cancel
Showing results for 
Search instead for 
Did you mean: 

User Analysis at Permission Level - Detail Report (RAR SP12)

Former Member
0 Kudos

Hello All,

I have having question regarding the User Level Analysis at Permission level report. Currently, we are on GRC Access control 5.3 SP12.

Per my understanding when you execute the User level analysis at Action level, you get SOD conflict reports based on T-code level and not on authorization / permission level. But, if you execute the user level analysis at permission level then SOD report is based on the authorization / permission object level.

But now, when I execute the user level analysis at PERMISSION LEVEL in the Informer tab, in the report I am only able to see "Transaction Code Check at Transaction Start" name in the Permission Object Column and "Transaction Code" name in the Field column.

Look forward to hear from you all.

Thanks in advance,

Regards,

Angelica

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

Hi Angelica,

This behaviour is ok for those risks in which you have not enabled any Object/Field value. It will pick S_TCODE Object and show you the risk.

This is useful because -

1. If you have risks defiend at Tcode level - you can still catch them while running risk analysis at permission level.

2. If you have Object Values defined in risk and you are running permission level analysis it will show risk only if Object Values meet. In that case permission level risk anlysis will not show risk if there is no actual risk.

3. Running risk analysis at Action level can show false positives when risk is defined ta Object level. So, it is always better to r

un alanysis at permission level, it will bring all actual risks skipping false positives.

4. You can run only one level risk analysis in CUP and ERM and permission level covers all risks.

If you have risk defined at Object Level and the role/user is not fulfilling all values, it should not show in permission level. In your case, if it is showing only "Transaction code check at start" and the risk is defined at Object Level, then sure it is a bug.

Regards,

Sabita

Former Member
0 Kudos

Hi Angelica,

Are you executing this in the background and exporting to excel?

If that is the case, could you execute just for one user in the foreground for one system and see if you still have the same problem?

Regards,

Chinmaya