cancel
Showing results for 
Search instead for 
Did you mean: 

AC 5.3 RAR: Adhoc analysis

Former Member
0 Kudos

Hi experts,

today we added another client (new source) from the ERP system to Access Control. Thus we have 2 clients from one ERP system and another seperate ERP system connected to Access Control. We also updated the functions for the new system and generated the rules for the corporate ruleset . From my point of view all requirements for an adhoc analysis are met.

When I perform risk analysis on user level for all users, I receive no results.

When I perform exactly the same analysis giving specific user as arguments, I receive results.

The risk analysis on roles works also fine !

Risk analysis for the other client and the other ERP system work fine.

Do you guys have any idea why a risk analysis for all user doesn't work in my case ?

Thanks !

Regards,

Max

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

HI Max

Are you using logical system to generate rule set ? Do check the connector if its working fine .

Also when you are running batch risk analysis background job ,which rule set you are selecting .

What ever rule set you have selected there ,does all the risk are mapped to this ruleset ?

Do attach detail log to analysis ?

Regards

Ashish

Former Member
0 Kudos

Hi Asish,

thank you for your help !

- Are you using logical system to generate rule set ? Do check the connector if its working fine .

=> we don't use logical systems, none are created

Also when you are running batch risk analysis background job ,which rule set you are selecting .

=> we only have one corporate ruleset

What ever rule set you have selected there ,does all the risk are mapped to this ruleset ?

=> yes

Do attach detail log to analysis ?

=> where can i find log files ?

Cheers,

Max

Former Member
0 Kudos

Hi Max

It should work actually .

But lets double check few more things .

Go to functions and see if in front of function this new system connector is there .

I just wanted to make sure that rule is correctly generated for this system connector

Regards

Asheesh

Former Member
0 Kudos

Hi Asheesh,

I looked at the functions in rule architect - all relevant systems (DEV and PRD for clients 001 and 800) are there.

Also, when I take a look at e.g. critical actions rules, the rules were gerneated for all systems. From my point of view the rules are ok.

The adhoc analysis works when I give a specific user as argument, it doesn't work if I analyse all users.

Thanks !

Regards,

Max

Former Member
0 Kudos

Hi Max

Can you please let me know the version of ur GRC and RTA ?

Thanks & Regards

Asheesh

Former Member
0 Kudos

Hi Asheesh,

Access Control:

Version: AC-RAR 5.3_15.0

Build-ID: 04160211

RTA:

VIRSANH 530_700 0016 SAPK-53316INVIRSANH

Regards,

Max

Former Member
0 Kudos

Hi Max

just for a test purpose can you risk Analysis from Risk Analysis - USER LEVEL ANALYSIS for all users .

From here also we can get the same result that we get from batch risk analysis .

Regards

Asheesh

Former Member
0 Kudos

Hi Asheesh,

that's exactly the problem - the risk analysis on user level for all users doesn't provide results for new client and also no results in batch analysis !

Regards,

Max

Former Member
0 Kudos

Hello,

I just want to give you an update, as SAP was involved to solve this issue.

The problem was caused by special characters in the connector name e.g. the () in the ABC(800) connector name. Never use special characters in connector names. According to SAP support, this issue will be forwarded to development team and maybe will be corrected in upcoming patches.

Regards,

Max

simon_persin4
Contributor
0 Kudos

I came across an instance whereby there was actually a user with value * in the source system. This caused a load of trouble in the GRC system because it couldn't differentiate *(Star) from *(wildcard).

Do you have a * user in the troublesome client?

If so, try to remove that and re-run the syncs to remove it from the VIRSA_CC_GENOBJ table and you might get some results.

Simon

Former Member
0 Kudos

HI Simon,

thank for your reply. Unfortunatley I don't have a user on the client, so we will check tomorrow.

Cheers,

Max

Former Member
0 Kudos

Hi,

unfortunately no user * was found.

Any other ideas ?

Regards,

Max

Former Member
0 Kudos

HI Max

I beleive you have already uploaded SU 24 data from that new client .

And you have already schuled following jobs :

1. user ,role,profile syn

2. Batch risk analysis - user,role,profile and management reports .

Sometime if batch risk analysis job is not run you face thisk ind of issues .

