on 12-30-2014 2:16 AM
Hi Friends,
I am attaching a snapshot here. Please look into it before your comments. Here is customised role “Z40R-ALL-PTP-PR_APR_TIER_1” with Auth_Object “M_EINK_FRG” and value “R1”.
N.B: Only ARA and EAM is configured in system (no BRM etc).
I want to check in system, if someone having value R1 in field FRGCO.
Please help me how to done it.
Regards,
Nasir
You could build a critical action comprising of a permission only function in ARA. Then you could run risk analysis. You would add object m_eink_frg but only maintain the field frgco and leave other field inactive.
the name of the role is irrelevan. If role name was important then you would flag it as a critical role as part of ARA (not in sod definition though)
if not, suim report in sap for users by complex criteria would also do the trick
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen,
First of all thanks.
I am trying to do as you guided but there is an error when creating function, its asking for permission group. What permission group, I put there? Normally its tcode but we are not using tcode in this case. A snapshot is attached here.
I have an other question after this for you after this
Regards,
Nasir
Hi Nasir
there should be a KB article in marketplace or if you search for permission group in GRC space you will find your answer. I think you define as ^! Followed by a name (e.g. ^!relcode) or similar. Search and you will confirm way to maintain. You do this on the action tab and then add the authorisation on permission tab.
the permission group is something you define so you can group the permissions together in lieu of a transaction.
Hi Colleen,
I am sorry for confusion. I am asking as general rule in relation to SoD function.
Suppose we have risk called “Zrisk01” and it have two functions “Zfunction01” and “Zfunction02”.
I want to check function “Zfunction01” and “Zfunction01” individually before putting them together in ‘Zrisk01’.
Sorry if it’s a silly question and not making any sense. But I am thinking to test my work like this way. If I am wrong please tell me the right way to test and authenticate my build. I am much thankful to you for this help.
Regards,
Nasir
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.