- SAP Community
- Products and Technology
- Additional Q&A
- RAR 5.3 : Running Risk Analysis for Critical Actio...
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
RAR 5.3 : Running Risk Analysis for Critical Actions at object level
- Subscribe to RSS Feed
- Mark Question as New
- Mark Question as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
on 07-01-2009 5:06 AM
Hi experts,
I am pretty new to GRC. I have been doing some research around Critical Actions in RAR 5.3. Per my understanding when i run critical actions analysis on a user/role, it will return violations irregardless what object level permission it has.
However, when i look at the rule architect for the critical action risks, they are referenced to functions that define those critical actions to an object level. However, when i run the risk analysis for critical actions, they will not reference those object levels.
Is there a way to enable Critical Actions Risk Analysis to analyze to an object level? Or is Critical Actions Risk Analysis just that, analysis only at the Actions level, nothing more (which for my company makes not much sense as we do not view display access for all critical actions as risks)
Accepted Solutions (1)
Accepted Solutions (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
When you run the Risk analysis, click the "Detailed report" view (the Magnifying glass). This will show the permissions identified within the results for Critical Actions. To me, this looks like Critical Action Analysis looks down to Object level permissions by default.
From what information I have gathered, Critical permissions works with no Actions/Transactions being attached to the permissions, therefore Critical Permissions work independant of what the Transactoin code is.
There is a SAP Note for this [https://service.sap.com/sap/support/notes/1225227], which describes how to define Critical Permissions (meaning no dependence on what Tcodes the permissions are attached to).
Regards
Edited by: Kaushal Vastani on Jul 16, 2009 1:51 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Answers (1)
Answers (1)
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Report Inappropriate Content
Hi,
Critical action by default analyzes all the objects which are related to transaction.
When you check the rules of Critical Action, it should display the TCODE along with the permissions in active mode. If this is displayed then all these values will be checked when you run the Critical action report.
Regards,
Shweta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
- “Mind the Gap” – Improves ROI, Cost & Margin by Merging Planning Processes in Supply Chain Management Blogs by SAP
- RISE with SAP Advanced Logistics Package in Supply Chain Management Blogs by SAP
- How strikes affect the supply chain in Supply Chain Management Blogs by SAP
- Sneak Peek in to SAP Analytics Cloud release for Q2 2024 in Technology Blogs by SAP
- Consume Ariba APIs using Postman in Technology Blogs by SAP
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.