Quantcast
Channel: SCN : Document List - Governance, Risk and Compliance (SAP GRC)
Viewing all 459 articles
Browse latest View live

SAP Risk Management - Useful Documents, Blogs, Resources, etc.

$
0
0

This document is a collection of the most useful SAP GRC Risk Management documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Risk Management and Process Control 10.0 Content Starter Kits

Overview of SAP BusinessObjects Risk Management 10.0

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

Using RiskBusiness Content with GRC Risk Management and Process Control 10.0

 

 

How To's

SAP BusinessObjects Process Control 3.0 and Risk Management 3.0 How to Enable Additional Survey Capabilities

SAP BusinessObjects RM 3.0 Quantitative Risk Analysis v1.0

Risk Management 3.0 Architecture Requirements

 

 

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

wiki.png General tips to help in troubleshooting scenarios

wiki.png Debugging tips

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Bow-Tie Risks

wiki.png Integration with Bow-Tie Builder in Risk Management 10.0

 

 

Risk Aggregation

wiki.png Risk Aggregation in RM 10.0

 

 

Integration

wiki.pngRM 10.0 Integration of Activity and Process Control local Sub processes


 

See also

SAP Access Control - Useful Documents, Blogs, Resources, etc.

SAP Process Control - Useful Documents, Blogs, Resources, etc.

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

 

Legend

 

document.pngSAP SCN Documents
blog.pngSAP SCN Blogs
wiki.pngSAP Wiki
Newly added document (Contributors: please select from Emoticons )

 

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro& Fernando


SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

$
0
0

SAP Access Control - Useful Documents, Blogs, Resources, etc.

$
0
0

This document is a collection of the most useful SAP GRC Access Control documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Processes, Lifecycles and Responsibilities

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

A lot of help from my friends

If I had it to do all over: looking back on GRC 10 projects

Lessons learned from SAP GRC projects

Remediating Access Control SoD Risks

Internal Controls - a step towards strong controls

Defining Mitigating Controls / Compensating Controls

IT Control Testing - SOX Compliance

A #GRC tool is just part of the solution

It’s Just a Few GRC Ideas….Place

 

 

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

NWBC screen layout options for GRC

Customizing NWBC for New Menus with our own Transactions, Reports and Accessing SAP Backend Systems from NWBC

Configure LaunchPad for Menus

Customizing Access request and approval screens in GRC Access Control

Issues, Bugs in GRC SP13 - Related Fixes

wiki.pngGeneral tips to help in troubleshooting scenarios

wiki.pngAccess Control Debugging tips

SAP GRC AC 10.1 - Enhancements

 

 

HR Triggers

wiki.png Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki

wiki.png GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki

Example of decision table for GRC 10 HR Trigger rule, using BRF+ tool

GRC Access Control - Compliant User Provisioning: HR Triggers

wiki.png Debugging HR Trigger - GRAC_HR_TRIGGER_EVENT_RECIEVER

wiki.png Debugging HR Trigger - Simulation

wiki.png Debugging HR Trigger - PA40 changes to infotypes

 

 

MSMP Workflows

AC 10.0 - Customizing Workflows for Access Management

MSMP - Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility

 

 

BRF+ Configuration

Determining the Logic behind Decision Tables

 

 

LDAP

Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control

LDAP Group parameter mapping.. what does it mean?

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Access Control with Identity Management (IdM)

SAP BusinessObjects GRC 10.0 Integration Guide – Access Control 10.0 and NetWeaver Identity Management

SAP Access Control 10.0 Interface for Identity Management

 

 

Access Risk Analysis (ARA)

ARA - For the new kid on the block

Rule set - Rules & Rule Types

Business Risks / Rule Set

Download, Modify and Upload the Access Risk Analysis Rule Set in SAP Access Control 10.x.

How to set up a Configurable Business Rule

Online vs. Offline Risk Analysis

Creation of Mitigation Controls in GRC 10.0

Organizational Rules in GRC Access Control

Mass change of Mitigation Assignments

SAP GRC AC 10.0 Alerting

wiki.png The Action Usage Sync job in technical details - GRC Access Control 10.0

wiki.png The Repository - GRC Access Control 10.0 

 

 

Access Request Management (ARM)

ARM - For the new kid on the block

AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls

Approve/Reject Own Requests

How to Change Subject Line in SAP GRC Email notification

Recommendations for using Business roles provisioning in access request

Configure Manager Look-Up in ARM for GRC 10

Role Search Screen Enhancement – GRC 10

Terminate Account - Request Process - GRC 10

Creating Access Request: Template Based Requests and Configuring End User Personalization forms for use with Access Requ…

GRC Request with both System and Role Line Items

Access Control 10 (ARM) – Risk Analysis Report Type is editable in Access Request.

Access Control: - Create Access Request Using Web Service in GRC10

Design Considerations to reduce Password Self Service (PSS) Intruder Risk

wiki.png User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki

Direct vs. Indirect Role Assignment

 

 

Business Role Management (BRM)

BRM - For the new kid on the block

Maintain Default Roles in BRM GRC AC 10.1

Role Import - GRC 10

Import Role from ECC to GRC system

wiki.png Business Roles concept and usability in GRC AC10

Enabling Business Role updates to existing assigned users

BRM Default Approvers via Condition Groups

BRM Role Methodology via Condition Groups

 

Emergency Access Management (EAM)

EAM - For the new kid on the block

Usage of EAM

EAM - Provisioning Strategies

ID-Based Firefighting vs. Role-Based Firefighting

AC 10.0 - Centralized Emergency Access

Configure Emergency Access (EAM) in GRC 10

De-centralized EAM GRC 10.0

EAM - Approve through Wrokflow

Emergency Access Management Reporting

Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20)

EAM: Requesting emergency access via access request workflow in SAP GRC - step by step.

 

 

See also

SAP Process Control - Useful Documents, Blogs, Resources, etc.

SAP Risk Management - Useful Documents, Blogs, Resources, etc.

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

 

 

Legend

 

document.pngSAP SCN Documents
blog.pngSAP SCN Blogs
wiki.pngSAP Wiki
Newly added document (Contributors: please select from Emoticons )

 

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro

Top 10 most viewed SAP KBA's for GRC Risk Management in January 2015

$
0
0

Purpose

The purpose of this document is to provide a list of the top ten most viewed SAP KBA's for GRC Risk Management in the month of January 2015.


Overview

Below are the top 10 most viewed SAP KBA's for GRC Risk Management.

 

KBA Number

KBA Title

1804950   GRC RM 10.0- From Risk & Opportunity OIF submission of Issue
1705870

   RABAX_STATE dump while creating a response in "Response and Enhancement

   Plans"

1803876   Maintain Analysis Profile dumps as "DYNP_TOO_MANY_RADIOBUTTONS_ON"
1784868   GRC 10.0 Email notification is not sent for Incident workflow
1722449   KRI alert email notification is sent without logo
1800920   How to set work inbox default query
1744953

   Text message not translated.

1731254   POWL does not refresh automatically
1841359   Loss Event Approval task is not generated
1843598

   KRI Implementation based on table KNB4 is throwing error "Data buffer exceeded;

   Table "KNB4" contains too many fields"


Please note, in order to view the contents of the Knowledgebase Articles (KBA), you will need to be logged into Service Marketplace.

 

 

See Also

Top 10 most viewed SAP KBAs for GRC

 

GRC Weekly News - 01/19/2015

$
0
0

RELEASED NOTES AND KBAs


GRC-SAC-ARA

   1986732  GRC 10.0: Risk Violations - Number of Analyzed Users

    2099999  Remediation View screen shows blank while Risk Analysis

    2113597  Tuning Organization Rules for better performance

    2116171  Rule Set is not considered for Critical Role/Profile Risk Analysis

    2117916  Incorrect status in Access rule detail report

 

GRC-SAC-ARQ

   1791296  Note for SAP GRC AC PORTAL PI GRCPIEP in AC10 for NW 730/731

   1806141  GRC 10.0: EUP not supported for Multiple Users requests

   1973753  UAM: Incorrect default roles added into request

   1982339  UAM: End user is able to submit request for business role with retain provision

   2058184  Request with conflict and mitigation report not working

   2069094  Fix related to User details, Default role, system description and unlock action type

   2115282  UAM: Portal role name incomplete in audit log after provisioning

   2116145  Fiori Check Request Status - Cancelled requests displays as "Pending"

   2116262  UAM: Request approval possible with risks

   2116829  Mass load of Business role assignments to users

   2116843  GRC 10.0: Maintain Guided Procedures Gateway

 

GRC-SAC-BRM

   2083724  Program GRAC_CHECK_BROLE_ASSIGNMENT does not exist

   2117294  AC10.1 - Poor performance of Repository Sync

   2117340  Default role import not working

   2058957  Enable manual editing in EAM maintenance screens

   2113707  Remove non working print button

   2116307  Background job status does not change on RFC time out error


    

GRC-SPC

   1899028  Notification goes to Owner if there is no deficiency in Sap Query Scenario in Automated Monitoring

   1954054  Can’t Cancel Event Trigger Automated Monitoring Job

   1988286  Currency amount issue error in ad-hoc query

   2096980  Unreserve the work item for process control work items

   1948002  PC task get reserved on Approver Delegation to a AC user

   2117375  Navigate to Subprocess Tab into Organization details causes short dump

   2117756  Risk template cut not reflected on sub process risks

   2079702  PC10.1SP07: Dump in Evaluation Status Bar Chart

   2104886  Reporting: Long running traverses of Process

   1949265  GRC PC: How to enable multilingual test steps in test plan

   1951090  Problem with period in a copy of recurring plan

   2112383  Empty comments for assessments/surveys

 

