cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Rule IDs After Rule Transport and Generation GRC AC 10.0

Go to solution
Former Member

on ‎05-10-2012 7:05 PM

0 Kudos

Hello,

In an earlier thread this past week, best practice for rule maintenance is to transport the rules between DEV, QA, and PROD.

At my company, some of the segregation-of-duties conflicts are mitigated at the Risk ID and Rule ID level.  For example, a P060 risk is mitigated as P060 / 0074 instead of P060 / *.  The SOX team only wants to mitigate the risk associated with certain t-codes, such MR11SHOW, and not the entire risk ID level.

Due to the mitigation process for some of the mitigations, a constant rule ID is very important as it is coded into the mitigation when created.

If I transport the SOD rule tables from DEV to QA to PROD, then generate the rules, will the Rule IDs change each time I do a transport?

If I update functions in PROD and generate rules, would there be an easy way to get the rules back down to DEV for future upgrades?

Thanks in advance.

Best regards,

Donna Wiley

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎05-10-2012 7:21 PM
0 Kudos

Hi Donna,

How are you this is Gabe.  Tell guys I said hello.  But to help on your question, when you transport the rules from each environment it should update each of the rules but I am not 100% sure.  For getting your rules from Production I believe there are two ways you can do is.

1. You can have access in GRC PRD to call the program GRAC_DOWNLOAD_RULES, and you can download them locally.

2. You may need to do a  client copy of PRD down to DEV and this should include your rule sets.


Those are the only two ways I can think of that will be possible.

Hope that Helps

Gabe

Show replies
Show replies
premb
Product and Topic Expert
Product and Topic Expert
‎05-10-2012 7:31 PM
0 Kudos

If the action ruleids are not transported, then it will generate new ruleids. It is not only about transport, whenever you don't see actruleids and if you generate rules, then it will create new ruleids.

That case, your mitigations will not work on ruleids.

Thanks

Prem

Answers (1)

Answers (1)

Former Member
‎05-10-2012 11:18 PM
0 Kudos

Thanks Gabe and Prem for your responses.

In PROD, my current rule IDs can be found in GRACACTRULE table.  These rule IDs were generated at go-live when the SOD Rule transport was moved to PROD.  The rule transport did not include table GRACACTRULE.  Following are the tables that were in my original transport created when I executed GRAC_RULE_TRANSPORT:

GRACFUNC
GRACFUNCACT
GRACFUNCPRM
GRACFUNCPRMEXTN
GRACFUNCT
GRACORGRULE
GRACORGRULEHDR
GRACORGRULET
GRACRULESET
GRACRULESETT
GRACSODRISK
GRACSODRISKFUNC
GRACSODRISKOWN
GRACSODRISKRS
GRACSODRISKT
GRACSUPPRULE
GRACSUPPRULEHDR
GRACSUPPRULET

If I create another transport with these tables and do not transport GRACACTRULE, will only new rule IDs be generated for the new t-codes I added to the functions in DEV?  I am hoping the old rule IDs (from the first transport) will stay in GRACACTRULE in PROD.

Thanks in advance for any comments.

Best regards,

Donna Wiley

Show replies
Show replies
Ask a Question