on 10-26-2012 4:59 AM
Hi All,
We are moving from GRC 5.3 to GRC 10.0 . Here i need help regarding below quary.
I want to upload Mitigated users from 5.3 to GRC 10.0
1. I need to Download Mitigated users from 5.3. then i need to upload to GRC 10.0.
My question
===========
How can i upload my Mitigated Users to GRC 10.0,if any one having idea about this ,Please provide me the clear steps.
thanks inadvance.
Suresh
Hi Suresh,
Continuation to what Shaily has suggested.
Please do the following steps:
1. Export the mitigated users from 5.3
2. Save the file in tab limited and change as per the AC10.0 format. ( You can use the download program for format)
3. Now use this file for upload program GRAC_UPLOAD_MIT_ASSIGNMENTS
Please note that there would be individual files for User, Role and Profile. And also implement the note # 1780668 as it contains some enhancement to these programs.
Best Regards,
Jitan Batra
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jitan / Shaily
We implemented note 1780668.
Now when I go to SA38 and run program GRAC_DOWNLOAD_MIT_ASSIGNMENTS, downloaded my users into txt file.
* * F056 005* MCF056 29.01.2013 29.01.2014 AUFIGUEROMA X
* * S099 01D* MC-LC-01A 29.01.2013 29.01.2014 AUFIGUEROMA X
Just to test this if upload program works, I ran Report GRAC_UPLOAD_MIT_ASSIGNMENTS
and select Ovewrite, but keep getting error below
Rules upload failed, please check logs.
Report GRAC_UPLOAD_MIT_ASSIGNMENTS
Invalid rule ID
at line number 1
Invalid rule ID
at line number 2
I have no idea where to get more information. Can you please advise how to make it work.
Regards
Masood
I had a similar problem with GRAC_UPLOAD_MIT_ASSIGNMENTS, but it was not accepting Blanket System (*), not the rule id. I opened a message and SAP changed the program.
I don't know if you really need blanket Rule ID (like 005*). It seems a bit dangerous. It is very easy to end up mitigating wrong Rule IDs.
But, as NWBC transaction to Maintain the Mitigation assignments accepts partial rule id followed by *, the upload program should do the same. I would open a message and ask SAP to correct the problem
I am assuming that you are Uploading Mitigations to a PROFILE, not a ROLE. For Role you will need the UUID for the blanket role *. You can create assign a mitigation manually and then Download, the text file will have an UUID that can be used . In my case it is 005056B73EEB1ED289E6F6D277E18810.
Hope this helps,
Vaner
Hi Vaner
This is great and this is exactly I felt. As you said correctly that RULE ID 00* or 005* (whatever it may be)
can take first three charcters and fourth one as * from 2 different places.
1. From User Analysis Risk Report where we can do either sinle or mass mitigation
2. From Access Management -> Mitigated Access -> and Mitgated Users
Then question would be why SAP did not provide this functionality through file upload.
But thanks very much for your reply and I will raise OSS message with SAP.
Regards
Masood
Hi Suresh,
Kindly implement the below SAP Note
#1749804: Download & Upload reports for mitigation assignments
This will give you two reports to upload and download Mitigation Control data.
Regards,
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Shaily,
I have apply the note.But my question is Date formate is giving problem.
this is the issue.
==============
in 5.3 date formate was ex: from date 15/10/2012 valid date 21/09/2112
in 10.0 from date is taking current date ,how can i place old date( as in 5.3 date)
i need to put same date as per 5.3
and as per
Mitigated Roles
=============
GRC 10.0 formate
-===============
5078C6F6825E09D0E10080003422FF4B | * | B009 | * | BAS0000001 | 15.10.2012 | 21.09.2112 | JO0326 | X | P:BA:R:BASIS_ADMIN:GL:0000 |
---|
This(5078C6F6825E09D0E10080003422FF4B) will generate automatically or we need to maintain as per Role.
and when i create one test role in back end system what is the process for testing that new mitigated role and how do i maintain the message class id.
Please help me regarding this.
thanks,
suresh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.