GRC-RM

   2114201  Risk OIF - create new risk with Influenced risks - error on save

   2114360  Bow tie builder - entering big number causes dump

   2116408  Risk OIF - Start risk validation in one click

   2117409  WF monitor application for managers - activation/deactivation

   2117687  RM reporting - performance improvement of KRI instance reports

   2118235  Risk template cut - related local risks remains locked

   2118325  Deleted loss events are shown in the "Loss Event Structure" dashboard

   1847859  Reporting: More detail logging of errors in reporting engine

   2117051  Reporting: Performance improvement when processing merged nodes

   2117742  Number of losses and/or loss events in the dashboards are not correct

   2118287  Response Upload: Wrong risk check

 

RELATED INFORMATION


   2094723
  Consolidated Note for SAP Access Control 10.0 Master Note

   2096196 Consolidated Note for SAP Access Control 10.1 Master Note

   2104086  Consolidated Note for Process Control 10.0 Master Data

   2105791  Consolidated Note for Process Control 10.1 Master Data

GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

$
0
0

GRC 10.1 How Reassign functionality works in Emergency Access Management in GRC Access Control


1. Reassignment of Owner Id’s to Firefighter Id’s
2. Reassignment of Controller Id’s to Firefighter Id’s
3. Reassignment of Firefighter Id’s to Firefighter User and vice versa

Reassign Functionality has been introduced due to the Organizational changes and replacement of one user by another in the organization.

Suppose due to some organizational changes in the company one user has been replaced by another user.

Or else some user left the organization and he was the Firefighter Owner/Controller of multiple firefighter Ids.

So to avoid the effort of making changes one by one , the Reassign functionality has been introduced in GRC Access Control 10.1 which replaces the old user by new one and thus save your effort in one shot.

CAUTION: The functionality is intended to use by the Admin user only because the admin user should have the authorization to make changes in the existing assignments.

Firefighter Owner, Controller ,Users and Id’s should not be given any such authorization to make changes in the existing data.


Example:
Owner A having Firefighter ID 1 and 2
Owner B having Firefighter ID 3
On Reassigning Owner A with Owner B, the Owner B should get Firefighter ID 1, 2 and 3 assigned
Owner A shouldn’t be available in the POWL but fresh assignments can be done on Owner A

The same functionality works for Controller , Firefighters and Firefighter ID links.

Note: On reassigning new Owner to any Firefighter ID, the same Onwer ID should gets updated automatically in the Owner Column     of           Firefighters link assignments.


Find the detailed step by step screenshots below:


The POWL screens of Owner, Controller, Firefighters and Firefighter ID’s links in GRC application are provided with Reassign button.

In Owner link, select the existing Owner-Firefighter ID assignment and click Reassign button.

111.png

 

Make sure you get confirmation popup with options Yes/No

2.png


In the Reassignment Screen, the Owner ID text field should be blank and all the already existing firefighter ID’s to that owner ID should be available in the table below.

3.png


Select the new Owner ID using F4 help and click on Save button.

4.png


Now in the POWL screen, there should be multiple entries/lineitems for that new replaced Owner ID corresponding to the number of assigned Firefighter ID’s.
The others line items are available on scrolling down (not included in screenshot)

 

5.png

 

On opening this Owner, it should have all the Firefighter ID assigned which includes his own old assignments and new assignments from the other user.

6.png


Related code fixes/notes on similar area:


2108258 - EAM 10.1, functionality of reassign button on FFID screen
24644 - Reassign should validate the current value at FFuser screen


GRC Weekly News - 01/26/2015

$
0
0

RELEASED NOTES AND KBAs


GRC-SAC-ARA

   2119685  Add multiple client support for data load for Role Search

   2104079  While copying a role  in role mitigation, the role name which contains ampers

   2113066  Role level Risk Analysis not working for input with '*' in them

   2116308  CX_SY_CONVERSION_OVERFLOW error while running role simulation with include user

   2117916  Incorrect status in Access rule detail report

   2120491  Text incorrect for a check box in the Risk Analysis simulation screen

   2120686  T-Code search is slow while opening a function

   2121438  GRAC_DELETE_REPORT_SPOOL doesn't delete all data

   2121521  Mitigation on Business Role Level does not work

   2122162  Analysis Criteria section does not collapse


GRC-SAC-ARQ

   1168508  Compliant User Provisioning 5.3 Support Package (VIRAE)

   1907636  UAM: Distribution list as role onwer was not supported in UAR jobs.

   1976652  Repository sync job is deleting business role assignment data

   2056973  UAM: Incorrect provisioning action is displayed when roles are selected from existing assignments

   2068412  UAM: Approval action not working correctly for mapped role

   2096567  UAM: UAR request are displaying indirectly assigned derived roles and incorrect

   2108896  UAM: Role range in role import is not considered

   2110815  Copy multiuser request not working correctly in case of multiuser request

   2118201  UAM: Re-login required when clicking role name from existing assignments

   2119463  UAM: 'Add comment' hyperlink not available during request approval

   2119407  UAM: Incorrect validity dates when business role is added in the simplified access request

   2120231  UAM: Submission notification variable not filled correctly for business role

   2120438  UAM: Dump while adding business role to access request

   2121176  UAM: User group not provisioned while creating/changing user in CUA

   2122128  User Defaults error: "Entry ALL does not exist in GRFNCCICONNECTOR (check entry)"

   2122132  HR Trigger error "Roles not present in request. No request can be created."

   2122134  MSMP Notification Agent of type "PFCG User groups"

   2122147  Approval error: "Line item comments are mandatory for rejection for assignment"

   2122152  SAP Enterprise Portal SSO does not work for the GRC notification variable links


GRC-SAC-BRM

   1897889  Job Status empty after deleting the role in background.

   1971192  "Role Search” is not consistent with role search in “Roles by Owners and Approver" report

   1987973  The “List of Approvers” check box is not enabled

   2031203Option to add org value map name is not available in naming convention for derived roles
                      and Enhancement implementation is not called

   2045102  Description for single role is empty when import is manually

   2045597  Role Comparison is Incorrect on Actions for Roles with no transactions

   2050347  Role Comparison - role and landscape link work incorrect

   2100042  Critical Roles/Profiles create in ZH can't be display in EN

   2103555  Useless spaces in authorization Error message in role search

   2109444  Language not considered while fetching role description during role import.

   2115671  AC10.1 SP04: GRAC_ROLED object check issues

   2117294  AC10.1 - Poor performance of Repository Sync

   2117340  Default role import not working

   2118711  GRACUSERROLE table not getting updated

   2120396  Unable to import Non PFCG role


GRC-SAC-EAM

   1902228  Irrelevant GRC TCodes are showing in transaction logs

   1962440GRC EAM - Change Log Collection Performance Enhancement

   1988760  Remote login is happing with FFID without using Fire Fighter application

   2015290  FFuser and controller canont be same person via Emergency access request

   2026907  Invalid Super user report Inconsistency

   2118517  Firefighter ID description is coming blank in access request

   2119915  GRC 10.1 EAM: Add button on firefighter assignment screen in inactive

   2118517  Firefighter ID description is coming blank in access request

   2122027  How to identify the workflow generated for a given FFID session?


GRC-SAC-UAR

   2090183  UAM: Incorrect request type action display in template based request

   2103580  UAM: Multiple UAR request generate UAR role rejection for single request


GRC-SAC-UPG

   1731987  GRCPINW V1000_731 Install/Delta Upg/SP on SAP_BASIS 731


GRC-SAC-WF

   2009630  UAM: Company attribute is not available in BRF rule structure for Role Approval


GRC-FRA             

   2118928  Collective Note Error Corrections for DU SAPFRA_CM_FND Fraud Management 1.1 SP05

   2119471  HANA Rules Framework Support Package 2 in Fraud Mangement SP5 verwenden

   2118244  Performance Improvement for Claim Facette UI

   2120209  Network Analysis Doesn't Show Navigation Targets

   2121072  SAVE in Decision Fecett of the alert details is not working

 

GRC-SPC-AC

   1869786  Currency Conversion not working for BRF+ in AMF

   1902686  Conversion routine does not work in Programmed rules

   1917806  Value for column comes blank for change log check scenario

   1930781  Adhoc query on table TSTC do not return results in data source

   1972490  Currency field value is not displayed correctly in Adhoc query

   2048491  Exception List is not editable for Multiple Deficiency

   2096980  Unreserve the work item for process control work items


GRC-SPC-AD

   2120661  Policy Attachment is Not Attaching in PDF Survey in correct form


GRC-SPC-AP

   1948002  PC task get reserved on Approver Delegation to a AC user


GRC-SPC-IU

   1912569  Problem in upgrade at step GRPC_30_2010_UPG_P1_LOCAL_CHG


GRC-SPC-MD

   1914305  Multi Language support issues

   1923467  Duplicated issues on Issue Status Report

   2025068  GRPC_PSTEP_SYNCHRONIZE creates delinkage of objects at local level

   2032790  Frequency is not updated when control type is changed to Event based

   2120592  The replacement functionality dumps for some users

   2119204  Valid From date of Sub Process with respect to the Timeframe selected.


GRC-SPC-MT

   2121735  Custom Defined Field is not enable when Remediation Plan is editable


GRC-SPC-PR

   2112810  Copy function of ad hoc issue management does not work


GRC-SPC-RE

   2010446  Control Test of effectiveness Dashboard report does not show complete data

   2083218  Column Owner displays only one user

   2109409  How to debug the reporting engine for Process Control and Risk Management

    2113340  Dump when searching for Organization unit in Policy Profile


GRC-SPC-SA

   1777657  Policy survey result report shows time in UTC

   1897216  Remediation Plan populated the incorrect user

   2031859  Sorting does not work as expected after filter is used in Planner

   2070990  Applog handling for OWP inbound processing

   2119746  Error in Sending Surveys due to invalid E-mail address of recipient

   2120558  Checkman error SP09

   2121796  This note is technically required to be implemented and avoid delta in 'Role Assignment' correction

 

