Tuesday, 24 July 2012

GRC 5.3 - Valid to date is always the current date during submission of a new request







  1. GRC 5.3 provision user with validity period the same day user was created. SU01 screen as below:
  2. In GRC you can see the following when request for a new account:
  3. This was cause by following settings in GRC 5.3 in Configuration > Field Mapping > LDAP Mapping > Additional Fields > validToDate
  4. Remove this entries and try again.

GRC 5.3 SNC - Provision with upper case userid which cause SNC to fail


  1. GRC 5.3 is able to provision SNC settings to SU01 but USERID appears in upper case format as below:


  2. SNC is case sensitive, thus it will failed when user tried to login.
  3. Because GRC 5.3 convert user id to UPPERCASE as below:


  4. This can be resolved in two step.
  5. Step 1: Configuration > Request Form Customization > SNC Name >
    Default value > p:#!#userId#!#@DOMAIN.COM


  6. Step 2: Configuration > Field Mapping > LDAP Mapping > Additional Fields > Add SAP_User_ID and then map it to the correct LDAP fields. In our case, its "mailNickname" because it is in lowercase.

  7. GRC will then replace userId with the LDAP field "mainNickname" which is in lowercase


  8. Once provision, SNC field in SU01 will be in this format p:zmolan@DOMAIN.COM

Sunday, 22 July 2012

SOD Scan using /n/virsa/zvrat







  1. Tcode /n/virsa/zvrat
  2. Ok


  3. Enter userid
  4. Choose the system where user id was created


  5. Then execute
  6. If the system id was not found, you may add the system using those entries in SM59.
  7. To add, execute /n/virsa/zvrat_s16
  8. Select Comp Calibrator Configuration


  9. Under Parameter 19, add in a new system


  10. Save and try scan again

Monday, 16 July 2012

VIRSA - HOW TO export mitigation control

  1. SA38 or SE38 and execute  /VIRSA/ZVRAT_L03
  2. Enter the following details:




3. Exported file looks like: