on 04-12-2013 1:58 AM
Hi,
I am working on an assignment and need your help to over the situation.
I am setting up GRC AC 10 demo system. So far ARA is configured and want to test SoD functionality before proceed next.
I made a "ztest_role" and put few basis tcodes in it to make conflict.
I ran risk analysis on a ztest-role with global rule set but no conflict/risk is being detected. When I do same with user-defined rule-set, It’s showing conflict.
I generated/regenerated SAP given global rule set many time but no difference.
Please help me to overcome this situation and guide me in right direction.
Thank you so much....
Regards,
Nasir
Hi Nasir,
Did you check the table GRACACTRULE table. Do you see any entries in it? Incase if the table is empty, the rule generation is not appropriate. Ensure to regenerate the rules.
I also recommend you to run the batch risk analysis job in full sync mode. Additionally, execute the three additional sync jobs with SA38:
GRAC_ROLEREP_PROFILE_SYNC
GRAC_ROLEREP_ROLE_SYNC
GRAC_ROLEREP_USER_SYNC
You can refer SAP Notes # 1825119 and 1824956 which are relvant to the current issue.
Regards,
Raghu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi NAsir,
To me it looks as if you have uploaded the rules only for the custom rule set and hence you are getting
the violation only when you select the custom rule set.
Please check the check the report "Access rule detail" & "Access rule summary".You fill find the reports in NWBC-> Reports and Analytics.
Please run the reports by selecting both the rulesets one by one and let us know how it goes.
Thanks
Japneet Singh
Hi Nasir,
Did you run the Risk Analysis on a user who has SAP_ALL? If yes, and the screen is blank, I recommend you to perform a Full sync again. Also, make sure that you are not running the risk analyis in Offline mode. Refer the parameter in SPRO IMG --> Maintain configuration settings --> Param ID 1027. The value should be No. This will make sure that it performs only online risk analysis.
Regarding blank entries -> Ensure that you didn't click + sign for system/user in the initial screen and left that row unfilled.
Rgds,
Raghu
Hi Nasir,
Are you by an chance on SP 11? In SP 11 there were few bugs.These bugs were resolved in the note 1824956 & 1817251.
I also assume that you are able to find the user in the tables GRACUSERCONN for the specific connector.
Can you do one thing, Assign a couple of roles (That has violations) to a user, run the Sync job again and then run the risk analysis for that user.
Please make sure that the Value of the configuration parameter 1026 is set as '0'.
Also,if the value of the parameter 1037 is set to "yes",Make sure that you have the supplimentary rules otherwise change this to "NO".
I hope this will help.
Thanks & Regards
Japneet Singh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.