Skip to Content
avatar image
Former Member

Critical Action reports shows incorrect data

Hi ,

Two users A and B have access to OB52 transaction via separate roles. These two roles are derived from same parent role.

A critical Action risk (ZFIN)has been created with OB52 transaction code. While running Critical Action report for both A and B, surprisingly report is showing only for user A with ZFIN risk and OB52 transaction code, for other user it is showing ZFIN risk and it is not showing OB52 in report.

i.e. Critical Action report generating incorrect report.

Any idea about this issue?

Thank

Mohan

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Dec 27, 2014 at 12:24 PM

    Hi Mohana

    Did you mean the second user is not showing at all? Are you able to check the SU56 of that user to check they really do have the full authorisations that make up the risk (role is generated and assigned within validity to the user)

    Also, did you exclude the users from analysis through selection criteria? Is the user mitigated already and analysis excludes this? Screen shots might help

    Regards

    Colleen

    Add comment
    10|10000 characters needed characters exceeded

    • Hi Mohana

      Is there a chance the user is locked or part of your exclusions for synchronisation/risk analysis. I think there are some configuration parameters for ARA that will exclude certain user criteria.

      The fact that it picks up most users and not others, I would look at the parameters and running full synch jobs. After that, run the risk analysis for that single user only and see what comes up. Also, rule out that you have not mitigated the risk and excluding that from the analysis.

      Regards

      Colleen

  • avatar image
    Former Member
    Jan 06, 2015 at 08:13 AM

    Hi,

    Just to add to what Coleen said, also check if the role have both been derived and generated properly from the parent role, and the profile is correctly generated, and the user buffer updated.

    Also, its worth checking if GRC is using the offline risk analysis data.

    Regards,

    NJ

    Add comment
    10|10000 characters needed characters exceeded