GRC-SPC-SC

   2065101  Organization maintenance is not possible for the user with ability to do subprocess assignment

    2119901  Authorization check on Plan Activity field in Planner Monitor


GRC-RM              

   1657668  Checkman error in migration tool

   2109176  Authorization check for analysis create displays description instead of the name of the risk

   2118237  New IMG entry - Activate Work Inbox Task Grouping

   2120642  Popup window with error when deleting loss event

   2120510  Reporting: Multiplicated results for non-power user in LEM hierarchical reports

   2119756  Checkman

   2120121  Reporting: Authorization check improvement

   2113131  Interface Note for Enhanced Risk Graphic View

   2120552  Risk change history - underlying risks

   2120819  Risk change history - attachments and links

 

RELATED INFORMATION


    2094723 - Consolidated Note for SAP Access Control 10.0 Master Note

   2096196- Consolidated Note for SAP Access Control 10.1 Master Note

   2104086 - Consolidated Note for Process Control 10.0 Master Data

   2105791 - Consolidated Note for Process Control 10.1 Master Data

Portal Integration with GRC10.0-Issues,Notes

$
0
0

Let me share my experience in the form of document,

May be topic (Portal Integration with GRC10.0) is not new but might be useful for others who are going for same assignments.

It is not a latest assignment for us to document all exact issues, but try to document whatever we faced majorly.

 

We have started with help of below links which are open to everybody

Enterprise Portal Integration with SAP GRC 10.0

 

We have gathered the information about plug ins from below NOTE

1603438 - GRC AC 10.0 EP Plug-In (JAVA), supported NW Versions

 

After creating the Connectors  we have followed the below NOTE for configuration in SPRO

 

1607232 GRC 10.0 Enterprise Portal Configuration

 

Please make sure the below settings should be correct

  1. Maintain the Logical port for WS connector
  2. Attach both the connectors (WS and SPML) to AUTH, PROV and ROLMG scenario-Make sure connectors names are correct
  3. Maintain group field mapping correctly
  4. We need to give SPML RFC and schema as SAPprincipals.in Synchronization Jobs > Fetch IDM Schema.

 

We have faced some challenges while running synchronization jobs

Portal security created some roles with special characters for administrator purpose (easy identification) and user id’s with Zero, like 0Art1CZ, 0Bah4ST.


We have followed the below NOTEs

1841549 - Portal issue with special characters

1833649 - UAM: Portal Users Starting with ZERO (0*) are not synced up


We have faced performance issue while running Repository Object Sync, the below KBA solved issue


1848113 - How to increase the performance syncing objects from portal to GRC

 

Repository job completed but roles are not sync

The below KBA will also help us if NO DAT FOUND in SCHEMA UPDATE

1857609 - GRC10.0: Portal roles/profiles not syncing

 

We need to run sync job for  SCHEMA,as mentioned in the  NOTE

1607232 GRC 10.0 Enterprise Portal Configuration


We can check the status of imported schema by using table GRACIDMSCHEMABUF from SE16 in GRC system.


If any issues while fetching schema into GRC,then follow the below NOTEs

1848215 - Cannot fetch the IDM schema for the EP SPML connector.

2033753 - AC10.0: Unable to Fetch IDM Schema for EP


Mostly the issue will be with connector id, Please make sure to use Portal connector that ends with "_SPML" when running the Schema job.

 

If portal roles are not  provisioning to user,though all configuration settings are correct then check the below Notes

1838692 - Portal role provisioning not happening

1825879 - UAM:Provisioning to mapped user is not working in portal UME


If groups are not getting assigned then follow the below NOTE

1840613 - Groups are not getting assigned to users on Portal

 

If any error occurs while running risk analysis for portal roles implement the NOTE

1852566 - Portal Roles Risk Analysis does not work properly

 

Some of the old threads for more information and issues::


GRC PC 10.0 Enterprise Portal Configuration Guide- http://scn.sap.com/thread/3230036


Compatible Portal Version for GRC 10: http://scn.sap.com/thread/2110735


GRC10 End User Front-end: http://scn.sap.com/thread/2059477


SAP GRC 10 - Integration with Enterprise Portal for User Access Assignment : http://scn.sap.com/thread/3682941


Enterprise Portal Integration with SAP GRC 10.0: http://scn.sap.com/docs/DOC-61262


Role Mapping For Portal Role Assignment and ABAP Role Assignment - GRC 10: http://scn.sap.com/thread/3678168


User sync and provisioning issue in EP - GRC 10: http://scn.sap.com/thread/3595488

 

GRC AC 10 (RAR/CUP/ERM) configuration for EP system: http://scn.sap.com/thread/2073635


SAP GRC 10 Integration with NW7.4 Portal: http://scn.sap.com/thread/3676056

 

May be some more issues which are not able to re collect,if any i will add into same page.

 

if anyone faced issues,they could share and we can include in same page.

 

Regards

Baithi


UAR(User Access Review) in GRC10 Access Control:Common issues,Notes

$
0
0

Purpose of the document:

This document describes the UAR (User Access Review) configuration in GRC10 Access Control and some common issues. We have Wiki documents in SCN for configuration and troubleshoot UAR issues, along with existing information I have documented(collection of issues and notes) the common issues in UAR and related solution notes to keep everything in same page for easy search.


I hope it will be helpful for who are looking for UAR configuration and if any related issue occurs.


For UAR workflow configuration and troubleshoot refer the below WiKi links


User Access Review (UAR) Workflow Configuration and Description:

Wiki Document: http://wiki.scn.sap.com/wiki/x/foi-Eg

 

For Troubleshoot

Wiki Document: http://wiki.scn.sap.com/wiki/x/IYEcF

 

Make sure the below points/settings are mandatory for UAR (User Access Review)


(1) Prerequisite Jobs need to be executed, in sequence, as follows:

  • Repository Object Synch /GRAC_ROLEREP_ROLE_SYNC
  • Repository Object Synch /GRAC_ROLEREP_USER_SYNC
  • Action Usage Synch /GRAC_ACTION_USAGE_SYNC
  • Role Usage Synch / GRAC_ROLE_USAGE_SYNC

 

(2) Role Methodology verification: 

  • Verify that all the roles have been assigned to a methodology in 'Business Role Management'.


(3) Reviewer Verification:

  • Verify that the role owners have been assigned to roles or role users have a manager assigned from the data source system.


(4) Verify Mandatory Configurations: 

  • Verify that the following configuration parameters have been maintained in the IMG.

         Run transaction SPRO, then go to IMG > SAP Reference IMG > Governance, Risk and Compliance-->Access Control-->Maintain Configuration Settings

    1. parameter id = 2004 (Request Type for UAR)
    2. parameter id = 2005 (Default Priority)
    3. parameter id = 2006  (Who are the reviewers?)

 

(5) Verify Coordinator Assignments: 

  • Verify that a coordinator has been assigned to the reviewers (role owner/manager). The coordinator assignment can be viewed from Coordinator and Reviewer Mapping screen.

Go to NWBC work center Access Management --> Compliance Certification Reviews --> Manage Coordinators


(6) User Access Review workflow job:

  • Verify that the task "Update Workflow for UAR request" has been executed from the background scheduler screen or the program GRAC_UAR_UPDATE_WORK FLOW has been executed.

  If update workflow job does not trigger then check the below NOTE 

1732890 - GRC 10.0 - Update Workflow for UAR request job does not trigger the workflow


(7) Verify Request Review:

  • Verify that all the requests are approved by the administrator from Request Review Screen.

Go to NWBC work center Access Management --> Compliance Certification Reviews --> Request Review.

Note: - This will only apply, when the 'Admin Review' is configured. (In IMG, Governance, Risk and Compliance-->Access Control-->Maintain Configuration Settings (parameter id = 2007))


Most common errors when using user access review, different dumps

1955397 - Background jobs fail with SYSTEM_NO_ROLL error message in ABAP dump

1620493 - GRC 10.0 UAR Background Job stuck

2062769 - UAR update workflow job dumps in case of huge data

1879104 - UAM: Getting dump while scheduling UAR request with huge data 

1980305 - UAM: UAR report dumps when role usage data is huge

1780760 - Accessing the UAR request results in DUMP.

1977399 - UAM: UAR status report throwing dump.

