If there are no rules, then how will you know if someone is violating them.

It is like we have LAW and police makes sure no one violate them.

Hi Zeng,

Yes, these files will create rules for your RAR system. Creating rules is not a straightforward process.

Here is description for all those files:

1) Business Processes: ALL_Business_Processes.txt -> Definition of Business process

2) Function: ALL_Functions.txt -> Definition of function

ALL_Functions_BP.txt -> association between functions and Business process

3) Function Authorization:

XX_function_action.txt -> association between functions and transaction

XX_function_permission.txt -> association between functions and authorization objects

4) Rule Set: ALL_Ruleset.txt -> definition of rule set

5) Risk:

R3_risks.txt -> composition of risk

R3_risks_desc.txt -> definition of risk

R3_Risk_Ruleset.txt -> relationship between risk and rule set

Regards,

Alpesh

All those files are for SoD risk check?

GRC check that a user has a risk, the user's role has OBR1 and CMOD(please check the following), but I could not find the rule definition in the *.txt file.

Conflicting Actions | Risk Description | Level | Business Process

-

OBR1&CMOD | B00103A01 | Medium | Basis

I was completely puzzled by this.

Hi zeng

Those are the SAP standard rule set, business process, functions , function action and permission, Risks which are known to SAP . please upload all of them.

You can also define custom ones but you have to upload the ones from SAP first before start working on custom ones.