on 07-07-2014 9:36 PM
Hi Gurus,
I had to modify few functions in ruleset by moving few t-codes from one function to another another function. When we transported the changes to production one function got updated with the changes and another function never updated. So I manually, updated that function which corrupted the ruleset and now I can't find any SOD's which were present previously.
I am thinking of uploading the ruleset to production directly instead of transporting it but before that, do I need to delete the existing rules in production and do I need to use Overwrite option instead of Append ?
Please advise how should I proceed ?
i Have generated the sod rules already
Regards,
Salman
Hi All,
I ran report for deleting SOD access rules in production then transported the rule set from development to production and it is working fine and even the deleted changes in functions moved with the transport.
But, can we delete SOD rules in production if this happen again and follow up with the transport as our development is consistent with production ?
Regards,
Salman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Salman
Just a silly check but that helps for me.
While editing file in txt or excel kindly check the case, as Rules are case senstitive.
As per my experience there will be no error while uploading and synch but SOD will not work.
So try to get upload dump with taking care of case senstitive.
Thanks
Bhupinder Singh Arora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
1. Deleted the SOD rules in development
2. Uploaded the back copy of rule set in DEV
3. Generated SOD
4. Launched NWBC --> Functions --> Mass Maintenance --> removed/added t-codes from/to functions --> generated rules
5. Ran simulation and it works fine now
6. Plan is to move the ruleset to production and manaully update these functions for removal of t-codes as GRC don't have ability in transport tool to carry deleted stuff
I deleted the SOD rules and uploaded the ruleset again in development. I get violation for few risk id's but most of them doesn't show. Sensitive risk id's still shows up which is fine.
We had to move few actions from one function to another function hence risk related to this functions are not showing as violations. I did generate the rules and ran batch/sync jobs but it is still not giving violations.
I modified the text files via Excel and updated only Function_Action and Function_permission files only as I had to update only functions.
Can anyone please help me?
We are using SP13
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Salman,
First: when you modified some of the function by adding or reomving, you are definitely adding the entry (actions/permissions) which is already available in some other functions. So, you need to be sure if duplication is there.
Second: You mentioned GRC doesn't have the capability to capture the deleted stuffs in TR, I think it is everywhere. If you deleted some entries and capture the updated data in TR, then obviously during moving the TR, you would not get the deleted entries.
so, if you are modifying rule sets in DEV then better to get it transported to all of the follow on systems which is the best practice instead of uploading it directly in PRD.
You can have multiple rule sets available in system but you need to make only one of those as default for running risk analysis under parameter 1025.
Hope this clears your concerns.
Regards,
Ameet
Hi Ameet,
I have transported the ruleset to production but it did not removed the t-codes from the function. I can still see the t-codes in the function. How should I transport the ruleset so these changes are effected in production?
GRC AC10.0: Transport function action / permission deletions : View Idea
Regards,
Salman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.