cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.0 SP11 in NWBC under Access Risk Analysis Reports

Former Member

on ‎03-17-2013 1:41 AM

0 Kudos

Hi,

We installed GRC 10 with SP11.

  

After the post config steps, I am running few reports on NWBC

under Access Risk Analysis Reports

  

I ran

  User Risk Violation Report ---- I don't see any results

Role Risk Violation Report-----I see only one line with No rules were

selected

Could you take a look and let me know next steps

Thanks,

Sri

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (6)

Answers (6)

Former Member
‎03-07-2014 4:53 PM
0 Kudos

hi All

I have a problem with the user Risk analysis report.

the Risk Discriptions is not show in the results output.

I have checked the setting tab too see if there are any hidden value.Is there any resolution so that the 'Risk Descriptions are shown up dring the output results.


Show replies
Show replies
Former Member
‎03-08-2014 11:35 AM
0 Kudos

Hi Parag,

Did you try viewing the report in Business view? Please check if business view is enabled in SPRO

javascript:;

Check the notes:-

Note 1664654 - UAM: No 'Risk Description' field under Risk Violations tab

1630347 - Unable to view Risk description after Risk analysis

Cheers,

Sabitha

Former Member
‎03-09-2014 10:13 PM
0 Kudos

Hi sabhitha


Thanks for the note.

I have added the 1048 in the configuration tab apply note 1630347.

However I am on SP 11 and note 1664654 is application to SP10 ( if I may be wrong)  . My sandbox shows the right output  .However in development environment it does not show the Risk, Function and Action descriptions.

Cheers

Parag

Former Member
‎03-21-2013 9:25 AM
0 Kudos

Hi Sri,

Since you are running the Offline Risk analysis, Please check the tables in SE16

GRACUSERACTVL

GRACUSERPRMVL

Does the following tables have any entries? If not,Please run the batch risk analysis job and then

test the scenrio.Please make sure that the parameter 1027 is set to "YES".If the paramerter is set to

"NO" then the Offline tables(GRACUSERACTVL GRACUSERPRMVL) will not populate while running the batch risk analysis job and as a result you will get the message as "No rule were selected" while

running the Offline risk analysis.Please make sure that the parameter 1027 is set to YES. 

Also, Are you getting the violation for the User ,Role  when you run the Ad-Hoc risk analysis?

Please let us know.

Thanks

Japneet Singh

Show replies
Show replies
Former Member
‎03-25-2013 1:17 PM
0 Kudos

Hi Sri,

in addition to checking the status of sync jobs by use of trx SM37, you should also check the logs in trx SLG1. The status in SM37 can be "green" but SLG1 can contain errors which should be resolved prior to risk analysis run.

Let us know if you solved the problem.

BR,

Ivana

Former Member
‎04-16-2013 12:31 AM
0 Kudos

Hi Sri and group

We are actually experiencing the same issue. We just upgraded to SP12 which didn't resolve the issue either. As recommended above and, like Sri, I have re-generated the rule set; re-run auth sync; re-run repository object sync. I have gone to SLG1 and validated the jobs completed without errors. I have validated any tables mentioned above contain data as well.

It seems like all is in place but there's obviously something missing. I receive the erro when running a user / role level analysis; role risk analysis as well as when creating a new technical role. Any help is appreciated!

Former Member
‎04-16-2013 3:48 AM
0 Kudos

Hi All

As an update, we were able to resolve our issue. Turns out we did not define all our connectors under the connector group SAP_BAS_LG. I recommend you make sure all your connectors are assigned to the correct connector group. Then re-run the authorization and repository object jobs as well as role generation in NWBC. Hopefully you reach the same resolution.

Former Member
‎03-18-2013 11:05 AM
0 Kudos

hi all,

Notes 1824956 was applied--- no luck

Just to be sure, have you done the Authorization Sync and Repository sync job ? Are the roles appearing in the search in the Role Risk Analysis window?

the sync jobs were done. the roles are appearing in Role Risk Analysis

any Ideas?

Thanks,

Sri

Show replies
Show replies
Colleen
Advisor
Advisor
‎03-18-2013 11:17 AM
0 Kudos

Hi Sri/Vj

Rather than the community play a guessing game, perhaps you can detail what you have done and attempted to do (including screen shots) so that further assistance can be provided?

For example show a risk you expect to see?

