cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Conflict when roles assigned to user !!

Former Member

on ‎03-21-2013 10:36 AM

0 Kudos

Hi Team,

We are facing a strange issue in virsa RAR.

When roles are assigned to users,user shows conflicts.But when we check for same combination of roles in RAR,NO conflicts arise.

More to add,conflict showing for roles with  tcode ME23N

Had anyone faced similar issue.Please assist.

Peeyush

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

Former Member
‎03-25-2013 7:21 AM
0 Kudos

Hi Peeyush,

As per my understanding of the above post,If you run the user level risk analysis for a user who has a specific set of roles(Say A & B) you get the violation,But when you perfrom the role level risk analysis of the roles(A& B) you do not get any violations.Please let me know if my understanding is correct ?

If my understanding is correct then,Please refer to the below mentioned scenario :-

Role A has a Tcode A1 and Role B has a Tcode A2 and now you have created a risk which has two functions F1 and F2, Now function F1 has the Action A1 and Function F2 has the action A2. The Action A1 & A2 make the Risk RISK1.

Now when you perform the risk analysis of the user who has the role A & B you will get violations because Role A has the action A1 and the Role B has the action A2 thus the rik RISK1 is violated and hence you get the violations.

In case of Role risk analysis you do not get any violations as the Role risk anlaysis will treat the roles as individual role, So when you perfrom the role risk analysis of the roles A and B ,The GRC application will consider both the roles as individual roles and since the role A only has the action A1 which does not violate any risk ,Hence you do not get any violations. Same applies fro the Role B.

I hope this will help.

Thanks

Japneet Singh

Show replies
Show replies
martin_trachsel
Participant
‎03-22-2013 5:59 PM
0 Kudos

Hi

Could you please explain me, how you make a risk analysis for role "combination"?

Did you use the "Role Simulation" or did you it with a business role?

With the role simulation should be possible to simulate, what's happen, if you would assign a new role. With the "normal" Role Level report is this not possible.

The transaction ME23N is in the SAP Standard ruleset, if you use that or a copy of that, the risk will be showed for that. You have to maintain the function within.

I hope that's help?

Regards,

Martin

Show replies
Show replies
Former Member
‎03-26-2013 2:49 PM
0 Kudos

Hi Martin,

On your stmt -"

The transaction ME23N is in the SAP Standard ruleset, if you use that or a copy of that, the risk will be showed for that. You have to maintain the function within"

How can I check this?  We recently send some changes in PRODUCTION

Peeyush

martin_trachsel
Participant
‎03-29-2013 2:50 PM
0 Kudos

Hi

There are different ways. In the NWBC is a report avaiable under "Report & Analytics" - "Access Risk Analysis Reports" - "Access Rule Details". There you can search risk and function with the field "action".

In the standard rule set the transaction is in function "PR02 - Maintain Purchase order"

Thanks & Regards

Martin

Former Member
‎03-21-2013 3:20 PM
0 Kudos

Is it possible that a sole profile (SAP_ALL) is assigned to that user?

To validate do the same exercise by performing a risk analysis on profile level and/or check that user's user master record role /and profile assignment

Show replies
Show replies
Former Member
‎03-21-2013 3:29 PM
0 Kudos

no SAP_ALL assigned to the user

Former Member
‎03-21-2013 3:39 PM
0 Kudos

any other profile that is not linked to a role in the same user master record?

Former Member
‎03-21-2013 3:42 PM
0 Kudos

no

Former Member
‎03-21-2013 3:47 PM
0 Kudos

and table GRACROLEACTVL and other GRAC role table do contain values?

Ask a Question