2044946 - UAM: Dump is coming while forwarding UAR Request


If number of backend systems are connected to GRC system, not able to generate UAR request

2066113 - UAR requests not getting generated for some systems

 

While submitting UAR request if error occurs 'Submission failure of request“  or 'No active version exists for process SAP_GRAC_USER_ACCESS_REVIEW'

Then check below NOTE

1620495 - GRC 10.0 UAR - Submission failure of request


If created variant is not working for UAR review then check below NOTE

2042714 - UAM:Save variant not working for UAR request


If any error with“Incorrect Request Type configuration for UAR Request“then check below NOTE

2040454 - Unable to generate UAR due to Incorrect Request Type configuration for UAR Request


If UAR request screen is empty for approver to approve, then check below NOTE

1938863 - UAR Review - No content to approve when approver opens the UAR request from inbox


If the button 'Cancel Rejection' does not appear to approver, then check below NOTE

1768509 - The button 'Cancel Rejection' does not appear in User Access Review request

 

If error occurs while forward the request to a Reviewer with Return option, then check below NOTE

1988128 - UAM: Missing line items with forward and return in UAR

 

Sometimes users full details not shown in UAR request, it is basically issue with connector, check below NOTE

2053211 - Full name of some users is not shown in UAR request

 

If we are using two stages of approvals for UAR request then we need to maintain approval type as Complete request in both stages, otherwise approver cannot see details at second stage, check below NOTE

1907938 - UAR - User and Role details are not visible in request


We need to make it visible Escalation parameter in UAR request history report, otherwise we will get No record found message will appear in UAR request history report, check below NOTE

1805804 - UAR: No record found message in User Access Review History Report


Check the below NOTE for importance for View by field in UAR request screen

1867208 - How to understand what controls the “View By” field in the UAR Request Screen


Why Generate data for access request UAR review job status is “In Progress”, check below NOTE

2038346 - UAR/SOD jobs do not finish and keep 'In Progress' status


If only partial data in Audit log, then check below NOTE

2037408 - Audit log is showing partial data for UAR request


If no audit log for SAVE in UAR, then check below NOTE

1947373 - UAM:Unable to make comments mandatory & audit log for save in UAR


If request shows indirect roles and wrong usage count, check below NOTE

1910670 - UAR Request shows indirect roles and wrong usage count

 

Some of the old threads for more information on User Access Review:


UAR Review: http://scn.sap.com/thread/3719805


GRC10 - UAR using BRF+ Agent Rule: http://scn.sap.com/thread/2104971


GRC 10 UAR - Different UAR Approvers: http://scn.sap.com/thread/3297507.


Generates data for access request UAR review: http://scn.sap.com/thread/3276890.


User Access Review Workflow - GRC 10: http://scn.sap.com/thread/3535425


GRC AC V10 - UAR config steps: http://scn.sap.com/thread/2063607.


GRC 10.0 User Access Review-user details not showing in description: http://scn.sap.com/thread/3332003


SAP GRC10 - UAR Review: http://scn.sap.com/thread/2116399


GRC 10 UAR tables: http://scn.sap.com/thread/3721729


Please share or add if any new issues/errors occurs while working with UAR(User Access Review) ,so that we will include in the same page for easy availability.


Regards

Baithi

SAP Customer Influence Program - Collection for SAP GRC

$
0
0

Dear all,

 

SAP Customers Influence program gives you the opportunity of collaborating closely with SAP development teams in development projects. To emphazie important ideas we have collected the most importants to get your support and your subscription. As this program closes shortly we encourage you to review and subscribe as soon as possible.

 

Influence program from GRC can be found here: https://influence.sap.com/ct/c_ent_homex.bix?level_id={811F71D3-900C-45FA-9AE7-A8545B9BF94C}&a=OD5979

 

 

Most important ideas

 

Mitigation Control Assignment vs Access Request

https://influence.sap.com/D8577

 

BRM - Deletion of Roles/Deactivation of roles process has to be improved

https://influence.sap.com/D8382

 

Set a maximum time span for delegation

https://influence.sap.com/D8609

 

Provision roles as they approved

https://influence.sap.com/D8367

 

Handling of Acesss Request Management while system are not available (e.g. inspection windows)

https://influence.sap.com/D8338

 

Role validity period is not considered for risk analysis in access request

https://influence.sap.com/D8318

 

Fire Fighter ID Review (Similar to User Access Review)

https://influence.sap.com/D8137

 

Intergrate ST03N transaction usage statistics into access risk analysis

https://influence.sap.com/D7213

 

Provide a tcode like SU10 to make mass changes to FF owners and controllers, Role Approvers, etc.

https://influence.sap.com/D7638

 

UAR - No Export Function

https://influence.sap.com/D7367

 

GRC - ARQ - Multi-User Requests Should Have Removals Per Users

https://influence.sap.com/D7640

 

AC 10.1 Roles Search / Mass update - Enhance search criteria by 'Between'

https://influence.sap.com/D8114

 

Mass Update Business Role Assignments

https://influence.sap.com/D8574

 

 

Thanks for your support in advance.

 

Best regards,

Alessandro & Madhu

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

$
0
0

The motivation to write this document comes with the Community Collaboration for GRC Blogs and Documents project that we have started recently in the GRC space. Leo (S A) has requested a document that elaborates which tools and transactions are used by a GRC consultant. I have extended the request to also name some programs and tables I regularly use to complete my job. The following listing will give you an overview of transactions, tools, programs and tables used by a GRC consultant. Each table is sortable by clicking on headings.


 

Transactions

 

TransactionDescriptionKey AreaWhy is this useful?Further details, links, etc.
NWBCLaunch Netweaver Business ClientAlllaunch NWBC HTML. You will need to have work centre roles assigned or build you own.
SPROCustomizingAllSelf explanatory - configuration entry point for both GRC and plug-in systems
GRAC_UPLOAD_MIT_ASGNUpload Mitigation AssignmentsARAUpload a huge number of mitigation (user, role, profile) in one shot. You can either append your current mitigations or overwrite. Program GRAC_UPLOAD_MIT_ASSIGNMENTS.Mass change of Mitigation Assignments
GRAC_DWLOAD_MIT_ASGNDownload Mitigation AssignmentsARADownload a huge number of mitigation (user, role, profile) in one shot. Program GRAC_DOWNLOAD_MIT_ASSIGNMENTS.Mass change of Mitigation Assignments
GRFNMW_CONFIGURE_WDMSMP Workflow ConfigurationWFMSMP Workflow Configuration - standard view (web dynpro will launch)
GRFNMW_CONFIGUREMSMP Workflow Config ExpertWFSAP GUI expert mode to configuration workflow configuration. Do not use this transaction if you not familiar or strong with MSMP configuration as you will risk corrupting your build. This is useful if you need to retransport or transport all of the MSMP in one go as you can select it like an IMG table.
GRFNMW_DBGMONITOR_WDMSMP Instance Runtime MonitorWFComprehensive view of the workflow execution for MSMP evaluation including Stage/Path calculation, provisioning notes, notifications and agents. This is useful for an Administrator to track issues with an MSMP after a request has been submitted.
SWDDWorkflow BuilderWF

Unlikely you will need to go into this transaction as the Worfklows for SAP are out of the box and MSMP is used. You can identify the MSMP integration from here.

SWIAWFSAP standard workflow. This will allow you to check the current Workflow and Task numbers. If the MSMP Instance Runtime shows the workflow is completed but SWIA is not completed then there is an issue with the workflow configuration. Check Marketplace incase there is a correction.
GRAC_ROLE_MASS_IMPRTMass Role Import from Backend SystemBRM
GRAC_SPM_CLEANUPCleanup EAM Application DataEAMProgram to clean up EAM tables.
GRAC_EAM/GRAC_SPM and /GRCPI/GRIA_EAMEAM Logon PadEAMFor centralized firefighting, you use GRAC_EAM to open the EAM Launchpad on the GRC system. For decentralized firefighting, you use /GRCPI/GRIA_EAM to open the EAM Launchpad on the plug-in systems. The launchpad for centralized firefighting displays all the plug-in systems to which you have access. The launchpad for decentralized firefighting does not display any systems because it allows you to access only the current plug-in system.
GRAC_UPLOAD_RULESUpload Access Control RulesARAThis is available in the IMG navigation and allows you to import the rule set. Note, if you have workflow activated for you ruleset it will not trigger workflow.
GRAC_COPY_RULESCopy Access Control RulesARAUtility for copying SOD rules from one system to another of same type.
GRAC_RULE_DELETEDelete Access Control RulesARAThis is available in the IMG navigation and allows you to delete the rule set. Note, if you have workflow activated for you ruleset it will not trigger workflow.
GRAC_DOWNLOAD_RULESDownload Access Control RulesARAThis is available in the IMG navigation and allows you to download the rule set. Recommend you save a selection variant with the file name and paths so you do not have to continually maintain them.
GRAC_GENERATE_RULESGenerate Access Control RulesARAThis is available in the IMG navigation and allows you to mass generate the rules. You can also execute this via NWBC, however, this program would allow you to schedule in background via SM36/37
GRAC_RULE_TRANSPORTTransport Access Controls RulesARAThis is available via IMG navigation and allows to mass transport the rule set.
GRAC_EXPORT_RAExport Risk Analysis Data (e.g. when the file is too big for the web)ARAProgram to download the results of the risk analysis to a local file.
GRAC_BATCH_RARisk Analysis in Batch ModeARAThis is available in the IMG navigation and triggers the program for you to schedule batch risk analysis. Ensure your configuration parameters are set
GRAC_GENERATE_RULESWFBuild MSMP rules (usually BRF+). Refer to comment below for creating application first.
GRAC_GEN_ERM_BRFRULEWF/BRMBuild the BRF+ Rules for BRM role methodology and approval conditions groups. Note, before running to to BRF+ and create a shell application that has been assigned to a transport and activated. Use this application in your definition. If not, it gets created in $TMP
BRFPLUSBRFplus WorkbenchWFAlternative transactions: BRF+ and FDT_Workbench. You can maintain the BRF+ rules here and transport through to Production.
STZADCustomizing Time ZonesBCDiscuss with Basis before making any changes to timezone as it can impact EAM log collections, etc.
SLG1Display Application LogsBCApplication log display. It is useful to track error messages. Most GRC authorisations errors will show in the application log
SE61SAP Documentation (Email templates, etc.)AllDocument maintenance.
SE63TranslationsAllThis transaction enables you to directly translate individual objects.
SCPR20Activate BC SetsBasisActivation of BC Sets.Activate BC Sets - Business Configuration Sets (BC-CUS) - SAP Library
PPOMMaintain Organizational PlanBasisMaintain Organizational Plan
SOST/SOSBSAPconncet Send RequestsCheck if there has been an issue with sending on email notifications or reprocess requests. Transaction SOSB can be restricted to limited functionality.Tcode SOST
SCOTSAPconnect AdministrationBasisConfiguration of SAPConnect. Discuss with your Basis team. Take care in enabling in Non-Production environment so you do not accidentally send emails to users and add confusion. If enabled for Non-Prod, recommend you put dummy email addresses on the user accounts.
ST01/STAUTHTRACE/ST05System TraceTrace for an application server. ST01 is useful for authorisation checks and include database calls, kernel and RFC. STAUTHTRACE is new version for security tracing with ALV functionality and drill down (heaps easier to intepret than ST01). ST05 comes in handy to trace SQL calls to find the table where information has been stored.
SM12Enqueue LocksBasisYou can access this in display mode only. It can be a quick way to find which tables your data is stored in. Go into the NWBC screen in change mode so it puts a lock on the tables. Open a new session and go to SM12 to find the tables.
STADDisplay Statistics for all systemsBasisEAM FF logs import STAD information
SCC4Client Administration

