SAP GRC Access Control supports real-time compliance around the clock and prevents security and control violations before they occur. After implementation and deployment of the risk analysis and remediation software, businesses can analyze real-time data, find hidden issues and help ensure the effectiveness of access and authorization controls across the enterprise.

 

Some considerations regarding alert functionality:

 

Alerts could be used as soon as a user executes a specific conflict within the system:

  • to check if a user executes an SoD conflict or a critical transaction
  • to check if the reports defined in the mitigating controls were executed on time

 

Points to consider when using alerts:

  • no detailed authority check, only on transaction level
  • no time-dependend aspects considered (e.g. order goods on day 1 and create goods received on day 2 for a separate order will create an alert as well)

 

My suggestion is to use the alert functionality wisely.

 

 

How to use Alerting within SAP GRC?

 

Run the program GRAC_ALERT_GENERATION to create alerts. Make sure that the action usage sync job run before (GRAC_ACT_USAGE_SYNC) so that all executed actions are captured from the backend system.

Alerting_Program.png

There is the possibility to send email notifications to risk owner to be informed when a SOD violation occurs.

 

NWBC Report

Alert reports can be displayed or cleared in the frontend. Go to NBCW workcenter “Access Management” and open “Conflicting and Critial Access Alerts” in section “Alerts”.

 

You have the possibility to clear an alert or delete an action.

  • Clear Alert – removes all parts of an alert. User has to execute all sides for the alert to reappear. This tasks requires a comment to be entered.
  • Delete Action – removes 1 action of an alert. User has to execute the deleted action for the alert to reappear.

 

If you need more information about the possibilities of alerting with SAP GRC do not hesitate to contact me directly by leaving a comment or sending an email.

To report this post you need to login first.

17 Comments

You must be Logged on to comment or reply to a post.

  1. Jaime Mena Carvajal

    Hi, in the alert report found action usage for call transaction into program

    This is incorrect because the action monitorin not are in risk analysis user

    Example Trsnacction ML84 Report use ML81N for viiew data

    How configure exception ?

    (0) 
    1. Alessandro Banzer Post author

      Dear Jaime,

      as mentioned in my post

      • no detailed authority check, only on transaction level

      this has to be considered. Alerting is based on action usage and only on transaction level. If you have further transactions which are called by another you have to consider them as risk as well.

      Does this answer your question?

      Regards

      Alessandro

      (0) 
      1. Rahul Urs

        Hi Alessandro,

          I followed the below steps and still no luck. am I missing something ?

        1. create a critical action risk and assign a risk owner.

        2. run GRAC_ACT_USAGE_SYNC

        3. run  GRAC_ALERT_GENERATION

        4. execute the critical tcode

        5. execute the report under –  NBCW workcenter “Access Management” and open “Conflicting and Critial Access Alerts” in section “Alerts”. check for the alert ? – didnt see anything

        6. check for work inbox message ?

        – didnt see anything

        (0) 
        1. Alessandro Banzer Post author

          Dear Urs,

          I am really sorry for my late replay but didn’t see your message.

          To get alerts generated it is also necessary that all rules are generated. Alerts are populated based on the risk analysis performed on those rules.

          As I am not sure what’s your SP level you have to check the sap notes as well. There are a few considering that issue.

          Let me know if the issue still exists and the SP level of your system.

          Regards,

          Alessandro

          (0) 
  2. Peter Hofer

    Hi,

    You mentioned that the check is only at transaction level.

    Can you clairfy how this works? To me it appears that the BRA data is used to map the execution count to a risk that is stored in the BRA tables. As such that would tell me the result is taking inot account the auth checks, otherwise user would not be in BRA tables.

    I guess what you don’t know is whether the user actually performed an action with the transaction or just ran the transaction and exited. Could give some internal control people some headaches if this were the case.

    Thanks

    Peter

    (0) 
  3. Ken Golden

    Hi Alessandro,

    I have configured a critical access alert, and it is showing in my NWBC report.  However, a notification is not being sent to the risk owner.  I see not outbound messages in SOST for this alert.  Do you have a solution?

    Thanks,

    Ken

    (0) 
  4. Kiran Kumar

    Hi Alessandro,

    We want to setup alerts whenever users get provisioned roles that will potentially trigger Critical risks.

    Please can you guide me on how to go about setting it up? I created a test risk, assigned risk owner, generated the risk id, scheduled background job for GRAC_ACT_USAGE_SYNC for that system, ran GRAC_ALERT_GENERATION for that risk id.

    But dont see anything yet. Now is the alert supposed to go to the risk owner as an email as soon as the role is assigned ? Not sure how this works.Or is it triggered when the background job is triggered for the ACT_USAGE job?

    Please advise

    Thank you.

    Regards,

    Kiran

    (0) 
    1. Kiran Kumar

      Hi Alessandro,


      I was able to see the alert in the alerts tab but I think I am trying to figure out how to send email to the risk owner.


      Please advise.


      Kiran

      (0) 
  5. freddy Geovanny

    Hello Alessandro,

    I’m setting an alert issued by email when a user runs the OB52 transaction, this transaction associate it with a critical risk. The jjb I have scheduled to run every 5 minutes, but this is not causing me alert. Please your help orienting. Thank you.

    Regards. Freddy

    (0) 
  6. Praveen Sharma

    Hello Alessandro…

    We are not using MSMP For mitigation assignment..

    Can you please tell me from where we can modify the email going to owners..is it ABAP coding..or some notification in Se61 tcode

    Regards

    Praveen

    (0) 
  7. Andreas Schetle

    Hello Alessandro,

    Thanks for the excellent quick review of the functionality.

    I think that the transaction code is not GRAC_ALERT_GENERATION but GRAC_ALERT_GENERATE though.

    Regards, Andreas

    (0) 
  8. Naseer Mohd

    Hello Alessandro,

    I have a question on NWBC>Access Management>Access Alert>Mitigating Controls

    We have created mitigating control and assign mitigating approver and mitigation monitor and in the report tab we have given SE16 /System:ECC/ Monitor:XYZ, and in Frequency we put 1 day. And we mitigated Users with this control.And GRAC_ACT_USAGE_SYNC and GRAC_ALERT_GENERATE job schedule on daily basis. Everything is working as expected like whenever any user execute the risk from this control our mitigation approver receive an email Mitigation Control Alert Notification saying
    System :ECC
    User ID : XXX (Monitor)
    Control ID : (MTL_XXX)

    Transaction :SE16

    Our Mitigation Approver receive this email because of Monitor of the control did not execute his report i.e SE16 in given days frequency 1 day.

    Next day Mitigation monitor Executed SE16 and Clear alerts from GRC.

    but Mitigation Approver keep receiving Mitigation Control Alert Notification saying
    System :ECC
    User ID : XXX (Monitor)
    Control ID : (MTL_XXX)

    Transaction :SE16.

    one more question is In  which condition it should send the Mitigation Control Alert Notification to mitigation Approver and in which case it should not send Mitigation Control Alert Notification to Mitigation Approver

    Thanks

    (0) 

Leave a Reply