on 10-30-2009 10:49 AM
Hello Experts,
We are facing inconsistency in the Risk Analysis report which we are retrieving from compliance calibrator 4.0 (ABAP version) in one of our systems.
The scenario is as follows: -
When we run the risk analysis for a role (ABC) we get no conflicts found. And when we try to perform simulation on this role assuming that we will be adding a couple of tcodes (i.e we need to know what are the risks generated on adding these two tcodes in the existing role) and CHECKING the option of "Risks from simulation only" we get a list of risks which donot include those tcodes which we were planning to add. Ideally if there were no risks that will be generated on adding these two tcodes the anticipated report was NO CONFLICTS FOUND. But we get a list of RISKS which were not seen when we did the role analysis.
After our analysis we had come down to these 2 conclusions: -
1) Either this inconsistency is due to manually added tcodes in that role (ABC).
OR
2) There is some config issue and the compliance calibrator has not been configured properly.
Experts, please help us in resolving or zeroing down to one final logical conclusion on this issue. Your inputs are much appreciated. In anticipation of your reply. Thanks in advance.
Best Regds,
Suyog Chakot.
Hi Suyog,
Check the User's Profiles again.
This may not be because of the tcodes added manullay but this inconsistency happens when there are some single roles assigned to the user directly. Which may show a conflict in Summay but not in the Tcode Detail.
Check whether only composite roles are present to the user
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The issue was not fixed.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Suyog
It could also be that you have some risks configured which check only the authorisation object values without a check on S_Tcode. These would be triggered if the authorisations are held regardless of the actual T_Code assignment.
I would certainly check the ruleset for the risks which are being triggered.
If the transactions are added manually, they would still appear in the S_TCODE Authorisation object but may impact the reporting. I would confirm your rules first though.
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Simon,
Thanks for your reply. But, we did check the complete rule set did not find a single risk which was maintained without an authorisation object.
Infact we have two systems with exactly the same ruleset, one system exhibits this inconsistency and one does not. We did try to simulate the problem in our sandbox system. Somehow, we are getting a feeling that the issue might be due to manually added tcodes. Can you provide your inputs or any other perception of your to look into this issue.
In anticipation of your reply. Thanks in advance.
Best Regds,
Suyog....
Hi Suyog,
Have you therefore managed to isolate this down to manually added transaction codes?
Although the reports should run against the actual S_TCODE authorisation object, it may be that the report is influenced by the Role Menu as well.
If this is indeed the case, then it may not pick up the additional transactions held within a manual s_tcode authorisation object.
Have you confirmed that the RTAs installed on the source systems are at the same version and support pack?
Simon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.