Ability to change client setting to enable cross-client changes. Do not make changes to these settings without discussing with Basis. Depending on your landscape strategy you may need to maintain some IMG settings directly in the client (such as integration framework)

SNOTENote AssistantBCImport and apply SAP Notes. You will need to check with your company's policy for note application responsible. If you have not applied and OSS note before, it is strongly recommended your talk to your developer or Basis to learn about pre-requisite and post-processing activities. In some cases, a developer key will be necessary.
SE01/SE09Transport OrganizerBCManage your transports
SE16 / SE16NData BrowserTransaction to easily browse thru data tables.
SM01Lock TransactionsSECLock transaction to prevent users (even if authorised) from executing the transaction. Usually security is responsible for this activity.
SM36Schedule Background JobsBCGRC Access Controls uses a job scheduler via NWBC. SM36 jobs for connector sync,etc can be set up via SM36
SM37Overview of Background JobsBCAllow you to view background jobs. All jobs runtimes will show here, even if scheduled via NWBC.
SA38ABAP ReportingABAPExecute SAP ABAP programs.
SE38ABAP EditorABAPProgram Editor
SE80Object NavigationABAPSAP Development workbench, most development functionality is available from this transaction.
SE37ABAP FunctionABAPMSMP SAP standard rules are usually function modules. You can look at the code if you want to better understand what is being evaluated. Also comes in handy for break point if you need to debug.
SE24ABAP ClassABAPuseful if you need to check the code and add a breakpoint to a method
OOCUTask Customizing
BD54Logical SystemsBasisRFC connections have to be defined as a logical system (usually same name) to then reference in the integration framework configuration
SM59RFC DestinationsBasisRFC Configuration
SM66/SM50WorkprocessBasisView the number of background work process available to define as part of the integration framework for background job processing
SUIMSECUser Information Reporting system
S_BCE_68001426Transactions for UserSECReport shows a list of all transactions assigned to a user. This is a very helpful report to identify critical transactions as user has access to.
S_BCE_68001418Roles by Role NameSECReport to find roles by complex selection criterias. This report can be used to find roles by description, etc.
S_BCE_68001419Roles by User AssignmentSECReport shows a list of all roles assigned to a user. This is very helpful to have an overview of all authorized roles a user have.
S_BCE_68001420Roles by Transaction AssignmentSECReports shows a list of all roles that includes a specific transaction. This is very helpful to easily find possible roles to assign a transaction.
SICFHTTP ServicesBCDiscuss with Basis and Security before activating these as it poses a security risk. If you receive a 403 Forbidden error in NWBC it means a service needs to be activated for the webdynpro. You can also test the services here. For PSS/End User Login screens, the SICF services need to be configured with the Service Account Username and Password stored
GRAC_REP_OBJ_SYNCObject Rep SyncAllUser + Role + Profile Synchronization Job
GRAC_USER_SYNCUser SyncAllUser Synchronization Job
GRAC_ROLE_SYNCRole SyncAllRole Synchronization Job
GRAC_ROLE_USAGE_SYNCRole Usage SyncAllRole Usage Synchronization Job
GRAC_ACT_USAGE_SYNCAction Usage SyncEAM/ARAAction Usage Synchronization Job
GRAC_PROFILE_SYNCProfile SyncAllProfile Synchronization Job
GRAC_AUTH_SYNCAuth SyncAllAuthorization data Synchronization Job
GRAC_SPM_SYNCEAM SyncEAMEmergency Access Management Master Data Synchronization Job
GRAC_SPM_WF_SYNCEAM Workflow SynchronizationEAMEmergency Access Managmement Workflow Synchronization Job
GRAC_SPM_LOG_SYNCEAM Log SyncEAMEmergency Access Management Log Synchronization Job
GRFN_STR_DISPLAY / GRFN_STR_CHANGEOrg Structure Expert ChangeAll

These transactions show all the relationships between objects in the structure considering the timeframe of each object and the timeframe of the relationship.


Both are considered super transactions which are really sensitive. They are exclusive GRC transactions to check Objects Hierarchy. The point of GRFN_STR_CHANGE is that within this transaction you can change master data that you could not using UI. It means that the structure change transaction is not recommended as you can cause severe data inconsistency in the system if you use it without knowing it.

PFCGRole MaintenanceBasisRole maintenance to create and edit roles.5 Role Maintenance in PFCG - SAP NetWeaver Business Client - SAP Library
SU01User MaintenanceBasisUser maintenance
SE16Data BrowserBasisData browser to view/add table data
SM30/SM31/SM34View MaintenanceBasisSE16 and SM30 essentially give direct access to tables information. SM30 is restricted in a way that you cannot use the SM30 interface to view all the tables. Only tables with a maintaince dialog defined can be accessed through SM30. But there is no restriction on the access to tables in SE16 as long as u have access to the authorization group pertaining to the table you will be able to access the information through SE16.
GRFNMW_ADMINMSMP Power User / DebugWF
GRFNMW_CN_VERAMSMP Process Active Version Maint.WF
GRFNMW_DEBUGMSMP Process Debug SettingsWF
GRFNMW_DEBUG_MSGMSMP Process Debug Messages SettingsWF
GRFNMW_DEV_CONFIGMSMP Development ConfigurationWF
GRFNMW_DEV_RULESMSMP Rule Generation / TestingWF
GRFNMW_GEN_VERSIONGenerate Versions for MSMP ConfigWFGenerate version is useful to run after you import a transport (post processing activity) instead of going into MSMP screen to activate.
GRFNMW_MONITORMSMP Workflow MonitoringWFMonitoring of the MSMP Workflow statistics.
GRAC_ENDUSRFORM_SICFEnd user form SICF service
GRAC_FFOBJ_DSC_MAINTMaintain EAM FF Object Description
GRAC_FFOBJ_DSC_MNT1Firefighter Object Maintenance
GRAC_IDM_SCHEMA_SYNCIDM Schema Update
GRAC_DATA_MIGRATIONAC10 Data MigrationProgram to migrate data from an earlier version.
GRAC_DELETE_REPORT_SDelete Report Spool data
GRACRABATCH_MONITORBatch Risk Analysis MonitorThis program is used to monitor the execution status of a running batch risk analysis.
GRAC_ALERT_GENERATEAlert GenerationProgram that generates alerts.SAP Access Control 10.0 Alerting
GRAC_BATCH_RARisk Analysis In Batch ModeOffline analysis is not real-time data but is dependent on the date of the last Batch Risk Analysis. The Batch Risk Analysis is run as background job in GRC by using transaction GRAC_BATCH_RA (program GRAC_BATCH_RISK_ANALYSIS).Online vs. Offline Risk Analysis
WD_TRACE_TOOLWebDynpro TracingBasisThe Web Dynpro trace tool supports the analysis of problems and errors arising in Web Dynpro ABAP, by collecting and listing the data related to the Web Dynpro ABAP application.Web Dynpro Trace Tool - Web Dynpro for ABAP - SAP Library

 

Programs

 

ProgramDescriptionWhy is this useful?Further details, links, etc.
PRGN_COMPRESS_TIMESProgram to merge the assignments of identical users and roles, provided the validity periods overlap with one another or immediately follow each other. Also you can delete expired assignments.

Very helpful to easily delete expired assignments or to clean up the assignments after a system copy.

 

Please note that this program should not be run if you have ARQ in place for business roles provisioning.

