cancel
Showing results for 
Search instead for 
Did you mean: 

Authorization and Repository Object sync

Former Member
0 Kudos

Hi,

I know that Authorization object sync and Repository Object sync means Synchronizing the authorization data and synchronizing Roles, profiles and users from backend system respectively.

But what is meant by Synchronization? What the system will do exactly when we run these jobs. Will it stores the data fetched, into GRC tables? If yes, then in which tables it is storing data like authorization data, roles, profiles and users of backend system?

What is the difference between offline and online risk analysis? I.e. in what what way it analyses risks?

Kindly help.

Regards,

Kaavya.

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
0 Kudos

Kaavya,

see the documentation from SAP.

The activity updates the following data for the relevant synchronization acitivities:

Profile Synch

  • PD Profiles and descriptions
  • PD Profiles Actions for legacy systems
  • PD Profiles Permissions for legacy systems
  • All related data for Deleted Profiles is deleted from the repository and violation tables

Role Synch

  • Roles and their descriptions
  • Roles Org Levels relationship
  • Role Actions for legacy systems
  • Role Permissions for legacy systems
  • All related data for Deleted Roles is deleted from the repository and violation tables

User Synch

  • Users and their descriptions
  • Users and Profiles relationship
  • Users and PD Profiles relationship
  • Users and Roles relationship
  • Users Org Levels relationship
  • Users Actions and Permissions for legacy systems
  • All related data for Deleted Users is deleted from the repository and violation tables

Regards,

Alessandro

Former Member
0 Kudos

Hi Alessandro,

Thanks for your reply. This is all given in SAP documentation. My question is where can we see the synchronized data physically? How can we make sure that all data is synchronized or not.

Regards,

Kaavya.

former_member204204
Active Participant
0 Kudos

Hi Kaavya,

You can check the below tables after completion of your sync jobs for validation.

Auth Sync - GRACACTPERMSYS

User sync - GRACUSERCONN

Role Sync - GRACRLCONN

Profile Sync -GRACPROFILE

Not sure about the profile table so just guessing.

Regards,

Neeraj


Former Member
0 Kudos

Hi Neeraj,

This is what I am searching for. Thank you.

GRACPROFILE is correct, we can find the profiles with descriptions in GRACPROFILET table.

Regards,

Kaavya.

surya_appala
Active Participant
0 Kudos

Hello Alessandro,

Thanks for the valuable inputs. But I see that Role description is not getting synchronized.

We have modified the description of role and ran Full repository object sync. But still the updated description is not getting reflected.

Regards,

Surya

Former Member
0 Kudos

Surya,

This Discussion is two years old and already Answered. Please open a new discussion thread with your question, referencing this discussion as needed, and be sure to include at least the Minimum Required Information for this space.

Thanks,

Gretchen

Answers (1)

Answers (1)

alessandr0
Active Contributor
0 Kudos

regarding offline vs online analysis:

Offline analysis is not real-time data but is dependent on the date of the last Batch Risk Analysis.  The Batch Risk Analysis is run using the Schedule Analysis feature found under the Configuration tab > Background job.  This is the same batch risk analysis that is run to update the management reports and companies should be running this on a frequent basis to ensure their management reports are accurate.  Running the Offline analysis is the same as drilling down via the Management View.


The benefits to using offline analysis is mostly in response time.  By using offline analysis, Compliance Calibrator/Risk Analysis and Remediation does not have to make as many calls into the connected systems so the analysis will return much faster than using on-line analysis.  However, please keep in mind that offline analysis is not real-time and will not take into account any changes made since the last Batch Risk Analysis.


Also, it's important to understand that even when you run offline analysis, it will have to make a call to the back-end system to obtain composite role names.  Therefore, if the back-end system is down, offline analysis will not work.


Using offline analysis, you can obtain both summary and detail reports. The one exception is that if you run Report types Critical Action or Critical Permission, you will not be able to see the detail report, only the summary report.  Please note that this is only for Critical Action and Critical Rermission.  Report types of Permission level and Action level can go down to the detail level in offline mode.


Please keep in mind that how you have the Batch Risk Analysis set up for defaults will impact the data you have to run offline analysis on.  For example, in Configuration under Risk Analysis > Default Values, you have the option "Exclude Locked Users".  If this is set to YES, when running the batch risk analysis, it will not evaluate locked users which means the tables holding the conflicts will not include any data for locked users.


When you run Risk Analysis, you have the option to change Ignored Users field to something other than what is set up in the Configuration. However, if you change this to NOT ignore locked users and run in offline mode, you will not receive any conflicts because no locked users were evaluated during the batch risk analysis.  Running this report in online mode may turn up conflicts with locked users.


Hope this helps.


Regards,

Alessandro