Skip to Content

GRC AC 5.3 SP12 - risk analysis with organizational rules

Hi all,

We have a risk with 2 functions.

The first function search for VF01 and other V_VBRK_VKO with ACTVT01 enabled.

The second function search for VA01 and V_VBAK_VKO with ACTVT=01 enabled and SPART field enabled.

Then we have defined an organizational rule having SPART=BB.

It seems that the risk analysis results is wrong on function 2 (VA01).


We have a user with 2 roles assigned:

- the first role gives an authorization to V_VBAK_VKO object with ACTVT=01 and SPART=AA

- the second role gives an authorization to V_VBAK_VKO object with ACTVT=03 and SPART=BB

The risk analysis results reports that the user has a violation because he his authorized to function 2.

This is wrong because the user has only a display authorization on SPART=BB.

Any suggestion?

Thanks.

Andrea

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • Best Answer
    May 08, 2014 at 12:45 PM

    Hi Andrea,

    just a basic question: did you generate the SOD Rules after adding the organizational rule? It's required to regenerate the rules after org rule has been defined.

    Regards,

    Alessandro

    Add comment
    10|10000 characters needed characters exceeded