. We're still only in the planning stage right now.
    The features of Gumbo are terribly inticing and the designer-developer workflows would boost our productity to a whole new level. But I'm skeptical about using a beta platform to launch our application off of.
    We plan on launching our application within the next 3 months.
    My concerns are:
    I understand Adobe does not usually provide hints about release of future products but since Gumbo is an open source platform, is there a general idea to when Gumbo could be production ready?
    Are stable versions of Gumbo truly stable? If we launch our application on a certain stable version, will it stay stable regardless of updates to the Flash Player?
    If we don't decide to go with Gumbo, how painstaking is the migration process and what steps can we take while development to make our application migration-ready?... for example, migration documentations to go with individual components.

    Hi there Gumbo is expected to be release this year in Q4, so far there 
    isn't a stable version but quite soon will be one I can't tell you a 
    date but wait just a little bit.
    The migration is gonna painless You are going to be able to import a 
    flex 3 app to FB4 and compile right away.
    Sincerely,
    Michael
    El 19/04/2009, a las 11:28, HyderAlamgir <[email protected]> escribió:
    >
    I'm working on an enterprise solution comprising of customer facing, 
    crm, reporting and back office solutions. The guis are slated to be 
    built entirely in Flex. We're still only in the planning stage right 
    now.
    >
    The features of Gumbo are terribly inticing and the designer-
    developer workflows would boost our productity to a whole new level. 
    But I'm skeptical about using a beta platform to launch our 
    application off of.
    >
    We plan on launching our application within the next 3 months.
    >
    >
    My concerns are:
    >
    - I understand Adobe does not usually provide hints about release of 
    future products but since Gumbo is an open source platform, is there 
    a general idea to when Gumbo could be production ready?
    >
    - Are stable versions of Gumbo truly stable? If we launch our 
    application on a certain stable version, will it stay stable 
    regardless of updates to the Flash Player?
    >
    - If we don't decide to go with Gumbo, how painstaking is the 
    migration process and what steps can we take while development to 
    make our application migration-ready?... for example, migration 
    documentations to go with individual components.
    >

  • Jcifs exception for just one user

    We have jira deployed under solaris, and we're using NTLM authentication via jcifs. For one user we are seeing an exception being thrown all other user have no problem. The exception is the standard:
    jcifs.smb.SmbAuthException: Logon failure: unknown user name or bad password.
    at jcifs.smb.SmbTransport.checkStatus(SmbTransport.java:503)
    If we move the jira instance to a windows machine from solaris this one user gets authenticated successfully. Move things back to solaris and this one single user cannot get authenticated.
    I was hoping someone could give me a lead, as this seems very strange and not very computer like to me...
    ;)

    turns out the solaris to windows move was only part of the equation, probably symptomatic of the immediate issue. As it happened if the user went to a different machine the problem didnt exist. So it was tied to a particular machine. Im thinking there was/is some invalid kerberos ticket hanging around for some reason, or some registry setting on the client machine... who knows! Im sure the evidence is all there, just canny see the wood for the trees sometimes.
    Thank you for any thoughts raised, we can close this one off.

Maybe you are looking for

  • PXIe acquiring and disk streaming speed

    Good evening, I need to acquire and stream to disk the status of N.8 digital lines at 100 MHz clock, idest 100MBytes/sec data rate, in continuously mode (without data loss) for five minutes. I've thought to a PXIe configuration with: PXIe 6544 High s

  • Lost media for Final cut Pro X

    I finished a project on final Cut Pro X and started on a new one downloading new footage.  I ran out of Disk space so I started to delete events from my iphoto library. (All is backed up)  I also deleted events and files that where being used in my p

  • Why use helper classes?

    I am confused about the purpose of helper classes when using EJB's. Is the idea simply to make the code more maintainable? To separate data access code from the business logic? To aid the reuse of code? Why should I choose to use a helper class rathe

  • Third-party content

    There is a game I'm trying to play and I can't because the "Allow third-party Flash content to store data on your computer" option is unavailable. I looked at the solutions on the website and I have the latest version of the Flash Player installed an

  • Finally made top 10 on Leaderboard! Now can someone explain..

    I showed up as 9th yesterday (10th today) on the Leaderboard when I select for my age group, gender, "Duration" and "Ever". A time was listed as 40:39'30". What does this time reflect exactly? Is it tied to a 5k or some other default run type? I pret