Dear colleagues,
we use programmed data source for continuous monitoring. The owner requests new fields to be added into output of control. So is there a way how to update list of fields in data source and relevant rule or must be created new one and original DS and rule deleted? Data source and rule are already in use.
Thanks for your help
Igor
Dear Experts,
What is the maximum number of authorization one role ( PFCG ) can have ?
I want to know the number of authorization in one Role ( PFCG ) and not in User ; )
Thanks in advance,
Regards
I have loaded my Rolesets and Generated them but my risk are not associated to any roleset. I have double checked all of my connectors and
they appear correct as i had to do this in order to upload my rulesets.
Also when I go Into NWBC I do not have the Icon for Rule Set Maintenance, can someone tell me what access I need for this?
Thanks,
Claudia
Hello experts,
Can you please help me to identify the template used by this email notification. I checked all the GRAC templates but none of them seems to match what is shown below.
Thank you,
Sonny
------------------------------
From: WF-BATCH
[mailto:USCP-Gracalerts@sunchemical.com]
Sent: Thursday, September 12, 2013 9:36 PM
To: Samarakoon, Sonny
Subject: Reminder Notification - OSTWVI using PTF_FF8 on RP1CLNT410
Dear Approver,
This is a reminder to perform action on the following Request in your Inbox.
Request Number: OSTWVI using PTF_FF8 on RP1CLNT410
Created By: WF-BATCH
Request Link: %LINK_GET_APPROVERS%
Regards,
Adminstrator.
Hello Gurus,
We are following Business Role concept for provisioning....
Workflow we are maintaining for the New Request is Requestor -> Manager -> Role Owner-> Provisioning
Here Requestor will select the Business Role (Nothing but a Job Position) and submit the request.
After the Manager Approval... Role owner will do the risk analysis and if he wants to remove any technical role in the selected business
role... there is no option for that...
So please suggest.....how to remove a technical role from the selected business role by the role owner
Thanks,
Sriram
Hi Gurus,
How to maintain the landscape for business roles .
Thanks,
Sriram
Hello,
Can any one provide the detils of the certiication cost for the below
1. SAP Security
2. SAP Process Control and
3. SAP Risk Management
Th Tanks,
Sriram
We recently upgraded from GTS 7.1 to GTS 10.1 and are seeing differences in the way the SPL screening happens.
We are getting many more blocks even though our config & master data for SPL is the same in 10.1 as it was set in 7.1.
(we do not use TREX), just the classic SPL.
Example:
Do a 'Simulate General Address Check' for the following
Name = KOTOBUKI
Country = XX
We are getting a hit in 10.1 for the following results
BP original BP Search Term SPL Original SPL Search Term Match
XX XX 100.00
KOTOBUKI COTOBUCI UCK UC 66.67
In our previous system (7.1) this exact address check would not have caused a hit.
Now in 10.1 it is blocking on this check based on a 66.67 match. We are not sure where it gets a 66.67 match
It appears it is comparing SPL original to SPL search term.
Any thoughts on what we need to look at changing?
FYI - we do run the following daily in a batch job
/SAPSLL/SPL_CUS_APP_BUFF_RESET
/SAPSLL/SPL_CREATE_SEARCHTERMS
/SAPSLL/SPL_INDEX_CREATE
/SAPSLL/SPL_CREATE_SEARCHTADRC
/SAPSLL/SPL_CHECK_SCENARIO_C1
Thank you.
Hi All,
We are on GRC 10 SP09.I have configured single stage path i.e(Q_PATH with ROLE_OWNER stage).
Enabled the routing rule i.e. GRAC_MSMP_DETOUR_NOROLE_OWNER
Routing Level is Line item level
Created one more path with no stage
Mapped NO ROLE OWNER detour path between main and detour path at step 6 in MSMP but my request is closing as "No agent found, cancelling path Q_PATH (in stage no. 002 - Z_ROLE_ST01)"
Please suggest me where configuration is missing.
Thanks and Regards,
Sushma M
Dear all,
Can anyone tell me if it's possible to link:
ROLEID field / GRAC_ROLEID data element / GRFN_GUID domain from table GRACROLEPRMVL
with
ROLE_ID field / GRFN_GUID data element / GRFN_GUID domain from table GRACRLCONN
We need to convert the offline analysis result (table GRACROLEPRMVL) to a file/format to be used as in Novell IAM, and for that, we need to identify AGR_NAMES (table GRACRLCONN).
