Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

GRC AC 5.3 SP12 - risk analysis with organizational rules

Hi all,

We have a risk with 2 functions.

The first function search for VF01 and other V_VBRK_VKO with ACTVT01 enabled.

The second function search for VA01 and V_VBAK_VKO with ACTVT=01 enabled and SPART field enabled.

Then we have defined an organizational rule having SPART=BB.

It seems that the risk analysis results is wrong on function 2 (VA01).

We have a user with 2 roles assigned:

- the first role gives an authorization to V_VBAK_VKO object with ACTVT=01 and SPART=AA

- the second role gives an authorization to V_VBAK_VKO object with ACTVT=03 and SPART=BB

The risk analysis results reports that the user has a violation because he his authorized to function 2.

This is wrong because the user has only a display authorization on SPART=BB.

Any suggestion?



Helpful Answer

Not what you were looking for? View more on this topic or Ask a question