cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

INFO: Full Sync 5.2 SP9 Compliance Calibrator (ONE BY ONE)

Go to solution
Former Member

on ‎09-04-2008 4:27 PM

0 Kudos

RE: We opened a SAP message because we were unable to run a full sync. SAP replied:

Please review these three SAP notes: 1121978, 723909 and 1044173 and adjust the parameters accordingly, reboot the J2EE engine, then rerun the full synchronization jobs ONE BY ONE.

1. Full user synch

2. Full role synch

3. Full profile synch

4. Batch risk analysis for users (full synch mode)

5. Batch risk analysis for roles (full synch mode)

6. Batch risk analysis for profiles (full synch mode)

7. Batch risk analysis for critical actions (full synch mode)

8. Management reports by itself.

Please do not run all jobs at the same time, which may overload the system quickly and cause performance degraded.

Let me know if this info will/had helped you.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-19-2008 8:37 PM
0 Kudos

Others have contacted me and have indicated they are performing the analysis just as SAP requested in this thread.

Show replies
Show replies
Former Member
‎09-19-2008 8:47 PM
0 Kudos

Hello Gregory,

If performance and slowdown is your concern, I would suggest you shedule these jobs at a time where not many users are logged in. For example on weekends or at night.

About running these or not, the answer would be for sure YES.

Regards,

Hersh.

Answers (2)

Answers (2)

Former Member
‎09-25-2008 10:24 PM
0 Kudos

Hello Gregory.

Kindly if you allow me to make a contribution for the issue ´cause we had the very same problem in our installation after dealing with the million entries in the PRMVL Table and a legion of aborted jobs.

A good risk analysis strategy depends on:

1. A solid remediation strategy directeded to your simple roles and SoD, those things that you already knew thru years.

2. Total number of named users

3. Total number of derived roles.

4. Total number of active rules.

If your GRC parmeters are configured at permission level, that I recomend, the time of the full sync, and batch risk analysis will take a long while to finish. The best practice determines:

a) run Full Sync Users, Roles and Profiles in a single Job with a monthly basis.

b) run Batch Risk for Users,

c) run Batch Risk for Roles,

d) If you have a considerable number of compund profiles run the BR for Profiles, if not. don´t.

then schedule the Critical Action and Role/Profile Analysis JOB., and finally Management Reports, also periodically scheduled Monthly.

After all this completes...

Schedule your Incremental Batch Risk Job for Users, and other Incremental Batch Risk Job for Roles, periodically scheduled Daily

Alert Generation and Alert Notification

You have to use the alert generation and alert notification solely after your remediation program has been completed, please remember to deactivate unusable functiones and unusable rules, just before, because there is the risk to populate the PRMVL Table with millions of false positives and time consuming , thay you do not have.

I hope this information would be helpful..

Regards,

Show replies
Show replies
Former Member
‎09-04-2008 9:21 PM
0 Kudos

Management reports by itself is the job which will take most of the time for me it never comes back...

others are fine , but offcourse depends on the number of system connected, for me they are very fast.

Show replies
Show replies
Ask a Question