SAP GRC Access Control: Background jobs for risk analysis and remediation (formerly Virsa Compliance Calibrator)



Similar documents
Configuring Distribution List in Compliant User Provisioning

Download and Install Crystal Reports for Eclipse via the Eclipse Software Update Manager

How to Set Up an Authorization for a Business Partner in Customer Relationship Management (CRM) Internet Sales: Sample Case

How To Configure MDM to Work with Oracle ASM-Based Products

Analyzing Sales Data for Choosing Forecast Strategies

Posting Messages into XI

Developing Applications for Integration between PI and SAP ERP in Different Network Domains or Landscapes

Methodology to Implement SAP Process Integration

Backup & Restore with SAP BPC (MS SQL 2005)

Roster Configuration (Payroll) in SAP ECC 6.0 Tips & Tricks

3 rd party Service Desk interface

Utilities for downloading and uploading OO ABAP classes in XML format

Implementing Outlook Integration for SAP Business One

How to configure BusinessObjects Enterprise with Citrix Presentation Server 4.0

prioritize XI messages on integration server

Ronald Bueck SBO Product Definition

How to Configure and Trouble Shoot Notification for Process Control 2.5

Performance Best Practices Guide for SAP NetWeaver Portal 7.3

CREATING A PURCHASE ORDER STORE RECORD WEB SERVICE

Budget Control by Cost Center

Extract Archived Data from SAP ERP

E-Recruiting Job Board Integration using XI

Table of Contents. How to Find Database Index usage per ABAP Report and Creating an Index

How To Balance In Sap Bw

SAP Master Data Governance- Hiding fields in the change request User Interface

Maintaining Different Addresses and Ids for a Business Partner via CRM Web UI

Business One in Action - How can we post bank fees and charges while posting Incoming or Outgoing Payment transactions?

Process Archiving using NetWeaver Business Process Management

Integrate Third Party Collaboration Tools in the SAP NetWeaver Portal. SAP NetWeaver Product Management

Enterprise Software - Applications, Technologies and Programming

User Experience in Custom Apps

R/3 and J2EE Setup for Digital Signature on Form 16 in HR Systems

USDL XG WP3 SAP use case. Kay Kadner

Understanding HR Schema and PCR with an Example

Data Archiving in CRM: a Brief Overview

Sales Rush Sales Order Processing S01- Lean Baseline Package. SAP Lean Baseline Package Version: V1.500 Country: UK Language: EN Date: February 2006

Alert Notification in SAP Supply Network Collaboration. SNC Extension Guide

Integrating Easy Document Management System in SAP DMS

SAPFIN. Overview of SAP ERP Financials COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

HR400 SAP ERP HCM Payroll Configuration

Third Party Digital Asset Management Integration

SAP NetWeaver MDM 5.5 SP3 SAP Portal iviews Installation & Configuration. Ron Hendrickx SAP NetWeaver RIG Americas Foundation Team

Debugging Portal Applications

Problems with your Data Model in SAP NetWeaver MDM Do s and Don ts

NetWeaver Business Client (NWBC) for Incentives and Commissions Management (ICM)

How to Create a Support Message in SAP Service Marketplace

Enabling Full-Text Search for Business Objects in mysap ERP

TM111. ERP Integration for Order Management (Shipper Specific) COURSE OUTLINE. Course Version: 15 Course Duration: 2 Day(s)

Siteco Relies on SDN for its SAP CRM 5.0 Upgrade

How To... Call BEx Web Applications from SAP BusinessObjects Dashboards (Xcelsius) and vice versa

UI Framework Task Based User Interface. SAP Enhancement Package 1 for SAP CRM 7.0

Accounts Receivable. SAP Best Practices

How to Configure Access Control for Exchange using PowerShell Cmdlets A Step-by-Step guide

UI Framework Simple Search in CRM WebClient based on NetWeaver Enterprise Search (ABAP) SAP Enhancement Package 1 for SAP CRM 7.0

Compliant, Business-Driven Identity Management using. SAP NetWeaver Identity Management and SBOP Access Control. February 2010

SAP Business ByDesign Reference Systems. Scenario Outline. SAP ERP Integration Scenarios

