Role based Risk Analysis Report

Former Member · ‎10-23-2008

Experts.

Please let me know how can I do the "Role based Risk Analysis Report" in ECC6.0

Customer has issues with the Role Management. Also need suggestions to analyze the report.

Thanks Much.

Former Member · ‎10-23-2008

Hi babji,

In "Role based Risk Analysis Report" you must need roles that exists in your system and correspoing tcode and also authorization object details. You can extract these reports with the help of SUIM tcode.

You said " Customer has issues with the Role Management "- You can do SOD checks for all roles , so that you can assure that there are no risks exists in roles and corresponding tcodes assigned to user.

You can use Virsa tool to do SOD checks.

Hope this will help.

Regards,

Sneha

Former Member · ‎10-23-2008

Hi Babiji,

Are you using any specific tools for SOD's? If you are using GRC tool, then it can be done using compliance calibrator Role level Risk analysis.In addition to what Sneha has said,

To find out the conflicting roles in CC version 5.2 the path is INFORMER->Risk Analysis->Role level.In Virsa 4.0 you have the option of carrying out risk anaysis at role level by executing the t-code /N/VIRSA/ZVRAT.

In section Analysis type, choose Roles and enter the list of roles.

In section SOD Risk level, choose the appropriate risk.

Then choose the appropriate report type and report format before executing it.

This will display all the roles with the levels of risk associated with it and then you can mitigate these as per your organizational policies & procedures.

Thanks,

Saby..

Former Member · ‎10-24-2008

Thanks for the responses Sneha and Saby.