A risk free SAP system with GRC Risk Terminator

Risk Terminator is an add-on component that gets installed automatically with the GRC AC suite. With GRC Risk Analysis and Remediation tool, the risk analysis should be carried out manually for every role/user change. But, what incase if a critical role is assigned to the user with our performing risk analysis?? or what if the critical transaction codes such as SCC4, PFCG, SPRO added to a newly created role?

I bet, nor every Security consultant is aware of analyzing risks. Don’t be panic, Risk Terminator will help you.

Risk Terminator provides the ability to keep your SAP system risk free. It runs in the background and will pop out during a role assigned in SU01, SU10, or PFCG and role modification in PFCG.

Risk Terminator actually resides on the ABAP back-end system and uses the risk analysis and remediation ruleset.

If Risk Terminator is not properly configured, I recommend to configure the same to maintain a clean SAP system. Below are some of the useful SAP notes:

SAP Note 1060673 – Configuration of SAP Adapter in Compliance Calibrator
SAP Note 1062037 – java.lang.NullPointerException error in Adapter activation

Incase of any issues after configuring Risk Terminator, refer SAP Note 1357827 – Risk Terminator is not working though configuration is set.

/N/VIRSA/ZRTCNFG transaction code is used to configure Risk Terminator in ABAP end.

Below are the few common issues in Risk Terminator:

Error“ERROR: program GRCRTTOCC5X not registered”.

To resolve the issue, the program GRCRTTOCC5X should be used both in RAR JCo connector and also the connector in Risk Analysis & Remediation.

ErrorSAP Adapter has a problem , SOD Violations will not be checked !!!! Please check with your administrator.

The Risk Terminator will be disabled while doing backups, or the system is down. To resolve this error, you should enable the SAP Adapter in Risk Analysis & Remediation from the Configuration –> Connectors option.

ErrorPFCG doesn’t allow to modify the role and says that the “Role is locked”

This issue is due to an unreleased role. The lock on the role can be removed using transaction code /N/VIRSA/ZRTDELLOCK

ErrorRisk Terminator Timed out and gives Bean VIRSA/RT_JAVA_RISK_ANALYSIS error.

This issue occurs due to configuration settings. The solution is outlined in the SAP Note 1225960 – /VIRSA/RT_JAVA_RISK_ANALYSIS Error in Risk Terminator.

Raghu Boddu

Author - Raghu Boddu


Raghu Boddu is a SAP Certified Technology Professional (Security), Comptia Security+ , ITIL V3 Foundation, and PRINCE2 Certified. He is an SAP Security/GRC solution architect with rich expertise in implementation & redesigning of Security in SAP. He is also a master in SAP Forensic Security. He is a regular blogger on topics like Security, Governance & Compliance, Application Security, Technology and other trending topics. He is well known to the community with his easy to understand articles.

VN:F [1.9.22_1171]
Rating: 9.2/10 (5 votes cast)
A risk free SAP system with GRC Risk Terminator, 9.2 out of 10 based on 5 ratings

Share This Post

Recent Articles

Leave a Reply

© 2019 SAP Security Expert. All rights reserved. · Entries RSS · Comments RSS
Managed by 7n Domains