Before Initial Load ...
TZCUSTHELPTroubleshooting Support for Time Zone SettingsTimezone changes best practices - Basis Corner - SCN Wiki
TZONECHECKCheck Time Zone Data for ConsistencyTimezone changes best practices - Basis Corner - SCN Wiki
RSLDAPSYNC_USERSynchronization of SAP User Administration with an LDAP-Compatible Directory ServiceSynchronization of SAP User Administration with an LDAP-Compatib - Identity Management - SAP Library
GRFNMW_BATCH_EMAIL_REMINDERJob User to send Email reminders to approvers based on number of days and frequency
GRFNMW_BATCH_STALE_REQUESTThis program was useful for deleting non-actionable old requests from the system as housekeeping activity
RSCONN01This job used for sending email (and other types of communication items)
/GRCPI/GRIA_DNLDROLESDownload roles data for mass import
GRAC_CHECK_BROLE_ASSIGNMENTThe program checks the consistency of business roles assigned to user. The report fetches all the business roles assigned to user and then gets list of single roles that are part of those business roles.  Then repository is checked to see that all the single roles which are part of business roles are assigned to user with correct validity and relation. Inconsistencies can be identified easily with a single report.http://service.sap.com/sap/support/notes/2036088

 

 

Tables

 

TableDescriptionWhy is this useful?Further details, links, etc.
GRACREVREJUSERUAR Rejected Users
GRACREJREASONUAR Rejected Reasons
GRACREJREASONTUAR Rejected Reasons Texts
USR02User Logon Data
GRACOWNERMaster Table for Central Owner Administration

 

Other tools

 

ToolDescriptionWhy is this useful?Further details, links, etc.

 

 

I am really looking forward to your input to extend the listing.

 

Best regards,

Ale,Col& Madhu

GRC Document Collaboration Topics

$
0
0

Hi All

 

If you are wondering what this document is all about then please refer to: Community Collaboration for GRC Blogs and Documents - you will find an overview of what this community collaboration is about and the rules on how you can contribute. You are still encouraged to write your own blogs and documents without participating in this process (it would be nice if you could update this document to let the community know you are working on something).

 

You are also welcome to be both the person who suggests the topic and the author. This can advertise you are working on the topic and hold yourself accountable to a deadline that the community is aware of.

 

 

Remember: Add a row below the 3rd row of the table to included your suggestion. Please do not change the first three heading rows as these rows indicate the title and a short summary of the content below. When including your name, please include your SCN profile as a hyperlink (easiest way to open your Profile in a new browser tab and copy the URL)

 

 

Step 1: Requester to CompleteStep 2: Author to completeStep 3: Option (collaborator to complete)Step 4: Author to PublishModerator and Coordinator Override
DateSuggestedSuggested ByDocument TypeIdeaAuthorDate DueAssistance?NameLink to itemModerator and reason for rejection
DD/MM/YYYYYour SCN  Profile URLblog or documentTitle or topic ideaYour SCN  Profile URLDD/MM/YYYY

do you want any assistance?

If yes, summarise (input, review, etc)

Your SCN profile URLSCN document or blog linkModerators or Coordinators to advise if topic is not appropriate.
27/08/2014Alessandro Banzer / Colleen LeeDocumentAnalysis of the SAP delivered rule-set - do you accept as it is? Do you build your own or do you do something in between?
13/09/2014Colleen LeeDocumentBusiness Role Management - overview and use of the methodology customisation
13/09/2014Colleen LeeBlogBusiness Role Manager - What are the benefits and issues with using BRM and integrating with ARA and ARQ?
02/10/14S ADocumentPSS - Best practices, pitfalls to avoid and things to consider while enabling PSS?Colleen Lee12/10/2014Reviewed by S.A, Alessandro & GretchenDesign Considerations to reduce Password Self Service (PSS) Intruder RiskApproved
02/10/2014Colleen LeeBlogBRM - discussion use of profile generation to distribute role to different systems vs system transportsAlessandro Banzer12/12/2014Input from Susanne Obrist-Niederer (Susanne is a highly experienced authorization consultant with several international projects in her backpack).
02/10/2014Colleen LeeDocumentSummary of the GRC Org structure - which sections apply to AC, PC and RM and any tips on integration with ERP
30/10/2014Darnell SuggsDocumentLink or Page to latest Configuration and Integration Documents for GRC AC 10.1 similar to SAP BOBJ AC 10.0
21/11/2014Alessandro BanzerDocumentUsage of EAM - appropriate and inappropriate usage and its dangersAlessandro Banzer30/11/2014Reviewed by Alessandro & ColleenUsage of EAMApproved
02/03/2015Alessandro BanzerDocumentDifferences of direct and indirect role assignmentAlessandro Banzer06/03/2015Direct vs. Indirect Role AssignmentApproved

SAP Process Control - Useful Documents, Blogs, Resources, etc.

$
0
0

This document is a collection of the most useful SAP GRC Process Control documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Risk Management and Process Control 10.0 Content Starter Kits

SAP BusinessObjects GRC 10.0 Integration Guide – Access and Process Control 10.0

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

SAP BusinessObjects Process Control 3.0 Implementation Checklist

Using RiskBusiness Content with GRC Risk Management and Process Control 10.0

SAP Business Objects Process Control 10.0 Automated Monitoring Overview

SAP BusinessObjects Process Control 3.0 Expert Guidelines, Tips, and Techniques to Successfully Implement SAP BusinessOb…

 

 

How To's

SAP BusinessObjects Process Control 3.0 and Risk Management 3.0 How to Enable Additional Survey Capabilities

SAP BusinessObjects Process Control 3.0 Reports Description

SAP BusinessObjects Process Control 3.0 How-To Choose the Best Technique for Master Data Uploads

 

 

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

wiki.png General tips to help in troubleshooting scenarios

wiki.png Debugging tips

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Extended Workflows

wiki.pngConfiguring Workflow E-mail Notification

 

 

CLM and MDUG

GRC Process Control 10.0: Content Lifecycle Management

 

 

Reports and Dashboards (RE)

wiki.pngHow to Customize and Enhance reports in PC and RM

 

 

Automated Monitoring (AM)

How to set up a Configurable Business Rule

SAP Business Objects Process Control 10.0 Automated Monitoring Overview

 

 

See also

SAP Access Control - Useful Documents, Blogs, Resources, etc.

SAP Risk Management - Useful Documents, Blogs, Resources, etc. 

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

 

 

Legend

 

document.pngSAP SCN Documents
blog.pngSAP SCN Blogs
wiki.pngSAP Wiki
Newly added document (Contributors: please select from Emoticons )

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro& Fernando

SAP Risk Management - Useful Documents, Blogs, Resources, etc.

$
0
0

This document is a collection of the most useful SAP GRC Risk Management documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Risk Management and Process Control 10.0 Content Starter Kits

Overview of SAP BusinessObjects Risk Management 10.0

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

Using RiskBusiness Content with GRC Risk Management and Process Control 10.0

 

 

How To's

SAP BusinessObjects Process Control 3.0 and Risk Management 3.0 How to Enable Additional Survey Capabilities

SAP BusinessObjects RM 3.0 Quantitative Risk Analysis v1.0

Risk Management 3.0 Architecture Requirements

 

 

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

wiki.png General tips to help in troubleshooting scenarios

wiki.png Debugging tips

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Bow-Tie Risks

wiki.png Integration with Bow-Tie Builder in Risk Management 10.0

 

 

Risk Aggregation

wiki.png Risk Aggregation in RM 10.0

 

 

Integration

wiki.pngRM 10.0 Integration of Activity and Process Control local Sub processes


 

See also

SAP Access Control - Useful Documents, Blogs, Resources, etc.

SAP Process Control - Useful Documents, Blogs, Resources, etc.

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

 

Legend

 

document.pngSAP SCN Documents
blog.pngSAP SCN Blogs
wiki.pngSAP Wiki
Newly added document (Contributors: please select from Emoticons )

 

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro& Fernando

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

$
0
0

SAP Access Control - Useful Documents, Blogs, Resources, etc.

$
0
0

This document is a collection of the most useful SAP GRC Access Control documents, blogs, resources, links, etc. here in SCN.

 

Overview

Getting Started with SAP Governance, Risk and Compliance Solutions (GRC)

GRC Processes, Lifecycles and Responsibilities

 

 

General opinion and thought-leadership

Are you ready to implement GRC 10?

A lot of help from my friends

If I had it to do all over: looking back on GRC 10 projects

Lessons learned from SAP GRC projects

Remediating Access Control SoD Risks

Internal Controls - a step towards strong controls

Defining Mitigating Controls / Compensating Controls

IT Control Testing - SOX Compliance

A #GRC tool is just part of the solution

It’s Just a Few GRC Ideas….Place

 

 

GRC General

Helpful transactions, tools, programs, tables, etc. for a SAP GRC Consultant

NWBC screen layout options for GRC

Customizing NWBC for New Menus with our own Transactions, Reports and Accessing SAP Backend Systems from NWBC

Configure LaunchPad for Menus

Customizing Access request and approval screens in GRC Access Control

Issues, Bugs in GRC SP13 - Related Fixes

wiki.pngGeneral tips to help in troubleshooting scenarios

wiki.pngAccess Control Debugging tips

SAP GRC AC 10.1 - Enhancements

 

 

Product Support

GRC Product Support Monthly Newsletter

 

 

HR Triggers

wiki.png Understanding HR Triggers in Access Control 10.0 - Governance, Risk and Compliance - SCN Wiki

wiki.png GRC 10.0 - HR Trigger configuration - Governance, Risk and Compliance - SCN Wiki

Example of decision table for GRC 10 HR Trigger rule, using BRF+ tool

GRC Access Control - Compliant User Provisioning: HR Triggers

wiki.png Debugging HR Trigger - GRAC_HR_TRIGGER_EVENT_RECIEVER

wiki.png Debugging HR Trigger - Simulation

wiki.png Debugging HR Trigger - PA40 changes to infotypes

 

 

MSMP Workflows

AC 10.0 - Customizing Workflows for Access Management

MSMP - Multi Step Multi Process – GRC’s answer to Workflow Configuration Flexibility

 

 

BRF+ Configuration

Determining the Logic behind Decision Tables

 

 

LDAP

Configuring LDAP Connector in Compliant User Provisioning of GRC Access Control

LDAP Group parameter mapping.. what does it mean?

