cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

AC 10.0 - evaluate the wrong rule-set

former_member1337465
Explorer

on ‎10-29-2012 9:09 AM

0 Kudos

Hi all,

if I make an analysis there is the wrong risk-ID (also function-ID) evaluated. Where can I say to the system which rule set I want to evaluated. I just want to evaluate the own rule-set and not the "global"!

Maybe you can give me an screenshot?

Thanks!

Thorsten

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member1337465
Explorer
‎10-31-2012 2:32 PM
0 Kudos

Hi Nikita,

sorry, one added question.

what do you mean with the management report? What is the technical name of the report? Or do you mean the business objects (or graphic) report?

Regards

Thorsten

Show replies
Show replies
Former Member
‎10-29-2012 9:23 AM
0 Kudos

set the configuration parameter 1025 to the rule set you want to default to...

set this by following below path:

SPRO -> Governance, Risk and Compliance ->Access Control - > Maintain configuration settings

Show replies
Show replies
former_member1337465
Explorer
‎10-29-2012 9:40 AM
0 Kudos

That's what I have done. Could it be that I have to run some jobs after I set the parameter?

Former Member
‎10-29-2012 9:48 AM
0 Kudos

are you running a batch risk analysis or User/role/profile analysis? or you are asking about the user analysis during the Access request?

former_member1337465
Explorer
‎10-29-2012 10:11 AM
0 Kudos

I start the job GRAC_BATCH_RISK_ANALYSIS.

Yes I think its the user analysis in access request (under reports and analysis --> dashboards)

Whats the different between the batch risk analysis or User/role/profile analysis?

Former Member
‎10-30-2012 11:11 AM
0 Kudos

Hi Thorsten,

Please refer the below Document for the details on Background jobs in RAR.

http://scn.sap.com/docs/DOC-1601

I am sure this will help you understand the basic difference between Batch Risk Analysis and Adhoc Risk Analysis (User / Role / Profile Analysis).

Let me know if you still have any questions.

Regards,

Nikita Sharma

former_member1337465
Explorer
‎10-31-2012 2:28 PM
0 Kudos

Hi Nikita,

thanks for this link. I think it will help me. So what I read is that it is very important in which order the jobs will run.

At the moment I have this order. Maybe you can check this if this is the rigth order they run every night.

(please remember that I work with AC10.0 - maybe it's important for the order or name of the job?)):

1. GRAC_REPOSITORY_OBJECT_SYNC

(includes GRAC_ROLEREP_PROFILE_SYNC, GRAC_ROLEREP_ROLE_SYNC, GRAC_ROLEREP_USER_SYNC)

2. GRAC_BATCH_RSIK_ANALYSIS (incrementally)

3. GRAC_ACTION_USAGE_SYNC

4. GRAC_ROLE_USAGE_SYNC

5. GRAC_GENERATE_RULES (optional if rules changes)

6. GRAC_PFCG_AUTHORIZATION_SYNC (optional if there are new auth objects in SU24)

Asks:

a. But It is no problem, if all 6 jobs will run in the right way (order) every night. Is this correct?

b. for the first time to run all these jobs I have to choose the Full synch modes - correct?

c. after the second time I can choose the incremental modes - correct?

Thanks

Thorsten

former_member1337465
Explorer
‎10-31-2012 2:54 PM
0 Kudos

Hi Nikita,

sorry, some added question.

what do you mean with the management report? What is the technical name of the report? Or do you mean the business objects (or graphic) report?

I have a different result by the analysis of the useres in our prod. system and Access control. The different ist 10 users (224 in AC and 234 in our prod.system. Which kind of users won't be consider in the analysis? Maybe all users which are inactiv?

Regards

Thorsten

Ask a Question