cancel
Showing results for 
Search instead for 
Did you mean: 

Ruleset and Analysis Question

Former Member
0 Kudos

Hi Everybody,

I got a question where I would like to get some input from you experts:

In many areas in RAR and also in Risk Terminator, I can choose the Analysis Level (either Action Level or Permission Level).

In general I am happy with the fact that I get the result only on tcode-level when I choose Action Level, but I am not sure if the analysis is still done with the full rule...

Example:

Critical Action Rule:

TCode: FB01

F_BKPF_BUK --> ACTVT --> 01 OR

F_BKPF_BUK --> BUKRS --> 100 OR

F_BKPF_KOA --> ACTVT --> 01 OR

F_BKPF_KOA --> KOART --> D AND

F_BKPF_KOA --> KOART --> K AND

If I do a permission level analysis, it will check if a user has access to the tcode and will also check if the user has all the objects with the required field values.... I get the report on object level

If I do an action level analysis, I get the result only on tcode level (i.e. violation since user has access to FB01), but did AC check if the user has also all the objects with the values?

Thanks for your help

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Hello,

If you run the action level analysis, RAR will not check the object and the corresponding values. For that you will have to run Premission level analysis. Action level analysis will only focus on the transaction code and not at all on the permission objects and if the user has values for those objects.

Regards, Varun

Former Member
0 Kudos

Thanks for your answer.

But the example I stated is not an SoD, so I just would like to check who has those permissions...

In the user analysis I can choose as the Report Type:

Action Level:

--> SoD only (taking only t-codes into account)

Permission Level:

--> SoD only (taking only objects and field values into account)

Critical Action:

I thought that here, the system checks for objects as well. After all, when I run the report and click on the "magnifiying glasses" to get to the detailed report, I can see the objects and field values...

Critical Permission:

I thought this is only when I look for objects without any specific tcodes...

Are you sure that the Report type influences the analysis (i.e. what the system checks for in the analysis)? Wouldn't it make more sens if it just influences the aggregation of the result (i.e. just on tcode level or including the permissions) but in total the same amount of users...

Thanks for your thoughts!

Former Member
0 Kudos

Hello,

Based on the report type selected the system will fetch appropriate data for the User/Role in question. If you choose action level then the system will only focus on the transactional data available with the user. It will not fetch the other authorization objects for analysis. However, if you select permission level then the system will fetch all the authorizations with the user/role and will anlayze all of them (both the actions available with the user as well as the permissions).

If you run risk anlaysis on action level and check the report format as detailed as well, then also it will only show you more details about the actions associated and the roles but no objects.. It will not show you the objects as they were not taken into consideration while running risk analysis.

Regards, Varun

Former Member
0 Kudos

Understood. But the example is not a SOD. Therefore this example is not included in either action level OR permission level.

I have to choose critical action! And in the detailed report it shows the objects... so it seems that "Critical Actions" takes also permissions into account...

Former Member
0 Kudos

Hi Varun,

Need one help!!

We have implemented GRC5.3- RARBuild 13.

When I try to do Permission level analysis, it is just considering S_TCODE object and is displaying violations (at user/role level)

at tcode level.

My config is :-

1.Created Logical system

2.Created Functions with tcodes from logical system

3.Created Risk (of SOD type)

4.Generated rules for Logical system

When I'm looking for permission level risks in Rule Architech-->Rules->Permission Rules, it is just showing the rules with

Permission Object S_TCODE.

Ideally , it should display the rules for all the object(with active values.)Somehow, it is not showing the correct results.

It is not even generating the correct no of rules at permission level.

Thanks,

Renuka

Please suggest.

Former Member
0 Kudos

Hey Renuka,

Hope you are doing well!!

When you created functions, did you check the permission tab if there are any other permission objects activated there? By Default only the Object S_TCODE is activated & one has to activate the specific permission objects from the permission tab of the function created.

Check the functions, change them and go to the permission tab. All the bulbs must be off (disabled) enable the specific permissions that you want to monitor, save the function, generate the rules again and this should do it for you

Regards, Varun

koehntopp
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Renuka,

long time no hear!

Please make sure that you have completed the post-installtion steps for the connector and have uploaded the text and authorization object files. If you haven't done that, adding a TCode to a function will not bring in any objects, which might explain your problem.

Frank.

Former Member
0 Kudos

another user on SP13, reported similar issue.... (on forum)

check with SAP ..... if this is known bug in SP13.

table VIRSA_CC_funcprm should have enabled value. please check for the concerned risk in this table

Regards,

Surpreet

Former Member
0 Kudos

Hey Frank,

How r u doing?

Thanks for ur reply.

I have all the post installation steps , the issue is with SP13.

I found one SAP note- 1168120 which says this issue has been resolved in Patch 2 of SP13.

Thanks

Renuka

Former Member
0 Kudos

Hi Surpreet,

You are right..it's a known issue.We are trying to deply patch -2 on SP13.

Thank You

Former Member
0 Kudos

Hi Varun,

I'm fine...just struggling with SP13

I did enable all the objects in the functions and generated rules also.

But of no use. It is just generating rules for S_TCODE object.

I checked with Jiten (in QA), he said this issue has been resolved in Patch 2 of SP13.

SAP Note- 1168120

Thanks for ur help!

Former Member
0 Kudos

Hey Renuka,

when i saw this post i was keeping my fingers crossed that it should not be a bug but seems like otherwise. I haven't deployed SP13 so far cz of such reasons only trying to manage with SP12 as much as possible... I guess we are figuring out what it like to be on the other side now...

All the best...

Cheers,

Varun