 

 

Mobile Apps in SAP GRC

Administrator guides for Access Approver, Policy Survey, etc.

Fiori apps in GRC – Install two applications in 5 easy steps

 

 

Access Control with Identity Management (IdM)

SAP BusinessObjects GRC 10.0 Integration Guide – Access Control 10.0 and NetWeaver Identity Management

SAP Access Control 10.0 Interface for Identity Management

 

 

SAP GRC with SAP BPC

How to Assign SAP Business Planning and Consolidation Authorizations via the SAP Governance, Risk, and Compliance (GRC) Access Control Compliance User Provisioning Product

 

 

Access Risk Analysis (ARA)

ARA - For the new kid on the block

Rule set - Rules & Rule Types

Business Risks / Rule Set

Download, Modify and Upload the Access Risk Analysis Rule Set in SAP Access Control 10.x.

How to set up a Configurable Business Rule

Online vs. Offline Risk Analysis

Creation of Mitigation Controls in GRC 10.0

Organizational Rules in GRC Access Control

Mass change of Mitigation Assignments

SAP GRC AC 10.0 Alerting

wiki.png The Action Usage Sync job in technical details - GRC Access Control 10.0

wiki.png The Repository - GRC Access Control 10.0 

 

 

Access Request Management (ARM)

ARM - For the new kid on the block

AC10.0/10.1: Create Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls

Approve/Reject Own Requests

How to Change Subject Line in SAP GRC Email notification

Recommendations for using Business roles provisioning in access request

Configure Manager Look-Up in ARM for GRC 10

Role Search Screen Enhancement – GRC 10

Terminate Account - Request Process - GRC 10

Creating Access Request: Template Based Requests and Configuring End User Personalization forms for use with Access Requ…

GRC Request with both System and Role Line Items

Access Control 10 (ARM) – Risk Analysis Report Type is editable in Access Request.

Access Control: - Create Access Request Using Web Service in GRC10

Design Considerations to reduce Password Self Service (PSS) Intruder Risk

wiki.png User Access Review(UAR) Workflow Configuration and Description - Governance, Risk and Compliance - SCN Wiki

Direct vs. Indirect Role Assignment

 

 

Business Role Management (BRM)

BRM - For the new kid on the block

Maintain Default Roles in BRM GRC AC 10.1

Role Import - GRC 10

Import Role from ECC to GRC system

wiki.png Business Roles concept and usability in GRC AC10

Enabling Business Role updates to existing assigned users

BRM Default Approvers via Condition Groups

BRM Role Methodology via Condition Groups

 

Emergency Access Management (EAM)

EAM - For the new kid on the block

Usage of EAM

EAM - Provisioning Strategies

ID-Based Firefighting vs. Role-Based Firefighting

AC 10.0 - Centralized Emergency Access

Configure Emergency Access (EAM) in GRC 10

De-centralized EAM GRC 10.0

EAM - Approve through Wrokflow

Emergency Access Management Reporting

Analysis and Recommended Settings of the Security Audit Log (SM19 / SM20)

EAM: Requesting emergency access via access request workflow in SAP GRC - step by step.

 

 

See also

SAP Process Control - Useful Documents, Blogs, Resources, etc.

SAP Risk Management - Useful Documents, Blogs, Resources, etc.

SAP Fraud Management - Useful Documents, Blogs, Resources, etc.

 

 

Legend

 

document.pngSAP SCN Documents
blog.pngSAP SCN Blogs
wiki.pngSAP Wiki
Newly added document (Contributors: please select from Emoticons )

 

 

Please help in updating the collection so that new users can get a well structured overview for their information.

 

Best regards,

Alessandro

Top 10 most viewed SAP KBA's for GRC Risk Management in January 2015

$
0
0

Purpose

The purpose of this document is to provide a list of the top ten most viewed SAP KBA's for GRC Risk Management in the month of January 2015.


Overview

Below are the top 10 most viewed SAP KBA's for GRC Risk Management.

 

KBA Number

KBA Title

1804950   GRC RM 10.0- From Risk & Opportunity OIF submission of Issue
1705870

   RABAX_STATE dump while creating a response in "Response and Enhancement

   Plans"

1803876   Maintain Analysis Profile dumps as "DYNP_TOO_MANY_RADIOBUTTONS_ON"
1784868   GRC 10.0 Email notification is not sent for Incident workflow
1722449   KRI alert email notification is sent without logo
1800920   How to set work inbox default query
1744953

   Text message not translated.

1731254   POWL does not refresh automatically
1841359   Loss Event Approval task is not generated
1843598

   KRI Implementation based on table KNB4 is throwing error "Data buffer exceeded;

   Table "KNB4" contains too many fields"


Please note, in order to view the contents of the Knowledgebase Articles (KBA), you will need to be logged into Service Marketplace.

 

 

See Also

Top 10 most viewed SAP KBAs for GRC

 

GRC Weekly News - 01/19/2015

$
0
0

RELEASED NOTES AND KBAs


GRC-SAC-ARA

   1986732  GRC 10.0: Risk Violations - Number of Analyzed Users

    2099999  Remediation View screen shows blank while Risk Analysis

    2113597  Tuning Organization Rules for better performance

    2116171  Rule Set is not considered for Critical Role/Profile Risk Analysis

    2117916  Incorrect status in Access rule detail report

 

GRC-SAC-ARQ

   1791296  Note for SAP GRC AC PORTAL PI GRCPIEP in AC10 for NW 730/731

   1806141  GRC 10.0: EUP not supported for Multiple Users requests

   1973753  UAM: Incorrect default roles added into request

   1982339  UAM: End user is able to submit request for business role with retain provision

   2058184  Request with conflict and mitigation report not working

   2069094  Fix related to User details, Default role, system description and unlock action type

   2115282  UAM: Portal role name incomplete in audit log after provisioning

   2116145  Fiori Check Request Status - Cancelled requests displays as "Pending"

   2116262  UAM: Request approval possible with risks

   2116829  Mass load of Business role assignments to users

   2116843  GRC 10.0: Maintain Guided Procedures Gateway

 

GRC-SAC-BRM

   2083724  Program GRAC_CHECK_BROLE_ASSIGNMENT does not exist

   2117294  AC10.1 - Poor performance of Repository Sync

   2117340  Default role import not working

   2058957  Enable manual editing in EAM maintenance screens

   2113707  Remove non working print button

   2116307  Background job status does not change on RFC time out error


    

GRC-SPC

   1899028  Notification goes to Owner if there is no deficiency in Sap Query Scenario in Automated Monitoring

   1954054  Can’t Cancel Event Trigger Automated Monitoring Job

   1988286  Currency amount issue error in ad-hoc query

   2096980  Unreserve the work item for process control work items

   1948002  PC task get reserved on Approver Delegation to a AC user

   2117375  Navigate to Subprocess Tab into Organization details causes short dump

   2117756  Risk template cut not reflected on sub process risks

   2079702  PC10.1SP07: Dump in Evaluation Status Bar Chart

   2104886  Reporting: Long running traverses of Process

   1949265  GRC PC: How to enable multilingual test steps in test plan

   1951090  Problem with period in a copy of recurring plan

   2112383  Empty comments for assessments/surveys

 

GRC-RM

   2114201  Risk OIF - create new risk with Influenced risks - error on save

   2114360  Bow tie builder - entering big number causes dump

   2116408  Risk OIF - Start risk validation in one click

   2117409  WF monitor application for managers - activation/deactivation

   2117687  RM reporting - performance improvement of KRI instance reports

   2118235  Risk template cut - related local risks remains locked

   2118325  Deleted loss events are shown in the "Loss Event Structure" dashboard

   1847859  Reporting: More detail logging of errors in reporting engine

   2117051  Reporting: Performance improvement when processing merged nodes

   2117742  Number of losses and/or loss events in the dashboards are not correct

   2118287  Response Upload: Wrong risk check

 

RELATED INFORMATION


   2094723
  Consolidated Note for SAP Access Control 10.0 Master Note

   2096196 Consolidated Note for SAP Access Control 10.1 Master Note

   2104086  Consolidated Note for Process Control 10.0 Master Data

   2105791  Consolidated Note for Process Control 10.1 Master Data

GRC10.1 How Reassign functionality works in Emergency Access Management in GRC

$
0
0

GRC 10.1 How Reassign functionality works in Emergency Access Management in GRC Access Control


1. Reassignment of Owner Id’s to Firefighter Id’s
2. Reassignment of Controller Id’s to Firefighter Id’s
3. Reassignment of Firefighter Id’s to Firefighter User and vice versa

Reassign Functionality has been introduced due to the Organizational changes and replacement of one user by another in the organization.

Suppose due to some organizational changes in the company one user has been replaced by another user.

Or else some user left the organization and he was the Firefighter Owner/Controller of multiple firefighter Ids.

