Quantcast
Channel: SCN: Message List - Governance, Risk and Compliance (SAP GRC)
Viewing all 8113 articles
Browse latest View live

Re: Launchpad Issue

March 30, 2016, 11:00 am
$
0
0

Ana, From my ESS experience, the custom role has to be linked to by creating custom Application configuration associated with the application.

 

Here is URL example:

 

standard: sap/bc/webdynpro/sap/hress_a_menu?WDCONFIGURATIONID=HRESS_AC_MENU&sap-client=100&sap-language=EN

 

custom AC: sap/bc/webdynpro/sap/hress_a_menu?WDCONFIGURATIONID=ZHRESS_AC_MENU&sap-client=100&sap-language=EN

 

Do you have "TEST" option in the FPM toolbar menu? By doing the test from FPM configurator, you can compare the URL with the URL which the user using to launch. See if they are launching the Z version or the standard. This is not possible if you are launching through portal which we usually do for ESS.

Search

Re: What is best practice when performing a risk analysis

March 30, 2016, 3:35 pm
$
0
0

Hi

 

I assume it would depend. Critical Action/Permission is a single step in the system is has a risk level that you want to manage. For example, debug change could be built as a single action and run for risk. Another example could just be knowing how has opening and closing of reporting period.

 

It doesn't make sense to identify even function as a critical action. Most by themselves is typical business activities. It's the combination (the SoD) to manage

 

The challenge here is interpretation of the risk. If business people have to review the report then you need to focus on making it meaningful and simple to them. To achieve this, you need to consider the level of detail and information in the report and what sort of training/education the reviewer needs. Also, you can try to reduce by keeping your roles clean in the first place.

 

Regards

Colleen

Re: Role Approver Mitigates Risk

March 30, 2016, 11:03 pm
$
0
0

Dear Vasco,

 

during risk anlysis you can directly mitigate the risks.

 

Regards,

Alessandro

Adding functional module in MSMP workflow

March 31, 2016, 3:14 am
$
0
0

Hello,

 

I have copied GRAC_NOTIF_VAR_RULE_AR standard function module into Z to add role description in GRAC workflow but I do not know to do configuration for the same. I know I need to add this Z FM in step 2(maintain rules ) in MSMP workflow configuration but how to link process initiator to this.

Can anyone let me know the steps for this.

 

Thanking you.

SAP GRC Access Control 10.1- Maintaining Rules and Rule in BRF+

March 31, 2016, 3:53 am
$
0
0

HI Folks,

 

 

Iam configuring SAP GRC AC10.1 (SP10) and trying to create maintain Rules and Rule ID and maintain the Risk Owner also. While generating /nGRFNMW_GEN_VERSION transaction.

 

It showing below error messages.

 

Rule ID XXXXXXXX (rule type BRFplus Flat Rule (LineItem by LineItem)) is not registered for process type SAP_GRAC_AR

 

Object type ZCL_GRAC_WFA_RISK_OWNER does not exist (DDIC type, runtime type, class type)

 

Rule ID ZCL_GRAC_WFA_RISK_OWNER (rule type C) is not compatible with process type SAP_GRAC_AR

 

Any help for this issue.

 

 

 

Regards

Suresh

Re: Launchpad Issue

March 31, 2016, 4:17 am
$
0
0

HI Ana

 

is there a GRAC_REP access that might be hiding links from the user? Run STAUTHRACE to see if any permission are failing

 

Regards

Colleen

Re: SAP GRC Access Control 10.1- Maintaining Rules and Rule in BRF+

March 31, 2016, 6:50 am
$
0
0

Hi Surya,

 

I have Admin access with full authorizations..

 

 

Regards

Suresh

Re: SAP GRC Access Control 10.1- Maintaining Rules and Rule in BRF+

March 31, 2016, 6:53 am
$
0
0

May be you are in display mode. Please go to change mode and check.

 

Regards,

Surya

Search

Control Automated

March 31, 2016, 7:15 am
$
0
0

Hi Gurus!

 

I hope you´re fine.

 

I want to tel you that i have an issue with automated control, that is, the standard controls SAP.

 

When i generate the job SAP for control automated, for example; Script Rule FICLPEP_03T1_01_A and Rule FICLPEP_03T1_01_A, the status the job

is "SCHEDULED", I go to my inbox and don´t see Control automated.

 

I don´t understand, because i active the Script Rule with target connetor, also with Rule. Because, créate Risk, Control, Subprocess and their relationships with organizatios. aso with assignment user to roles "Control Owner, Sox Inspector.

 

Thank´s for your Help, I appreciate it.

Re: Control Automated

March 31, 2016, 7:21 am
$
0
0

Attached list of automated control.image3.png

Re: Control Automated

March 31, 2016, 8:26 am
$
0
0

Hi Ana,

 

Did you assign a control owner to the control that is linked to the business rule?

 

BTW the analysis type states absolute

Re: What is best practice when performing a risk analysis

March 31, 2016, 3:38 pm
$
0
0

HI Tiede-Jan

 

Unfortunately due to deadlines, different priorities of the business and history it is very hard to set up a perfect authorization concept

 

You describe the common issue that I come across with security

 

In those cases, I try to establish what a "perfect" setup would be and do mini-project cleanups to move towards that. In many cases, I'll do a technical clean up first (e.g. fix SU24/PFCG integration) before moving to changing user access. Over time you get the roles clean and make SoD analysis easier. This is one of the first option to consider when you identify a risk

 

I get how your approach works but if the roles are a mess the the manager say to remove one action, you might get stuck taking it out of a role when other users need the access.

