on 12-25-2014 11:03 AM
Hi ,
Two users A and B have access to OB52 transaction via separate roles. These two roles are derived from same parent role.
A critical Action risk (ZFIN)has been created with OB52 transaction code. While running Critical Action report for both A and B, surprisingly report is showing only for user A with ZFIN risk and OB52 transaction code, for other user it is showing ZFIN risk and it is not showing OB52 in report.
i.e. Critical Action report generating incorrect report.
Any idea about this issue?
Thank
Mohan
Hi,
Just to add to what Coleen said, also check if the role have both been derived and generated properly from the parent role, and the profile is correctly generated, and the user buffer updated.
Also, its worth checking if GRC is using the offline risk analysis data.
Regards,
NJ
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Mohana
Did you mean the second user is not showing at all? Are you able to check the SU56 of that user to check they really do have the full authorisations that make up the risk (role is generated and assigned within validity to the user)
Also, did you exclude the users from analysis through selection criteria? Is the user mitigated already and analysis excludes this? Screen shots might help
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen,
For second user , report is showing some other transaction codes as critical action,not OB52.
I verified SU56, role is validity and role is in generated status.GRC it self showing user executed OB52 in December using transaction code usage report.
No exlusions made in Analysis report.
Thanks
Mohan
Hi Mohana
Is there a chance the user is locked or part of your exclusions for synchronisation/risk analysis. I think there are some configuration parameters for ARA that will exclude certain user criteria.
The fact that it picks up most users and not others, I would look at the parameters and running full synch jobs. After that, run the risk analysis for that single user only and see what comes up. Also, rule out that you have not mitigated the risk and excluding that from the analysis.
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.