Quantcast
Channel: SCN : All Content - Governance, Risk and Compliance (SAP GRC)
Viewing all 5097 articles
Browse latest View live

GRC Document Collaboration Topics

August 22, 2014, 8:40 pm
$
0
0

Hi All

 

If you are wondering what this document is all about then please refer to: Community Collaboration for GRC Blogs and Documents - you will find an overview of what this community collaboration is about and the rules on how you can contribute. You are still encouraged to write your own blogs and documents without participating in this process (it would be nice if you could update this document to let the community know you are working on something).

 

You are also welcome to be both the person who suggests the topic and the author. This can advertise you are working on the topic and hold yourself accountable to a deadline that the community is aware of.

 

 

Remember: Add a row below the 3rd row of the table to included your suggestion. Please do not change the first three heading rows as these rows indicate the title and a short summary of the content below. When including your name, please include your SCN profile as a hyperlink (easiest way to open your Profile in a new browser tab and copy the URL)

 

 

Step 1: Requester to CompleteStep 2: Author to completeStep 3: Option (collaborator to complete)Step 4: Author to PublishModerator and Coordinator Override
DateSuggestedSuggested ByDocument TypeIdeaAuthorDate DueAssistance?NameLink to itemModerator and reason for rejection
DD/MM/YYYYYour SCN  Profile URLblog or documentTitle or topic ideaYour SCN  Profile URLDD/MM/YYYY

do you want any assistance?

If yes, summarise (input, review, etc)

Your SCN profile URLSCN document or blog linkModerators or Coordinators to advise if topic is not appropriate.
27/08/2014Alessandro Banzer / Colleen LeeDocumentAnalysis of the SAP delivered rule-set - do you accept as it is? Do you build your own or do you do something in between?Approved
08/09/2014S ADocumentSecurity Tools/Transactions one should have in their arsenal as a GRC Consultant?
13/09/2014Colleen LeeDocumentBusiness Role Management - overview and use of the methodology customisation
13/09/2014Colleen LeeBlogBusiness Role Manager - What are the benefits and issues with using BRM and integrating with ARA and ARQ?
Search

Role was not found in ARM

September 10, 2014, 1:04 pm
$
0
0


Dear Colleagues,

 

Could you please assit me here.

 

I have created the role in the system ( Development ) and I logged in as a role owner  and approved the role .  and  the request is completed status .

When I went raise to riase a request , I could not find  the role  I have created .

 

I have dont the repository sync and tried again , but didn't work.

 

Could you please assist me ?

 

Should I first transport the role production  and raise a request ? If yes can you also mention how we shuld transport the role

 

 

Thanks and Reagds,

RAghu

How to run Periodic report in GRC 5.3

September 12, 2014, 12:03 am
$
0
0

Hi All,

 

I want to schedule periodic RAR user level job in GRC 5.3 on weekly basis I want it to run the report on each Friday.

 

Please let me know the steps for the same.

 

When i click on periodic schedule  and choose weekly then for Friday what value i need to be fill in  the tab for running my report on each Friday.

 

Also I want my job to be start at 5:30 pm on each Friday so for this also if i choose the time in the above tab will it work for me.

 

Capture.JPG

LDAP Issue After System Copy???

September 16, 2014, 4:05 am
$
0
0

Hi  All,

 

We have done a system copy of GRC system for some business reasons.

 

Now when I try to execute LDAP tcode and logon to LDAP server, it gives me below error:

 

 

System-dependent data for entry BC_LDAP_GRCLDAP changed: ABC/ XYZ

 

May I know how I can resolve this?

 

Please advise.

 

Regards,

Faisal

GRC 10 Access request with 'System entry only' goes to escape route

August 22, 2014, 3:34 am
$
0
0

Hello All Experts,

 

I am facing same issue but scenario is different which I found not possible with above solution. If I am submitting request with ONLY system, then request will go to AUTO approve and end.

 

1) In change authorizations option, end user submits request with only filling SYSTEM option.

 

2) Request goes to 1st Stage people, who will add roles into system

Existing MSMP no roleowner is used as routing condition here, if role approver not FOUND, request takes  ESCAPE ROUTE and goes to Escape Stage with system option and role(if not defined role owner for it)

 

3) If role has owner, it goes to Role Owner.

 

Can we remove SYSTEM option from request and send it to NO PATH stage instead of ESCAPE route

 

OR

Is there any better way to handle this?  client do not wants to APPROVE requests with SYSTEM entries but ready to handle requests with no role owner request.

 

Please help..  **Urgent**

GRC Default Layout for Controllers

September 15, 2014, 9:50 pm
$
0
0


Hi Gurus,

 

We have a requirement to set the default layout for the Firefighter Controllers. Currently the log report doesn't show some fields like Old Value and New value and change type.

 

How can we set this as global and default for all users ?

