Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ARA: What is the meaning of having single tcode in two conflicting functions

Go to solution
former_member184114
Active Contributor

‎06-23-2012 1:16 PM

0 Kudos

Hi All,

I am stuck up with a confusion.

While analyzing one of the roles, I found that GRC ARA threw one F028 risk, which consists of AP02 and GL01 functions. Below is my understanding on SoD.

If we group different tcodes in 2 different functions and include them in a single risk, then it means that either role/user should not have tcodes from both the functions. This is mutually exclusive.

Consider the following example:

Function1 (TCODES)               Function2 (TCODES)

-------------------------------               ----------------------------------

SU01                                             PFCG

SCC4                                            

Now if I create a risk called RISK1 with the following details:

RISK1 (FUNCTIONS)

---------------------------------

FUNCTION1

FUNCTION2

any role/user should not contain SU01,SCC4 and PFCG at the same time. If any role/user contains SU01 and PFCG, for example, this will throw RISK1 risk.

I found F028 risk contains below 2 functions:

AP02

GL01

When I did the analysis for one of our roles, it threw violation for FB02 tcode. When I looked into the AP02 and GL01 functions, I found that FB02 tcode is maintained in both the unctions.

Can any one tell me what is the meaning of this? I mean, how I can interpret this violations?

Regards,

Faisal

1 ACCEPTED SOLUTION

Go to solution
Former Member

‎06-23-2012 2:19 PM

0 Kudos

Hi Faisal,

Considering permission level risk report compare values maintained in AP02 and GL01 functions.

This may solve your doubt.

Regards,

Sravan

5 REPLIES 5

Go to solution
Former Member

‎06-23-2012 2:19 PM

0 Kudos

Hi Faisal,

Considering permission level risk report compare values maintained in AP02 and GL01 functions.

This may solve your doubt.

Regards,

Sravan

Go to solution
former_member184114
Active Contributor
In response to Former Member

‎06-23-2012 2:36 PM

0 Kudos

Thanks for your reply.

Can you elaborate it further?

Regards,

Faisal

Go to solution
Former Member
In response to Former Member

‎06-23-2012 2:42 PM

0 Kudos

Do a permisiion level risk analysis for the role you have mentioned.

Export detailed risk report.

In excel apply filter on FB02 transaction. check for the rule ID.

Now remove the filter and apply filter on the Rule ID.

Compare the object values for both the functions maintained.

Regards,

Sravan

Go to solution
former_member184114
Active Contributor
In response to Former Member

‎06-24-2012 6:28 AM

0 Kudos

Sravan,

Thanks for your nice explanation and I do get it now.

However, my question was actually why should be a single tcode maintained in 2 conflcting functions?

What is the business need and use? What is the purpose?

I found this in default rule set provided by SAP. There must be some reason for maintaining this tcode (FB02) in functions AP02 and GL01 functions, which are conflicting.

Would appreciate if you can help me understand this.

Regards,

Faisal

Go to solution
former_member184114
Active Contributor
In response to Former Member

‎06-24-2012 7:01 AM

0 Kudos

Hi All,

I have got the below note which gives full explanation about the same. Hope this will help folks here

Note 1600667 - Transactions that conflict with themselves

Regards,

Faisal