on 03-17-2013 1:41 AM
Hi,
We installed GRC 10 with SP11.
After the post config steps, I am running few reports on NWBC
under Access Risk Analysis Reports
I ran
User Risk Violation Report ---- I don't see any results
Role Risk Violation Report-----I see only one line with No rules were
selected
Could you take a look and let me know next steps
Thanks,
Sri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Parag,
Did you try viewing the report in Business view? Please check if business view is enabled in SPRO
Check the notes:-
Note 1664654 - UAM: No 'Risk Description' field under Risk Violations tab
1630347 - Unable to view Risk description after Risk analysis
Cheers,
Sabitha
Hi sabhitha
Thanks for the note.
I have added the 1048 in the configuration tab apply note 1630347.
However I am on SP 11 and note 1664654 is application to SP10 ( if I may be wrong) . My sandbox shows the right output .However in development environment it does not show the Risk, Function and Action descriptions.
Cheers
Parag
Hi Sri,
Since you are running the Offline Risk analysis, Please check the tables in SE16
GRACUSERACTVL
GRACUSERPRMVL
Does the following tables have any entries? If not,Please run the batch risk analysis job and then
test the scenrio.Please make sure that the parameter 1027 is set to "YES".If the paramerter is set to
"NO" then the Offline tables(GRACUSERACTVL GRACUSERPRMVL) will not populate while running the batch risk analysis job and as a result you will get the message as "No rule were selected" while
running the Offline risk analysis.Please make sure that the parameter 1027 is set to YES.
Also, Are you getting the violation for the User ,Role when you run the Ad-Hoc risk analysis?
Please let us know.
Thanks
Japneet Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sri and group
We are actually experiencing the same issue. We just upgraded to SP12 which didn't resolve the issue either. As recommended above and, like Sri, I have re-generated the rule set; re-run auth sync; re-run repository object sync. I have gone to SLG1 and validated the jobs completed without errors. I have validated any tables mentioned above contain data as well.
It seems like all is in place but there's obviously something missing. I receive the erro when running a user / role level analysis; role risk analysis as well as when creating a new technical role. Any help is appreciated!
Hi All
As an update, we were able to resolve our issue. Turns out we did not define all our connectors under the connector group SAP_BAS_LG. I recommend you make sure all your connectors are assigned to the correct connector group. Then re-run the authorization and repository object jobs as well as role generation in NWBC. Hopefully you reach the same resolution.
hi all,
Notes 1824956 was applied--- no luck
Just to be sure, have you done the Authorization Sync and Repository sync job ? Are the roles appearing in the search in the Role Risk Analysis window?
the sync jobs were done. the roles are appearing in Role Risk Analysis
any Ideas?
Thanks,
Sri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Colleen,
I am running few reports on NWBC
under Access Risk Analysis Reports
I ran
User Risk Violation Report ---- I don't see any results(0 records/ lines are fetched by executing the query/report)
Role Risk Violation Report-----I see only one line with "No rules were selected"
any idea why it not populating records?
thanks
Sri
Hi Sri
My point is you are showing the result. However, all of your configuration, master data and security access impacts the result. Without know this information we are all playing a guessing game.
You might want to step everyone through what you have done to configure your system and/or what you have tried to fix your issue..
I suggest you find a user or role which you are certain has a risk so you know if the report displays the results. This time for your selection criteria specify the system, the role/user, the Access Risk Id and the Rule Set. Do not include any blank fields. Select all report types and Include Mitigated Risks
Do the following:
If you get no results and still suck ..... start looking at
Next step - trace (ST01/ST05) and/or debug to check the execution logic
If this still fails and all of the notes recommended to you do not resolved your issue, then you may need to raise a message with SAP for further assistance.
Have you scheduled the Batch Risk Analysis job? If you are using the reports on the Reports and Analytics tab, then you will be relying on the information generated by that report to populate the data. The Access Management tab reports do not rely on that particular job and therefore will show results regardless.
S
Hi, All
We need implemented SAP note 1824956 and this resolved the issue
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sri,
Request you to kindly implement the below SAP Note to resolve the issue
#1824956: User Analysis Report shows "No violations"
Regards,
Shaily
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
Are the rules appearing in the Rule setup tab in NWBC? Also, please note in the higher support packs of SAP GRC Access controls, you need to exclude any empty Risk Analysis parameters. For eg. In Role Analysis screenshot you have attached, I see the Risk by Process parameter empty. It is advised to remove the field by clicking on the minus button besides it.
Additionally, go to SE16 and check the table GRACACTRULE and GRACSYSRULE , if the Rules are generated for the corresponding connector. Please review the following notes :
1752956
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
hi Mayuresh,
Are the rules appearing in the Rule setup tab in NWBC? Also, please note in the higher support packs of SAP GRC Access controls, you need to exclude any empty Risk Analysis parameters. For eg. In Role Analysis screenshot you have attached, I see the Risk by Process parameter empty. It is advised to remove the field by clicking on the minus button besides it.
Rules are appearing in Rules Setup Tab. following your suggestion, I excluded empty parameter...Risk by Process.. still no luck.
Additionally, go to SE16 and check the table GRACACTRULE and GRACSYSRULE , if the Rules are generated for the corresponding connector.
there is data in both tables.
Any Ideas/ suggestions?
Thanks,
Sri
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.