Hot fix D41013 addresses the issue(s) in SAS Enterprise GRC 4.2 on 64-bit Enabled Solaris as documented
in the Issue(s) Addressed section of the hot fix download page:
http://ftp.sas.com/techsup/download/hotfix/HF2/D41.html#D41013
D41013 is a "container" hot fix that contains the following "member" hot fixes which will update the software components
as indicated. See the Container Hot Fixes section in the
Maintenance Install Tool (MIT) Usage Guide
for more information about container hot fixes.
D39012 for SAS Enterprise GRC Administrative Tools 4.2
D40014 for SAS Enterprise GRC Mid-Tier 4.2
E19002 for SAS Enterprise GRC Server 4.2
If the updated components of this product are installed on multiple operating systems, you must download the hot fix for the appropriate operating system(s) and follow the installation instructions provided to complete the deployment of this hot fix.
The installer downloaded is D41013s6.bin. To install the hot fix:
1. Verify that the installation binary has execute permission. If it does not, use the chmod command to make it executable.
$> chmod 755 D41013s6.bin2. Set your $DISPLAY environment variable
export DISPLAY=<your_node_name>:03. Execute D41013s6.bin
<path_to_downloaded_file>/D41013s6.binFor example:
./D41013s6.bin
See the Maintenance Install Tool (MIT) Usage Guide for more details on the installation of hot fixes.
This completes the installation of D41013. You must perform any "Post-Installation Instructions" documented below to successfully complete the deployment of this hot fix.
For each product installed, click the link to be redirected to post-installation instructions.
D39012 for SAS Enterprise GRC Administrative Tools 4.2
D40014 for SAS Enterprise GRC Mid-Tier 4.2
E19002 for SAS Enterprise GRC Server 4.2
D39012 for SAS Enterprise GRC Administrative Tools 4.2
Step 1: Restore Customizations
This hot fix installs updated versions of Assessment.xml and IncidentEvent.xml files in the following location:
!SASHOME/SASOpRiskMonitorAdministrativeTools/4.1/dbscripts/data/screenDefsThese updated versions can be used to help you apply new customizations to your current versions of these files.
Step 2: Update dbscripts picklist
Copy the following file:
<SASHOME>/SASOpRiskMonitorAdministrativeTools/4.2/dbscripts/picklistto
<SASCONFIG>/Applications/SASOpRiskMonitorAdminTools/4.2/dbscripts
D40014 for SAS Enterprise GRC Mid-Tier 4.2
Changes in this hot fix require rebuilding and redeploying of the Mid-Tier:
Step 1: Re-build Web Application
In order for this step to execute correctly, the Metadata Server must be running.
1.1 Invoke the SAS Deployment Manager 9.2
From the SASDeploymentManager directory launch config.sh.
SAS Deployment Manager is installed in the following default location:
<SASHOME>/SASDeploymentManager/9.2
1.2 Select a language in the Choose Language box
1.3 Select Rebuild Web Applications
1.4 Select Configuration Directory or Enter the Configuration Directory and Level that needs to be updated
1.5 Specify Connection Information, including the sasadm User ID and Password
1.6 Select OpRisk Monitor MidTier 4.2 as the Web Application to Rebuild
1.7 Verify the information on the Summary screen and select Start
1.8 Select Finish when the deployment is complete
This process will update the OpRisk Monitor MidTier 4.2 ear in <SASCONFIGDIR>/Web/Staging.
A backup of the original ear file will be placed in the directory below:
