cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10.0:Mismatch found in the Search type on Function permission table.

Go to solution
Former Member

on ‎06-28-2013 11:05 AM

0 Kudos

Hi All,

          I am working on VIRSA CC 4.0 to GRC 10 Migration.

I have downloaded Ruleset from VIRSA 4.0. & Uploaded to GRC using SPRO.

I have found mismatch in search type value (AND instead of OR) after checking in the permission tab of the function.(But this problem for some functions mostly for those functions which have ACTVT field value. )

            But No violations found in the risk analysis for those affected functions (I have sync repository & also generate rule).

What I should do in such case?

           Thanks in advance.Any Help is Appreciated.

Regards ,

Parag.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-03-2013 5:04 AM
0 Kudos

Hi All,

After exploring more on the above issue i have concluded that

Actually, GRC does not allow mix of AND and OR for the multiple values

of the same field within an authorization object group.

If this is the case then system will automatically change the values.


Please ref SAP Note #1330165 for more detail on this.

Regards,

Parag.

Show replies
Show replies

Answers (2)

Answers (2)

Former Member
‎07-09-2013 6:05 AM
0 Kudos

Dear  Parag Kumbhar

Check this note

Note 865572

Note 1790454

Regards,

Show replies
Show replies
Former Member
‎07-11-2013 4:20 AM
0 Kudos

Hi Mohammed Ashraf,

  Thanks for your reply,But I have already Implemented it but still issue is unresolved.

Regards,

Parag.

former_member193066
Active Contributor
‎07-16-2013 2:17 AM
0 Kudos

Thanks for Image

You dont need to specify same object field value like 01 to 01.

before making any change would you please check this

RUN Risk Anlaysis .

select connector,

select user

select ruleset.

rest of the selection criteria remove them by clicking Minus

Regards,

Prasant

Former Member
‎07-16-2013 10:00 AM
0 Kudos

Hi,

As per your reply I have given input to User Level Rask Analysis as per below screenshot:-

Refer Image 1.(Input for risk analysis)

But  It only show risk on ACTION level not for PERMISSION level as per below screen shots:-

Action Level:-

Refer Image 2.(Action Level)

Permission Level:-

Refer Image 3.(Permission Level)

Kindly guide me to understand why it is showing different result for all same input value except type of Report. (Action/Permission level).

Regards,

Parag.

former_member193066
Active Contributor
‎07-01-2013 9:48 AM
0 Kudos

Hello,

You have dwloaded from table all 7 files converted them to appropriate 9 file and uploaded?

and generated ruleset?

could you please try to create 1 risk maunally and test the same?

i feel it migt be issue with the format you have uploaded.

you can activate BC set and test as well and use the standard format,then change as per your downloaded ruleset  and upload by selecting overwrite option.

Regards,

Prasant

Show replies
Show replies
Former Member
‎07-03-2013 6:55 AM
0 Kudos

Hi Prasant,

          First of all thanks for your guidance.

           

         As per your opinion whenever I have tried to create risk manually the search type value in the function permission table shows AND even if I entered it OR after saving the function.Mostly I have faced this problem where the field value is ACTVT & the status of function is Active .

          If I changed the status of the function from active to inactive & I entered the value of search type

OR  then the value remain as it is.(Does not changes to AND).

Regards,

Parag.

former_member193066
Active Contributor
‎07-03-2013 10:23 AM
0 Kudos

check this note. might be helpful 1225227

Regards,

Prasant

Former Member
‎07-04-2013 5:06 AM
0 Kudos

Hello All,

         Risk found if  i have performed access risk analysis on Action level but risk not found if I have performed it on Permission level for same System,User,Risk type,Rule set,User type.

        I have uploaded value as per below format using tab delimited text files.

         Uploaded Format:-

Function IDTransactionObjectFieldFrom ValueTo valueSearch Type Status
ZF19VL01V_LIKP_VSTACTVT11OR0
ZF19VL01V_LIKP_VSTACTVT44OR1
ZF19VL01V_LIKP_VSTVSTEL$VSTEL$VSTELAND1
ZF19VL01NV_LIKP_VSTACTVT11OR0
ZF19VL01NV_LIKP_VSTACTVT44OR1
ZF19VL01NV_LIKP_VSTVSTEL$VSTEL$VSTELAND1

         

The values gets uploaded in GRC format as per below format.

