GRC5.3 RAR - User Level risk analysis
We have ECC connected to GRC. Trying to do a user level risk analysis.
ECC Backend User Info:
User Name: SAP*
No roles assigned
Profiles: SAP_ALL and SAP_New is assigned
GRC5.3 RAR Risk analysis settings:
System: ECC System
Ignore: Locked and Expired users
Ignore Mitigated risks
Global Rule set
As per my understanding with the mentioned checks in GRC it should not show SAP* having any risks. But GRC is listing the risks present in all the users having their ID starts with SAP irrespective of their user type, thus treating " * " as a wild card.
N.B. In ECC Backend SAP* is the only service id starting with SAP.
Please help. Its becoming quite serious issue for us due to SOX audit which need to be addressed.