- SAP Community
- Products and Technology
- Additional Q&A
- How do i get all conflicting roles in the system ?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
How do i get all conflicting roles in the system ?
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 08-12-2008 6:44 AM
Dear Sap Pros,
Is there any way I can get a list of all conflicting roles through the system. For example: currently if I use the Security Weaver , I can only pull out a list of existing Conflicting roles that users are having. I need to pull out a list of all existing conflicts (regardless of whether users are having them or not ) from the system for my compliance officer. Currently I have a list of all conflicting roles throught our website but that will not be suffient for compliance.
Any help greatly appreciated.
Thanks and Regards,
Diwakar
Accepted Solutions (0)
Answers (5)
Answers (5)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Amol and Hersh,
Thanks for your input. The version is 4.6C , any idea how to run the risk analysis in this version ? I am not able to find a link or T-code.
Thanks and Regards,
Diwakar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Diwakar,
Well, the thing is that in GRC (Access controls) there are two separate entities involved to find a risk:
1. Your ERP system (which is 4.6 C for you as you mentioned).
2. The SAP GRC Access Control suite, which takes care of showing you reports that where does the risk reside in your ERP (SAP 4.6C). This SAP GRC suite communicates directly with your SAP R/3 and fetches data from it.
Thus we are not sure what you actualy want to accomplish and whether you are working on the GRC Acccess controls or not? Or is it that you want to just find out risks in roles from your SAP R/3 itself, by not using the GRC tools?
Regards,
Hersh.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Hersh,
I do not think I am using any GRC controls. Ok currently what I do is I use the the Security Weaver ( T-Code /SIE/ASP_P2P_SOD which i think is company specific) to generate a list of users who have conflicting roles and then I try to resolve the conflict by either removing specific role or by asking them to get written approval from the Compliacne officer. So I am assuming this is from the SAP R/3 itself.
Now the requirement from my compliance officer is that I need to generate a list from the system of the all the conflicting roles ( example: Sales commercial conflicts with Sales Invoice cancellation role ) .
I think I just need to find out restricted conbination of roles from SAP R/3 itself not using the GRC tools.
Once again thanks a lot for your help.
Regards,
Diwakar
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Diwakar,
You are most welcome. Well, in this case you can use the standard SAP R/3 reports which are available in the Tcode "SUIM" and then see which if the roles stand critical and risky for your organization based on the criteria which is defined for your R/3 implementation.
Regards,
Hersh.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hello Diwakar,
I am not aware of security weaver,
but the question that comes in the first place is how security weaver finds out conflicting roles. My assumption about security weaver is that the analysis is done at the user level and not at the role level (not sure)
logically it may be based on the combinations of roles just like transactions assigned to a user. So if a user has two or more roles and if they are violating SOD then security weaver takes it as a conflict. but if role is not assigned to any user then it can not be conflicting but might be a critical role.
So being absolutely novice in security weaver i can not tell you if this functionality is there or not. there may be something called critical roles in security weaver.
and from R/3 prespective i do not think you can do any role analysis or user analysis to find our conflicts at all.
Best Regards,
Amol Bharti
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Dear Diwakar,
I do not think that you can get a full list of conflicting roles using Risk Terminator. It is not a tool which provides you the full role level analysis report with conflicting roles, but it is a feature of GRC Access Controls that whenever a new role is created in the profile generator (TA: PFCG) or assigned to a user in user creation (TA: SU01), the risk terminator verifies whether this creation/assignment will result in a SOD violation. Risk terminator does the analysis on object level and transaction level and provides the facility to mitigate existing risks.
So as per your requirement I would recommend using compliance calibrator Role level Risk analysis as suggested by Hersh.
Thanks & Regards,
Amol Bharti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Hersh,
Thanks for your help. However I am not able to find Informer in my System and the T-code that you have me does not work. I tried searching via Help but it gives me no results for Informer and give different results for Risk Analysis.
Regards,
Diwakar
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Diwakar,
There are various parameters offered which can do Risk analysis at different levels in CC, for example user level, role level, org level etc..
For your requirement, you can do the Risk Analysis at the "Role Level", if you need to know all the roles that are conflicting. In CC 5.2 the path for the same is INFORMER>Risk Analysis>Role level. IF you are running some other version you can try searching for the reports on similar lines. For Example in 4.0 you have the option of carrying out risk anaysis at user and role level separately, after you enter Tcode /N/VIRSA/ZVRAT.
I hope it helps.
Regards,
Hersh.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi Diwakar,
I think that you are looking for Risk Terminator. It is a part of GRC. It is conectec to R/3 and it can do a risk analisys using it's default SoD matrix or one that you have created. At the end it will show the risks that you have in your company.
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
- Onboarding Users in SAP Quality Issue Resolution in Technology Blogs by SAP
- First Half 2024 Release: What’s New in SAP SuccessFactors HCM in Human Capital Management Blogs by SAP
- 3 key steps to kick-start your migration to Stories in People Analytics in Human Capital Management Blogs by Members
- 1H 2024 - Release highlights of SuccessFactors Performance and Goals in Human Capital Management Blogs by Members
- Services not visible in BAS S/4 Hana Public Cloud. in Technology Q&A
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.