I have a question regarding the SAP GRC 10 rule sets maintenance.
For rule set maintenance in GRCAC 10 (SP13) we have uploaded and downloaded the ruleset file directly in Dev QA and Production. After ruleset generation, system is giving different rule id against each risk in each environment (DEV, QA .PROD) as this is per the SAP design.
Is there any solution so that we can keep the same rule id against each risk in generated ruleset in each environment (DEV, QA and PROD)? I have referred the SAP note 1596574, however release version is different.
I am aware that ruleset can be transported in IMG -> GRC -> Access Risk Analysis -> SoD Rules -> Transport SoD. Now question is after transporting the ruleset from DEV environment, do we still need to re-generate the ruleset in QA and PROD. If Yes then what is the purpose of “Transport SOD” option in SPRO configuration.
Also, I would appreciate if you can let me know the best practice for rule set maintenance in SAP GRC AC 10. Thanks