Hi GRC folks,
I am creating roles with separation of duties risk violations for testing. I am approaching this by first going to the Global Rule Set, selecting high risks (for example H001) and then from the functions listed (HR03 & PY04), adding T-codes from them to a role. I have tried this using Role Level Simulation within Access Maintenance to avoid having to execute a background update of the Access Control Repository. When I execute a simulation the results indicate no risks. But when I add the risks to the role in the development system, the risks show up in the report. I came to the conclusion that only the simulation part is not working here.
I have generated the rule sets multiple times and the Access risk analysis works great. Just the simulation is the issue here. I have checked other posts and did the initial problem solving but there are no results.
Could someone help me get the simulation to start working. GRC version is 10.0. Our ECC is the development environment and GRC is not connected to a prod environment yet.
Thanks!
Apoorva
Hi Apoorva,
My initial thought is that you are simulating the addition of tcodes from the system "GRC Testing" when you should be adding tcodes for the simulation from the ECC system. You should also remove the report criteria Type = Action Level, and only have Permission Level selected, although the Action Level should still return results (even thought they are likely false positives as they do not check for the authorization object level permissions).
Let me know if this helps, and if not I can continue to think on it.
-Ken
Hello Apoorva,
Can you please try executing it with SAP_ALL and with "Risks from Simulation only" ?
And, please check if the simulation working for user level?
I believe the ad-hoc risk analysis is working fine for the same connector, correct?
Kind regards,
Yashasvi
Hello Apoorva,
Treating that you have activated BC sets and also regenerated all the rules, please verify the following.
Let me know if you need further details.
Regards,
Rakesh Ram
Add a comment