cancel
Showing results for 
Search instead for 
Did you mean: 

Critical Action reports shows incorrect data

Former Member
0 Kudos

Hi ,

Two users A and B have access to OB52 transaction via separate roles. These two roles are derived from same parent role.

A critical Action risk (ZFIN)has been created with OB52 transaction code. While running Critical Action report for both A and B, surprisingly report is showing only for user A with ZFIN risk and OB52 transaction code, for other user it is showing ZFIN risk and it is not showing OB52 in report.

i.e. Critical Action report generating incorrect report.

Any idea about this issue?

Thank

Mohan

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi,

Just to add to what Coleen said, also check if the role have both been derived and generated properly from the parent role, and the profile is correctly generated, and the user buffer updated.

Also, its worth checking if GRC is using the offline risk analysis data.

Regards,

NJ

Colleen
Advisor
Advisor
0 Kudos

Hi Mohana

Did you mean the second user is not showing at all? Are you able to check the SU56 of that user to check they really do have the full authorisations that make up the risk (role is generated and assigned within validity to the user)

Also, did you exclude the users from analysis through selection criteria? Is the user mitigated already and analysis excludes this? Screen shots might help

Regards

Colleen

Former Member
0 Kudos

Hi Colleen,

For second user , report is showing some other transaction codes as critical action,not OB52.

I verified SU56, role is validity and role is in generated status.GRC it self showing user executed OB52 in December using transaction code usage report.

No exlusions made in Analysis report.

Thanks

Mohan

Colleen
Advisor
Advisor
0 Kudos

Is there more than 1 page to the report for the second user and Ob52 is not showing

can you try running for the specific critical action only And see if the user appears?

Former Member
0 Kudos

Hi Colleen,

no, it is only one page.

I did run for all users with Critical action risk(Which has OB52), but second user is not appearing in report as well.

Thanks

Mohan

Colleen
Advisor
Advisor
0 Kudos

Hi Mohana

Is there a chance the user is locked or part of your exclusions for synchronisation/risk analysis. I think there are some configuration parameters for ARA that will exclude certain user criteria.

The fact that it picks up most users and not others, I would look at the parameters and running full synch jobs. After that, run the risk analysis for that single user only and see what comes up. Also, rule out that you have not mitigated the risk and excluding that from the analysis.

Regards

Colleen