cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC AC ARA Role Simulation doesn't work

Go to solution
Former Member

on ‎06-27-2016 2:47 PM

0 Kudos

Hi GRC folks,

I am creating roles with separation of duties risk violations for testing. I am approaching this by first going to the Global Rule Set, selecting high risks (for example H001) and then from the functions listed (HR03 & PY04), adding T-codes from them to a role. I have tried this using Role Level Simulation within Access Maintenance to avoid having to execute a background update of the Access Control Repository. When I execute a simulation the results indicate no risks.  But when I add the risks to the role in the development system, the risks show up in the report. I came to the conclusion that only the simulation part is not working here.


I have generated the rule sets multiple times and the Access risk analysis works great. Just the simulation is the issue here. I have checked other posts and did the initial problem solving but there are no results.


Could someone help me get the simulation to start working. GRC version is 10.0. Our ECC  is the development environment and GRC is not connected to a prod environment yet.


Thanks!

Apoorva

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎06-27-2016 8:23 PM
0 Kudos

Hi Apoorva,

My initial thought is that you are simulating the addition of tcodes from the system "GRC Testing" when you should be adding tcodes for the simulation from the ECC system.  You should also remove the report criteria Type = Action Level, and only have Permission Level selected, although the Action Level should still return results (even thought they are likely false positives as they do not check for the authorization object level permissions).

Let me know if this helps, and if not I can continue to think on it.

-Ken

Show replies
Show replies
Former Member
‎06-27-2016 9:19 PM
0 Kudos

Hi Ken,

Thank you for the answer.

GRC Testing is the name of the ECC system connected to GRC (below). I tried selecting only permission level, but still says no violations.

Could this be a configuration issue. The Access Risk Analysis works great but simulation doesn't.

Thanks,

Apoorva

Former Member
‎06-27-2016 9:30 PM
0 Kudos

Try removing all report criteria except System, Role, and Ruleset.  Try Business View instead of Technical View.  Check your Risk Analysis Parameter Group in "Maintain Configuration Settings" of SPRO, there may be restrictions on risk analysis.  Try searching for the actions and selecting them instead of typing in manually or copy/paste.

Try simulating the addition of SAP_ALL profile instead of actions.  If it is broken, you will still get no results.  SAP_ALL should cause ALL risks if added.

Former Member
‎06-27-2016 10:15 PM
0 Kudos

Hi Ken,

Yes, it doesn't show anything for the SAP_ALL role as well. It says no violations. I checked the parameters, nothing indicates any restrictions for simulation.  Tried all the combinations for the filters and criteria.

Do you have any ideas on parameters

Regards,

Apoorva

Answers (3)

Answers (3)

former_member185447
Active Contributor
‎06-29-2016 2:57 AM
0 Kudos

Hello Apoorva,


Treating that you have activated BC sets and also regenerated all the rules, please verify the following.

  • Are you selecting the correct system?


  • Did you run the synch. jobs properly? are they running successfully or not?


  • It seems you have typed the actions. Rather go to selection and from there select the actions like this. It should solve the issue for you. If Not, atleast type the actions in CAPS.



Let me know if you need further details.



Regards,

Rakesh Ram

Show replies
Show replies
Former Member
‎06-28-2016 1:25 PM
0 Kudos

Hi Approva,

Please generate the ruleset before you run the simulation. Then you can get the violations if any.

Show replies
Show replies
former_member226273
Active Participant
‎06-28-2016 8:11 AM
0 Kudos

Hello Apoorva,

Can you please try executing it with SAP_ALL and with "Risks from Simulation only" ?

And, please check if the simulation working for user level?

I believe the ad-hoc risk analysis is working fine for the same connector, correct?

Kind regards,

Yashasvi

Show replies
Show replies
Former Member
‎06-28-2016 3:37 PM
0 Kudos

Hi Yashasvi,

Yes, the risk analysis is working as expected both for ad-hoc and global. When we ran SAP_ALL with only risks from simulation only, we get 'No Violations'.

And we checked the user level simulation and that doesn't work as well.  It simply says n'No Violations' for everything.

Thanks,

Apoorva

Former Member
‎06-28-2016 3:44 PM
0 Kudos

Are you trying to add SAP_ALL as "Role", because this should be added as a "Profile" in the simulation.

When you uploaded or generated the ruleset, are you leveraging Logical Groups?  What is your Logical Group configuration in SPRO?  Is your system included in the logical groups?

Check table GRACACTRULE in SE16 of GRC and check which connector the rules have been generated for.  For example, I have my rules uploaded and generated for Logical Groups SAP_BAS_LG (containing the IT/Basis rules), and for SAP_NHR_LG (containing my ECC rules).  Then, in my connector configuration I have my ECC system mapped to both of these logical groups.

Ask a Question