Critical Action reports shows incorrect data

December 25, 2014, 3:03 am

Latest and popular articles on SAP ERP

≫ Next: ARA 10.1: Default Risks for Extended WareHouse Management Module???

≪ Previous: GRC 10.0 RFC connections and Value for Parameter 1000 and 1001

$

0

0

Hi ,

 

Two users A and B have access to OB52 transaction via separate roles. These two roles are derived from same parent role.

A critical Action risk (ZFIN)has been created with OB52 transaction code. While running Critical Action report for both A and B, surprisingly report is showing only for user A with ZFIN risk and OB52 transaction code, for other user it is showing ZFIN risk and it is not showing OB52 in report.

i.e. Critical Action report generating incorrect report.

 

Any idea about this issue?

 

Thank

Mohan

---

ARA 10.1: Default Risks for Extended WareHouse Management Module???

December 31, 2014, 10:55 pm

Latest and popular articles on SAP ERP

≫ Next: GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning

≪ Previous: Critical Action reports shows incorrect data

$

0

0

Hi All,

 

A very Happy New Year!!!

 

I would like to know if anybody has any idea about default risks for SAP Extended WareHouse Management (EWM) module. I have noticed that the Business Processes I am analyzing are spanning across SAP MM and EWM modules. I could find default risks for MM module, however, I could not find default risks for EWM module.

 

May I know if anybody has configured risks for EWM?

Where do I find default risks for EWM?

 

I tried to google it, but cold not find. I will resort to contact SAP in case if I dont find it.

 

Please advise.

 

Regards,

Faisal

GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning

April 11, 2012, 3:28 pm

Latest and popular articles on SAP ERP

≫ Next: SAP GRC AC 10 Workflow

≪ Previous: ARA 10.1: Default Risks for Extended WareHouse Management Module???

$

0

0

Hi Gurus,

 

I have installed GRC - AC 10.0 and I want to configure EAM to allow automatically provisioning of Firefighter with following steps:

1. -In Access Management,  AC Owners, FF ids, Controlles, Reason Codes are setup in advance

2. - I can create a manual  Access Request for a Firefighter assignment and is functional without any issue

3. - Common workflow has been activated

4. - Email server has been configured and checked that can send emails

5. - In IMG  -> GRC -> Access Control -> Workflow for Access Control -> Maintain MSMP Workflow  I have activated SAP Process Id-s :

 

SAP_GRAC_ACCESS_REQUEST

 

using the default settings .

6. At Pct #5 Maintain Paths- Stage Definition- I have checked boxes - Approve by Email & Approve and I have Activated it.

Then, I create a access request again and no email is send it out to Owner.

In MSMP, in Pct #5, I have all for Process Id SAP_GRAC_ACCESS_REQUEST , I have left all 3 paths:

GRAC_MANAGER

GRAC_ROLEOWNER

GRAC_SECURITY

 

7. I have tried to activate other processes id-s:

SAP_GRAC_FIREFIGHTER_LOG_REPORT 

SAP_GRAC_ROLE_APPR

 

however with the same result.

 

All my SPM Owners and FF-ids have email adress, how should I maintain their email in MSMP, as the documentation is confusing for me.

 

8. Then, at Point #3 - Maintain Agents - I have created a Z Rule where I have mapped directly the Account ID-s and I have assigned it in Pct 5 (Maintain Paths) and activated- without any result.

 

Thank You,

 

Marc

SAP GRC AC 10 Workflow

July 25, 2011, 4:11 am

Latest and popular articles on SAP ERP

≫ Next: EAM Access Request workflow not working

≪ Previous: GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning

$

0

0

Hi Experts,

 

I am new to GRC AC 10 and I need to configure workflow for various modules of AC.

 

How do I configure the same and are there any documents highlighting the various steps involved in the same.

 

Thanks,

Arjun

EAM Access Request workflow not working

January 5, 2015, 12:00 pm

Latest and popular articles on SAP ERP

≫ Next: GRC 10.1 AC- RAR- Ruleset cross client?

≪ Previous: SAP GRC AC 10 Workflow

$

0

0

Hello Gurus

I am in the process of configuring EAM Access request automation and completed below steps.  Able to submit the request but it always goes to Default path instead EAMPATH per BRF Plus rule. Any insight?

 

1. Created BRF Plus rule id , added decisioin table with single entry reqtype ==006 ( indeed needs to add another line for all other types) , result = EAMPATH. Saved and activated the brf application and decision table ( all are green).

