on 07-10-2014 11:57 PM
Hi Experts!
System: GRC AC v10 SP12
I am attempting to make sure our ARA system is reporting HCM SoDs correctly. I have proved it out at the single role level.
However, at the Composite role level, it does not seem to be working. We have multiple single roles and all of the Infotypes are in a single role without transactions. It does not seem to be producing the correct SoD violations for this type.
Any ideas? Have you seen this before.
Thanks.
-john
Hi John,
we cannot give you an answer as we don't know either your role nor your rule set. Please provide us more information to check whats the root cause of your problem.
Basically what we need to know: definition of your functions defined for your risk so that we can check what's causing a violation.
I am wondering a bit that it works for your single roles but not for your composite roles. Did you run all the sync jobs properly? If you have assigned roles which have violations they also show up in composite. If not, you are missing synchronization or correct assignment of the single to master roles in BRM. Best to run all the sync jobs, check the composite roles in BRM and run the risk analysis again.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Alessandro,
Which BRM Report should I be looking at in NWBC on the GRC system for that relationship?
Also, is there a sync job for BRM that I am missing? I have done the following in order:
Thanks,
-john
Hi John,
as mentioned that depends on the definition of your rule set. Can you please share the two functions for your access risk? See my document about to understand how a violation occurs.
You can easily check the assignment in BRM (NWBC > Access Management > Role Management > Search Role). Open a composite role and check if the single roles showing correctly.
If all the roles appear in the composite then it seems to be correct from that side. Hence you have to check the rule set, but as mentioned in my previous post, if it shows for the single role it has also to show for the composite (if everything is synced and configured accordingly).
I assume you didn't mitigated any role? If you have set a mitigation that can also affect your analysis. Therefore run the analysis with option "include mitigated roles" and also "show all objects".
Regards,
Alessandro
I've found also some notes, please also check depending on your SP level:
http://service.sap.com/sap/support/notes/1688747
http://service.sap.com/sap/support/notes/1724895
Let me know your SP level.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.