cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

No Risk Result for New User

former_member247081
Explorer

on ‎09-29-2016 2:44 PM

0 Kudos

There are several discussions on risk analysis that produce no results, but I could not find one for this somewhat straight forward scenario. A newly  created user in a connected backend system does not produce any risk results when performing a user level analysis.

Steps

1.) In the backend system create a user with known risks

2.) In GRC run the a user level analysis on the same user

Result: blank risk result screen. "No violations" is not displayed either.

Note: I intentionally did not run the repository synch job for this system. After running the job, the risk result is populated correctly. My concern is, if this is how GRC now functions (as it was not always this way), the frequency of the repository synch job will need to increase in order to keep GRC in step with the user master changes in the connected backend systems.

My GRC level is: GRC 10.1 SP13

I am missing a configuration option somewhere? Offline analysis is not active.

Suggestions...?

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member227179
Explorer
‎09-30-2016 3:14 PM
0 Kudos

Hi Michael,

What was the frequency you maintained for repository object sync job (Incremental mode / Full ) ?

Usually this job should be running in incremental mode with at least an hour frequency.

however you would need to wait until the job is being executed to validate the changes of user master data and for the analysis of risk analysis.

Thanks,

Dinesh

Show replies
Show replies
former_member247081
Explorer
‎09-30-2016 3:30 PM
0 Kudos

Hello Dinesh,

Before I was made aware of this issue, I would schedule the rep synch jobs incrementally once a day. Now I will have to change my approach when scheduling these jobs. I must say, the risk analysis did not always function in this manner. A newly created user could be analyzed successfully without the need for the repository synch. I guess I missed when SAP changed this...

former_member227179
Explorer
‎09-30-2016 3:44 PM
0 Kudos

So you might be checking the risk analysis report immediately after the creation of user in R/3 or back end system.

When ever this job being executed : below tables are getting involved.

  • USR10                        : User master authorization profiles.
  • USR11                        : User Master Texts for Profiles (USR10).
  • GRACPROFILE          : Master table
  • GRACPROFILET        : Language specific table.
  • AGR_DEFINE               :Master table.
  • AGR_TEXTS              :  File Structure for Hierarch
  • AGR_AGRS                :  Composite role relation table.
  • GRACRLCONN           :  Master Table
  • GRACRLCONNT         :  Description Table
  • GRACRLCOMPRL      :  Composite Role Table
  • GRACROLEORG          :  Role org  level relation table.
  • USR02:                         :  Master Table.
  • GRACUSER                   : User table.
  • GRACUSERCONN         :  Table to store connector specific user.

I am not sure how you used run risk analysis of newly created user with out executing the repository job.

You must schedule this job to see the latest changes and running risk analysis with respect to new role assignment / changes to the role assignment of users.

Thanks,

Dinesh

Ask a Question