Skip to Content
Author's profile photo Alessandro Banzer

SAP Access Control 10.0 Alerting

SAP GRC Access Control supports real-time compliance around the clock and prevents security and control violations before they occur. After implementation and deployment of the risk analysis and remediation software, businesses can analyze real-time data, find hidden issues and help ensure the effectiveness of access and authorization controls across the enterprise.

 

Some considerations regarding alert functionality:

 

Alerts could be used as soon as a user executes a specific conflict within the system:

  • to check if a user executes an SoD conflict or a critical transaction
  • to check if the reports defined in the mitigating controls were executed on time

 

Points to consider when using alerts:

  • no detailed authority check, only on transaction level
  • no time-dependend aspects considered (e.g. order goods on day 1 and create goods received on day 2 for a separate order will create an alert as well)

 

My suggestion is to use the alert functionality wisely.

 

 

How to use Alerting within SAP GRC?

 

Run the program GRAC_ALERT_GENERATION to create alerts. Make sure that the action usage sync job run before (GRAC_ACT_USAGE_SYNC) so that all executed actions are captured from the backend system.

Alerting_Program.png

There is the possibility to send email notifications to risk owner to be informed when a SOD violation occurs.

 

NWBC Report

Alert reports can be displayed or cleared in the frontend. Go to NBCW workcenter “Access Management” and open “Conflicting and Critial Access Alerts” in section “Alerts”.

 

You have the possibility to clear an alert or delete an action.

  • Clear Alert – removes all parts of an alert. User has to execute all sides for the alert to reappear. This tasks requires a comment to be entered.
  • Delete Action – removes 1 action of an alert. User has to execute the deleted action for the alert to reappear.

 

If you need more information about the possibilities of alerting with SAP GRC do not hesitate to contact me directly by leaving a comment or sending an email.

Assigned tags

      19 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Former Member
      Former Member

      Hi, in the alert report found action usage for call transaction into program

      This is incorrect because the action monitorin not are in risk analysis user

      Example Trsnacction ML84 Report use ML81N for viiew data

      How configure exception ?

      Author's profile photo Alessandro Banzer
      Alessandro Banzer
      Blog Post Author

      Dear Jaime,

      as mentioned in my post

      • no detailed authority check, only on transaction level

      this has to be considered. Alerting is based on action usage and only on transaction level. If you have further transactions which are called by another you have to consider them as risk as well.

      Does this answer your question?

      Regards

      Alessandro

      Author's profile photo Rahul Urs
      Rahul Urs

      Hi Alessandro,

        I followed the below steps and still no luck. am I missing something ?

      1. create a critical action risk and assign a risk owner.

      2. run GRAC_ACT_USAGE_SYNC

      3. run  GRAC_ALERT_GENERATION

      4. execute the critical tcode

      5. execute the report under -  NBCW workcenter "Access Management" and open "Conflicting and Critial Access Alerts" in section "Alerts". check for the alert ? - didnt see anything

      6. check for work inbox message ?

      - didnt see anything

      Author's profile photo Alessandro Banzer
      Alessandro Banzer
      Blog Post Author

      Dear Urs,

      I am really sorry for my late replay but didn't see your message.

      To get alerts generated it is also necessary that all rules are generated. Alerts are populated based on the risk analysis performed on those rules.

      As I am not sure what's your SP level you have to check the sap notes as well. There are a few considering that issue.

      Let me know if the issue still exists and the SP level of your system.

      Regards,

      Alessandro

      Author's profile photo Former Member
      Former Member

      Hi Alessandro,

      Do you know if there is a way to massively clear or delete generated alerts?

      Regards,

      Franklyn

      Author's profile photo Alessandro Banzer
      Alessandro Banzer
      Blog Post Author

      Dear Franklyn,

      did you try to Select All and click "Clear Alerts"?

      Regards,

      Alessandro

      Author's profile photo Former Member
      Former Member

      Hi Alessandro,

      Yes I tried it but unfortunately it won't let met select all alerts, I can only select one by one.

      Franklyn

      Author's profile photo Former Member
      Former Member

      Hi,

      You mentioned that the check is only at transaction level.

      Can you clairfy how this works? To me it appears that the BRA data is used to map the execution count to a risk that is stored in the BRA tables. As such that would tell me the result is taking inot account the auth checks, otherwise user would not be in BRA tables.

      I guess what you don't know is whether the user actually performed an action with the transaction or just ran the transaction and exited. Could give some internal control people some headaches if this were the case.

      Thanks

      Peter

      Author's profile photo Former Member
      Former Member

      Hi Alessandro,

      Is it possible to trigger an alert to be generated in GRC for an open risk assigned to users in the system ?

