Skip to Content
May 19 at 11:34 AM

Organizational Rules in GRC Access Control GRC 12.0



We have an issue where we have users that have SOD conflicts at transaction and auth object level but are false positives as the user has access to PO creation in one plant and GR in another. I read the blog about setting up organisational rules and following the steps, enabling the value $WERKS in the relevant functions and also using the wizard to create all the plant values in the organisational rules for the production systems where we have the issue.

I created two users one with access to PO and GR in plant A, the other with access to PO in plant A and GR in Plant B. I generated the SOD reports at permission level as as expected both users appeared with the SOD.

I ran the report selecting "consider org rule" but both users still appear and I can see my Org Rule IDs appearing, what is strange is that the two transactions shown below appear against the rule ID USSK when PO is for plant A and the GR is for plant B so this SOD should be excluded.

I dont know If I have missed a step here but I dont know why both users are still appearing when the org rule is clearly activated