<SASCONFIGDIR>/Web/Staging/Backup
Step 2: Re-deploy Web Applications
2.1 Re-deploy the web applications based on the instructions for the web application server you are using.
Notes:
Notes:
- With this fix, a new functionality is provided to order assessables in QBA. As part of that, a new config option "monitor.qba.sort.customfield.name" is added to the system.The functions allow users to sort Questionnaires in Questionnaires Based Assessment by - default sort order, in which Questionnaires associated with Risks are answered first, then those associated with Controls; - Residual Risk Option, in which Questionnaires of each Controls and its associated Risks are answered first, before proceeding to the next Control; - Inherent Risk Option, in which Questionnaires of each Risk and its associated Controls are answered first, before proceeding to the next Risk; Users can control the sort order by adding an extra single value option (OPS) custom field to Assessment business object. By default the custom field is named "x_assessment_sort_order", but customers can rename the custom field of their choices, and specify the new custom field name in this config option. This custom field has to associated to a named list with 3 values: 'DEFAULT', 'CONTROLS_X_RISKS' and 'RISKS_X_CONTROLS'. For more information about how to create custom field and named list, please refer to "Configure Custom Fields and Named List" in SAS EGRC Admin Guide. Add a validation for the custom field x_assessment_sort_order to make it required in validation.xml as follows: <field property="customField(x_assessment_sort_order)" depends="required"> <msg name="required" key="errors.required.fmt.txt" /> <arg0 key="assessment.field.x_assessment_sort_order.displayName.txt" /> </field> Also please add following suggested entries in customMessages.properties. Please change the key name of the last entry appropriately if the new custom field for Assessment is not named "x_assessment_sort_order". AssessmentWizard.relatedInstances.txt=Related Items AssessmentWizard.relatedInstances.name.txt=Name AssessmentWizard.relatedInstances.type.txt=Type AssessmentWizard.relatedInstances.answered.questions.txt=Answered Questions AssessmentWizard.relatedInstances.unanswered.questions.txt=Unanswered Questions AssessmentWizard.relatedInstances.complete.txt=Complete assessment.field.x_assessment_sort_order.displayName.txt=Assessed Instance Sort Order User needs to rebuild and redeploy SAS Enterprise GRC Mid-Tier for the changes in validation.xml to take effect. If "x_assessment_sort_order" is not a custom field of Assessment, or whatever the custom field name specified by the config option does not exist, QBA will behave the same as before this defect.- New config option "monitor.incident.allowSendForValidationOnlyWithInvestigateCapability" is added to the system.When this option is set to "true", it's not allowed to send for validation when user does not have Investigate capability. By default this option is set to "false".- New config option "monitor.incident.saveApplyForNoChangeEvent.changeReason.required" is added to the system.when this config option is set to "false", there will be no change reason prompt when user clicks Save or Apply when there is no change to the Incident. By default this option is set to "true".- New config option "monitor.incident.sendForValidationForNoChangeEvent.changeReason.required" is added to the system.when this config option is set to "false", there will be no change reason prompt when user sends Incident for validation. By default this option is set to "true".- As part of the new functionality for being able to add new risk after invalidating a previously validated assessment:Update and upload the Assessment screen definition (Assessment.xml) with the following changes in two places. In the out of box Assessment.xml for the fields TEMP.prepopulatedControls and TEMP.prepopulatedRisks the readonly attribute must be changed from readonly="TEMP.planningReadOnly or TEMP.hasBeenStarted" to the following <field name="TEMP.prepopulatedRisks" type="component" component-name="PopulatedRiskTable" required="false" readonly="TEMP.planningReadOnly"> <field name="TEMP.prepopulatedControls" type="component" component-name="PopulatedControlTable" required="false" readonly="TEMP.planningReadOnly">- A new component option is added to allow removal of assessable after invalidation:There is a new component option "allowRemovaAfterValidation". User can set allowRemoveAfterValidate = true if they need to remove the assessables after invalidtaion. This option should work for the following components : PopulatedControlTable PopulatedImpactTable PopulatedRiskTable- To address the issue of loading financial impacts took a long time when pointing to the same single event:A new config option "monitor.lockIncident.financialImpactLoader" is added. This controls if user wants to enable incident locking during financial impact loading. Default value is "false" which means it won't lock the incident during loading.
Back to Post-Installation list
E19002 for SAS Enterprise GRC Server 4.2
1. Copy the following files located in <SASROOT>/ucmacros/ormonitormva:
orm_pivot_datatype.sas
orm_pivot_driver.sas
to
<CONFIGDIR>/Applications/SASOpRiskMonitorServerCfg/4.2/Source/ucmacros
2. Copy the following files located in <SASROOT>/sasstp/ormonitormva:
orm_job_user_synch_orig.sas
to
<CONFIGDIR>/Applications/SASOpRiskMonitorServerCfg/4.2/Source/sasstp2.1 Once the file has been copied, rename it to orm_job_user_synch.sas, dropping the "_orig".
2.2 Using an editor, open the file and replace the token
@ORMONITOR_SASSTP_PATH@
with
<CONFIGDIR>/Applications/SASOpRiskMonitorServerCfg/4.2/Source/sasstp
3. Copy the following files located in <SASROOT>/misc/ormonitormva/sample/config:
load_custom_field_defs.sas
to
<CONFIGDIR>/Applications/SASOpRiskMonitorServerCfg/4.2/Source/misc/sample/config
4. Copy the following files located in <SASROOT>/misc/ormonitormva/control:
parent_managed_relationships.txt
to
<CONFIGDIR>/Applications/SASOpRiskMonitorServerCfg/4.2/Source/misc/control
5. After copying the files, it is necessary to rebuild the report mart by running
<CONFIGDIR>/Applications/SASOpRiskMonitorServerCfg/4.2/Source/sasstp/orm_job_create_all_full_load.sas
Back to Post-Installation list
This completes the installation of hot fix D41013 on 64-bit Enabled Solaris.