on 07-20-2012 5:09 PM
Dear experts,
I have an issue with risks detection and don´t know how to resolve it.
Using version 5.3 and data extractors to upload data from legacy systems it seems there are few risks that GRC - RAR is not able to detect. I´ve checked manually ruleset and data extractors and finally i know GRC might detect at least 1 risk. Details are:
Risk P298, medium level.
2 Functions composing risk: GC1003 and GC1012.
Function GC1003 have many action but one for example: 1090.
Function GC1012 have many action but one for example: 1094.
RoleFile.txt. This file contains role VTAOPE.
RoleActionFile.txt. This file contains action for role VTAOPE: 1090 and 1094.
So i understand that should be a risk detected for role VTAOPE that RAR doesn´t detects.
I´ve checked uploaded information in CCDebugger and that´s ok.
So, do you have any idea regarding this problem or what notes should i review?
Thanks a lot!
HI Ricardo,
You can ref the below SAP Note
#1131003: Data Extraction - Best Practices and Tips
In this note there is a detail description of how you can use the Data Extractor functionality and how you can perform the risk analysis. You can compare the steps mentioned in the Note with your steps and can check that why the risk is not coming.
If still you face the same issue, then let us know.
Regards
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ricardo,
Please ensure the following things:
1) The Rules are generated properly in the system for which you are performing the Risk Analysis.
2) You have run the Synchronization jobs.
3) Go to RAR and check Config > Miscellaneous > Web Service Info for CC Risk Analysis. Ensure URI is correct and that user password is right. User should not have restricted access.
Please check the below Notes:
1472227 - Risk Analysis shows no risks even when there are risks
Also, check whether you Frontend and Backend both are at same SP level.
Furthermore, please refer the Access Risk Managament Guide for detailed description.
http://scn.sap.com/docs/DOC-1573
Hope this helps!
Best Regards,
Shreya Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.