- SAP Community
- Products and Technology
- Additional Q&A
- Need help in Mitigation...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Need help in Mitigation...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-25-2008 9:49 PM
Hi , I have the CC 5.2 connected to single system and using GLOBAL ruleset.
In backend i have created a role Z:CONFLICTING_ROLE and assigned to user ERIC.
Now there are two risks in the role F030 and S027 , i have created two mitigating controls for them and have mitigated the risks at role level .
When i run the report on the USER ERIC , it should show in there also as mitigated , but there is nothing in mitigation.
I was under impression that roles once mitigated , users with be mitigated also, what is wrong here ? ?
The option under Configuration :
Risk Analysis ->Add Options -> Include Role/Profile Mitigating Controls in User Analysis
is set to yes..
Pls help me to resolve this issue.
regds
navdeep
Edited by: navdeep pathania on Aug 25, 2008 11:02 PM
Accepted Solutions (0)
Answers (5)
Answers (5)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
navdeep,
I was rather talking about the PFUD in the back-end system.
But okay, if the synch with GRC is not working in the first place, then this issue should be addressed as well. However, that goes beyond this particular post 'Need help in Mitigation"
In an attempt to help you : is your diamond shaped adapter green ? are you using the correct model in the JCO in terms of your release of backend system ? did you do a full sync or incremental ?
for sure, this is your issue why the users are not mitigated through their assigned mitigated roles.
succes
sam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
jco connection is working and diamond is all green , it pulls in the roles but different and the number of roles is always 1341 , this is sandbox .
The setup was to use the VIRSA addin abap packages below :
IRSANH 520_700 0003
VIRSAHR 520_700 0000
and at the JCO level in SLD i am using
VIRSAHR_01_METADATA
VIRSAHR_01_MODEL
Also one thing i noticed in the profiles display it s showing me the T-XXX profiles also it is showing objects like S_SPO_USER_A in profiles , which is quite odd , has u seen this somewhere else.
regds
navdeep
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello navdeep,
I have impression that you have created yourself a test role. Are you sure that you have peformed a user comparison in the back-end system ? Please note that SAP GRC does not care about which roles are assigned to users. Only the assigned profiles count.
hope this helps,
sam
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
i have done a user/role/profile sync, but in the security reports section , "i can find all users and profiles", but when i see the reports for the roles " i cannot find the Z* roles only SAP_ roles .
But in the sync i have selected all roles to be synced , but somehow last roles i can see is, SAP_LE_BASIC_DATA_DISPLAY , 1341 roles so it got no Z roles in the CC , tables i don;t know why i don;t have roles sycned up. Any idea why the roles are not picked up ??
This maybe the reason why the user level mitigations are not working.
regds
navdeep
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
I already have the * after the risk , in mitigation , the problem is the roles are mitigated but the user who has the same role ( and single role only) is not mitigated .
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
We prefer to call the "tricks" as undocumented features
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello navdeep,
You're absolutely right, however there is a little trick that you might have missed when creating the mitigating control. You should add a star () after the control ID. So instead of just creating the control for risk F030 just enter F030.
Hope it helps !
Regards,
Jerome.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Adverse Media Monitoring: How to improve overall Supply Chain Management in Supply Chain Management Blogs by Members
- Drive productivity, safely and sustainably, with SAP manufacturing solutions in Supply Chain Management Blogs by SAP
- Introducing the market standard of electronic invoicing for the United States in Enterprise Resource Planning Blogs by SAP
- Mitigating gender bias with Job description Generator? in Human Capital Management Q&A
- SAP ECC Conversion to S/4HANA - Focus in CO-PA Costing-Based to Margin Analysis in Financial Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.