 

2. Added the new rule id in the step 2 , also added the new rule id in the global processor. 

3. Added new Path EAMPATH with one stage

001

ZFFOWNER

FF Owner Approval

GRAC_SPM_OWNER

Any One Approver

 

4. Added the route with new rule id with new path EAMPATH

5. Generated the workflow without any eror.

 

While submitting the new request for FF access, it always goes to Default path instead of EAMPATH custom path., Any thought?

Thanks and regards

Rangs

GRC 10.1 AC- RAR- Ruleset cross client?

December 31, 2014, 6:03 am

Latest and popular articles on SAP ERP

≫ Next: GRAC BRM: Mass Role Derivation - Org Values within derived Role empty

≪ Previous: EAM Access Request workflow not working

$

0

0

Hi ,

 

My query: Are GRC rulesets cross client?

 

i.e I have connector grp G1- pointing to ECC dev system CLNT 200

where I uploaded my custom ruleset to G1.

 

Now i have a scenario that i need to chnage development client to 100 for Role management.

But - still my ruleset was uploaded in connector for CLNT200....now on performing role level risk analysis will the result work?

 

its difficult- when we need to decide connectors/connector grp for ruleset upload!!

 

I assume - i need to add the new connector to connector grp G1/or upload ruleset again for new connector?

Any help appreciated

Best regards,

Naveen

 

GRAC BRM: Mass Role Derivation - Org Values within derived Role empty

December 16, 2014, 3:36 am

Latest and popular articles on SAP ERP

≫ Next: Restrict Access Request reports

≪ Previous: GRC 10.1 AC- RAR- Ruleset cross client?

$

0

0

Hi everyone,

 

 

Setting up the BRM, Mass Role Derivation i came accross the following problem.

 

The generated derived role contains no org-level values, which have been defined as follows:

 

The values are defined here:

 

Thanks for you support in advance.

 

Regards

Pourang

Restrict Access Request reports

January 8, 2015, 12:50 am

Latest and popular articles on SAP ERP

≫ Next: GRC 10 : EAM Logs are showing 'No Records'

≪ Previous: GRAC BRM: Mass Role Derivation - Org Values within derived Role empty

$

0

0

Hi all.

 

I would like to know if it is possible to restrict the access to the information that the users can view through Authorization Objects to the Access Request report under menu Report and Analitycs.

 

Kind regards and thank you.

 

Sara.

---

GRC 10 : EAM Logs are showing 'No Records'

May 3, 2012, 5:48 am

Latest and popular articles on SAP ERP

≫ Next: Role Mapping For Portal Role Assignment and ABAP Role Assignment - GRC 10

≪ Previous: Restrict Access Request reports

$

0

0

Hello  Experts,

 

I am working on GRC 10 EAM configuration at SP07.

 

The EAM Firefighting scenario is working on ie.Firefighter can login to backend R3 system and performed

 

FF activities but when i update the FF Logs GRC system doesnt show any logs in the system.

 

The logs are present in R3 system in STAD, CDPOS, SM20 etc.

 

The TIme Zones are same in both GRC and R3 system.

 

But Except Table GRACFFLOG.

 

NO other Log related table is getting updated after running log update Sync job successfully.

 

Please let me know if anybody has faced this issue or any advise on what is need to be checked.

 

Any help is much appreciated.

 

Regards,

Yatin Phad

Role Mapping For Portal Role Assignment and ABAP Role Assignment - GRC 10

January 8, 2015, 1:56 pm

Latest and popular articles on SAP ERP

≫ Next: What is the t-code for firefighter logon?

≪ Previous: GRC 10 : EAM Logs are showing 'No Records'

$

0

0

Hello All

Can any one please tell me how an SAP Enterprise role and SAP ABAP technical role can be clubbed /mapped together for role assignment via ARM?

We are not using the business role concept here .. , so I need answers to achieve this functionality using the ABAP Dummy role concept.

 

I know people have does this before, but i needed more clarity on this approach.

 

Thanks in advance,

Uma

What is the t-code for firefighter logon?

April 3, 2009, 2:45 pm

Latest and popular articles on SAP ERP

≫ Next: GRC 10.0 RAR report not showing mitigation control for mitigated risks

≪ Previous: Role Mapping For Portal Role Assignment and ABAP Role Assignment - GRC 10

$

0

0

Sorry for the triviel question. Thanks!

