- SAP Community
- Products and Technology
- Additional Q&A
- RAR 5.3 SP14 - Management Report Issue: Risk ID Ob...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
RAR 5.3 SP14 - Management Report Issue: Risk ID Obsolete Data
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 05-12-2011 1:25 PM
Hi all,
We have a GRC system conected to two logical systems. we have one rule set per each one.
At the beggining we launch two Risk Analysis Jobs: each of them againts its corresponding rule set. We are now changing some risks ID in one ruleset (I.E. Risk called F001, F002... is now called SF01, SF02)
So now we do not have any risk called F001...
When we have lauched the second Risk Analysis Jobs now, some obsolete risks are still included in management reports view (but only in Management View->risk analysis when we choose userin dropbox, for roles & profiles do not ocur) I mean, in management repotrs appears some obsolete risks mix with the new ones but without description and so on becouse does not exists. How can we delete them? we have read some notes and we have launch managemen report after Risk analysis as sap notes indicates but we have still that issue
Regards
Edited by: Alvaro Prieto Martinez on May 17, 2011 12:41 PM
Accepted Solutions (0)
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Did you do an increment or a Full analysis before you ran the managment report?
Regards,
Chinmaya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Chinmaya,
Yes, we launch Full Sync and Full Analysis before the management report.
Anyway, I think that we have found the possible error and solution. We will try to explain in order to help anyone who could have the same problem ¿Could anyone confirm this explanation&solution? ¿It is possible to be a bug?
At the begining we have (for example) 5 risk. We launch SoD analysis for these 5 risk obtaining the following results in management reports (user analysis report):
F001=15 users
F002=9 users
F003=5 users
F004=45 users
F005=21 users
Between this first analysis and the second one, we decided to rename all these risks to:
SF01
SF02
SF03
SF04
SF05
And the normal result for that analysis will be:
SF01=15 users
SF02=9 users
SF03=5 users
SF04=45 users
SF05=21 users
However, the result after the renaming has been:
F001=2 users
F004=6 users
F005= 2 users
SF01=13 users
SF02=9 users
SF03=5 users
SF04=39 users
SF05=19 users
And we didn`t know why GRC did not update the risks and results only for users reports (for roles & profiles are ok).
It seem like some registries had been "orphans" and management report did not update them. In developtment system we have deleted the connector (with management deletion option) and we get delete all management report data and then we could get the second images perfect but loosing the first one.
In production environment we do not want loosing the first image (becouse we want to compare the first againt second analysis althought the risks are called different)
We have found the following explanation&solution:
Beetwen the first and second analysis some users have been expired or locked (besides renaming risks) and we detects that all obsolete risks has only expired/blocked users. So the explanation is that GRC maintain F001, F004 & F005 with that users becouse the application do not refresh management report with expired users although these risks now no longer exist.
I mean, as full risks analysis does not take into account expired & locked users (configuration option), management report do not refresh this results for these users in case these risks no longer exists.
The solution we have found has been:
- Change default values in order to GRC takes into account expired & locked users
- With that changes we lauch a new full risk analysis getting update management report and getting that in these report does not appear obsolete risks (becouse now GRC analizes expired users and detects which new risks they have)
- Change again default values in order to GRC excludes expired & locked users.
- Lauch again a new full risk analysis getting the expected second images only with new risks
Thanks a lot!!!
- Receive a notification when your storage quota of SAP Cloud Transport Management passes 85% in Technology Blogs by SAP
- SAP PaPM Cloud Universal Model: Deploy your environment via Manage Containers in Financial Management Blogs by SAP
- Portfolio Management – Enhanced Financial Planning integration in Enterprise Resource Planning Blogs by SAP
- Enterprise Portfolio and Project Management in SAP S/4HANA Cloud, Private Edition 2023 FPS1 in Enterprise Resource Planning Blogs by SAP
- Quick Start guide for PLM system integration 3.0 Implementation in Product Lifecycle Management Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.