on 05-25-2009 1:29 PM
Hello GRC guys,
I am very new to GRC and currently i am trying to set up a demo system.
After doing some basic steps in RAR, i soon found a good description for "configuration steps after installation".
And as soon as i found this guide a question arose:
referring to
Why do they have more than 170.000 violations, and we have NONE?? I followed the steps provided in RULE UPLOAD of config guide and found the new SP08 for delta upgrading rules.
Looking at "Rule Architect" -> Rule Library, Action Level, we have about 16.000 active rules.
Why do they so many more rules than we have?
Florian,
Have you run risk analysis background job? You will get violations once you run this job. You have to upload all the different rules which comes with the installation package to see same number of rules as the configuration guide.
Regards,
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Alpesh,
thx for your reply.
Yes, i uploaded the rules as well as risks and so on - these were files named like
- APO_function_action.txt
- APO_risks.txt
And yes, i scheduled the job for batch risk analysis.
Interesting: i searched for risks in FI.. Rule architect, risks, search- search term risk id f0*. the result was f001, f005, f014, f018. only 4 risks?
But there is still no result shown on informer tab, management view, risk violations, analysis type user.. 378 users analyzed, no violations, emtpy chart under "risk violations by process".
Edited by: Florian Royer on May 26, 2009 10:16 AM
Edited by: Florian Royer on May 26, 2009 10:55 AM
Edited by: Florian Royer on May 26, 2009 11:18 AM
Hi Florian,
It seems you have missed something. Can you tell me what systems you are connecting from GRC?
We have uploaded standard rules and we have 32 risks starting F0*. We have ECC 5.0 as backend system for which these risks stand.
Please reupload them one by one again-
SAP provides action and permission rules for SAP ERP, APO, CRM, and SRM systems.
Sequence-
Business Process Text File
Function Text Files
Function Authorization Text Files
Rule Set Text File
Risk Text Files
Scheduling Rule Generation
You can get steps of upload from AC 5.3 config guide.
Once upload is successful, please reschedule User,Role,Profile full sync. After successful completion, reschedule full sync Batch Risk Analysis(User,Role,Profile), critical actions for role/profile, and Management Reports.
After succesful completion, you shoudl be able t osee management reports.
Regards,
Sabita
Hi sabita,
thx for your help.
We run on ECC 6.0. If i look at the file i have to upload (eg r3_risks.txt) i find the risks you mentioned.
Does the file eccs_risks.txt contain the risks corresponding to ERP?
I already uploaded those files twice - with no result. Management view still shows no result. But i will try it again.
UPDATE
I uploaded FI rules and found an error message on the bottom of the screen telling me that risk f001 is already existing. deleting the entries from txt file - now i have all fi risks. but this means i have to look up for other missing risks in GRC
Edited by: Florian Royer on May 26, 2009 1:55 PM
Hi Florion,
For ECC 6.0, upload R3* fileset.
please check the configuration parameter under Configuration > Risk Analysis > Additional Option-
"Consider Org. Rules when updating the Management reports and during Risk
Analysis Web Service Call ".
If this config parameter is set to YES this means that Organizational Rules are considered during Risk Analysis. If you do not have Organizational Rules set up in Rule Architect, Risk Analysis will display zero violations in the report. Change this option to NO if you do not have Organizational Rules set up.
Check SAP note - 1169541
After setting it, run again batch risk analysis job full sync.
I hope it will help.
Regards,
Sabita
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.