cancel
Showing results for 
Search instead for 
Did you mean: 

How to Upload Mitigated Users in GRC 10.0

former_member208207
Participant
0 Kudos

Hi All,

We are moving from GRC 5.3 to GRC 10.0 . Here i need help  regarding below quary.

I want to upload Mitigated users from 5.3 to GRC 10.0

1.  I need to Download Mitigated users from 5.3. then i need to upload to GRC 10.0.

My question

===========

How can i upload my Mitigated Users to GRC 10.0,if any one having idea about this ,Please provide me the clear steps.

thanks inadvance.

Suresh

Accepted Solutions (0)

Answers (2)

Answers (2)

jitan
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Suresh,

Continuation to what Shaily has suggested.

Please do the following steps:

1. Export the mitigated users from 5.3

2. Save the file in tab limited and change as per the AC10.0 format. ( You can use the download program for format)

3. Now use this file for upload program GRAC_UPLOAD_MIT_ASSIGNMENTS

Please note that there would be individual files for User, Role and Profile. And also implement the note # 1780668 as it contains some enhancement to these programs.

Best Regards,

Jitan Batra

Former Member
0 Kudos

Hi Jitan / Shaily

We implemented note 1780668.

Now when I go to SA38 and run program GRAC_DOWNLOAD_MIT_ASSIGNMENTS, downloaded my users into txt file.

*      *      F056      005*      MCF056      29.01.2013      29.01.2014      AUFIGUEROMA      X

*      *      S099      01D*     MC-LC-01A     29.01.2013      29.01.2014      AUFIGUEROMA      X

Just to test this if upload program works, I ran Report GRAC_UPLOAD_MIT_ASSIGNMENTS

and select Ovewrite, but keep getting error below

Rules upload failed, please check logs.

Report GRAC_UPLOAD_MIT_ASSIGNMENTS

Invalid rule ID
at line number 1
Invalid rule ID
at line number 2

I have no idea where to get more information. Can you please advise how to make it work.

Regards

Masood

jitan
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Masood,

As per the error it looks the issue is because of the rule id. As the rule id mentioned in the file does not exist, the upload program is giving error.

Not sure why * is there in the rule id.

Thanks & Regards,

Jitan Batra

Former Member
0 Kudos

I had a similar problem with GRAC_UPLOAD_MIT_ASSIGNMENTS, but it was not accepting Blanket System (*), not the rule id.  I opened a message and SAP changed the program.

I don't know if you really need blanket Rule ID (like 005*).  It seems a bit dangerous. It is very easy to end up mitigating wrong Rule IDs. 

But, as NWBC transaction to Maintain the Mitigation assignments accepts partial rule id followed by *, the upload program should do the same.  I would open a message and ask SAP to correct the problem

I am assuming that you are Uploading Mitigations to a PROFILE, not a ROLE.  For Role you will need the UUID for the blanket role *.  You can create assign a mitigation manually and then Download, the text file will have an UUID that can be used .  In my case it is 005056B73EEB1ED289E6F6D277E18810.

Hope this helps,

Vaner

Former Member
0 Kudos

Hi Vaner

This is great and this is exactly I felt. As you said correctly that RULE ID 00* or 005* (whatever it may be)

can take first three charcters and fourth one as * from 2 different places.

1. From User Analysis Risk Report where we can do either sinle or mass mitigation

2. From Access Management -> Mitigated Access -> and Mitgated Users

Then question would be why SAP did not provide this functionality through file upload.

But thanks very much for your reply and I will raise OSS message with SAP.


Regards

Masood

Former Member
0 Kudos

Hi Suresh,

Kindly implement the below SAP Note

#1749804: Download & Upload reports for mitigation assignments

This will give you two reports to upload and download Mitigation Control data.

Regards,

Shaily

former_member208207
Participant
0 Kudos

Hi Shaily,

I have apply the note.But my question is Date formate is giving problem.

this is the issue.

==============

in 5.3 date formate was ex: from date 15/10/2012  valid date  21/09/2112

in 10.0 from date is taking current date ,how can i place old date( as in  5.3 date)

i need to put same date as per 5.3

and as per

Mitigated Roles

=============

GRC 10.0 formate

-===============

5078C6F6825E09D0E10080003422FF4B*B009*BAS000000115.10.201221.09.2112JO0326XP:BA:R:BASIS_ADMIN:GL:0000

This(5078C6F6825E09D0E10080003422FF4B) will generate automatically or we need to maintain as per Role.

and when i create one test role in back end system what is the process for testing that new mitigated role and how do i maintain the message class id.

Please help me regarding this.

thanks,

suresh