cancel
Showing results for 
Search instead for 
Did you mean: 

GRC AC 10.0 User risk analysis

Former Member
0 Kudos

Dear friends

When we run a risk analysis of users in background job, this takes a long time and it´s canceled, we have 1950 risk and 850 users in SAP,

The latest analysis took 20 hours, and it was canceled.

It is normal for this analysis takes so long?

if this is not normal, what could be happening?

thanks for your help

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

There are few things you can do to improve the run time.

1. check out the note Note 1580877 - Best practices in
storage management for SoD analysis jobs

2. make sure you have exclude objects configured (profiles like SAP_ALL, SAP_NEW)

3. make sure to maintain the parellel processing configuration.

Former Member
0 Kudos

Dear Madhusudan:

We have problems with the user  batch_risk_analysis job, I attached screen shots for better understanding,

When the job finishes running after 20 hours, reviewing the job delivered the following information with errors in the package number 9

but when you open the package 9 shows that all the user were processed without errors

we cheked the SLG1 log and found the following messages

so we thought there was a problem with RFC user permissions. but ,as you can see, permission are correctly granted.

what could be the reason of this apparent status error?

Thanks very much

former_member541582
Participant
0 Kudos

Hi Luis,

To rule out all authorization related problems you can assign SAP_ALL profile to the the "test" users at the beginning of the project. You can always remove/fine tune the authorizations when everything works as intended and when more critical systems are hooked up.

Also, please ensure that SAP_ALL & SAP_NEW are excluded from the scope of analysis. Otherwise these profiles will generate all tonnes violations.

Cheers,

Vit

Former Member
0 Kudos

Luis,

are you running this risk analysis for 1 connector or multiple? you can check the SM59 connection for authorization to make sure everything is working fine.

Also, I would recommend you run the Action and permission analysis separably.. also as suggested earlier, make the below config setting:

1.     SPRO -> Governance, Risk and Compliance -> Access Control -> Access Risk Analysis -> Maintain Exclude Object for Batch Risk Analysis

add the SAP_ALL, SAP_NEW here and any other user/role/profile which you want to exclude from the risk analysis run

2.     SPRO -> Governance, Risk and Compliance -> Access Control -> Distribute Jobs for Parallel Processing

you can have it  to 3 processes, but you should gradually increase it depend upon the runtime and the system memory.

Former Member
0 Kudos

Madhusudan:

we will run Action and permission analysis separably tonight,and the config settings are the same in point 1 and 2.

I hope good news tomorrow.

Thanks very much in advance

Former Member
0 Kudos

Dear Madhusudan:

I schedule the job, and it took more than 56 hours, but all did not end well, there were some with errors, but it is not normal for these jobs ejecucción delayed so long.


Best regards

Former Member
0 Kudos

Hi Luis

I am experiencing the same kind of issue at a client on AC 10.1 when performing a Batch Risk Analysis on Users only. Roles and Profiles are completely successfully.

However the User analysis takes around 4 days to run, and then terminates. There are only around 600 users to analyse from ERP.

I am only selecting one connector at a time and only performing the User analysis at permission level but the job does not complete successfully.

The note that was mentioned above refers to AC 10.0 and i believe that it should be included in the AC 10.1 release. Any suggestions on how to resolve this for AC 10.1?

Kind regards,

Neresha

Answers (0)