cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risk Analysis shows "HIGH" risk as "MEDIUM" risk

Go to solution
Former Member

on ‎09-26-2014 11:35 AM

0 Kudos

Hi All,

I have defined SOD risks with Risk Level "HIGH" and generated the rules


Access Rule summary also shows that rules are generated with risk level "HIGH"

But when I execute the risk analysis for these risks which are defined with risk level as "HIGH", in the risk analysis result they are being shown with risk level "MEDIUM"

I have run all the synch jobs. My logical group also contain only one connector. To cross check I have generated rules again from front end.

Someone please help if I am doing something wrong.

Regards,
Madan.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

premb
Product and Topic Expert
Product and Topic Expert
‎09-26-2014 4:54 PM
0 Kudos

Open the risk and just save it. Test it again. It could be because of buffer.

Thanks

Prem

Show replies
Show replies
Former Member
‎10-27-2014 5:32 AM
0 Kudos

Hi All,

Thanks everyone.

Issue got fixed once I reloaded entire rule set and then ran all the sync jobs in the sequence and as well as generated the rules both from Front end and backend.

I assume this was due to some buffer issue.

~ Madan.


Answers (1)

Answers (1)

alessandr0
Active Contributor
‎09-26-2014 11:59 AM
0 Kudos

Hi Madan,

what's your SP level? There are some notes regarding the risk level... see for example:

http://service.sap.com/sap/support/notes/1762040

Regards,

Alessandro

Show replies
Show replies
Former Member
‎09-26-2014 12:06 PM
0 Kudos

Hi Alessandro,

We are using GRC version 10.0 and Support Pack 13.

The mentioned note is applicable for SP 10.

I am so confused about this as my risk has risk level "HIGH" and even "Access Risk Summary" shows risk level as "HIGH", whereas, when I execute risk analysis, in the results it is coming as "MEDIUM"

Can you suggest if there is any other way to troubleshoot this issue?

Thanks in advance

Regards,

Madan.

Former Member
‎09-26-2014 12:21 PM
0 Kudos

Hi Madan,

Are you able to see the modified/created risk/rule ID's which you created lately in table: GRACSYSRULE

Your new risk should appear in this table post generation.

Regards,

Ameet

Former Member
‎09-26-2014 12:31 PM
0 Kudos

Hi Ameet,

I am able to see all my Risk IDs in GRACSYSRULE table. All rules are getting generated.

In the access risk analysis summary and access rule details in NWBC -> Setup -> Generated Rules

I can see that rules are properly generated with risk level HIGH

But when I run risk analysis, report shows HIGH risks as MEDIUM risks

Can you please suggest if I am missing anything here.

Regards,

Madan.

Former Member
‎09-26-2014 12:46 PM
0 Kudos

Hi Alessandro and Ameet,

Just now checked and found something

when running risk analysis I selected to show risks with risk level "MEDIUM"

Result - No risks found

when running risk analysis I selected to show risks with risk level "HIGH"

Result - Risks found but shown with risk level "MEDIUM"

This looks terrible

Regards,

Madan.


alessandr0
Active Contributor
‎09-26-2014 12:47 PM
0 Kudos

Madan,

may I ask for a screenshot? Just to be sure we have the same understanding.

Regards,

Alessandro

Former Member
‎09-26-2014 12:53 PM
0 Kudos

Hi Madan,

It can't be possibly true

Could you please paste some of the snap shots of the SoD's which you defined with the criticality levels and risk analysis reports.

Regards,

Ameet

Former Member
‎09-27-2014 4:41 AM
0 Kudos

Hi Ameet,

Yes, even I wanted it to be incorrect but that is how system is behaving

Please see below screenshots

Risks with MEDIUM risk level

Risks with HIGH risk level

Regards,

Madan.

madhusap
Active Contributor
‎10-23-2014 4:53 AM
0 Kudos

Hi Madan,

This is actually strange !!!

Please try to load the rules again in the GRC system and once done complete all the synch jobs.

Try to generate the rules from NWBC rather than from backend and let us know if any improvement

Regards,

Madhu.

Ask a Question