cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC - Multiple Ruleset

Go to solution
ying_ye
Explorer

on ‎10-16-2015 5:28 AM

0 Kudos

Hi All,

We have 2 rulesets for our ECC systems. During provisioning, the risk analysis run against the default ruleset we defined in parameter 1025 automatically and request is sent to related risk owner for approval. Is there anyway to select different ruleset in access request so request can be sent to the other group of approver?

We have tried:
1) Add both ruleset in parameter 1025 then submit access request with only one ruleset selected. Risk analysis is run for both ruleset and request is sent to both approvers.
2) Remove parameter 1025 then submit access request with only one ruleset selected. And again, risk analysis is run for both ruleset.

Is there anyway to specify different ruleset during provisioning?

Regards,
Ying

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
‎10-20-2015 4:21 PM
0 Kudos

Hi Ying,

You can use BRF+ Multiple ruleset application "GRAC_MUL_RULESET_APPL" and can created decision table

with entries to customize your requirement where you can specify which ruleset to be selected in access request

based on request or role attributes.

Regards,

Madhu.

Show replies
Show replies
plaban_sahoo6
Contributor
‎10-21-2015 8:28 AM
0 Kudos

Hi Madhu,

I think, we need to activate the function in 'Maintain AC applications and BRFplus Function mapping'. i did this , but my request did not use the desired ruleset. it used the ruleset in 1025.

But, in 'Maintain AC applications and BRFplus Function mapping, the default Application against Multiple ruleset is GRAC_BRFP_MULITPLE_RULESET.

Could you say, if any of your BRF+ application(for ruleset) works

Regards

Plaban

ying_ye
Explorer
‎10-21-2015 8:42 PM
0 Kudos

Hi Sahoo,

I did create rulesets in function GRAC_BRFP_MULITPLE_RULESET and simulation seems pick up desired ruleset. I then mapped it in spro maintain AC applications and BRF+ function mapping and I have same result as you that provisioning request pick up the default ruleset not tje desired one.

Any suggestion where to check further?

Regards,

Ying

Answers (2)

Answers (2)

madhusap
Active Contributor
‎08-14-2016 5:53 PM
0 Kudos

Hi Ying/Timo,

Got sometime and tried out BRF+ Multiple Rule Set functionality and it is working as expected.

Please check out the document post of Multiple Rule Set functionality.

Regards,

Madhu

Show replies
Show replies
ying_ye
Explorer
‎08-15-2016 10:22 PM
0 Kudos

Great post! Thanks!

You mentioned Request header and Request line item can be utilized for this function. Do you have list of available fields from these two besides request type and connector?

Thanks and Best Regards,

Ying Ye

madhusap
Active Contributor
‎08-19-2016 7:53 AM
0 Kudos

Hi Ying Ye,

All request header and line item fields can be selected. Attaching Request Header fields available which can be used to customize this BRF+ application.

Regards,

Madhu

plaban_sahoo6
Contributor
‎10-21-2015 6:10 AM
0 Kudos

HI,

could you show(screenshot), how 1025 had both rulesets simultaneously.

Regards

Plaban

Show replies
Show replies
ying_ye
Explorer
‎10-21-2015 8:36 PM
0 Kudos

Hi Sahoo,

I put comma between two rulesets in 1025. In provisioning audit log, it shows both rulesets are checked.

Regards,

Ying Ye

plaban_sahoo6
Contributor
‎10-22-2015 3:48 AM
0 Kudos

Hi,

But the search(f4) in 1025 will not show a comma entry. So, could you say, how the value, you have given is a valid entry?

Regards

Plaban

ying_ye
Explorer
‎10-22-2015 3:58 AM
0 Kudos

You can manually type in ruleset name in 1025. You can verify the result in provisioning audit log. There is description in audit log shows "Automatic risk analysis performed successfully using ruleset A and B". (our GRC is 10.0 SP19). You can also verify it by assign different risk owner for testing purpose. If it sent to both approvers for approval, that's mean it checks against both rulesets. I have tested remove 1025 also. The result is same as multiple rulesets in 1025.

Former Member
‎12-14-2015 1:46 PM
0 Kudos

Hi Ying Ye,

Have you solved this? We are evaluating same scenario and starting with BRF+ function.

Is scenario working in your environment?

Thank you in advance.

Timo

ying_ye
Explorer
‎12-14-2015 1:59 PM
0 Kudos

Hi Timo,

We created message to SAP. I will update when any news.

A workaround is within same rulebook, create different risk with different naming standard and assign different risk owner.

Regards,

Ying Ye

Former Member
‎05-27-2016 12:36 PM
0 Kudos

Hi Ying,

Hope you are doing good!

Could you please let me know,  if you are able to resolve this problem?

We have a similar requirement.

Regards,

Riz

ying_ye
Explorer
‎05-29-2016 4:31 PM
0 Kudos

Hi Rizwan,

The data pass to multiple ruleset BRF rule method is executed from PROCESS_MULTIPLE_RULESET of CL_GRAC_RULES class and it doesn't contains any user specific field. The only fields populated from there are request ID, role ID, role type, role connector, criticality level and connector.

We created message to SAP on this and ended up using connector to route provisioning request to different tenant.

Regards,

Ying Ye

Former Member
‎06-08-2016 8:38 AM
0 Kudos

Hi Ying,

I did not quite get how you have solved this. Could you please explain in more details

"We ended up using connector to route provisioning request to different tenant."

Thank you in advance.

Br Timo

ying_ye
Explorer
‎06-13-2016 10:54 PM
0 Kudos

Hi Timo,

For rulebook, we tried below:

1) Setup two rulebooks. Rulebook1 for connector1 and related risks assigned to riskowner1. Rulebook2 for connector2 and related risk assigned to riskowner2.

2) Setup BRF rule to have risk from rulebook1 route to riskowner1 and risk from rulebook2 route to riskowner2 by connector.

For BRF rule, we tried below:

1) BRF+ -> GRAC_BRFP_MULTIPLE_RULESET -> get number from function -> complete mapping (spro -> grc -> ac -> maintain aC applications and BRFPlus function mapping)

2) BRF+ -> GRAC_BRFP_MULTIPLE_RULESET -> go to function -> create ruleset, rule, loop, and decision table base on connector.

Regards,

Ying Ye

Ask a Question