cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risks are not associated to any Ruleset

Go to solution
Former Member

on ‎09-12-2013 2:25 PM

0 Kudos

I have loaded my Rolesets and Generated them but my risk are not associated to any roleset. I have double checked all of my connectors and

they appear correct as i had to do this in order to upload my rulesets.

Also when I go Into NWBC I do not have the Icon for Rule Set Maintenance, can someone tell me what access I need for this?

Thanks,

Claudia

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎09-13-2013 1:42 PM
0 Kudos

Hi Claudia,

regarding missing link: following roles or (their copies) should grant you with access rights.

SAP_GRC_FN_ALL

SAP_GRC_FN_BASE

SAP_GRC_FN_BUSINESS_USER

SAP_GRC_NWBC

SAP_GRAC_RISK_OWNER

regarding missing assignment:

If you have loaded risks using upload program, your file for Risk Rule Set Relationship had probably incorrect format - unfortunately the program does not control anything. Try to check format and upload it again.

regards

Igor

Show replies
Show replies
Former Member
‎09-17-2013 8:42 PM
0 Kudos

This was extremely helpful, once i corrected the format of the Relationship file and re-uploaded then that issue was corrected. I still do not get anything back though when I run a risk analysis, every report I try to run is blank or just doesn't come up at all. Any idea?

Former Member
‎09-18-2013 7:36 AM
0 Kudos

Hi,

have generated rules after the new upload?

regards

Igor

former_member193066
Active Contributor
‎09-18-2013 9:27 AM
0 Kudos

hello,

please fille the required stuff in isk anaysis scree, like connector user and ruleset and risk level remove rest by clicking minus button(-)

then run risk analysis.

Regards,

Prasant

Former Member
‎09-18-2013 1:09 PM
0 Kudos

So I choose to run a Risk Analysis at the Role level:

I entered the System, Role Type but I found a problem when it asked for the Role.

It could not find any Roles and I did bring these over from the other system. I have to assume that this is part of my promblem.I ran the GRAC_REPOSITORY_OBJECT_SYNC JOB that should have brought the Roles, Users and Profiles over but now that I look at the tables i don't see them.

This job ran for a long time, Should I assume this is a connector issue?

 

former_member193066
Active Contributor
‎09-18-2013 1:17 PM
0 Kudos

Hello,

please check integration scenario.

Regards,

Prasant

Former Member
‎09-18-2013 3:18 PM
0 Kudos

Hi Claudia,

after SoD rules set upload you should generate rules.

Then you should perform the first four sync jobs in SPRO -> Access Control -> Synchronization Jobs.

It could take several hours - depending on number of roles, users in satellite system and performance of GRC system. Check that all of them finished succesfully otherwise you missed some customizing.

Then you should be able to search for users/roles and execute on-line analysis.

Then perform execute batch risk analysis. Once finished you will be able to perform off-line analysis.

Check your customizing and settings  with documentation placed here:

http://scn.sap.com/docs/DOC-8562

Also check that your connector is assigned to 4 integration scenarios relevant for AC. SPRO ->GRC-> Common Component Settings->Integration framework-> Maintain Connection Settings.

Regards

Igor

Former Member
‎09-18-2013 4:52 PM
0 Kudos

I have done all of these steps already but do I have to generate the Ruleset again if I made changes to the Risk Rule Set Relationship file?

The job did take several hours to run.

Former Member
‎09-18-2013 8:18 PM
0 Kudos

One more thing I think I might knw what the problem is I just need to talk this thru. I have set up connectores but my question is do i need to create a connector for the ruleset? For example my Ruleset is a custom Ruleset so do I need to create a connector for this and then make sure it's set up everywhere? Would this connector also be SAP?

Former Member
‎09-19-2013 8:03 AM
0 Kudos

Hi Claudia,

you have to generate it again. The reason is that you perform analysis against specific ruleset in NWBC - it is one of selection options. So when you have uploaded correct files then you have execute rule generation.

regards

Igor

Former Member
‎09-19-2013 8:15 AM
0 Kudos

Hi Claudia,

your connector (which represents physical satellite system) is already connected in customizing and it is not ruleset specific.

regards

Igor

former_member193066
Active Contributor
‎09-19-2013 8:18 AM
0 Kudos

please follow the doc and ensure all the setting are done.

http://scn.sap.com/docs/DOC-1564

Regards,

Prasant

Former Member
‎09-19-2013 12:44 PM
0 Kudos

Thank You, this is the document that I have been using

Former Member
‎09-20-2013 9:15 AM
0 Kudos

Have you get results or not?

former_member193066
Active Contributor
‎09-20-2013 10:03 AM
0 Kudos

please run risk analysis attaching screenshot.

fill connector and user feild. select appropriate for risk level and ruleset.

remove rest by click button.

and run risk analysis

i think you are on SP12.