Intelligent Business Operations Chapter 1: Overview & Strategy

Integration of SAP Netweaver User Management with LDAP

Data Source Enhancement Using User Exit

DBA Cockpit for Oracle

AC200. Basics of Customizing for Financial Accounting: General Ledger, Accounts Receivable, Accounts Payable COURSE OUTLINE

Portfolio and Project Management 5.0: Excel Integration for Financial and Capacity Planning

OData in a Nutshell. August 2011 INTERNAL

How To... Integrate Custom Formulas into the Formula Builder

How to Create Web Dynpro-Based iviews. Based on SAP NetWeaver 04 Stack 09. Jochen Guertler

ARCHIVING OF IDOCS IN SAP

Business Requirements... 3 Analytics... 3 Typical Use Cases... 8 Related Content... 9 Copyright... 10

SAP Sales and Operations Planning Software Product (xsop)

SAP Service Tools for Performance Analysis

How to Schedule Report Execution and Mailing

Global Transport Label - General Motors -

How To Use the BPC Mass User Management Tool in BPC 10.0 NW

SOP through Long Term Planning Transfer to LIS/PIS/Capacity. SAP Best Practices

UI Framework Logo exchange without skin copy. SAP Enhancement Package 1 for SAP CRM 7.0

SAP Central Process Scheduling (CPS) 8.0 by Redwood

How to Add an Attribute to a Case, Record and a Document in NW Folder Management (ex-records Management)

Log Analysis Tool for SAP NetWeaver AS Java

Integration of SAP central user administration with Microsoft Active Directory

BW Workspaces Use Cases

Using SAP Logon Tickets for Single Sign on to Microsoft based web applications

Integration of Universal Worklist into Microsoft Office SharePoint

K in Identify the differences between the universe design tool and the information design tool

RUN BETTER Become a Best-Run Business with Remote Support Platform for SAP Business One

Sending Additional Files from SAP Netweaver PI to third Party System

SAP NetWeaver BRM 7.3

SAP CCMS Monitors Microsoft Windows Eventlog

Monitoring and Management of Landscapes with SAP NetWeaver Administrator. Dieter Krieger, SAP AG

SAP Portfolio and Project Management

SAP Sustainability Solutions: Achieving Customer Strategies

Secure MobiLink Synchronization using Microsoft IIS and the MobiLink Redirector

mysap ERP Talent Management Dr. Christian Acosta-Flamma

Variable Exit in Sap BI How to Start

Collaboration Technology Support Center - Microsoft - Collaboration Brief

How To Use the ESR Eclipse Tool with the Enterprise Service Repository

Installation Guide Customized Installation of SQL Server 2008 for an SAP System with SQL4SAP.VBS

ERP Quotation and Sales Order in CRM WebClient UI Detailed View. SAP Enhancement Package 1 for SAP CRM 7.0 CRM Sales - SFA

Single Sign-On between SAP Portal and SuccessFactors

Next Generation Digital Banking with SAP

AC 10.0 Centralized Emergency Access

Ariba Network Integration to SAP ECC

Transcription:

SAP GRC Access Control: Background jobs for risk analysis and remediation (formerly Virsa Compliance Calibrator) Applies to: SAP GRC Access Control, version 5.2 Summary This document discusses the background jobs available in the context of using risk analysis and remediation in SAP GRC Access Control. Best practices on executing these jobs are given, e.g. the order in which background jobs should be executed, the difference between full synch mode and incremental mode. Authors: Subrat Singh, Sirish Gullapali Company: SAP Created on: 13 July 2007 Author Bio Subrat Singh is a Principal Consultant at Regional Implementation Group (RIG) SAP GRC. He is an expert in GRC Access Controls and was instrumental in many successful Access Control Ramp-up implementations. Prior to joining RIG he was part of the Access Control development team. Sirish Gullapali is a Senior Consultant at RIG SAP GRC. He has gained extensive experience supporting SAP's customers in the implementation of SAP GRC Access Control. 2006 SAP AG 1

