GRC 5.3 - Organization Rules Question
We are wading through a large number of false positives from RAR, because we don't have organization rules setup. Could someone explain how to setup organization rules for the following scenario?
We have multiple company codes across our organization. We want SAP GRC RAR to ignore instances where a user has conflicting roles in different company codes. For example, we know "Role 1" and Role 2" conflict. But if the user hase Role 1 in Company Code A and Role 2 in Company Code B, we should not see a conflict in risk analysis. What we don't understand is how to set this organization rule up.
Please don't reference the SAP document entitled "Quick Reference Guide
Virsa Compliance Calibrator for SAP v5.2 - u201COrganizational Rules and Organizational Level Reportingu201D, as I've reviewed that and I don't think it provides the detail needed. The example provided in that document shows how to create a rule that generates a SOD risk. I want to be able to state the following - "If the conflicting profiles are in the same company code, present a SOD risk. If the conflicting profiles are from different company codes, then don't present a SOD risk."
Thanks in advance.