Former Member
‎03-18-2013 2:36 PM
0 Kudos

hi Colleen,

I am running few reports on NWBC

under Access Risk Analysis Reports

  

I ran

  User Risk Violation Report ---- I don't see any results(0 records/ lines are fetched by executing the query/report)

Role Risk Violation Report-----I see only one line with "No rules were selected"

any idea why it not populating records?

thanks

Sri

Colleen
Advisor
Advisor
‎03-20-2013 1:28 AM
0 Kudos

Hi Sri

My point is you are showing the result. However, all of your configuration, master data and security access impacts the result. Without know this information we are all playing a guessing game.

You might want to step everyone through what you have done to configure your system and/or what you have tried to fix your issue..

I suggest you find a user or role which you are certain has a risk so you know if the report displays the results. This time for your selection criteria specify the system, the role/user, the Access Risk Id and the Rule Set. Do not include any blank fields. Select all report types and Include Mitigated Risks

Do the following:

  1. Generate the Rule set/Risk/Function for the case you are testing
  2. Run you sync jobs to make sure data is current
  3. Run the report - if you have results then you know the report works. If not,
  4. Check your User/Role to see if it is in scope based on configuration parameters - e.g. is the user locked or expired so not being included

If you get no results and still suck ..... start looking at

  • Maintain Configuration Settings?
  • Maintain Mapping for Actions and Connector Groups - do you have action 0002 for Risk Analysis?
  • Do you have authorization (run ST01 trace to be sure)?
  • Double-check your Risk Matrix

Next step - trace (ST01/ST05) and/or debug to check the execution logic

If this still fails and all of the notes recommended to you do not resolved your issue, then you may need to raise a message with SAP for further assistance.

simon_persin4
Contributor
‎03-20-2013 1:25 PM
0 Kudos

Have you scheduled the Batch Risk Analysis job? If you are using the reports on the Reports and Analytics tab, then you will be relying on the information generated by that report to populate the data. The Access Management tab reports do not rely on that particular job and therefore will show results regardless.

S

Former Member
‎03-18-2013 5:38 AM
0 Kudos

Hi, All

We need  implemented SAP note 1824956 and this resolved the issue

Show replies
Show replies
Former Member
‎03-18-2013 1:55 AM
0 Kudos

Hi Sri,

Request you to kindly implement the below SAP Note to resolve the issue

#1824956: User Analysis Report shows "No violations"

Regards,

Shaily

Show replies
Show replies
Former Member
‎03-17-2013 4:07 AM
0 Kudos

Hello,

Are the rules appearing in the Rule setup tab in NWBC? Also, please note in the higher support packs of SAP GRC Access controls, you need to exclude any empty Risk Analysis parameters. For eg. In Role Analysis screenshot you have attached, I see the Risk by Process parameter empty. It is advised to remove the field by clicking on the minus button besides it.


Additionally, go to SE16 and check the table GRACACTRULE and GRACSYSRULE , if the Rules are generated for the corresponding connector. Please review the following notes :

1655862

1752956


Show replies
Show replies
Colleen
Advisor
Advisor
‎03-17-2013 11:50 PM
0 Kudos

Adding to Mauresh's comments -

check your configuration parameters. some community members have been caught out for the risks analysis parameters excluding certain groups or users. E.g. parameter 1028 will allow you to exclude expired users

Former Member
‎03-18-2013 12:45 AM
0 Kudos

hi Mayuresh,

Are the rules appearing in the Rule setup tab in NWBC? Also, please note in the higher support packs of SAP GRC Access controls, you need to exclude any empty Risk Analysis parameters. For eg. In Role Analysis screenshot you have attached, I see the Risk by Process parameter empty. It is advised to remove the field by clicking on the minus button besides it.


Rules are appearing in Rules Setup Tab. following your suggestion, I excluded empty parameter...Risk by Process.. still no luck.

Additionally, go to SE16 and check the table GRACACTRULE and GRACSYSRULE , if the Rules are generated for the corresponding connector.

there is data in both tables.

Any Ideas/ suggestions?

Thanks,

Sri

Former Member
‎03-18-2013 12:47 AM
0 Kudos

This message was moderated.

Former Member
‎03-18-2013 6:16 AM
0 Kudos

Hi Sri,

Just to be sure, have you done the Authorization Sync and Repository sync job ? Are the roles appearing in the search in the Role Risk Analysis window?

Regards,

Mayuresh

Ask a Question