on 07-22-2009 9:26 AM
Hi experts,
I would like to ask if RAR or GRC has the ability to report excessive access? What i mean by this is that a person might not have any SoD violations but they might have t-codes attached to different types of functions (etc. Basis,Finance). So a person working in finance might have a huge list of Basis T-codes but as they are neither invoking any SoD violations or these Basis T-codes are not critical, this individual is having access not related to his/her role.
Is there a report in RAR or other GRC components which can provide this sort of excessive access information?Maybe a report to match each user's access in the backend to the relevant functions in RAR (etc. BS = basis function)?
Hello,
There is no such report in GRC or RAR. What you can although do is Create Critical Roles or Critical Profiles in RAR. In these Critical Roles/Profiles assign access to all the transactions you think need to be monitored. For example if you have ROle1 in backend that have excessive access so, assign that role as critical role in RAR. Then you can perform risk analysis on that.
Harleen
GRC RIG
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
No, GRC-AC doesn't have the report of this kind. Best way is to create customized functions in RAR as mentioned by our friends in this post.
Best Regards,
Sirish Gullapalli.
Edited by: Sirish Gullapalli on Jul 27, 2009 11:19 PM
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello,
There is no report in GRC which can compare the user authorization with a function.
However this scenario can be achieved if you create a Risk with this function and assign it as a Critical Risk. This way only one function will be required to make this Risk.
You can create the risk for each function and you can execute the Critical Action level reports particularly for these risk to check the user access.
Regards,
Shweta
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.