When we run a risk analysis of users in background job, this takes a long time and it´s canceled, we have 1950 risk and 850 users in SAP,
The latest analysis took 20 hours, and it was canceled.
It is normal for this analysis takes so long?
if this is not normal, what could be happening?
thanks for your help
There are few things you can do to improve the run time.
1. check out the note Note 1580877 - Best practices in
storage management for SoD analysis jobs
2. make sure you have exclude objects configured (profiles like SAP_ALL, SAP_NEW)
3. make sure to maintain the parellel processing configuration.
We have problems with the user batch_risk_analysis job, I attached screen shots for better understanding,
When the job finishes running after 20 hours, reviewing the job delivered the following information with errors in the package number 9
but when you open the package 9 shows that all the user were processed without errors
we cheked the SLG1 log and found the following messages
so we thought there was a problem with RFC user permissions. but ,as you can see, permission are correctly granted.
what could be the reason of this apparent status error?
Thanks very much
To rule out all authorization related problems you can assign SAP_ALL profile to the the "test" users at the beginning of the project. You can always remove/fine tune the authorizations when everything works as intended and when more critical systems are hooked up.
Also, please ensure that SAP_ALL & SAP_NEW are excluded from the scope of analysis. Otherwise these profiles will generate all tonnes violations.
are you running this risk analysis for 1 connector or multiple? you can check the SM59 connection for authorization to make sure everything is working fine.
Also, I would recommend you run the Action and permission analysis separably.. also as suggested earlier, make the below config setting:
1. SPRO -> Governance, Risk and Compliance -> Access Control -> Access Risk Analysis -> Maintain Exclude Object for Batch Risk Analysis
add the SAP_ALL, SAP_NEW here and any other user/role/profile which you want to exclude from the risk analysis run
2. SPRO -> Governance, Risk and Compliance -> Access Control -> Distribute Jobs for Parallel Processing
you can have it to 3 processes, but you should gradually increase it depend upon the runtime and the system memory.
I am experiencing the same kind of issue at a client on AC 10.1 when performing a Batch Risk Analysis on Users only. Roles and Profiles are completely successfully.
However the User analysis takes around 4 days to run, and then terminates. There are only around 600 users to analyse from ERP.
I am only selecting one connector at a time and only performing the User analysis at permission level but the job does not complete successfully.
The note that was mentioned above refers to AC 10.0 and i believe that it should be included in the AC 10.1 release. Any suggestions on how to resolve this for AC 10.1?