cancel
Showing results for 
Search instead for 
Did you mean: 

Can we trap a value from a customised role as SoD

Former Member
0 Kudos

Hi Friends,

I am attaching a snapshot here. Please look into it before your comments. Here is customised role “Z40R-ALL-PTP-PR_APR_TIER_1” with Auth_Object “M_EINK_FRG” and value “R1”.

N.B: Only ARA and EAM is configured in system (no BRM etc).

I want to check in system, if someone having value R1 in field FRGCO.

Please help me how to done it.

Regards,

Nasir

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
0 Kudos

You could build a critical action comprising of a permission only function in ARA. Then you could run risk analysis. You would add object m_eink_frg but only maintain the field frgco and leave other field inactive.

the name of the role is irrelevan. If role name was important then you would flag it as a critical role as part of ARA (not in sod definition though)

if not, suim report in sap for users by complex criteria would also do the trick

sandeep_devaki
Explorer
0 Kudos

Agree With Colleen . But i think it should be Critical Permission instead of Critical Action that should be created .

Colleen, Please correct me if i am wrong .

Regards

Sandeep Devaki

Colleen
Advisor
Advisor
0 Kudos

thanks for calling out the mistake...oops

yes it's critical permission as it has no transaction code

Former Member
0 Kudos

Hi Colleen,

First of all thanks.

I am trying to do as you guided but there is an error when creating function, its asking for permission group. What permission group, I put there? Normally its tcode but we are not using tcode in this case. A snapshot is attached here.

I have an other question after this for you after this

Regards,

Nasir

Former Member
0 Kudos

Hi Sandeep,

Thanks for your input. I have question for you although it’s out of this discussion. Is there any way to test function separately/individually before making it part of SoD risk?

Regards,

Nasir

Colleen
Advisor
Advisor
0 Kudos

Hi Nasir

there should be a KB article in marketplace or if you search for permission group in GRC space you will find your answer. I think you define as ^! Followed by a name (e.g. ^!relcode) or similar. Search and you will confirm way to maintain. You do this on the action tab and then add the authorisation on permission tab.

the permission group is something you define so you can group the permissions together in lieu of a transaction.

Colleen
Advisor
Advisor
0 Kudos

easiest way to test is yo create a risk and assign the function to it. You can always create a test ruleset that you assign these prototypes to so you can identify them. Then you can run the risk analysis reports

Former Member
0 Kudos

Risk can be SoD, CA or CP – what type of risk are you advising to create? To run test on each/individual function. Thx.

Colleen
Advisor
Advisor
0 Kudos

Which one do you think it is? You are buildiing critical permission function and it's going to be the only function in your risk so that eliminates SoD.

Former Member
0 Kudos

Hi Colleen,

I am sorry for confusion. I am asking as general rule in relation to SoD function.

Suppose we have risk called “Zrisk01” and it have two functions “Zfunction01” and “Zfunction02”.

I want to check function “Zfunction01” and “Zfunction01” individually before putting them together in ‘Zrisk01’.

Sorry if it’s a silly question and not making any sense. But I am thinking to test my work like this way. If I am wrong please tell me the right way to test and authenticate my build. I am much thankful to you for this help.

Regards,

Nasir

Colleen
Advisor
Advisor
0 Kudos

As a general approach it would depend on your function. Testing a single function will be either critical action or critical permission. Which type would depend if you have transactions or not

i wouldnt do this for formal testing but for prototyping as its a bit of build effort involved

Former Member
0 Kudos

Thank you so much and I must appreciate your help.

HAPPY AND BRILLIANT NEW YEAR TO YOU.

See you next year .....

Answers (0)