GRC 10.0 RAR report not showing mitigation control for mitigated risks

January 8, 2015, 8:09 pm

Latest and popular articles on SAP ERP

≫ Next: GRC 10.0 UAR Error Process Type Not Supported

≪ Previous: What is the t-code for firefighter logon?

$

0

0

Hi Folks,

 

Risks are mitigated in GRC system and can be seen in GRACMITUSERS table.

However when i run RAR for a users in NWBC, there comes out to be open risks.

 

This is quite weird, can you please tell me what can be the possible reason.

 

Nishant

GRC 10.0 UAR Error Process Type Not Supported

January 10, 2015, 1:43 am

Latest and popular articles on SAP ERP

≫ Next: GRC 10.0 RFC connections and Value for Parameter 1000 and 1001

≪ Previous: GRC 10.0 RAR report not showing mitigation control for mitigated risks

$

0

0

Dear Experts,

 

I have done the configuration of UAR based on UAR Reference guide from SAP as well with some help from sapwiki, after all steps completed I run the job from NWBC for UAR and getting the following error, please share your thoughts on this.

 

I have also check the process ID attached to UAR request type it is correct ID as following

 

the following configuration parameters maintained

 

and after running the job getting following error in the job results log

 

 

thanks and Regards

Mujtaba Siddiqui

GRC 10.0 RFC connections and Value for Parameter 1000 and 1001

December 22, 2014, 11:50 pm

Latest and popular articles on SAP ERP

≫ Next: security grc interview questions

≪ Previous: GRC 10.0 UAR Error Process Type Not Supported

$

0

0

Hi All,

 

We have installed GRC 10.0 and trying to implement Access Control all modules. Can somebody give us detail regarding RFC connections required and maintain connection settings for GRC. We have created RFC from GRC-ECC and from ECC to GRC but as per some documents only one RFC required so please give us clear picture of the same.

 

Also need a clarification on Plugin settings in SPRO->GRC(Plugin )-> Access Control->Maintain Plugin Configuration Settings ->Parameter value 1000 and 1001 . Do we have to maintain these parameter only in plugin system or in GRC system as well?

 

Please suggest..

 

Thanks,

Shivani

security grc interview questions

May 19, 2011, 10:43 am

Latest and popular articles on SAP ERP

≫ Next: GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning

≪ Previous: GRC 10.0 RFC connections and Value for Parameter 1000 and 1001

$

0

0

1. What are the components of GRC?

2. What are the upgrades happened in GRC 5.3 from GRC 5.2?

3. Is it possible to have a request type by which we can change the validity period of a user? If possible, then what are the actions?

4. What's the latest Support Pack for GRC 5.3? How it differs from the previous one?

5. What are the issues faced by you in ERM & CUP after golive?

6. Can we change Single roles, objects & Profile description through mass maintenance of role? If yes, how?

7. What are the prerequisites for creating a workflow for user provisioning?

8. How will you control GRC system if you have multiple rulesets activated?

9. Can we view the changes of a role, happened in PFCG, through GRC?

10. How will you mitigate a user against an authorization object which is decided as sensitive by Business?

11. Give an example of SOD with object level control & also decide the Risk implication from the Technical standpoint.

12. Is it possible to assign two roles with different validity period to a user in one shot through GRC? If yes, how?

13. What's the use of Detour path? How Fork path differs from Detour path?

14. How can you enable self password reset facility in GRC?

15. Can we have customized actions for creating request types in CUP?

16. Which SOX rules got inherited in SAP GRC?

17. How many types of Background job you are familiar with? Why Role/Profile & User Sync. job is required?

18. Where from can we change the default expiration time for mitigating controls? What's the default value for the same?

19. How will you do the mass import of role in GRC?

20. Explain the total configuration & utility of SPM?

21. Can we create Logical systems in GRC? If yes, how & what can be the advantages & disadvantages of the same?

22. Can we have different set of number ranges activated for request generation?

23. Explain, how can we create derived roles in ERM? What will be the significant changes in methodology for creating composite roles?

