Skip to Content

Risk Analysis giving incorrect data - SP 19

Hello All,

We are currently on SP19. When we executed the risk analysis, the system gives us the roles which it should not have given. We validated this data using SUIM as well. The report type we selected was Critical Action.

For this purpose, we defined a Critical Action risk and gave the required t-code in the respective function. Yet, the report shows this role where as when check the t-code is not part of that role at all.

Has anybody faced such an issue. Please let me know should you require any other information from my side.

Thank you,

Regards,

Praman Mulay

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

4 Answers

  • Best Answer
    Dec 11, 2017 at 09:45 PM

    Hi Param,

    Yes its specific to SP19,SAP released new rules for Fiori apps and that's the reason its looking for S_SERVICE,please adjust your GRC ruleset if you are not using Fiori.

    Thanks

    Ramesh

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 06, 2017 at 11:48 AM

    Praman,

    how do you run the risk analysis? Do you use Offline data? Or do you run them from the Reports & Analytics tab. Please remember there are offline and online reports. See here: https://blogs.sap.com/2014/07/16/online-vs-offline-risk-analysis/

    Regards, Alessandro

    Add comment
    10|10000 characters needed characters exceeded

  • Dec 11, 2017 at 06:35 PM

    Hi Alessandro,

    Thanks for your reply. I will run this from Reports and Analytics tab. But, after we checked we found out that the system was checking the t-code in S_SERVICE as well. Any idea if this is specific to SP19 ?

    Thank you,

    Regards,

    Praman Mulay

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    May 06 at 04:57 AM

    Hi,

    We are having the same issue but with the following issue:

    S_Service role violations where the Ruleset does not even have it, but the role violating has S_Service with both fields as “ * “. That rule is not even in that risk or function.

    Additionally, I have seen a lot of mentions of this phrase which is directly out of the SAP Note “adjust your Ruleset”. What is meant by that? Because our Ruleset does not contain one entry for S_Service either active or inactive.

    Thanks in advance.

    -John

    Add comment
    10|10000 characters needed characters exceeded