cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RAR: "Scope of Analysis" when building a Function ?

Go to solution
Former Member

on ‎10-18-2012 6:15 AM

0 Kudos

Dear Experts,

I want to clarify settings for "Scope of Analysis" when building a Function ?

Two options are available in drop down menu

Single System: (SAP Documentation states to select this option if the function applies to only one enterprise platform (SAP or non‐SAP system)).

Cross System: (.....select this option if the function applies to multiple enterprise platforms (SAP and non‐SAP system).

1) What if instead of (SAP and non‐SAP system) we have (SAP and SAP system i.e. multiple SAP systems)? Should we select Cross System ?

2) What is the harm in selecting Cross System every time regardless how many enterprise platforms are connected.

Thanks.

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

jitan
Product and Topic Expert
Product and Topic Expert
‎10-18-2012 10:08 AM
0 Kudos

Hi B G,

Scope of analysis is used in rule generation logic.
By specifying the scope of analysis we tell the system to define the rules accordingly.
Single system means the risk is present in the same system and it will realized when actions are executed in the same system.


And cross system means the risk is realized  when actions are executed in the different system by same user.

Hope this will clarify. There are few consulting notes #  1178372 and 1229926 which will give
more insight to working of cross system risks.

Best Regards,

Jitan Batra

Show replies
Show replies

Answers (4)

Answers (4)

Former Member
‎02-15-2016 3:06 PM
0 Kudos

This message was moderated.

Show replies
Show replies
Former Member
‎12-17-2012 1:16 AM
0 Kudos

Thanks Experts for all the helpful comments.

All the comments are very helpful, Thanks Filip for conceptual explanation. I just want to remove last shred of doubt that I have

1)

Assume cross system connectors, logical groups etc are all configured properly

Is setting SoA = Cross System renders the Function non-applicable to Single system analysis.

e.g.

Risk is defined for Function F1 & F2

Funtion F1: SoA = Cross System               ; Tcode T1

Funtion F2: SoA = Cross System or Single ; Tcode T2

User is assigned T1 & T2 in same system, will it still show risk ?

My thought is it will, just want to know if you can share your experience.

& these leads to a theoretical dilemma

2)

Let's say client has two custom t-codes Z1 & Z2 which create a risk only cross-system but not in single system. I know it sounds absurd but just for argument sake. Since setting SoA = Cross System still apply risk against single system, how can such situation be tackled?

Show replies
Show replies
Former Member
‎10-18-2012 11:46 AM
0 Kudos

If you are just using SAP systems for risk analysis, you should use single system. If you want to define rules which are applicable to multiple system (e.g ERP, BW, SRM etc. generally BASIS rules falls under this category), create the logical systems and define functions/risks over those.. Logical systems make maintenance task very easy. Praveen has already explained the difference between the two type of options available..

Show replies
Show replies
Former Member
‎10-18-2012 6:09 PM
0 Kudos

Experts,

Thanks for responses, appreciate the details & notes.

I have seen the notes 1178372 and 1229926 but I don't want to tangent off into differences & uses of Logical & Cross Systems. My doubts are about "Function - Scope of Analysis"

If cross system means the risk is realized  when actions are executed in the different system by same user then does it mean selecting Cross System in Scope of Analysis (SoA) renders the Function non-applicable to Single system analysis.

If that is not the case then why not set SoA = Cross-System all the time.

Thanks

FilipGRC
Contributor
‎10-18-2012 9:11 PM
0 Kudos

BG,

Yes you are right - cross system means the risk is realized when actions are executed in the different system by same user. I see you go far with your question in to more philosophy direction.

The case that makes a difference is the setup you are making in configuration of the system.


Cross Systems need to be configured in a special way you need to assign two dedicated connectors (to point out two separate system) and assigned them into one Logical Group. Next make some customizing for a group instead of one connector.

If this is not defined cross system analysis won’t work. Therefore before you run analysis you need to decide how the function is creating a risk . If you select Cross-System without proper configuration this will simply not work and it does not matter what you set in a SoA.

Setting up two the same system in one cross system does not make any sense – therefore this option was created by SAP to facilities cases where risk is constituted based on access to two different systems (ex HR master data and Payroll run (HR) and posting payroll and bank statement posting (ERP)).

Hope this helps a little bit,

FIlip

Former Member
‎10-18-2012 6:24 AM
0 Kudos

Hi ,

If you want to use multiple system for risk analysis there are to types of connector you can define

for RAR:

1) Logical system -> which can have one or more physical system.

Risk analysis result -> Physical system 1 + Physiscal system 2 + ....... + Physical system n

Rules are generated against the logical connector, it is basically used when multiple system has same set of rules.

2) Cross system ->

Risk analysis result - PH1 + Ph2 + combination of auth object of PH1 and PH2

Regards,

Praveen

Show replies
Show replies
Ask a Question