cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SOD Rules - Query

former_member187795
Participant

on ‎07-03-2014 12:35 PM

0 Kudos

Hi All,

My query is to understand about SOD risk.

My Function 1 has 3 Tcodes.

FP05

FP30

FP30C

My Function 2 has no Tcodes. My Function 2 has only few objects added manually by maintaining Permission group as !^Z_FINANCE.

Created a risk between Function 1 and Function 2

Action Level Rules

Permission Level Rules

Issue is that my Role 1 has Tcodes from First Function and Role 2 is a enabler role and it has authorization objects (added manually) which are also in function 2

In action rules, a rule is created between my permission group !^Z_FINANCE with Tcodes of Function 1 FP30,FP05,FP30C.

My role 1 has only Tcodes FP05,FP30,FP30C. When i run risk analysis for this role, report says that this role itself has risks and this is because of the rule created  at action level for permission group !^Z_FINANCE with FP30,FP05,FP30C. But actually this should not be a risk.

I am simulating role 1 with role 2.

Role 1 has Tcodes from function 1

Role 2 has objects from function 2

Now I am expecting that my risk analysis shows combination as risk.

Now i am getting risks at action level as well as at permission level. But actually speaking I should get only at permission level and not at action level.

In action rules, a rule is created between my permission group !^Z_FINANCE with Tcodes of Function 1 FP30,FP05,FP30C. This is making my role 1 iteslef as a risk role

Can someone suggest if there was any issue in my approach?

Please help.

Regards,

Sai.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

alessandr0
Active Contributor
‎07-03-2014 3:36 PM
0 Kudos

Hi Sai,

how do your functions look like? Can you show us action and permission definition of function AR12 and CA04?

Theoretically the risk is reported if you have any possible combination between function AR12 and CA04. See also to get the understading of the structure.

Looking forward to your reply.


Regards,

Alessandro

Show replies
Show replies
former_member187795
Participant
‎07-04-2014 3:08 AM
0 Kudos

Hi Alessandro,

Please find my functions, risk and rules below.

Function AR12 - No Actions only Permissions

Function CA04 - Actions

Function CA04 - Permissions

Action Rules

Permission Rules

My Role 1 has Tcodes and objects which are part of CA04 function

My Role 2 has objects which are part of AR12 function.

When I checked by simulating Role 1 and Role 2, I am getting Action Level risks as well as Permission Level risks.In my action level rules of CCI02 I observe that rules are defined for Permission Group of AR12 with Actions of CA04. These are showing up as Action level risks

Here I should get permission level risks only and not action level risks

When i run risk analysis for Role 1 alone,risk analysis report shows that Role 1 has Action level risks from my Risk ID CCI02

In my action level rules of CCI02 I observe that rules are defined for Permission Group of AR12 with Actions of CA04. But these rules are making Role 1 itself as a risk role which is incorrect as Tcodes of role 1 don't have any issues. Only when they combine with role 2 should show permission level risks.

I understand that any combination will appear as risk between AR12 and CA04.

But why are action level rules being created when there are actions only one function and other function don't have any actions.

Even if they are getting created, that should again be considered as a combination but these action rules are making individual Tcodes which are part of CA04 as risk Tcodes.

Can you please help me to understand this?

Thanks in advance.

Regards,

Sai.

Ask a Question