cancel
Showing results for 
Search instead for 
Did you mean: 

Critical Profile(risk) doesn't appear on assigning Role to user and indirectly a profile of that role to a user

Former Member
0 Kudos

Hi Experts,

I have created a role (having T-codes which results in risks) and have made the profile associated with this role as a critical profile. Then, I have assigned this Role to a User. Now, If I do User Level/Adhoc Risk Analysis the risk doesn't appear.

Exp: User: UserX

        Role: RoleX (Profile:T-XXXXX of RoleX).

        RoleX have T-codes which results in risks.

        Profile: T-XXXXX is a critical Profile

On executing User Level RA for User: UserX, Risks doesn't appear

Should i expect the risks to appear in this case?

Regards,

Arun

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
0 Kudos

Hi Arun

Why you would make a generated profile a critical risk. If the role is large, it could result in several profiles or if you delete the generate profile and recreate, then you lose the critical risk definition

I would assume if you build a role and generate the profile, then you build a Critical Risk for the ROLE

However, if you use a SAP single or composite profile (like SAP_ALL), then you would build a Critical RISK for the PROFILE

In terms of results, what selection criteria did you use and what configuration parameters have you set?

Former Member
0 Kudos

Hi Colleen,

Thank you Colleen for your quick response,

I am looking at the critical Role/Profile (risk) in User Level Risk Analysis. For this i have simply created a test data in the back end:

User id: User1, Role: Role1(Transaction: SU01) and generated Profile: Profile1 for this role.

And then i have executed the repo sync job. Through NWBC >> Rule Setup >> Critical Profile

I have made this Profile1 as a critical Profile.

Now the issue is, when I execute Adhoc User Level Risk Analysis. Critical Role/Profile (risk) doesn't appear. Though (User1 is having a  << Role1 (with indirect assignment of Profile <<Profile1) U<R<P.

Should i expect the risks to appear in this case?

Best Regards,

Arun Singal

Colleen
Advisor
Advisor
0 Kudos

Hi Arun

I only see critical profiles when I have created them in the Role Repository as type PROFILE and then flagged them in the Critical Profile

I still don't understand why would you want to flag a generated profile as critical? You don't assign generated profiles directly to users (and GRC won't let you).

I recommend you create a CRITICAL ROLE

Use Critical Profile for non-generated profiles. Use Critical Role for generated profiles (but specific the SAP role)