Without giving away too much information, I am on GRC 10.1 and am having issues with the Role Level Analysis (Access Management > Access Risk Analysis > Role Level). We have recently made changes to our rule set and have regenerated all the rules via GRAC_GENERATE_RULES. I now have many role conflicts that are appearing and the following is happening for all of them...
Headings are as follows: Risk ID, Function, T-Code, Auth Object, Field Value, Value From. Let's call the Risk ID ZZ99 and the first blurred function XX01 and the second XX02.
I have the following auth objects in XX01:
F-63 / F_BKPF_KOA / ACTVT 01 / AND
F-63 / F_BKPF_KOA / KOART K / AND
F-66 / F_BKPF_KOA / ACTVT 01 / AND
F-66 / F_BKPF_KOA / KOART K / AND
I have the following auth objects in XX02:
FV60 / F_BKPF_KOA / ACTVT 01 / AND
FV60 / F_BKPF_KOA / KOART D / AND
FV65 / F_BKPF_KOA / ACTVT 01 / AND
FV65 / F_BKPF_KOA / KOART D / AND
The role contains auth objects of the following:
S_TCODE / F-63
S_TCODE / F-66
S_TCODE / FV60
S_TCODE / FV65
F_BKPF_KOA / KOART / K
F_BKPF_KOA / ACTVT / 03
Functions XX01 and XX02 make up Risk ID ZZ99. As you can see, neither FV60 or FV65 has any conditions that will become TRUE for XX02, and as such, a risk should not be triggered. However, it is triggering a risk, and it's only triggering S_TCODE, which makes absolutely no sense. I have validated the t-code shows up in both the Action and the Permissions tab in XX02. And there are active auth objects that XX02 is checking for.
- SAP Managed Tags:
Accepted Solutions (0)
Answers (1)
| User | Count |
|---|---|
| 14 | |
| 4 | |
| 2 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.