Answers (3)

Answers (3)

Former Member
‎09-24-2013 2:03 PM
0 Kudos

I can run this screen exactly the way you show it on my account, however the problem I have is that I cannot see any of the other users or roles. Only the ones that have been created on this instance.

Show replies
Show replies
former_member193066
Active Contributor
‎09-24-2013 5:16 PM
0 Kudos

run sync job again and try.

Regards,

Prasant

Former Member
‎09-25-2013 4:32 AM
0 Kudos

Dear Claudio,

The Users/Roles/Profiles must exist in the repository tables in order to be available for selection in the

Risk analysis. Only the user available in the GRACUSERCONN table for the specific connector will be

available for selection. Same applies for the roles. If th User/Roles/Profiles does not exist in the repository data,Please run the repository object sync job for the specific connector. Once this is done you will be able to search and select all the user/roles etc.

Thanks & Regards

Japneet singh 

Former Member
‎09-25-2013 1:47 PM
0 Kudos

Thank You this is very helpful information so that I can check to see if my users are at least there and all of them are listed here, I can see them all with their userid's and usergroups. This does not show their roles. I will try to run the repository obj sync job again and see if it makes a differrence.

Former Member
‎09-25-2013 9:13 PM
0 Kudos

I have validated that the only thing I see is the users. I do not see the roles or the profiles, Why would the synch job work for the users but not for the Roles and Profiles? I ran it for all 3 at the same time does it have to be run for each one indvidually?

Former Member
‎09-26-2013 4:37 AM
0 Kudos

Dear Claudia,

The tables GRACUSERCONN stores the users information only. For the role,Please check the table GRACRLCONN.

For more information,Please refer to the following link

http://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=317950641

This is a Wiki document which contains all the information related to the repository tables.

I hope this will help.

Thanks & Regards

Japneet singh

former_member193066
Active Contributor
‎09-26-2013 10:03 AM
0 Kudos

Hello,

go to se38.

run these 3 program.

GRAC_ROLEREP_ROLE_SYNC
GRAC_ROLEREP_USER_SYNC
GRAC_ROLEREP_PROFILE_SYNC

do a full sync.

Regards,

Prasant

Former Member
‎09-26-2013 8:21 PM
0 Kudos

You guys have been awesome with your help and my next question is does this ever stop? Will I get to a point where it will work 🙂

I now see all of my users and roles and I even ran a risk analysis on myself but I want to now mitigate the one risk

I have,

I have added my manager as the Mit control Owner and approver. But when I go to assign her in NWBC as a Risk owner it does not see her at all or anyone else. So once again I am stuck.

Thank You so much for all of your help as I would be lost without it.

former_member193066
Active Contributor
‎09-26-2013 9:07 PM
0 Kudos

go to setup tab.

click organization..

select the org unit you have designed or created.

open it, then go to owners tab.

select owner.

then you can see them in mitigation control.

Regards,

Prasant

former_member193066
Active Contributor
‎09-26-2013 9:09 PM
0 Kudos

follow above steps mentioned,

you have updated manager in owners section

and he need to be mapped in org unit.

Regards,

Prasant

Former Member
‎09-26-2013 9:29 PM
0 Kudos 
Claudia Padovano wrote:
You guys have been awesome with your help and my next question is does this ever stop? Will I get to a point where it will work 🙂

Probably, eventually it will work. On time and on budget? It is possible. I have heard rumors that such a thing has happened. I have not personally seen it, but then again, this is only my 3rd GRC 10 project, and we seem to be implementing a(nother) particulary buggy SP(12).

Good luck!

Gretchen

former_member193066
Active Contributor
‎09-13-2013 12:09 PM
0 Kudos

regarding risk not associated to any ruleset.

please download it from spro>GRc>SOD> then check the file you can see if it is associated or not.

REgaqrds,

Prasant

Show replies
Show replies
former_member193066
Active Contributor
‎09-13-2013 12:08 PM
0 Kudos

assign yourself appropriate role .

probably give your self super access

Regards,

Prasant

Show replies
Show replies
Ask a Question