- SAP Community
- Products and Technology
- Additional Q&A
- GRC 5.3 Risk Detection
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
GRC 5.3 Risk Detection
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-20-2012 5:09 PM
Dear experts,
I have an issue with risks detection and don´t know how to resolve it.
Using version 5.3 and data extractors to upload data from legacy systems it seems there are few risks that GRC - RAR is not able to detect. I´ve checked manually ruleset and data extractors and finally i know GRC might detect at least 1 risk. Details are:
Risk P298, medium level.
2 Functions composing risk: GC1003 and GC1012.
Function GC1003 have many action but one for example: 1090.
Function GC1012 have many action but one for example: 1094.
RoleFile.txt. This file contains role VTAOPE.
RoleActionFile.txt. This file contains action for role VTAOPE: 1090 and 1094.
So i understand that should be a risk detected for role VTAOPE that RAR doesn´t detects.
I´ve checked uploaded information in CCDebugger and that´s ok.
So, do you have any idea regarding this problem or what notes should i review?
Thanks a lot!
Accepted Solutions (0)
Answers (2)
Answers (2)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
HI Ricardo,
You can ref the below SAP Note
#1131003: Data Extraction - Best Practices and Tips
In this note there is a detail description of how you can use the Data Extractor functionality and how you can perform the risk analysis. You can compare the steps mentioned in the Note with your steps and can check that why the risk is not coming.
If still you face the same issue, then let us know.
Regards
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Ricardo,
Please ensure the following things:
1) The Rules are generated properly in the system for which you are performing the Risk Analysis.
2) You have run the Synchronization jobs.
3) Go to RAR and check Config > Miscellaneous > Web Service Info for CC Risk Analysis. Ensure URI is correct and that user password is right. User should not have restricted access.
Please check the below Notes:
1472227 - Risk Analysis shows no risks even when there are risks
Also, check whether you Frontend and Backend both are at same SP level.
Furthermore, please refer the Access Risk Managament Guide for detailed description.
http://scn.sap.com/docs/DOC-1573
Hope this helps!
Best Regards,
Shreya Gupta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Govern SAP APIs living in various API Management gateways in a single place with Azure API Center in Technology Blogs by Members
- Different kind of message in automatic credit control (OVA8) in S/4 HANA in Enterprise Resource Planning Q&A
- SAP Sustainability for Financial Services - Portfolio and Solutions in Financial Management Blogs by SAP
- SAP Named a Leader in the 2024 Gartner Magic Quadrant for Transportation Management Systems in Supply Chain Management Blogs by SAP
- TRM Treasury: Movement interest expense (gross) with MZWST X "Calculate tax" to FI in Financial Management Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.