on 02-09-2009 1:07 PM
Hello,
After GRC installation, I must upload the Rule file.
I don't know what's the function of these files.Who could tell me? Thanks.
Business Processes:
ALL_Business_Processes.txt
Function:
ALL_Functions.txt
ALL_Functions_BP.txt
Function Authorization:
XX_function_action.txt
XX_function_permission.txt
Rule Set:
ALL_Ruleset.txt
Risk:
R3_risks.txt
R3_risks_desc.txt
R3_Risk_Ruleset.txt
If there are no rules, then how will you know if someone is violating them.
It is like we have LAW and police makes sure no one violate them.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I looked at the txt files in technical mode, there were no inconsistencies, so that doesn't seem to be a problem.
I copied the text file and deleted the risks already created and reran the import and it worked, so there must have been some consistency issue in there I couldn't find.
Thanks for the help.
Curtis
Edited by: Curtis Fincher on Feb 19, 2009 8:22 PM
Hi Zeng,
Yes, these files will create rules for your RAR system. Creating rules is not a straightforward process.
Here is description for all those files:
1) Business Processes: ALL_Business_Processes.txt -> Definition of Business process
2) Function: ALL_Functions.txt -> Definition of function
ALL_Functions_BP.txt -> association between functions and Business process
3) Function Authorization:
XX_function_action.txt -> association between functions and transaction
XX_function_permission.txt -> association between functions and authorization objects
4) Rule Set: ALL_Ruleset.txt -> definition of rule set
5) Risk:
R3_risks.txt -> composition of risk
R3_risks_desc.txt -> definition of risk
R3_Risk_Ruleset.txt -> relationship between risk and rule set
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
All those files are for SoD risk check?
GRC check that a user has a risk, the user's role has OBR1 and CMOD(please check the following), but I could not find the rule definition in the *.txt file.
Conflicting Actions | Risk Description | Level | Business Process
-
OBR1&CMOD | B00103A01 | Medium | Basis
I was completely puzzled by this.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi zeng
Those are the SAP standard rule set, business process, functions , function action and permission, Risks which are known to SAP . please upload all of them.
You can also define custom ones but you have to upload the ones from SAP first before start working on custom ones.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.