Skip to Content
author's profile photo
Former Member

GRC AC 10.0 Mass risk analysis vs. Role level analysis


Hello GRC experts,

I urgently need your advice on the issue with deactivated permission objects which are identified as risks in the mass role analysis.

For example, in one role we have deactivated the permission object: S_ARCHIVE, and there are No activities maintained.

But in the mass role risk analysis and in the CUP request this object S_ARCHIVE with the ACTVT 01 is displayed as risk. As you can see in the screenshot, there are no activites maintained at all. We have created the MSMP workflow where all CUP requests with risks should go the the Security Stage. Now we have the situation that even though our roles are clean, they are forwared to the Security stage. It is a huge problem, because our security stage has no even more to to, than before using GRC! Because the dectivated objects are identified as risks.

Please advise me, how to solve the problem. Did I missed some config parameters or is it a well known problem?

We are on SP14, AC 10.0.

At the single role level there are no risks displayed.

Thanks in advance,

regards

Sabrina

inactive_1.PNG (49.1 kB)
inactive_2.PNG (13.1 kB)
Add comment
10|10000 characters needed characters exceeded

  • Follow
  • Get RSS Feed

1 Answer

  • Best Answer
    Sep 17, 2014 at 04:25 PM

    Hi Sabrina,

    check note

    http://service.sap.com/sap/support/notes/2036645

    Please let me know if it works.

    Regards,

    Alessandro

    Add comment
    10|10000 characters needed characters exceeded