So to avoid the effort of making changes one by one , the Reassign functionality has been introduced in GRC Access Control 10.1 which replaces the old user by new one and thus save your effort in one shot.

CAUTION: The functionality is intended to use by the Admin user only because the admin user should have the authorization to make changes in the existing assignments.

Firefighter Owner, Controller ,Users and Id’s should not be given any such authorization to make changes in the existing data.


Example:
Owner A having Firefighter ID 1 and 2
Owner B having Firefighter ID 3
On Reassigning Owner A with Owner B, the Owner B should get Firefighter ID 1, 2 and 3 assigned
Owner A shouldn’t be available in the POWL but fresh assignments can be done on Owner A

The same functionality works for Controller , Firefighters and Firefighter ID links.

Note: On reassigning new Owner to any Firefighter ID, the same Onwer ID should gets updated automatically in the Owner Column     of           Firefighters link assignments.


Find the detailed step by step screenshots below:


The POWL screens of Owner, Controller, Firefighters and Firefighter ID’s links in GRC application are provided with Reassign button.

In Owner link, select the existing Owner-Firefighter ID assignment and click Reassign button.

111.png

 

Make sure you get confirmation popup with options Yes/No

2.png


In the Reassignment Screen, the Owner ID text field should be blank and all the already existing firefighter ID’s to that owner ID should be available in the table below.

3.png


Select the new Owner ID using F4 help and click on Save button.

4.png


Now in the POWL screen, there should be multiple entries/lineitems for that new replaced Owner ID corresponding to the number of assigned Firefighter ID’s.
The others line items are available on scrolling down (not included in screenshot)

 

5.png

 

On opening this Owner, it should have all the Firefighter ID assigned which includes his own old assignments and new assignments from the other user.

6.png


Related code fixes/notes on similar area:


2108258 - EAM 10.1, functionality of reassign button on FFID screen
24644 - Reassign should validate the current value at FFuser screen


GRC Weekly News - 01/26/2015

$
0
0

RELEASED NOTES AND KBAs


GRC-SAC-ARA

   2119685  Add multiple client support for data load for Role Search

   2104079  While copying a role  in role mitigation, the role name which contains ampers

   2113066  Role level Risk Analysis not working for input with '*' in them

   2116308  CX_SY_CONVERSION_OVERFLOW error while running role simulation with include user

   2117916  Incorrect status in Access rule detail report

   2120491  Text incorrect for a check box in the Risk Analysis simulation screen

   2120686  T-Code search is slow while opening a function

   2121438  GRAC_DELETE_REPORT_SPOOL doesn't delete all data

   2121521  Mitigation on Business Role Level does not work

   2122162  Analysis Criteria section does not collapse


GRC-SAC-ARQ

   1168508  Compliant User Provisioning 5.3 Support Package (VIRAE)

   1907636  UAM: Distribution list as role onwer was not supported in UAR jobs.

   1976652  Repository sync job is deleting business role assignment data

   2056973  UAM: Incorrect provisioning action is displayed when roles are selected from existing assignments

   2068412  UAM: Approval action not working correctly for mapped role

   2096567  UAM: UAR request are displaying indirectly assigned derived roles and incorrect

   2108896  UAM: Role range in role import is not considered

   2110815  Copy multiuser request not working correctly in case of multiuser request

   2118201  UAM: Re-login required when clicking role name from existing assignments

   2119463  UAM: 'Add comment' hyperlink not available during request approval

   2119407  UAM: Incorrect validity dates when business role is added in the simplified access request

   2120231  UAM: Submission notification variable not filled correctly for business role

   2120438  UAM: Dump while adding business role to access request

   2121176  UAM: User group not provisioned while creating/changing user in CUA

   2122128  User Defaults error: "Entry ALL does not exist in GRFNCCICONNECTOR (check entry)"

   2122132  HR Trigger error "Roles not present in request. No request can be created."

   2122134  MSMP Notification Agent of type "PFCG User groups"

   2122147  Approval error: "Line item comments are mandatory for rejection for assignment"

   2122152  SAP Enterprise Portal SSO does not work for the GRC notification variable links


GRC-SAC-BRM

   1897889  Job Status empty after deleting the role in background.

   1971192  "Role Search” is not consistent with role search in “Roles by Owners and Approver" report

   1987973  The “List of Approvers” check box is not enabled

   2031203Option to add org value map name is not available in naming convention for derived roles
                      and Enhancement implementation is not called

   2045102  Description for single role is empty when import is manually

   2045597  Role Comparison is Incorrect on Actions for Roles with no transactions

   2050347  Role Comparison - role and landscape link work incorrect

   2100042  Critical Roles/Profiles create in ZH can't be display in EN

   2103555  Useless spaces in authorization Error message in role search

   2109444  Language not considered while fetching role description during role import.

   2115671  AC10.1 SP04: GRAC_ROLED object check issues

   2117294  AC10.1 - Poor performance of Repository Sync

   2117340  Default role import not working

   2118711  GRACUSERROLE table not getting updated

   2120396  Unable to import Non PFCG role


GRC-SAC-EAM

   1902228  Irrelevant GRC TCodes are showing in transaction logs

   1962440GRC EAM - Change Log Collection Performance Enhancement

   1988760  Remote login is happing with FFID without using Fire Fighter application

   2015290  FFuser and controller canont be same person via Emergency access request

   2026907  Invalid Super user report Inconsistency

   2118517  Firefighter ID description is coming blank in access request

   2119915  GRC 10.1 EAM: Add button on firefighter assignment screen in inactive

   2118517  Firefighter ID description is coming blank in access request

   2122027  How to identify the workflow generated for a given FFID session?


GRC-SAC-UAR

   2090183  UAM: Incorrect request type action display in template based request

   2103580  UAM: Multiple UAR request generate UAR role rejection for single request


GRC-SAC-UPG

   1731987  GRCPINW V1000_731 Install/Delta Upg/SP on SAP_BASIS 731


GRC-SAC-WF

   2009630  UAM: Company attribute is not available in BRF rule structure for Role Approval


GRC-FRA             

   2118928  Collective Note Error Corrections for DU SAPFRA_CM_FND Fraud Management 1.1 SP05

   2119471  HANA Rules Framework Support Package 2 in Fraud Mangement SP5 verwenden

   2118244  Performance Improvement for Claim Facette UI

   2120209  Network Analysis Doesn't Show Navigation Targets

   2121072  SAVE in Decision Fecett of the alert details is not working

 

GRC-SPC-AC

   1869786  Currency Conversion not working for BRF+ in AMF

   1902686  Conversion routine does not work in Programmed rules

   1917806  Value for column comes blank for change log check scenario

   1930781  Adhoc query on table TSTC do not return results in data source

   1972490  Currency field value is not displayed correctly in Adhoc query

   2048491  Exception List is not editable for Multiple Deficiency

   2096980  Unreserve the work item for process control work items


GRC-SPC-AD

   2120661  Policy Attachment is Not Attaching in PDF Survey in correct form


GRC-SPC-AP

   1948002  PC task get reserved on Approver Delegation to a AC user


GRC-SPC-IU

   1912569  Problem in upgrade at step GRPC_30_2010_UPG_P1_LOCAL_CHG


GRC-SPC-MD

   1914305  Multi Language support issues

   1923467  Duplicated issues on Issue Status Report

   2025068  GRPC_PSTEP_SYNCHRONIZE creates delinkage of objects at local level

   2032790  Frequency is not updated when control type is changed to Event based

   2120592  The replacement functionality dumps for some users

   2119204  Valid From date of Sub Process with respect to the Timeframe selected.


GRC-SPC-MT

   2121735  Custom Defined Field is not enable when Remediation Plan is editable


GRC-SPC-PR

   2112810  Copy function of ad hoc issue management does not work


GRC-SPC-RE

   2010446  Control Test of effectiveness Dashboard report does not show complete data

   2083218  Column Owner displays only one user

   2109409  How to debug the reporting engine for Process Control and Risk Management

    2113340  Dump when searching for Organization unit in Policy Profile


GRC-SPC-SA

   1777657  Policy survey result report shows time in UTC

   1897216  Remediation Plan populated the incorrect user

   2031859  Sorting does not work as expected after filter is used in Planner

   2070990  Applog handling for OWP inbound processing

   2119746  Error in Sending Surveys due to invalid E-mail address of recipient

   2120558  Checkman error SP09

   2121796  This note is technically required to be implemented and avoid delta in 'Role Assignment' correction

 

GRC-SPC-SC

   2065101  Organization maintenance is not possible for the user with ability to do subprocess assignment

    2119901  Authorization check on Plan Activity field in Planner Monitor


GRC-RM              

   1657668  Checkman error in migration tool

   2109176  Authorization check for analysis create displays description instead of the name of the risk

   2118237  New IMG entry - Activate Work Inbox Task Grouping

   2120642  Popup window with error when deleting loss event

   2120510  Reporting: Multiplicated results for non-power user in LEM hierarchical reports

   2119756  Checkman

   2120121  Reporting: Authorization check improvement

   2113131  Interface Note for Enhanced Risk Graphic View

   2120552  Risk change history - underlying risks

   2120819  Risk change history - attachments and links

 

RELATED INFORMATION


    2094723 - Consolidated Note for SAP Access Control 10.0 Master Note

   2096196- Consolidated Note for SAP Access Control 10.1 Master Note

   2104086 - Consolidated Note for Process Control 10.0 Master Data

   2105791 - Consolidated Note for Process Control 10.1 Master Data

Viewing all 459 articles
Browse latest View live


<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>