cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RARs' criteria for analyzing roles in ECC backend system?

Go to solution
Former Member

on ‎07-17-2009 1:25 PM

0 Kudos

Hi All,

I'm working on setting up a prototype of Access Control 5.3. In RAR I notice the analyzis of roles is not done for all roles.

I have taken note 1179717 into consideration, and also performed mass user compare. But not all roles are analyzed yet.

Some of the roles are not tied to a profile, but it seems RAR does not segregate on this.

Does anyone have a list of criteria RAR uses when looking at what roles to analyze?

Thanks in advance,

Leif Nilsson

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-20-2009 5:00 AM
0 Kudos

Hi Leif,

Plese check the SAP note: 1239588 which explain in detail how the user/roles/profiles are picked from backend system which is analyzed by RAR.

Regards,

Shweta

Show replies
Show replies
Former Member
‎07-27-2009 7:15 AM
0 Kudos

Hi Shweta,

Thanks, but I seem to be unable to find the note.... Can you direct me to it? Which path do you use?

Thanks again,

Leif

Former Member
‎07-27-2009 12:51 PM
0 Kudos

Hello Leif,

Please go to this path

https://websmp103.sap-ag.de/support

and then select Help & Support -> Search for SAP Notes. Here give the note number and it should come up.

Regards,

Varun

Former Member
‎07-27-2009 2:58 PM
0 Kudos

Hi All,

Thanks, I found the note - and it makes a lot of more sense now. I combed through the data, and it is obvious that RAR only picks up the roles that are registered in both AGR_1016 (OR AGR_AGRS) AND AGR_DEFINE. So only these two combinations of data sets will work.

Thanks,

Leif

Answers (1)

Answers (1)

hkaur
Advisor
Advisor
‎07-27-2009 8:55 AM
0 Kudos

You will find the note on SAP Service Marketplace:

https://websmp103.sap-ag.de/support

Harleen

SAP GRC RIG

Show replies
Show replies
Former Member
‎07-27-2009 12:53 PM
0 Kudos

Hello Leif,

You can find SAP Notes only on SAP Service Marketplace

https://websmp103.sap-ag.de/notes

You cannot directly compare the numbers of RAR with the roles you want to analyze, without following the below steps completed successfully.

1- Connect the SAP backend system to Risk Analysis and Remediation and complete all post-install activities.

2- First you have to run the report RHAUTUPD_NEW in your backend system.

3- Select all roles, select 'Perform User Master Comparison', but check only "cleanups" from the 'editing types'.

4- Now execute the report.

5- When finished re-run a full user, role, profile synchronization for this SAP backend system in Risk Analysis and Remediation.

There are two types of synchronization, Full and Incremental:

6- Select Full synchronization

7- Perform Batch Risk Analysis. This is the core function of RAR. By performing a batch risk analysis, the security of the users/roles/profiles are compared against the Segregation of Duties rules to identify possible conflicts. It then makes a call to the back-end system to retrieve the authorization assigned to each of these user/roles/profiles. It then performs the analysis against the rules in the front-end.

8- Run Management Reports. Running this piece of the job is what ultimately updates the numbers you see on the Management Report and table virsa_cc_prmvl is updated.

9- You will get the list of total Number of Violations , the Violation count by Risk and Violation Count by Permission

Now you are ready to compare the numbers in the following way, seen below.

10- Log on to your SAP backend system and use transaction SE11 to identify single roles with profiles from table AGR_1016, but note that roles having multiple profiles appear multiple times in this table.Count the number of distinct roles in table AGR_1016.

11- Now, only count those distinct roles in AGR_1016 that have also an entry in AGR_DEFINE. You can do this with a small custom report or with Excell.

12- In your SAP backend System use transaction SE11 to count the number of profile in table USR10 having the flag 'AKTPS' set to 'A'. Each profile appears only once in this table.

This number should match the number on profiles synchronized in Risk Analysis and Remediation.

Thanks,

Mohi

Ask a Question