Risk related to profile in GRC 10

Former Member · ‎09-05-2012

Hello Experts,

In our GRC 10 system around 20 users showed up in risk analysis through profile not by role. When I checked their access in SAP I don't see the role associated with this profile but the profile is there in the master data. I tried SUIM report to find out how they got this profile but failed. If anyone knows a way to find out how they got this profile that would be great. Any suggestions or best practice to remove this risk would also help.

Thanks

Afsar

Former Member · ‎09-07-2012

Hello Afsar,

Do you perform a daily user comparison? This is usually scheduled via PFUD or the report PFCG_TIME_DEPENDENCY. Can you check in table UST04 if the users have the profiles??

If a role assignment is due or if you remove roles directly from PFCG instead of SU01 for example, profiles are not adjusted automatically....

Cheers,

Diego.

Former Member · ‎09-10-2012

No, we don't perform PFUD on a daily basis. I double checked the history and found out that these useres once use to have the role but it was been removed. However the profile didn't got removed. Can I just delete the profile from user master data?

Former Member · ‎09-11-2012

Hi!,

If you have removed the profile form PFCG or the role is due the profile will be there assigned to the user until you perform a user master comparison. You have to perform it daily, user comparison is very important! . You can try first to perform a user comparison in PFCG for the role you mentioned, and the profile assignment should disappear.

Cheers,

Diego.

koehntopp · ‎09-11-2012

You really really need to catch up on Basis Security tasks... there is little use implementing GRC risk analysis if you're not following the basic profile maintenance procedures....

Former Member · ‎09-07-2012

Can you list the profiles? are those standard SAP profiles?