on 12-12-2011 10:54 PM
GURUs, what does that mean please....
Creating a Role Containing SOD Violation on the Finance Area for Action but false positive at object Level
thanks gurus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Simple example could be a role containing the transaction code ME21N, which can cause a Action level risk with other finance transactions; as it is a "create" transaction, but the authorizations assigned to the objects within the role could be ACTVT 03 (display), therefore it is unlikely the risk would really be realised at Permission level.
A mundane example, but that is one easy way describe a "False Positive" risk results.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
That was a good example to explain .
False positives usually are because of org level restrictions . If your company is org level structure then it is better to use org level analysis and if they exists at transaction level , then you need to look at your GRC rule set . Default rule set should always be tweaked depending upon nature of the business, client business process and client requirements. Check your GRC rule set and you should be able to take care of all the false positives.
Hope it gives you some clarification.
Vikas
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.