cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 5.2 Reporting and Mass Updates

Former Member

on ‎08-05-2008 12:15 AM

0 Kudos

We have a need to perform mass updates within GRC Compliance Calibrator. In our test environment we would like to enable all disabled functions and risks and run a SoD report. Currently the Mass update option I see is for Functions. Also, we would like to get a report of all functions and the actions listed in those functions.

Can anyone tell me is it possible to write a SQL query against the Oracle database to perform both of these activities? Please let me know if anyone has performed this task before or if you have any recommendations for completing.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎08-06-2008 9:27 AM
0 Kudos

Hello,

1/ "to enable all disabled functions and risks "

Be very carefull with mass updates on function level, since it could trigger false negatives. Here is why ... Depending on your SAP release and some business requirements , you will need to fine-tune your query settings by enabling/disabling the affected permissions at function level.

Example : do you use authorization groups on business area (F_BKPF_GSB, ... ), materials (M_MATE_MAT), material types (M_MATE_MAR), customer (F_KNA1_BED, ..) , . ?

If not, you should disable them, otherwise your filter is too stringent which leads too fewer results and therefore false negatives. In other words, you require this function to filter the users that have the basic authorizations + these extra optional authorizations. However, in reality SAP customizing has been setup in such a way that end-users do not need these extra authorizations. Hence, they're left out from your audit report while in reality they can execute that particular functionality.

Therefore, if you don't know, keep these optional auth objects disabled. That way, you might have false positives, but from an audit perspective you probably care less.

Keep in mind that SAP AG specifically mentions that their rule set is a starting point for the customer. So, it is never one fits all.

Therefore, 1/ make an inventory of all authorization objects that are optional 2/ assess corresponding business requirements and 3/ enable disable permissions accordingly. Think twice before you enable an auth object.

2/" to get a report of all functions and the actions listed in those functions. "

--> export the rules.txt --> the copy-paste all line that relate to VIRSA_CC_FUNCACT and fancy it up in excel I would say. The descriptions can be found in VIRSA_CC_FUNCT and your donwloaded SAPOBJ file.

Sam Szafranski

Senior SAP GRC Consultant

Show replies
Show replies
Former Member
‎08-06-2008 8:08 AM
0 Kudos

Yes, it is possible to do this via SQL.

I don't have the scripts here, but did you already try to open an OSS for SAP's suggestion on how to perform the mass update?

In general it is not recommended (especially in production!) to perform changes on database level, but for certain actions SAP delivers SQL scripts.

Keep us updated!

Regards

Daniela

Show replies
Show replies
Ask a Question