Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

GRC5.3 RAR - User Level risk analysis


We have ECC connected to GRC. Trying to do a user level risk analysis.

ECC Backend User Info:

User Name: SAP*

User Type:Service

Locked User

No roles assigned

Profiles: SAP_ALL and SAP_New is assigned

GRC5.3 RAR Risk analysis settings:

User Name:SAP*

System: ECC System

User Type:Service

Ignore: Locked and Expired users

Ignore Mitigated risks

Global Rule set

As per my understanding with the mentioned checks in GRC it should not show SAP* having any risks. But GRC is listing the risks present in all the users having their ID starts with SAP irrespective of their user type, thus treating " * " as a wild card.

N.B. In ECC Backend SAP* is the only service id starting with SAP.

Please help. Its becoming quite serious issue for us due to SOX audit which need to be addressed.

Helpful Answer

Not what you were looking for? View more on this topic or Ask a question