on 03-29-2010 5:45 PM
Hello Experts - we are currently upgrading from CC 4.0 to GRC 5.3. We have some users and some roles that do not have SOD's in R/3, but do have SOD's when checked in GRC. Risk anaylsis in both systems is set to Permissionan level, Global rule set, Exclude Locked/Expired/Mitigated Risks. Not sure what else to check to explain the discrepency between the two systems. Does anyone have any suggestions? Thank you very much for your time.
Kelsi,
This means that the rulesets are different for CC 4.0 (ABAP version) and GRC RAR (Jave version). Check the rule architect tab of CC 4.0 and RAR 5.3 to compare. You can download the CC 4.0 ruleset and upload it to RAR 5.3 to see if this produces same results or not.
Alpesh
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you Alpesh. We tried this suggestion and we are still getting different results in GRC. I think it might be because of the report type I am using (which is Permission Level). In Compliance Calibrator 4.0 we have it set to SA, which i believe is the same as Permission Level. I've researched what the correct report type is and I've found many different answers. I need GRC to be able to take the persmissions into account when running risk analysis, not just the transaction codes. When it looks at the transaction codes only, it returns false positive results as many of the transactions are view only. In your respected opinion, what is the best report type to get us the results we were seeing in Compliance Calibrator 4.0? Thank you so much for your time!!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.