cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SoD Risk Analysis: CC 4.0 vs CC 5.2

Go to solution
Former Member

on ‎09-22-2008 8:48 PM

0 Kudos

Hello,

We are in the process of upgrading Compliance Calibrator from 4.0 to 5.2. We have successfull exported our custom rule set from 4.0 and imported into 5.2 as well as successfully ran full sync background jobs. The data we have for 5.2 (number of rules, mitigated users, functions, risks, etc) looks good so we have begun comparison testing to ensure that we get the same results in 5.2 that we were getting in 5.2.

In terms of running SoD Risk Analysis for Users and Roles, we are getting different results in 5.2 compared to 4.0. For example, several users are showing up as having violations in 5.2 whereas they are completely clean in 4.0. There are several roles also that are completely clean when running risk analysis in 4.0 but come up as having violations in 5.2.

Does anyone know why I might be getting different results? We don't understand what we're missing - we feel good about the accuracy of everything we've uploaded into 5.2 and also feel good about our configuration settings. Why would users show violations in the new version and not the old?

And ideas/insight/information would be greatly appreciated!

Thanks,

Jes

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-23-2008 10:33 AM
0 Kudos

Hello Jes,

Please make sure that you are selecting the same rule set, that you have uploaded from 4.0.

Also, please check and confirm that are the risks that coming now, were defined in the 4.0 version or are these some new ones? This we can atleast be sure where are these risks coming from.

Regards,

Hersh.

Show replies
Show replies
Former Member
‎09-23-2008 2:42 PM
0 Kudos

Thanks for your reply.

We have confirmed we are using the same rule set as 4.0 and the risks are defined exactly the same way on both CC 4.0 and CC 5.2. However, the SoD Analysis is still returning more conflicts in 5.2. It's almost as if the logic behind risk analysis in 5.2 is different/more advanced than in 4.0 because it is picking up violations that the previous version didn't?

Former Member
‎09-24-2008 10:52 AM
0 Kudos

Hello Jes,

For the risks that are coming in access in 5.2, please check whether they have the same status (enable or disable) in both versions. It might be disabled in your former and enabled in the 5.2.

Also, for the clues for resolving the same, I would suggest if you can take 3 or 4 of such Riska which are coming additionally and analyze them a bit to carry on your investigation further.

Regards,

Hersh.

Former Member
‎09-24-2008 5:34 PM
0 Kudos

Thank you for your reply.

The 5.2 risks are identical to 4.0 in every way. We certainly are comparing several users/roles and both sides to ensure information is accurate and identical.

We've seen a note to SAP but I've also come across a note, 1121447, "CC 5.2 - Update to Processing Logic of Rules"

[https://websmp130.sap-ag.de/sap(bD1lbiZjPTAwMQ==)/bc/bsp/spn/sapnotes/index2.htm?numm=1121447]

The note describes that the processing logic of Compliance Calibrator rules has been updated, so in a general sense, this potentially describes why I would be getting more violations in CC5.2 than CC4.0.

Has anyone had a chance to read this note? Has anyone come across this before?

Comments welcome!

Jes

Former Member
‎09-27-2008 6:29 AM
0 Kudos

Hello Jes,

Never cane across the same but YEs, I read the note and what I can suggest you is to check whether the risks IDs for these risks are 7 or 4 digits long.

If these are only 4 digits, regenerate the same bot at the transaction and the object level.

Suggest you to read the related note - 1047225 as well, which will give you a better picture of the same.

Regards,

Hersh.

Edited by: HERSH GUPTA on Sep 27, 2008 10:59 AM

Answers (2)

Answers (2)

Former Member
‎09-29-2008 11:08 PM
0 Kudos

Hi jes,

Even I had also faced the same problem while migrating from CC 4.0 to CC 5.2 at one of the clients, definitly you will find more risks in CC 5.2 as CC 4.0 was not able to trace out few risks for example in some cases P004 & P008. Please check "M_BEST_BSA" object as we were facing the issues bcoz of this object only. Otherwise do the route cause analylsis by taking a single user and find out which object is creating the prblem and with which set of value then decide whether you wanna modify the rule set or its actually a risk for your organization. Accordingly you can plan for mitigation or role clean up.

Thanks,

Tavi

Show replies
Show replies
Former Member
‎09-30-2008 2:13 PM
0 Kudos

Thank you all for your replies - very helpful!

We are slowly but surely ironing out this issue.

Former Member
‎09-23-2008 4:10 PM
0 Kudos

You should manually audit one of the uers/roles that is reported differently in CC 4.0 and CC 5.2 to see which is giving the correct results, then at least you will know where to start looking for the issues.

Show replies
Show replies
Ask a Question