      Thanks

      Maz

      Author's profile photo Ken Golden
      Ken Golden

      Hi Alessandro,

      I have configured a critical access alert, and it is showing in my NWBC report.  However, a notification is not being sent to the risk owner.  I see not outbound messages in SOST for this alert.  Do you have a solution?

      Thanks,

      Ken

      Author's profile photo Former Member
      Former Member

      Hi Alessandro,

      We want to setup alerts whenever users get provisioned roles that will potentially trigger Critical risks.

      Please can you guide me on how to go about setting it up? I created a test risk, assigned risk owner, generated the risk id, scheduled background job for GRAC_ACT_USAGE_SYNC for that system, ran GRAC_ALERT_GENERATION for that risk id.

      But dont see anything yet. Now is the alert supposed to go to the risk owner as an email as soon as the role is assigned ? Not sure how this works.Or is it triggered when the background job is triggered for the ACT_USAGE job?

      Please advise

      Thank you.

      Regards,

      Kiran

      Author's profile photo Former Member
      Former Member

      Hi Alessandro,


      I was able to see the alert in the alerts tab but I think I am trying to figure out how to send email to the risk owner.


      Please advise.


      Kiran

      Author's profile photo Former Member
      Former Member

      Hello Alessandro,

      I'm setting an alert issued by email when a user runs the OB52 transaction, this transaction associate it with a critical risk. The jjb I have scheduled to run every 5 minutes, but this is not causing me alert. Please your help orienting. Thank you.

      Regards. Freddy

      Author's profile photo Former Member
      Former Member

      Hello Alessandro...

      We are not using MSMP For mitigation assignment..

      Can you please tell me from where we can modify the email going to owners..is it ABAP coding..or some notification in Se61 tcode

      Regards

      Praveen

      Author's profile photo Andreas Schetle
      Andreas Schetle

      Hello Alessandro,

      Thanks for the excellent quick review of the functionality.

      I think that the transaction code is not GRAC_ALERT_GENERATION but GRAC_ALERT_GENERATE though.

      Regards, Andreas

      Author's profile photo Former Member
      Former Member

      Hello Alessandro,

      I have a question on NWBC>Access Management>Access Alert>Mitigating Controls

      We have created mitigating control and assign mitigating approver and mitigation monitor and in the report tab we have given SE16 /System:ECC/ Monitor:XYZ, and in Frequency we put 1 day. And we mitigated Users with this control.And GRAC_ACT_USAGE_SYNC and GRAC_ALERT_GENERATE job schedule on daily basis. Everything is working as expected like whenever any user execute the risk from this control our mitigation approver receive an email Mitigation Control Alert Notification saying
      System :ECC
      User ID : XXX (Monitor)
      Control ID : (MTL_XXX)

      Transaction :SE16

      Our Mitigation Approver receive this email because of Monitor of the control did not execute his report i.e SE16 in given days frequency 1 day.

      Next day Mitigation monitor Executed SE16 and Clear alerts from GRC.

      but Mitigation Approver keep receiving Mitigation Control Alert Notification saying
      System :ECC
      User ID : XXX (Monitor)
      Control ID : (MTL_XXX)

      Transaction :SE16.

      one more question is In  which condition it should send the Mitigation Control Alert Notification to mitigation Approver and in which case it should not send Mitigation Control Alert Notification to Mitigation Approver

      Thanks

      Author's profile photo Former Member
      Former Member

      Hi Alessandro,

      is  there any possibility to raise an alert when Profile SAP_ALL is beeing granted to any user ?

      Regards

      Max

       

      Author's profile photo Giridhar Nagisetty
      Giridhar Nagisetty

      Hi Alessandro,

      We are trying to schedule recurring job for alert program to send out alerts. I am trying to understand  if GRAC_ALERT_GENERATION program only generate for the actions updated from last execution or does it generate alerts again; which are already in previous executions?

      FYI, we are trying to clear old alerts before running the new job. Idea is to have alert program consider data from GRACACTUSAGE from last one month only to generate alerts.

      Regards,

      Giridhar.

      Author's profile photo Olawale Ikulala
      Olawale Ikulala

      HI Alessandro

      I have a question regarding the message format error for the document GRAC_SOD_ALERT_NOTIFICATION -> SE61.

      The notification template looks good in the system but when the approver recieves the notification message the format does not look right, the content is zig zag. not in a proper format.

      What could be the issue? I'm thinking this has something to do with the code for "%VARIABLE%" which is part of the template. Each time a violation occurs I would like to narrow it down to the particular risk and the user who violated the risk. Basically, how do I change the contents of the %VARIABLE%.

      Any thoughts will be of great help.

      Thanks,