on 02-07-2018 8:46 PM
Dear Friends,
ZCritical Actions [ Or Sensitive t - code ] are grouped with Risk Type: Segregation of Duties. And for every ZCritical action two functions [ Zfunction and Yfunction [ as a holder ] is created and assigned. And is mitigated by a blanket generic MC.
As an example: -
( Screen shot attached )
Unable to find the logic to understand why it is done and is this subscribed by SAP. Kindly provide some leads to understand this.
- Thanks
Raj
Hi Raj,
The person who developed this custom risk probably didn't understand the difference between how SOD risks and Critical Action risks are configured in the ruleset. An SOD risk is a combination of two functions. A Critical Action risk is a single function. Therefore, the person intended to create a Critical Action risk (single function SOD), but did not know they could accomplish it by creating a CA risk instead of an SOD, so they created a dummy second function to make the "SOD" risk work. This solution may work, but I recommend getting rid of this and replacing these types of SODs with Critical Action risks, which are single function risks by definition.
Hope that helps!
-Ken
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
16 | |
3 | |
2 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 | |
1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.