Table of Contents Applies to:... 1 Summary... 1 Author Bio... 1 SAP GRC Access Control Background Jobs in risk analysis and remediation (formerly Virsa Compliance Calibrator)... 3 Types of background jobs... 4 User/Role/Profile Synchronization... 4 Batch Risk Analysis... 4 Management Report... 4 Modes of background jobs... 4 Incremental... 4 Full Sync... 4 Order of executing background jobs... 4 Monitoring background jobs... 6 Ad hoc background jobs... 7 Related Content... 7 Copyright... 8 2006 SAP AG 2

SAP GRC Access Control Background Jobs in risk analysis and remediation (formerly Virsa Compliance Calibrator) One of the main tasks performed in risk analysis and remediation is running an organization-wide SOD risk analysis in regular intervals thus updating management reports to present the analysis results in a graphical and easy to read format. The system provides the facility to schedule background jobs for these activities. To navigate to the background job scheduler page, follow the path Configuration -> Background job -> Schedule Analysis. This document looks at the capabilities of background jobs and outlines best practices around scheduling and running these background jobs. Following are the main topics discussed: Types of background jobs Modes of background jobs Order of executing background jobs Monitoring background jobs Ad hoc background jobs 2006 SAP AG 3

Types of background jobs Three different types of background jobs can be scheduled from the background job scheduler page. User/Role/Profile Synchronization Batch Risk Analysis Management Report User/Role/Profile Synchronization background job pulls the users data (user ids and user names only), role and profile data (technical role/profile names only) from the selected backend systems and stores them. This is the first section in the background job scheduler page. Batch Risk Analysis job performs SOD risk analysis on the users/roles/profiles stored with the system. During the execution of batch risk analysis for users, the application selects one user from the database, fetches the actions/authorizations of the user from the backend system and performs risk analysis using the rules stored in Access Control. The resulting SOD violations are stored. Access Control then selects the next user and performs the steps above for the new user. The batch risk analysis job for roles and profiles also follow similar steps. Management Report job uses the results of batch risk analysis job to abstract the high level data to be presented in graphical formats in the informer tab. From the analysis results, the total no of violations, the distribution of violations with respect to business process and with respect to High, Medium and Low types of risks are calculated and stored during the execution of the management report job. One set of management report data is maintained in the application for each month. Every time a management report is run, the management report data is overwritten for the current month. Modes of background jobs Background jobs can be run in following two different modes. Incremental Full Synch Incremental When background job is run in Incremental mode, the application takes into account only those users/roles/profiles which are modified since the last background job run. For example; when a user synch job is run in the incremental mode, only the users added or modified in the selected backend ABAP system are pulled. Similarly when batch risk analysis job is run in incremental mode, SOD risk analysis job is performed for only those users who have been added or modified since last user analysis job was run. Full Sync When background job is run in a Full Sync mode, it takes into account all the users present in the system. For example, when the user synchronization job is run in Full Synch mode, data for all the users in the selected backend system is pulled into Access Control. Similarly when a batch risk analysis job is run in the full synch mode, SOD risk analysis is done for all the users present in Access Control regardless of whether any changes have happened to a user since the last run. One important point to note about the Full synch mode is that when the background jobs are scheduled for the very first time, they need to be run in the full synch mode. Once the background jobs in full synch mode completes, incremental jobs can be scheduled to run in an ongoing basis to synchronize the Access Control database with changes made to Users/ Roles/Profiles in the backend and update risks incurred by the changes. Order of executing background jobs As discussed earlier there are three different types of background jobs namely: User/Role/Profile synch, Batch risk analysis and Management reports. For each of these job types, independent jobs can be scheduled from the background job scheduler page for users or roles or profiles. All these separate jobs 2006 SAP AG 4

