01-24-2014 3:53 PM
Hi,
We have one strange issue in VIRSA SOD Analysis - Risk mitigated at role level are still showing at user level analysis.
Parameter - Include Role/Profile Mitigation Control in user Analysis = YES
Scenario 1 : User1 is assigned with only one Composite role. Risks under this composite role 1 are Mitigated at role level. when we run SOD at user level it (with ticking Excluding Mitigation Control Risks ) it shows no Risk found
Scenario 2: user1 now assigned with another composite role 2 ( This has very common roles and it do not have any risks) , when we run SOD at user level (with ticking Excluding Mitigation Control Risks ) it shows Risks of Composite role 1.
can anyone help me in scenario 2 - why it is showing risks which are already mitigated at role level after assigning another composite role ?
Regards,
Satyajit
01-24-2014 6:44 PM
Hi Satyajitsinh,
There may be risks posing because of the addition of the 2nd composite role to the user.
Did you check what type of risks are being displayed?
Nagarajan Viswanathan
01-25-2014 10:49 AM
01-27-2014 1:46 PM
Rahevar,
There could be risk between a object in first role and object in second role. You have not mitigated the user and not mitigated the second role. I guess that could be the reason
Or
risk between object vs object in second role.
Please check let us know the result
02-04-2014 7:14 AM
Hi Naveen,
user level Risks it is showing are risks between Child Roles of only one composite role.
this composite role is already mitigated , all risks coming in this composite are already mitigated.
Risk 1 Tcode1 Tcode 2 (including all objects) Mitigated at role level
Risk 2 Tcode 3 Tcode 4 (including all objects) Mitigated at role level
now when we run SOD for user it shows
Risk 1 Tcode1 Tcode 2 Not mitigated
Risk 2 Tcode 3 Tcode 4 Not Mitigated
if you check out Images i have attached - for same risk ID S01411801 we are getting risk at user level but not getting at role level.
Regards,
Satyajit
02-04-2014 8:49 AM
Can you check whether there is a mitigation already assigned to user 1 at user level? And also run a risk analysis on role level with one only composite role 1, second only composite role 2 and third scenario both composite role 1 and role 2?
02-05-2014 2:19 AM
Case 1: There is no mitigation assigned to user at user level
Case 2: Risk analysis on role level/user level with one only composite role 1 will not give any conflicts
Case 3 : Risk analysis on role level / user level with one only composite role 2 will not give any conflicts
Case 4 : assigning both composite roles will give user level SOD Conflicts but those risks are of composite 1 which is already mitigated at role level and that is way i have not got any SOD in Case 2.
Regards,
Satyajit
02-05-2014 7:21 AM
Hi Satyajit,
Does a role from composite role 2 contain the authorization object causing the risk, such as
K_KEKO |
V_VBAK_AAT |
The combination with tcode VA01 from composite role 1 is not mitigated. Please check
02-05-2014 7:47 AM
Hi T. de Jong
composite role 2 does not have K_KEKO / V_VBAK_AAT, this composite role is for basic transactions like SU53 and ESS Portal Related access, does not have any Business operation authorizations.
Regards,
Satyajit