cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Ruleset Corrupted

Go to solution
former_member275658
Contributor

on ‎07-07-2014 9:36 PM

0 Kudos


Hi Gurus,

I had to modify few functions in ruleset by moving few t-codes from one function to another another function. When we transported the changes to production one function got updated with the changes and another function never updated. So I manually, updated that function which corrupted the ruleset and now I can't find any SOD's which were present previously.

I am thinking of uploading the ruleset to production directly instead of transporting it but before that, do I need to delete the existing rules in production and do I need to use Overwrite option instead of Append ?

Please advise how should I proceed ?

i Have generated the sod rules already

Regards,

Salman

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member275658
Contributor
‎07-10-2014 3:46 PM
0 Kudos

Hi All,

I ran report for deleting SOD access rules in production then transported the rule set from development to production and it is working fine and even the deleted changes in functions moved with the transport.

But, can we delete SOD rules in production if this happen again and follow up with the transport as our development is consistent with production ?

Regards,

Salman

Show replies
Show replies
alessandr0
Active Contributor
‎07-10-2014 5:17 PM
0 Kudos

Hi Salman,

you can also delete the rules and re-generated directly in productive system. Just make sure that this is compliant with your business definition.

Whenever I had erros with SOD rules I've deleted an re-generated again.

Regards,

Alessandro

former_member275658
Contributor
‎07-10-2014 7:22 PM
0 Kudos

Great thanks Alessandro for confirming this.

Answers (2)

Answers (2)

Former Member
‎07-08-2014 10:31 AM
0 Kudos

Hi Salman

Just a silly check but that helps for me.

While editing file in txt or excel kindly check the case, as Rules are case senstitive.

As per my experience there will be no error while uploading and synch but SOD will not work.

So try to get upload dump with taking care of case senstitive.

Thanks

Bhupinder Singh Arora

Show replies
Show replies
former_member275658
Contributor
‎07-08-2014 12:01 PM
0 Kudos

Hi Bhupinder,

yes it is fine.

because same files work if I don't remove few actions from functions

regards,

salman

former_member275658
Contributor
‎07-08-2014 6:41 PM
0 Kudos

1. Deleted the SOD rules in development

2. Uploaded the back copy of rule set in DEV

3. Generated SOD

4. Launched NWBC --> Functions --> Mass Maintenance --> removed/added t-codes from/to functions --> generated rules

5. Ran simulation and it works fine now

6. Plan is to move the ruleset to production and manaully update these functions for removal of t-codes as GRC don't have ability in transport tool to carry deleted stuff

former_member275658
Contributor
‎07-08-2014 2:46 AM
0 Kudos

I deleted the SOD rules and uploaded the ruleset again in development. I get violation for few risk id's but most of them doesn't show. Sensitive risk id's still shows up which is fine.

We had to move few actions from one function to another function hence risk related to this functions are not showing as violations. I did generate the rules and ran batch/sync jobs but it is still not giving violations.

I modified the text files via Excel and updated only Function_Action and Function_permission files only as I had to update only functions.

Can anyone please help me?

We are using SP13

Show replies
Show replies
former_member275658
Contributor
‎07-08-2014 8:54 AM
0 Kudos

Can anyone please help me ?

i Tried to modify individual function in NWBC but when I try to save the function it gives me warning "function Contained duplicate entries. Removed duplicate entries"

alessandr0
Active Contributor
‎07-08-2014 9:00 AM
0 Kudos

Hi Salman,

did you regenerate the SOD rules after updating the ruleset?

SPRO > GRC > AC > Access Risk Analysis > SOD RUles > Generate SOD Rules

Regards,

Alessandro

former_member275658
Contributor
‎07-08-2014 9:27 AM
0 Kudos

Hi Alessandro,

yes I did ran sod generation after uploading ruleset.

also, I ran other sync jobs

risk ids which are corrupted belongs to functions where I have moved actions from one function to another function

regards,

salman

Former Member
‎07-08-2014 7:56 PM
0 Kudos

Hi Salman,

First: when you modified some of the function by adding or reomving, you are definitely adding the entry (actions/permissions) which is already available in some other functions. So, you need to be sure if duplication is there.

Second: You mentioned GRC doesn't have the capability to capture the deleted stuffs in TR, I think it is everywhere. If you deleted some entries and capture the updated data in TR, then obviously during moving the TR, you would not get the deleted entries.

so, if you are modifying rule sets in DEV then better to get it transported to all of the follow on systems which is the best practice instead of uploading it directly in PRD.

You can have multiple rule sets available in system but you need to make only one of those as default for running risk analysis under parameter 1025.

Hope this clears your concerns.

Regards,

Ameet

former_member275658
Contributor
‎07-08-2014 8:57 PM
0 Kudos

Hi Ameet,

I have transported the ruleset to production but it did not removed the t-codes from the function. I can still see the t-codes in the function. How should I transport the ruleset so these changes are effected in production?

GRC AC10.0: Transport function action / permission deletions : View Idea

Regards,

Salman

Former Member
‎07-08-2014 9:05 PM
0 Kudos

Before transporting, did you generate the modified Rule-sets. Was generation successful?

Ameet

former_member275658
Contributor
‎07-08-2014 9:29 PM
0 Kudos

YEs Ameet. I generated the ruleset and it was successfull

Former Member
‎02-26-2015 2:46 PM
0 Kudos

Hi Ameet ,

I am not able to transport the  removal of few tcodes from functions in SOD ruleset to Quality & Production. Kindly advice.

Thank you

Ranjan .

Ask a Question