on 02-25-2013 11:33 AM
Hi Experts,
I have created a role (having T-codes which results in risks) and have made the profile associated with this role as a critical profile. Then, I have assigned this Role to a User. Now, If I do User Level/Adhoc Risk Analysis the risk doesn't appear.
Exp: User: UserX
Role: RoleX (Profile:T-XXXXX of RoleX).
RoleX have T-codes which results in risks.
Profile: T-XXXXX is a critical Profile
On executing User Level RA for User: UserX, Risks doesn't appear
Should i expect the risks to appear in this case?
Regards,
Arun
Hi Arun
Why you would make a generated profile a critical risk. If the role is large, it could result in several profiles or if you delete the generate profile and recreate, then you lose the critical risk definition
I would assume if you build a role and generate the profile, then you build a Critical Risk for the ROLE
However, if you use a SAP single or composite profile (like SAP_ALL), then you would build a Critical RISK for the PROFILE
In terms of results, what selection criteria did you use and what configuration parameters have you set?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Colleen,
Thank you Colleen for your quick response,
I am looking at the critical Role/Profile (risk) in User Level Risk Analysis. For this i have simply created a test data in the back end:
User id: User1, Role: Role1(Transaction: SU01) and generated Profile: Profile1 for this role.
And then i have executed the repo sync job. Through NWBC >> Rule Setup >> Critical Profile
I have made this Profile1 as a critical Profile.
Now the issue is, when I execute Adhoc User Level Risk Analysis. Critical Role/Profile (risk) doesn't appear. Though (User1 is having a << Role1 (with indirect assignment of Profile <<Profile1) U<R<P.
Should i expect the risks to appear in this case?
Best Regards,
Arun Singal
Hi Arun
I only see critical profiles when I have created them in the Role Repository as type PROFILE and then flagged them in the Critical Profile
I still don't understand why would you want to flag a generated profile as critical? You don't assign generated profiles directly to users (and GRC won't let you).
I recommend you create a CRITICAL ROLE
Use Critical Profile for non-generated profiles. Use Critical Role for generated profiles (but specific the SAP role)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.