 

Regards

Colleen

Can we connect SAP SCM system to GRC 10.0 system

March 31, 2016, 10:30 pm
$
0
0

H All,

 

Is it possible to connect SAP SCM system to GRC 10.0 system for the purpose of user provisioning through access creation request.

 

Regards,

 

Sandeep

Master User ID Mapping in GRC

April 1, 2016, 1:59 am
$
0
0

Hi All,

 

We are currently implementing GRC AC 10.1 SP12 version. LDAP is used for user authentication.

GRC is connected to ECC and HCM systems. User will login to ECC system using the Active Directory ID.

But for HCM the personal number(PERNR) will be used as the SAP ID.

When a user submits a request for HCM system is there any way to do provisioning for the PERNR ID only rather than the Active Directory ID as LDAP will be used as the Data source.

 

I have referred the below Note, but it says master user id mapping is applicable only for risk analysis.

 

1849262 - Master ID to User ID mapping

 

Kindly provide your inputs on how the User ID mapping can be made applicable for Provisioning.

 

 

 

 

Thanks and Regards,

Manjunath

Re: What is best practice when performing a risk analysis

March 31, 2016, 3:48 pm
$
0
0

Thank you all for your insightful answers. I have a better understanding and a few ideas on how to remediate.

 

Nora

Search

Re: Can we connect SAP SCM system to GRC 10.0 system

April 1, 2016, 4:32 am

Error in GRC RAR Background Jobs

April 1, 2016, 9:31 am
$
0
0

Hi I am facing issue while running GRC RAR Background Jobs

1. Risk Analysis

2. Role Generation.

 

Logs attached below says error during registration of tp ......... which is miantained for SAP Adapters.

However, Risk terminator is not configured and SAP Adapters are disabled.

 

All background Jobs are in ready state whereas everything is working fine in foreground

 

If someone came across this scenario

 

 

Apr 1, 2016 4:48:31 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:31 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424888

Apr 1, 2016 4:48:31 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:31 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424888

Apr 1, 2016 4:48:31 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
RfcException: [eupfrasapgrp|AFFMWAMLVU]
    message: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:31 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424888

    Return code: RFC_SYS_EXCEPTION(3)
    error group: 102
    key: RFC_ERROR_COMMUNICATION
Exception raised by eupfrasapgrp|AFFMWAMLVU

Apr 1, 2016 4:48:31 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
RfcException: [eupfrasapgrp|AFFMWAMLVU]
    message: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:31 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424888

    Return code: RFC_SYS_EXCEPTION(3)
    error group: 102
    key: RFC_ERROR_COMMUNICATION
Exception raised by eupfrasapgrp|AFFMWAMLVU

Apr 1, 2016 4:48:33 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:33 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424892

Apr 1, 2016 4:48:33 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
com.sap.mw.jco.JCO$Exception: (104) RFC_ERROR_SYSTEM_FAILURE: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:33 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424892

Apr 1, 2016 4:48:33 PM com.virsa.cc.common.SAPAdapter serverExceptionOccurred
INFO: Exception in Server AFFMWAMLVU:
RfcException: [eupfrasapgrp|AFFMWAMLVU]
    message: CPIC-CALL: SAP_CMACCPTP3 on convId: 00000000

LOCATION    SAP-Gateway on host eupfrasapsmp.europe.astellas.net / sapgw30
ERROR       registration of tp AFFMWAMLVU from host ??? not allowed
TIME        Fri Apr  1 16:48:33 2016
RELEASE     721
COMPONENT   SAP-Gateway
VERSION     2
RC          720
MODULE      gwxxrd.c
LINE        3644
COUNTER     17424892

    Return code: RFC_SYS_EXCEPTION(3)
    error group: 102
    key: RFC_ERROR_COMMUNICATION
Exception raised by eupfrasapgrp|AFFMWAMLVU

Re: Issue in "Copy Request" of a "New Request" in GRC 10.1

April 2, 2016, 12:38 am
$
0
0

Dear Samrat,

 

first of all you missed to mention your SP level which is crucial for helping you. Please see the following thread (further postings will be rejected if information is missing): Minimum information to provide in discussion threads in the GRC space

 

When you copy a request and it says "your missing authorization" you have to check the  authorizations. I recommend to check the objects GRAC_REQ, GRAC_ROLED and GRAC_ROLEP. It's also recommended to run an authorization trace to see missing objects. Therefore use transaction STAUTHTRACE.

 

Please keep us posted.

 

Regards,

Alessandro

Re: Error in GRC RAR Background Jobs

April 2, 2016, 10:07 pm
$
0
0

Hi Arun

 

First up, I recommend next time to edit log files and not provide system information

 

As this is a java RFC issue, you can google for the error and you will see many posts. It does not appear to be GRC specific issue. It seems to be system connectivity problem - possible firewall or Gateway ACL parameters, etc.

 

Search: "SAP JCO$ error SAP_CMACCPTP3"

 

provides example result: https://scn.sap.com/thread/3348307

 

Discuss with your Basis team if you aren't a Basis Consultant

 

Regards

Colleen

Re: SAP GRC 10.0 GRAC_BATCH_RISK_ANALYSIS Full vs. incremental

April 4, 2016, 5:42 am
$
0
0

Hi Thomas,

 

As per normal scenario, if you making any changes on rule set or connector, you have to do full sync,

 

 

Thanks

 

Amit Nanaware

Viewing all 8113 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>