cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Different Risk Analysis Results with the same user from 2 different RAR

Former Member

on ‎09-14-2010 4:12 PM

0 Kudos

Hi..

I've loaded the same Risks, Rules, etc, into 2 GRC RAR environments (Sandbox and Quality systems); both of them are connected with the same SAP ECC system. But when I do a User Risk analysis (authorization level), the result from Sandbox is different from Quality system. I donu2019t have users or roles mitigated yet, users are synchronized, rules are exactly the same and I donu2019t know what happen??... Please, help me.

Thanks...

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (4)

Answers (4)

Former Member
‎10-26-2010 5:57 PM
0 Kudos

I've to delete all rules in both systems with RAR Delete Mgmt Utility (verified in Database tables with 0 rows), I uploaded same risk and generated the rules again, and finally, I got exactly the same rules number in both systems. Buuuut, Risk Analisys to same user or role show still different results, I had to create a SAP Support Message =(

Show replies
Show replies
Former Member
‎10-27-2010 5:34 AM
0 Kudos

Hi David,

Can you check if the user has any direct profiles assigned/a reference user is assigned.

When you have uploaded the same ruleset, there could not be any difference in the risks.

Hope this helps!!

Rgds,

Raghu

Former Member
‎10-27-2010 6:24 AM
0 Kudos

David,

Go to table AGR_USERS and copy all the roles assigned to that user.

then go to table AGR_1251 and paste all those role and execute.

do this in both the system.

check number of lines returned by AGR_1251, it should be same.

regards,

Surpreet

Former Member
‎09-21-2010 7:45 PM
0 Kudos

Hi...

If I do a Full Sync of users to the same ECC system from both RAR boxes, I got different number of users loaded (i.e. 18757 vs. 18141), similar case with the full sync of roles. (13100 vs. 13150).

If I load exactly the same set of functions to both RAR systems and I generate the rules, I got the same problem, different number of rules is generated.

I've verified both RAR configuration and they are the same (excluded users, roles mitigated, etc.)

Is it a normal behavior? What could be wrong?

Thanks in advance!!

Show replies
Show replies
Former Member
‎09-21-2010 8:10 PM
0 Kudos

open all the roles assigned to that user in PFCG

most probably one of the role might have RED auth tab

else do simulation of all the roles assign to user. pls let me know if you want me to explain ... how...

Regards,

Surpreet Bal

Former Member
‎09-14-2010 7:15 PM
0 Kudos

Hi,

Is the config the same? Do you exclude critical role/profiles for any of the systems?

Try to do the analysis at role level first and check for differences. When it is ok, then perform the analysis on user level.

regards,

vit

Show replies
Show replies
Former Member
‎09-14-2010 6:40 PM
0 Kudos

Hi,

So when you go to rule architect, do you see same number of functions, rules etc? Also, when you go to risk analysis -> and search for user or role, do you see same number of users and roles in both the systems? If the answer to both these questions is 'Yes' then make sure that you have uploaded the auth object files into both the systems and both systems are on same SP level.

Regards,

Alpesh

Show replies
Show replies
Ask a Question