cancel
Showing results for 
Search instead for 
Did you mean: 

CC log for user that used the application

Former Member
0 Kudos

Hello GRC gurus ,

I would like to know if there is a possibility to check users last log on in Compliance Calibrator . We have people that are doing simulations over Informer tab--> risk analysis --> user level and we would like to have a log .

Thank you very much in advance

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi David,

As far as I know, within the log you only can trace the whole activity within GRC CC regardless the user is login.

Best regards,

Imanol

Answers (5)

Answers (5)

Former Member
0 Kudos

Hi Amol ,

we have a Central User Administration system , where all R/3 systems are connected to . So the role distribution and the user management is being done from there and not locally

Regards,

David

Former Member
0 Kudos

Hello David,

Well, sorry but I am still not clear with your question. There are two diffrent things I can guess in the same message. I would request you to please let me know which is the one which exactly you want to do, and would explain you both of the cases as under:

1. Are you wanting to monitor if risk analysis is done on role creation?

OR

2. Are you wanting to monitor if the risk analysis is done on the assignement of the role to a user?

I'm asking this because each of these 2 requirements can be achieved by RE and AE respectively and the user carrying out these tasks need not even log into CC for doing either/both of 1 & 2.

For 1:

You can use RE and enable the Risk analysis step in the role creation process by enabling and using the web service which connects the Risk analysis from RE to AE. Here (in RE) you can enable the option "not to generate the role if Risk analysis is not done", to ensure everyone does a risk analysis before generating a role.

For 2:

You can use AE directly and do a risk analysis the same way as we did for RE (by using web service), before the role assignment is approved/done to the user.

CASE 3:

In case you do not have RE or AE installed (which is also one of the inferences I get from your post when you mentioned that there is one service desk who takes care of the role assignments), you may configure Risk Terminator in this case, wherein you can configure this tool at the backend to make it mandatory to do the risk analysis when:

a) A role is generated at the backend.

b) A role assignment is done at the backend.

Regards,

Hersh.

Edited by: HERSH GUPTA on Sep 27, 2008 11:54 PM

Former Member
0 Kudos

Hello Hersh,

thank you for the tip , for the RE . I will definitely use this option in the future. The tools RE and AE are not implemented yet.

And now to your question :

My wish is closer to suggestion No1 . But specific i want to find out IF and WHEN users from our service desk are doing the risk analysis on user level. This is all . The Risk terminator could also be a solution as you describe , but i dont like the option to necessary make a simulation for risks for all roles. Because we have Display roles as well where you dont need a risk analysis.

thanks very much for your effort !

Former Member
0 Kudos

Hi David,

You need RE or AE infact i would suggest you to go for AE as its more stable and mature product and can handle other activities which your help desk must be performing like R/3 Password reset etc. Moreover you will get the audit trail as well which tells who approved what and when. So in your senerio AE is the best solution as CC doesn't provide these things.

Thanks,

Tavi

Former Member
0 Kudos

Hello David,

Sorry for coming back late on this but for the following posted by you :

"but i dont like the option to necessary make a simulation for risks for all roles. Because we have Display roles as well where you dont need a risk analysis"

there are additional option as well, which will go with just CC installed too. These are:

1. After Configuring RT, the you have the option of even letting the role generated if the admin/security guy does not want to do the user analysis. I mean you can have it optional to do the risk anaysis or not, which will not result in forcing the user to do this but to skip this as well.

2. Secondly, in CC itself you can make some roles, like the display roles you mentioned, not to be checked during Risk Analysis.

Regards,

Hersh.

Former Member
0 Kudos

Dear Hersh,

As i mentioned , we want to know if people actually use the tool , before giving new roles. Knowing when they last log on , we could check if actually these people are using Compliance Calibrator to make simulations on User level.

Hope i cleared my problem here

Former Member
0 Kudos

David -

Can I ask How does SAP Service Desk assign roles to users ?

Using RE or R/3 ?

Regards, Amol

Former Member
0 Kudos

Hi Hersh ,

i would like this information to make a control of who did the last time a simulation .

You see we have a SAP service desk which is responsible for the role distribution..we want to see if they use CC for checking the risks with the addition of the new roles .

This request came to me since i am the GRC administrator, but i suppose this info cant be found

Edited by: David Damaskinos on Sep 19, 2008 10:18 AM

Former Member
0 Kudos

Hello David,

Yes, well this functionality would not be there in CC but actually i do not see a reason why would there be a need to see what simulations were run. As in, Simulations would not grant access to anyone, but just only check if there would be any risks if you grant some access. So why should this be monitored at all.

Had the case been like you are checking after granting the access, then I guess it would have been good to check who granted this. Isn't it? PLease let me know or clarify if I am wrong.

Regards,

Hersh.

Former Member
0 Kudos

Hello David,

Never came accross such a thing and not sure whether it is available in the frontend or not but actually I am wondering why would this be needed?

I mean what would be that you would want to trace from the last logon of a particular user, not getting it? Could you please let us know. I mean if the changes to for example risks are needed, as to who changed it and when, we can get it form the change history.

Thanks ans Regards,

Hersh.

Former Member
0 Kudos

Compliance Calibrator 4.0 runs on the ABAP stack and hence allows for the usual user reporting that reads table USR02 (including last logon).

I suppose that UME has a similar feature but unfortunately I have not tried that yet.