can also be scheduled to run together as one job. In this section it is described when to schedule individual jobs separately and when to schedule them together as one single job. As one can imagine, there is a sequence in which the background jobs should be run for correct result. The following should be the order of execution: First: user/role/profile synchronization Second: Batch Risk Analysis Third: Management report The user/role/profile synch job should be completed first before the batch risk analysis job can be started so that the risk analysis would occur on the most current data for users or roles or profiles. Management report should be run only after batch risk analysis job is completed successfully so that management report is based on the most current risk analysis result. To ensure background jobs run in this sequence, all the jobs should be scheduled in one single job as depicted in the figure below. Access Control will start executing the individual tasks in the appropriate order. However it is recommended to schedule only the incremental jobs in this manner. The full synch analysis jobs are not advisable to run in this fashion. This is because full synch jobs can be very heavy and time consuming jobs which might require manual monitoring to make sure that background jobs are progressing properly. The Full synch jobs can take hours to days to run depending upon the no of users/roles/profiles, the average no of authorizations and the no of SOD violations. Hence it is recommended that full synch jobs should be run separately in the sequence as mentioned above. The Batch Risk Analysis jobs are the most time consuming ones and it is better to monitor these jobs 2006 SAP AG 5

during its execution. The following section describes how to monitor Access Control background jobs for risk analysis and remediation (formerly Virsa Compliance Calibrator). Monitoring background jobs It is recommended to monitor Background Jobs that are taking long time or jobs that are scheduled during initial data load to make sure the data is loaded properly and completely. To monitor scheduled jobs, go to Configuration tab, click on Background Job and do search for the Background job. The resulting page displays the list of searched jobs as shown below. The state of the job provides an initial status about the job. Following are the possible states of a background job. Ready: The job is scheduled and in the queue ready to be picked up by the scheduler. Running: The job is currently being executed. Complete: The job is completed successfully. Error: There was an error while executing the job. Aborted: An unexpected error happened and the job was aborted. For those jobs which run for hours, you might want to get more insight into the progress of the job. Click on View Log button in the search result screen. The view log screen appears and the log details are displayed in a text area. Click inside the text area and search for the job id. The percentage complete; total no. of objects to be analyzed; no. of objects already analyzed; name of the object currently being analyzed etc. can be viewed in the log file. In the figure below, it shows - for the job id: 7, 81% analysis is complete. 65 out of 80 objects have been analyzed. The current user being analyzed is SSMITH. Since the latest status is at the bottom of the file, to get the latest status always scroll to the bottom and search for the job id in the upward direction. 2006 SAP AG 6

Ad hoc background jobs Ad hoc background jobs are risk analysis jobs scheduled from the Informer tab. The results of analysis are not stored in the Access Control database. The results are stored in flat files on the server. The results of these analyses do not contribute towards updating the management reports. Related Content Quick reference guide on post-installation tasks SAP GRC Access Control pre-implementation guide Quick reference guide on periodic job processing 2006 SAP AG 7

Copyright Copyright 2007 SAP AG. All rights reserved. No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. Microsoft, Windows, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. IBM, DB2, DB2 Universal Database, OS/2, Parallel Sysplex, MVS/ESA, AIX, S/390, AS/400, OS/390, OS/400, iseries, pseries, xseries, zseries, z/os, AFP, Intelligent Miner, WebSphere, Netfinity, Tivoli, Informix, i5/os, POWER, POWER5, OpenPower and PowerPC are trademarks or registered trademarks of IBM Corporation. Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. Oracle is a registered trademark of Oracle Corporation. UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C, World Wide Web Consortium, Massachusetts Institute of Technology. Java is a registered trademark of Sun Microsystems, Inc. JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. MaxDB is a trademark of MySQL AB, Sweden. SAP, R/3, mysap, mysap.com, xapps, xapp, SAP NetWeaver, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and in several other countries all over the world. All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies ("SAP Group") for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warranty. These materials are provided as is without a warranty of any kind, either express or implied, including but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement. SAP shall not be liable for damages of any kind including without limitation direct, special, indirect, or consequential damages that may result from the use of these materials. SAP does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. SAP has no control over the information that you may access through the use of hot links contained in these materials and does not endorse your use of third party web pages nor provide any warranty whatsoever relating to third party web pages. Any software coding and/or code lines/strings ( Code ) included in this documentation are only examples and are not intended to be used in a productive system environment. The Code is only intended better explain and visualize the syntax and phrasing rules of certain coding. SAP does not warrant the correctness and completeness of the Code given herein, and SAP shall not be liable for errors or damages caused by the usage of the Code, except if such damages were caused by SAP intentionally or grossly negligent. 2006 SAP AG 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information