cancel
Showing results for 
Search instead for 
Did you mean: 

SAP GRC Access Control: Impact on roles when solving a conflict with a new rule.

Former Member
0 Kudos

Dear all,

I just have a question of this issue; when I create a new GRC AC rule that resolves the conflict of F1 with F2, prohibiting that are performed by the same role, what happens? Maybe you can not create new roles with both permissions? (and that we are notified of users, profiles, roles that have those permissions) or the system avoids that if a user has made F1 or F2, can do the other (F2 or F1) ? or  both things?

Many thanks in advanced.

Best regards.

Accepted Solutions (1)

Accepted Solutions (1)

Colleen
Advisor
Advisor
0 Kudos

Hi Juan

Part of what happens depends on how you have configured your GRC system.

If you configure risk terminator parameters, the system will prevent you from generating the profile of the role (e.g. parameter 1085). If you have risk mitigation, you may not be able to complete the role approval or user access without mitigating risk first

If role already contains access but you change the rule set (i.e. create a new function) you would need to go through and analyse you roles for risk and then mitigate.

Maybe you could explain what you are trying to do/results you are getting at the moment?

Regards

Colleen

Former Member
0 Kudos

Thanks Colleen,

The question is theoretical, I haven't put into practice anything yet, but it hasn't become clear to me when you change the rule set if you can create new roles or not? And in case you can create it, if any alert is triggered by the system.

Regards,

Juan

Colleen
Advisor
Advisor
0 Kudos

Hi Juan


when you change the rule set if you can create new roles or not?

This depends on what you have configured - have a look at risk terminator. Also, BRM workflow approval task may prevent approval from approving the role change if there are unmitigated risks.

You can control whether roles can be created with inherent conflict so the answer is both yes and no. Same applies to whether role assignments can occur with unmitigated risk

Regards

Colleen

Answers (0)