 

Regards,

Salman

No queries available in the selected system.Try with another RFC dest

September 16, 2014, 8:34 am
$
0
0

Hello, we are trying to setup Executive Dashboard , but got following error:

noqueries.png

 

the HTTP responses look like this:

 

<?xml version="1.0" encoding="utf-8"?>

<error

    xmlns="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata">

<code>SY/530</code>

<message xml:lang="en">No queries available in the selected system.Try with another RFC dest.</message>

<innererror>

<transactionid>54178FC418860D4AE1000000AC1D021F</transactionid>

<timestamp>20140916092211.7814190</timestamp>

<Error_Resolution>

<SAP_Transaction>Run transaction /IWFND/ERROR_LOG on SAP NW Gateway hub system and search for entries with the timestamp above for more details</SAP_Transaction>

<SAP_Note>See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)</SAP_Note>

</Error_Resolution>

<errordetails/>

</innererror>

</error>

 

As I understand SAP Fraud should already have easy queries configured for OData services - Finding Details About Services and Queries Used in SAP Fraud Man - Business Content for SAP Fraud Management - SAP Libra…

But non of them I can find in EQMANAGER, it is empty -

EQMANAGER.png

 

How we can generate this queries for Fraud OData services?

ABAP report subscenario in html AM job output not showing all columns

September 16, 2014, 10:06 am
$
0
0

Hi,

 

We're currently using the RSVTPROT for an ABAP report subscenario. But we've encountered an issue wherein the spool output in the ABAP side contains all the columns for the report. The text file output within the GRC system contains all the columns. But when we look at the html output, we have some of the columns missing.

 

The html version stops at the part of CRCY.

 

What's causing this and how can we show the columns that are missing?

 

 

 

Best Regards,

 

 

Raphael

Search

Add --> System to be made mandatory in SAP GRC 10.1 Access Request Form

September 10, 2014, 6:53 am
$
0
0

Hello Experts.

 

I have a requirement to make the system field under "User Access" tab as mandatory in Access Request form in SAP GRC 10.1.

I could not find this option in EUP and also tried to change the webdynpro application(GRAC_OIF_REQUEST_SUBMISSION and GRAC_OIF_REQUEST_SUBMISSION_EU) using SE80 and Customizing mode, but no luck.

 

Attached the file will show you the option.

 

Can you please advise if this is possible.

 

Regards,

Jarauvy

How to make a user "FFID" stop generating log?

September 16, 2014, 2:52 pm
$
0
0

Friends,

 

 

 

So well summarized:

GRCAC10 / SP14

 

 

 

We created a user called "GRCGUEST" in GRCAC10 environment.

 

This user is used by all logins AD(LDAP connector) Company.

 

 

Two weeks ago, for us to use in a mass execution, he turned in FF'ID. The idea was to keep the mass modification log, the user GRCGUEST and not my user.

 

After the mass execution, he removed the NWBC Setup (Owners, Firefighter IDs, Firefighters and controllers) and also removed the Role of Firefighter.

 

 

 

Even after removal, until today is generated log on using this user.

 

Every logged by a user of AD (LDAP connector), is to unlock SAP user or to request access, log appears.

 

See the attachment.

 

Many thanks for the help

User Access Review Workflow

May 19, 2014, 7:46 pm
$
0
0

I am trying to add a column "user group" in BRF+ to use in agent rule in UAR workflow.  The requirement is UAR request should go to regional reviewer based on user group.  Example: Asia region users UAR request will be reviewed by Asia Reviewer.  How should I achieve this scenario.

 

 

Thanks in advance.

GRC AC 10_ Notificatiion_Link

September 17, 2014, 1:47 am
$
0
0

Hi Experts,

 

We have a notification template as below :

"

Dear Mitigation/Firefighter/Admin Approver,

There are new Work Item(s) in your work inbox. Please perform the necessary actions.

Link:

%LINK%

*** This is an automatically generated email, please do not reply ***

Kind regards,

SAP GRC Team

"

 

Here we feed %LINK%, which is approver link. But this refers to 2 line link and we want to shorten it.

 

Did anyone get similar situation, can you assist with steps to shorten the link in notification?

 

Regards,

Nishant

ARA report

September 4, 2014, 8:05 am
$
0
0

Hello,

 

Just configured GRC 10.1 system

 

done all prerequisite.

 

I need few help

 

1) when i run Risk analysis for a user if i select for permission level work fine,for action level also fine, for critical action also fine.But when i select critical action and permission both it only show me risk which are with critical action nothing for permission level.

 

2)In remediation view i have selected role remove option it created access request for role removal.But when i cancelled that request it still shows in report that a request with Request number is already created for role removal, even though i cancelled the request .

 

Regards,

Prasant

Maintenance of Critical Risks at Critical Permission level

September 19, 2014, 3:29 am
$
0
0

Risks:


Risks are the core objects that identify the potential access issues which your enterprise may encounter. The elements that make up a risk are its attributes. Risk management uses the attribute descriptions to generate rules. Risk management is the set of processes through which management identifies, analyzes, and, where necessary, responds appropriately by mitigation or remediation to risks that might adversely affect realization of the organization's business objectives. The response to risks typically depends on their perceived gravity, and involves controlling, avoiding, accepting or transferring them to a third party. Whereas organizations routinely manage a wide range of risks (e.g. technological risks, commercial/financial risks, information security risks etc.), external legal and regulatory compliance risks are arguably the key issue in GRC.