GRC format:-

Function IDTransactionObjectFieldFrom ValueTo valueSearch Type Status
ZF19VL01V_LIKP_VSTACTVT11AND0
ZF19VL01V_LIKP_VSTACTVT44OR1
ZF19VL01V_LIKP_VSTVSTEL$VSTEL$VSTELAND1
ZF19VL01NV_LIKP_VSTACTVT11AND0
ZF19VL01NV_LIKP_VSTACTVT44OR1
ZF19VL01NV_LIKP_VSTVSTEL$VSTEL$VSTELAND1

    The value of search type changed (AND instead of OR) for uploaded format mostly where field value is ACTVT & status is active.

     Kindly help me to resolve GRC format issue.Thanks in advance......!!!

Regards,

  Parag.

former_member193066
Active Contributor
‎07-04-2013 6:05 PM
0 Kudos

You are trying to use excel to make changes .

ensure 01 should not be 1.

example

from value of actvt  should be 01 and 04 not 1 and 4

and use SAP format..

what i meant ver here is

when you open it in excel it will not identify "0" before "1"

like if it is 01 if you open in excel it will be 1.

esnure it always 01.

u will find the risk.

Regards,

Prasant

Former Member
‎07-06-2013 12:13 PM
0 Kudos

Hi Prasant,

I have tried as you said above but issue is not resolved as displayed in below screenshots.


Uploaded Format:-

ZF19VL01V_LIKP_VSTACTVT0101OR0
ZF19VL01V_LIKP_VSTACTVT0404OR1
ZF19VL01V_LIKP_VSTVSTEL$VSTEL$VSTELAND1
ZF19VL01NV_LIKP_VSTACTVT0101OR0
ZF19VL01NV_LIKP_VSTACTVT0404OR1
ZF19VL01NV_LIKP_VSTVSTEL$VSTEL$VSTELAND1

GRC Format:-

ZF19VL01V_LIKP_VSTACTVT0101AND0
ZF19VL01V_LIKP_VSTACTVT0404OR1
ZF19VL01V_LIKP_VSTVSTEL$VSTEL$VSTELAND1
ZF19VL01NV_LIKP_VSTACTVT0101AND0
ZF19VL01NV_LIKP_VSTACTVT0404OR1
ZF19VL01NV_LIKP_VSTVSTEL$VSTEL$VSTELAND1

Kindly help me to resolve this issue.

Regards,

Parag.

former_member193066
Active Contributor
‎07-07-2013 9:31 AM
0 Kudos

Can u let me know whats is  the issue  now??

create a test role with  these object and do  a sync and run it.

attach  the screenshot.

Regards,

Prasant            .                

Former Member
‎07-09-2013 10:17 AM
0 Kudos

Hi Prasant,

Mismatch found in the Search type on Function permission table while uploading Custom Rule Set

System Information:

GRC Version: SAP GRC Access Control 10.0 SP12 [GRCFND_A - V1000 – 0012]: System LEG Client 100

Underlying SAP Platform: Netweaver 7.02 AS ABAP

Backend ERP System: ERP6 EHP6 AS ABAP with GRC Plug-in GRCPINW - V1000_700 – 0006: System LES Client 140

Problem Description:

We have uploaded SOD rules (Custom Ruleset ) in the LEG system client 100 using transaction code SPRO and we also generated the rule set After uploading the rules we have checked in the LEG system using transaction code NWBC .We observed that mismatch found in the search type values on the permission tab of the functions. Search type values are AND even though we uploaded it as OR not for all functions but mostly for functions having Field values ACTVT & function status is ACTIVE.

Our observation regarding to these issue are as below:-

1) Rule Set download was OK to Excel Files

2) Text Files used for Rule Set upload also have the same correct values.

3) The issue is not related to download/upload but is in the system.

4) On manually correcting the Search Type fields from AND to OR and saving it, it again changes to AND

5) On Deleting the permission definitions and creating new from Scratch with Search type OR and saving it again also converts it back to AND

6) This behaviour only in cases where the permission status is Active.

Here we show some sample functions facing issue.

Uploaded Format:-   ( Function permission table )

Refer Image scn 0

GRC format (Mismatch i.e. Got converted into AND instead of OR):-

Refer Image scn 1

After checking in the GRC we found the search type has been changed to AND even though we have uploaded OR for two places in the ZF18.

After checking in the GRC we found the search type has been changed to AND even though we have uploaded OR for two places in the ZF19.

    

For further analysis, We have performed Risk Analysis user level & Report Option type Action Level.

shows risk

We have performed Risk Analysis user level & Report Option type Permission Level.

Doesn't show risk

  Regards,

Parag.

Ask a Question