---

GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning

April 11, 2012, 3:28 pm

Latest and popular articles on SAP ERP

≫ Next: GRC 10 : EAM Logs are showing 'No Records'

≪ Previous: security grc interview questions

$

0

0

Hi Gurus,

 

I have installed GRC - AC 10.0 and I want to configure EAM to allow automatically provisioning of Firefighter with following steps:

1. -In Access Management,  AC Owners, FF ids, Controlles, Reason Codes are setup in advance

2. - I can create a manual  Access Request for a Firefighter assignment and is functional without any issue

3. - Common workflow has been activated

4. - Email server has been configured and checked that can send emails

5. - In IMG  -> GRC -> Access Control -> Workflow for Access Control -> Maintain MSMP Workflow  I have activated SAP Process Id-s :

 

SAP_GRAC_ACCESS_REQUEST

 

using the default settings .

6. At Pct #5 Maintain Paths- Stage Definition- I have checked boxes - Approve by Email & Approve and I have Activated it.

Then, I create a access request again and no email is send it out to Owner.

In MSMP, in Pct #5, I have all for Process Id SAP_GRAC_ACCESS_REQUEST , I have left all 3 paths:

GRAC_MANAGER

GRAC_ROLEOWNER

GRAC_SECURITY

 

7. I have tried to activate other processes id-s:

SAP_GRAC_FIREFIGHTER_LOG_REPORT 

SAP_GRAC_ROLE_APPR

 

however with the same result.

 

All my SPM Owners and FF-ids have email adress, how should I maintain their email in MSMP, as the documentation is confusing for me.

 

8. Then, at Point #3 - Maintain Agents - I have created a Z Rule where I have mapped directly the Account ID-s and I have assigned it in Pct 5 (Maintain Paths) and activated- without any result.

 

Thank You,

 

Marc

GRC 10 : EAM Logs are showing 'No Records'

May 3, 2012, 5:48 am

Latest and popular articles on SAP ERP

≫ Next: New User Request cannot be submitted in GRC AC 10

≪ Previous: GRC AC 10.0 - MSMP Workflow is not sending email for Firefighter provisioning

$

0

0

Hello  Experts,

 

I am working on GRC 10 EAM configuration at SP07.

 

The EAM Firefighting scenario is working on ie.Firefighter can login to backend R3 system and performed

 

FF activities but when i update the FF Logs GRC system doesnt show any logs in the system.

 

The logs are present in R3 system in STAD, CDPOS, SM20 etc.

 

The TIme Zones are same in both GRC and R3 system.

 

But Except Table GRACFFLOG.

 

NO other Log related table is getting updated after running log update Sync job successfully.

 

Please let me know if anybody has faced this issue or any advise on what is need to be checked.

 

Any help is much appreciated.

 

Regards,

Yatin Phad

New User Request cannot be submitted in GRC AC 10

February 6, 2012, 2:38 am

Latest and popular articles on SAP ERP

≫ Next: Mitigation control ID field gets filled with some control ID

≪ Previous: GRC 10 : EAM Logs are showing 'No Records'

$

0

0

Hello Gurus,

We have configured GRC AC 10 along with workflows and for all scenarios things are working fine , except for "New User".

When we select

Request Type : New Request

Request for: Others

User : XYZ (This user is not present in "HR system(ERP system)", which is our data source for User search, user details & authentication)

and we select certain roles to be assigned to the user.

 

Then when we click "Submit Button" , it gives us an error , XYZ is not a valid User

 

In SPRO under CUP --> Maintain Provisioning Settings

For Global Provisioning under

"Create User if does not exist"

i have selected both "check boxes" for

1) For Change User Action

2) For Assign Role Action

 

Also in System Provisioning, i have ticket the option "create User".

 

Note: Under Data Source Configuration i have selected "End User Verification" as Yes.

 

Will you please provide your inputs on what could be the reason for getting this error .

 

Regards,

Victor

Mitigation control ID field gets filled with some control ID

December 18, 2014, 4:59 am

Latest and popular articles on SAP ERP

≫ Next: SAP GRC FI Standard SOD Matrix..

≪ Previous: New User Request cannot be submitted in GRC AC 10

$

0

0

We have a issue with the Control ID for mitigation getting filled with some value .We are not able to make the basis of these value being filled in while trying to mitigate the risk by the approver.

 

 

 

 

SAP GRC FI Standard SOD Matrix..

July 22, 2012, 6:22 pm

Latest and popular articles on SAP ERP

≫ Next: Approve by email in any workflow process?

≪ Previous: Mitigation control ID field gets filled with some control ID

$

0

0

Hi Gurus,

 

Can you one guide me to find a Standard FI SOD Conflitcs matrix...

 

JC