 

Critical Permission Risk:


Defining a critical permission risk ensures that risk analysis identifies any employee who has been assigned a potentially risky permission. You can use this feature if the permission has been enabled but has no actions. This risk can have only one function.

 

SAP delivered SoD doesn't contain any Critical Risk ID specific to Critical actions or Critical permissions. So, if you run the access risk violation reports either at user or role level and if you select any option among Action level, Permission level, Critical action level et al. but Critical Permission level, you would see the risk reports as expected out of the selected rule sets. But once you select only Critical Permission level, you wouldn't see any violations. Reason being is that SAP standard SoD doesn’t contain any critical risk ID either at action or permission levels.

 

So, in order to customize the rule set and to create Critical risk at permission level, first we need to create a Function ID which would contain the permission (authorization object) and no action (transaction code) in it.

 

// Verion of GRC used: GRC AC 10.1 and SP 06 //

 

Go to create Functions as per the path defined below and don't add any action in this function.

snap1.png

 

Now, we will go to Permission tab to enter the required permission to be treated as Critical Permission.

 

snap2.png

 

Now, this Function ID (CF01) has to be added to a new Risk ID (CR02), map this risk ID with the Rule set and assign the risk owner as below:

 

snap3new.png

 

Then generate this newly created Risk ID; either via NWBC or via SPRO (IMG -->GRC --> Access control --> Access risk analysis --> SoD rules --> Generate SoD rules; and mention the lately created Risk ID and execute).

 

 

snap5.png

 

We would see the risk violations at critical permission as below:

snap6.png

 

Your inputs/suggestions are always welcome

 

Courtesy & Regards,

Ameet kumar& Fernando Bassuino

GRC 10.1

October 9, 2013, 9:44 pm
$
0
0

Dear Friends,

 

     Please could you suggest me whether SAP HANA is mandatory for GRC 10.1 or we can use Oracle DB ASAP.

Search

Defining of function permissions using "NOT" condition / Access Control 10.0

September 18, 2014, 9:00 am
$
0
0


Hello all,

 

We are trying to exclude a couple of program names from the authorization object S_DEVELOP using the "NOT" Condition in the permission definition. However when we enter the value which has to be not critical and save the function and generate the rules and enter the value * in the authorization filed in the authorization role we expect the role to be popped up as critical in summery result of analysis. But we get the result "No valuation". How can this be? Can anyone describe me the logic of the "NOT" condition in access control function permissions?

 

Thank you in advance

Mehran

Reject user from request GRC 10.1

September 19, 2014, 6:14 am
$
0
0

Hello, experts.

 

Is it possible to deploy functionality of rejecting users from requests, like roles?

 

I have read this document(part about Managing Rejected Users):

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/30e75a9f-c9b9-2e10-0287-efb0e08c0373?QuickLink=index&…

And also following thread:

Trying to get "reject user" to work in UAR

 

E.G.

 

I have a request for 10 users, and i only 5 of them need role.

Approver able to reject whole request or some roles, but in this case we need to reject only users from request.

 

Is it possible to make it with standard? Or i have to make Z?

 

 

Thanks beforehand

GRC Auto provisioning - Logs not available

December 30, 2013, 2:07 am
$
0
0

Hi All,

 

I have designed a MSMP workflow with detour path based on role name. My request is going through both main path and detour path and getting approved properly without any issue, but at the end no changes are being happened in the system and below is the data i can see in the log file.

 

 

I am not able to find any errors in SLG1 or GRFNMW_DBGMONITOR_WD. Am i doing anything wrong? Please suggest.

 

Provisioning Settings - At the end of each path

 

Regards,

Madhu.

GRC AC 10.0: Info about rejected roles in the CUP Email

September 19, 2014, 1:22 am
$
0
0

Hello all,

 

the GRC componetent CUP seems to be technically mature in comparison to Role Management component, but there is one thing where I am not sure, is it an error or did I miss some config parameters:

 

 

When the CUP Request ist closed, the user gets an email (Template ID: GRAC_AR_CLOSE). Not all of the roles were approved, some of the roles were rejected. But the user gets an email where only the approved roles are listed:

 

CUP_1.PNG
We would like to inform the user about the status of all roles in the CUP requests: which roles were approved and which roles were rejected. Is it possible to configure in MSMP Workflow?

 

Right now we have the following setting:

 

CUP2.PNG

 

Thanks,

 

regards Sabrina

regarding function changes in sap backend system

September 18, 2014, 2:01 am
$
0
0

Hi Team,

 

I would like to check if we can alter functions and its actions/permissions in SAP back end and transport it across landscape.

 

This is needed as we customize the rule set and its difficult to validate the risk analysis changes directly in production when its made via nwbc.

 

Thanks in advance.

 

Regards,

Anil

Viewing all 5097 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>