cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10 ARA - Org and Ruleset -2 Queries

Go to solution
Former Member

on ‎04-18-2012 5:53 PM

0 Kudos

Dear All GRC Gurus

We are in the early stages of configuring the above module of Access Controls.  We have completed the relevant configuration including synchronisation of auth objects, roles, users etc.  

When we run a risk analysis report on a role/user the output is not as expected, we have selected the default global ruleset (which has been generated).  We can see the list of roles but in the action column it states 'No Rules were selected'.  Can anyone advise why this is occuring and what we might be missing?

Also, in relation to Org Hierarchy?  Is it sufficient to create a node organisational unit or do we need to represent the company codes and plants etc?  Is it a prerequisite to basic functionality such as mitigating controls etc.  If so, can we easily synchronise from core ECC6.0.  How has this been done by others?

Many Thanks in Advance

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎04-18-2012 8:18 PM
0 Kudos

Thanks Ajesh, we got it working.  It seems it all comes down to assigning connectors to logical groups.  Now our ruleset is pulling through and our risk violation reports are coming through, Hopefully this will help someone else.  Any other information on use of org rules will  be greatly appreciated.  Would it be sufficient to bring it down to co code level to support mitigating controls, we are only implementing ARA and SPM for now.  Thanks

Show replies
Show replies
kevin_tucholke1
Contributor
‎04-18-2012 8:46 PM
0 Kudos

Grainne:

Are you talking about the Organizational Hierarchy or Organizational Rules?  For the Org Hierarchy, that is required and this used to be Business Units on the Mitigating Controls in v5.3.  For Organizational Rules, this is an exception based rule set 'accessory' that helps with some false positiives in certain situations. 

Your Organizational Hierarchy is really up to you.  If you are planning on using Process Control, you will want to consider what Hierarchy they will have as it is the same set up.  Ohterwise, you only need to have a Root and a single node set up which is done in IMG as part of the post-installation.

Thanks,

Kevin Tucholke

Answers (1)

Answers (1)

Former Member
‎04-18-2012 6:26 PM
0 Kudos

Hi Grainne,

Please check and confirm if you have generated the Rules.

To check if the rules generated:

NWBC-->Rule Setup--> Generated Rules--> Access Rule Summary

Or

NWBC-->Reports & Analytics-->Access Rule Library.

Check this thread and see if it solves your problem:

http://scn.sap.com/thread/3148490

Regards,

Ajesh.

Show replies
Show replies
Former Member
‎04-18-2012 7:43 PM
0 Kudos

Hi Ajesh, thanks for your speedy response.  Sadly we have rechecked the above and regenerated the rules at both a risk and function level plus maintained connector groups.  Could it be related to BC set 'GRAC_RA_RULESET_SAP_ECCS' which we have not activated as R3 version was already activated.  We are using ECC6.0 and GRC version 10.

Thanks

Ask a Question