Thank you,
Mesly Fernandes
Vale - One Vale Program - Technology Team
Phone: +55 21 3980-6456 Mobile: +55 21 7207-3855
E-mail: mesly.fernandes@vale.com
Hello
I wanted to query the community about what results should be returned when one runs a risk analysis in an access request. I was testing that the risk analysis was running properly for a new business role I was adding and noticed that all conflicts appear for each system / client for the user access is being requested. Is that the intended result? I would have thought the risk analysis would only show the results for the system access is being requested for. I am not allowed to filter by system / client in the approval screen.
I've included a screen shot as a reference.
HI Gurus,
One of the client requirment.....
We are implementing all the modules of GRC AC 10.0....
There is no Rule Set provided for BI and GTS.... so is it possible to create custom risks, functions for these?
Will the GRC box recognise the actions present in the BI and GTS?
Are there any list of SOD, critical Actions risks defined for these systems?
So please suggest
Thanks,
Sriram
Hi All
I have below questions :
1.Is there any way we can restrict or pull users from a particular LDAP Groups only into GRC AC 10.0 system front-end.If yes how to write the base entry for the same.
2.In my LDAP search I am getting users from LDAP search in GRC but both firstname and surname are same as firstname(Screenshot attached below)
3.Can I extend or delimit the number of entries for search or finding.As I get error message in transaction LDAP when I try to find users from directory saying "Maximum number of find results exceeded.
I have loaded my Rolesets and Generated them but my risk are not associated to any roleset. I have double checked all of my connectors and
they appear correct as i had to do this in order to upload my rulesets.
Also when I go Into NWBC I do not have the Icon for Rule Set Maintenance, can someone tell me what access I need for this?
Thanks,
Claudia
Hello,
I was wondering if someone could elaborate on the Default Connector actions specifically 04. As I understand it:
01 – Should be the development client where you will create roles and transport
02 – Should be your production client where analysis should be run analysis against
03 - Should be the development client where you will create roles and transport
04 – Not sure
Technical Role Example:
I’ve tested # 04 and was hoping that if a technical role in GRC is associated with multiple target systems / clients and is part of a business role. That technical role would only get provisioned to the system you’ve define as 04. But It appears the only way to restrict that technical role within a BR from getting provisioned to all systems is to turn off “provisioning allowed / auto provisioning"
Helo Gurus,
We have maintained detour path at role owner stage for SoD voilation. when an requetor is selecting the single role in the access request the detour path is working fine. but if the requestor selects the business role in the acccess request the detour path is not recognizing (i.e, after the role owner approval the request is getting closed). Please provide the solution for the same.
Thanks,
Sriram
Hi Gurus,
We are maintaining two request types 'New Account and Change Account ' and we have defined them as
Requestor should select New Account when he is not having the access to SAP System and Requestor should select the change account, if he need any additional role for the system he is having the access.
But in change account, if the user selects a role for the system he is not having the access.. then the user is provisoned and role is assigned.
So please suggest how to restrict this.
For request type New Account - selected the Acions - Create User, Assign Object
For Request type Change Account - Selected the Acions - Change User, Assign Object, Remove...
Below is the Screenshot of User Global Setting for Provisioning
I am trying to create Data Source in GRC PC how ever after selecting the possible connectors from the drop down list when I try to select the table I am getting following error "System Failure with Remot system"
Can somebody help resovling this error
Thanks in advance
Regards
J
Hello,
I have recently migrated from 5.3 to 10. Now I'm updating validity of mitigated roles. But I'm getting an error while updating them.
I checked org units in t-code PPOM and all the org units are available there. Can you please let me know if I have missed any step ?
Regards,
Anil
Hi All,
we are on GRC 5.3 CUP-RAR (SP20) capabilities deployed.
Our scenario is: the same role can have several approvers, identified by different local divisions and process the role belongs to (a matrix).
Eg.
ROLE 1 for (Request Functional Area "AA") AND (Role functional Area "BB") -> Approver X
ROLE 1 for (Request Functional Area "CC") AND (Role functional area "DD") -> Approver Y
the role is the same with different functional area assigned.
To realize the scenario above we have defined a CAD (Custom Approver Determinator) formed by two fields.
1) Request Functional Area AND
2) Role Functional Area
The combination of those two attribute identify the approver.The stage approval/Rejection level is at Role level.
It seems that the Functional Area of the Role is not properly taken into account during the identification approver.
Any similar experience?
Thanks.
Massimo