I wanted to updat RAR rules in dev GRC as per Q2 2009 rule update provided by SAP.
SAP recommendation for transaction FBV0 is:
remove auth objects F_BKPF_KOA and add F_BKPF_BUK with actvt 01 or 02.
As client wants to keep KOA active, I have done following in function AP02 and GL01, to test user risk analysis result in each case
case 1. KOA and BUK both active
case 2: KOA inactive and BUK active
I tested 5 users who have acccess to FBV0.
Among those, in case of 2 test users I found some unexpected results.
In case 1, both users have less number of risks where as in case 2(inactive KOA) I got more risks in user analysis in dev grc.
I am surprised, if I make an auth obj inactive, how can the new risks be generated. The new risks are related to FBV0 and functions AP02, GL01.
Other three users have same risks in both cases.
Can you suggest me what could be the reasons behind this.