cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I get the Central Owners (POWL) to show up to assign Mitigating Controls

Go to solution
Former Member

on ‎10-08-2013 8:30 PM

0 Kudos

I have added users in the Central Owners. If I am correct these owners must be added to the target system in order to be seen to be assigned. But now I have made them owners and gave them roles and I still cannot create Mitigating controls because it does not find the AC owner to assign. Please see print screen. Any idea what I am missing to make this happen?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-08-2013 9:25 PM
0 Kudos

Claudia,

So you made these users Owners, but did you add them yet to their correct level in the organization hierarchy (Setup> Organizations)? You cannot add them to Mitigating Controls until they are part of the organization.

Gretchen

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎10-08-2013 9:26 PM
0 Kudos

I actually just found the answer to my question But maybe someone can answer this. How do you add a New custom Tcode as a Risk? Do I have to add this to my risk file and re upload it or is there a way to do this thru NWBC?

Thanks,

Claudia

Show replies
Show replies
Colleen
Advisor
Advisor
‎10-09-2013 4:00 AM
0 Kudos

Hi Claudia

to update the ruleset via NWBC for a custom transaction code:

  • complete the auth sync etc to import your SU24 data
  • In RAR Rule Set within NWBC you can either maintain an existing Function that belongs to the risk or create a new function. In either case, you add the custom transaction code as an action and then maintain permissions (the SU24 data is imported as the proposal)
  • If a new Function, update existing Risk or Create New Risk and assign the function
  • Generate the impacted Risks

I recommend you search SCN as this has been asked a bit.

Regards

Colleen

former_member193066
Active Contributor
‎10-09-2013 7:09 AM
0 Kudos

As colleen  already stated.

when you add new Z tcode to backend system, ensure its there in SU24 and do a sync.

then check with business to  figure out which function id should contain this new custom tcode whould exist .

add it and generate ruleset.

if you have 10000000 custom tcodes make changes outside nwbc and upload and generate ruleset.

Regards,

Prasant

Former Member
‎10-09-2013 3:13 PM
0 Kudos

I honestly don't understand what you're saying.

I tried using NWBC but if you look at the print screen I get the following errors.

Can you tell me where that informations gets populated from?

If I do this from the backend and update a file and then do the upload instead which file am I using the risk file? And do I just add these to the bottom of the file, will that work?

I have over 300 of these to add and i think it will take too long thru NWBC but I also need to make sure

that I have each of the conflicting functions included.

As far as searching SCN for this, I have searched Google, SCN and anywhere I can think of for this and all other information I have needed. Sometimes I find things and a lot of the other time I don't. SAP need a user's manual for this stuff, would be extremely helpful.

former_member193066
Active Contributor
‎10-09-2013 3:33 PM
0 Kudos

hello,

first of all the error in nwbc is all about maintain owners in organization.

go to nwbc >setup> organization select the organization you want to maintain owners> owner tab add  respective users.

ensure they are maintained as owner in access control owners powl.

when you try to maintain owner please browse for all users and select the user to want to maintain.

sometimes it does not find the user.

since you have more that 300 add it to file and upload it, depends how you choose to add if you want to append no need of adding at bottom ,just these number of mitigation and append,or else you can download all and enter these at bottom and overwrite while uploading.

Regards

Prasant

Colleen
Advisor
Advisor
‎10-10-2013 1:27 AM
0 Kudos

Hi Claudia

You asked: 

But maybe someone can answer this. How do you add a New custom Tcode as a Risk? Do I have to add this to my risk file and re upload it or is there a way to do this thru NWBC?

I missed the word OR so only answered how to do this in NWBC. You are right, with 300 custom transactions to add a mass upload would be better.

You can do this via the IMG:

  • Governance, Risk and Compliance > Access Control > Access Risk Analysis > SoD Rules > Download SoD Rules
  • Download all the files
  • For Functions you will need to add your transactions to the Functions Files as well as linking to the Risk
  • Use the Governance, Risk and Compliance > Access Control > Access Risk Analysis > SoD Rules > Upload SoD Rules to import your changes
  • Use the Governance, Risk and Compliance > Access Control > Access Risk Analysis > SoD Rules > Generate SoD Rules to mass generate your changes.

You might want to create one manually via NWBC first and then extract the files. You can then use that as you guide to search each file on what to maintain

SAP need a user's manual for this stuff, would be extremely helpful.

For that manual - unfortunately that is the GRC300 training course and hands on practise. GRC 5.3 had a fantastic manual on what to do. GRC-10 training covers the information. SCN community is slowly building up some quality content on what to use but trial and error in your sandpit is another way to learn. You can always take a copy of your files first before making changes. If you have major issues you can mass delete your rule set and reimport your file to revert.

I'm unsure if you area referring to your original screen shot or you meant to post something else. This part of the thread (may two posts) pertain entirely to maintaining Functions. Your original question and screen shot is about mitigating controls. Perhaps these threads should be split to avoid confusion? I assumed you had resolved mitigating control owner assignments when you wrote:

I actually just found the answer to my question


Former Member
‎10-10-2013 4:21 PM
0 Kudos

Colleen, can you tell me how to actually add the Tcode in NWBC?

I can see how to add a new Function or a new risk but I don't see where specifically I add the TCode.

I do plan on updating the file and doing it that way but I need to see what fields get update so I can do this step correctly.

Thanks for your help,

Claudia

Former Member
‎10-10-2013 4:28 PM
0 Kudos

You mentioned that sometimes it does not find the user and this is a proplem I am having right now. I did the steps you mentioned or had already done them but now when I go back into those forms my users are no longer visible and if i try to re-add the same person as an owner it tells they already exist as an owner but i cannot see them. I have made sure that these users have the correct roles assigned to them and I had no problem creating them originally,

former_member193066
Active Contributor
‎10-10-2013 5:35 PM
0 Kudos

well how its works is.

RISK ID contain FUNCTION IDS(Two or more for SOD Risk)

Function ID Contains Action and Permission(TCODE and Auth Object)

for adding tcode to existing function id go to particular function id and add there.

Regards,

Prasant

Colleen
Advisor
Advisor
‎10-10-2013 11:17 PM
0 Kudos

Hi Claudia

NWBC > Rule Setup > Access Rule Maintenance > Functions

To maintain - select a function for modify. You are adding an Action (i.e. transaction) and then maintaining the permissions (i.e. authorisations)

A Function can have several Actions assigned

Here is a screen shot of the two steps

When you click on the Permission tab the SU24 data for the Action (transaction) will appear with status set as Inactive. You can then maintain by via add and remove buttons as well as changing the Status and Conditions (AND/OR). Activate the permissions fields you want to form the Function and then save your Function

Regards

Colleen

Ask a Question