Also do confirm that on thread 01 there is no other job already running .

Thanks & Regards

Asheesh

Former Member
0 Kudos

Hi Asish,

I just did the following:

complete background sync and risk analysis for the new client -> there were no results in risk analysis

What I haven't done so far is to import texts and authority objects, because a colleague ran into an error during import in AC. I have to check that for myself and get back to.

Thanks !

Cheers,

Max

Former Member
0 Kudos

Hi Asish,

I performed the text and authorization upload and also user /role sync as you mentioned. Then I performed risk analysis in batch job and I received no results ! Also the adhoc analysis for all users didn't work - for one or serveral users which I explictly gave as an argument, it worked well.

Any ideas ?

Thanks !

Max

Former Member
0 Kudos

Hi,

I tried to look at the log files (ccapcomp.0.log) to find out how the risk analysis in this specific settings run ... for me, it runs way too fast ... there are about 150 users in this client (~2500 on the whole system) and the analysis takes only 35 msec ???? See the log below:

-


INFO: Foreground : Exec Risk Analysis

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis

INFO: Start Analysis Engine->Risk Analysis ..... memory usage: free=663M, total=2048M

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis

INFO: Foreground : Before Rules loading, elapsed time: 1 ms

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis

INFO: Foreground : Rules loaded, elapsed time: 19 ms

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis

INFO: Foreground : # objects to analyse: 0

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis

INFO: Foreground : All Analysis done, elapsed time: 32 ms , memory usage: free=662M, total=2048M

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine performActPermAnalysis

INFO: Detailed Analysis Time:

Risk Analysis Time: Started @:Wed Jul 13 16:35:47 CEST 2011

Rule Load Time: Started @:Wed Jul 13 16:35:47 CEST 2011

Rule Load Time:19millisec

Risk Analysis Time:35millisec

Jul 13, 2011 4:35:47 PM com.virsa.cc.xsys.riskanalysis.AnalysisEngine riskAnalysis

INFO: End Analysis Engine->Risk Analysis ..... memory usage: free=661M, total=2048M

-


Then I took a look into the applications.0.log file and found out that the background job for user and role analysis also ran some ms.

-


Mon Jul 11 15:10:34 CEST 2011 : --- BKG User Action Analysis (System: XXX(800)) started ---

Mon Jul 11 15:10:34 CEST 2011 : --- BKG User Action Analysis (System: XXX(800)) completed --- elapsed time: 77 ms

Mon Jul 11 15:10:34 CEST 2011 : -


System to Analyze =>XXX(800) -


Mon Jul 11 15:10:34 CEST 2011 : --- BKG Role Action Analysis (System: XXX(800)) started ---

Mon Jul 11 15:10:34 CEST 2011 : --- BKG Role Action Analysis (System: XXX(800)) completed --- elapsed time: 19 ms

Mon Jul 11 15:10:34 CEST 2011 : -


System to Analyze =>XXX(800) -


Mon Jul 11 15:10:34 CEST 2011 : --- BKG User Permission Analysis (System: XXX(800)) started ---

Mon Jul 11 15:10:34 CEST 2011 : --- BKG User Permission Analysis (System: XXX(800)) completed --- elapsed time: 36 ms

Mon Jul 11 15:10:34 CEST 2011 : -


System to Analyze =>XXX(800) -


Mon Jul 11 15:10:34 CEST 2011 : --- BKG Role Permission Analysis (System: XXX(800)) started ---

Mon Jul 11 15:10:34 CEST 2011 : --- BKG Role Permission Analysis (System: XXX(800)) completed --- elapsed time: 14 ms

Mon Jul 11 15:10:34 CEST 2011 : Job ID:251 --- Starting background critical tcd/role/profile analysis

Mon Jul 11 15:10:34 CEST 2011 : Job ID:251, Background Critical Action & Role/Profile Analysis started

Mon Jul 11 15:10:34 CEST 2011 : Job ID:251 --- Completed the background critical tcd/role/profile analysis

-


Any ideas ? Rules are generated and I checked twice that they are available for System XXX(800) !

Regards,

Max