Skip to Content

Alternatives for configuring permissins so as to search for full authorization/ Any values

Hi Experts

I am trying to understand what values are to be updated in GRC rule set to identify users with access to full authorization through GRC critical permissions configurations.

To elaborate with an example my query is as follows:

Say I have an AU object with Field – ACTVT , which has the following 6 values possibles – 01,02,03,04,05,06.

Now I have users in my system who have been given access to that object with following values for ACTVT:

1st User: value for field ACTVT >>>> *

2nd User: Value for field ACTVT >>>> 01,02,03,04,05,06

3rd User: Value for field ACTVT >>>> 01-06

4th User: Value for field ACTVT >>>> 01, 02, 06

5th User: Value for field ACTVT >>>> 03

I need to create a rule, where in the users having access to all values ONLY are reflected in critical permissions.

i.e. only Users 1, 2, 3 should be considered in result set.

Perhaps using AND we can get the result, however this becomes a cumbersome activity in cases wherein there are too many values for the field.

Hence I am trying to understand if GRC provides an alternative such that all possible values can be considered in one go. {Something equivalent to using ‘#**’ in SUIM –SAPNOTE 1267608 - SUIM| RSUSR030: Search for full authorization}


Add comment
10|10000 characters needed characters exceeded

0 Answers