cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Mass role risk analysis issue

Former Member

on ‎08-19-2014 2:01 PM

0 Kudos


Hello GRC Community,

I have a following issue:

When I use mass risk analysis the deactivated authorization objects in the role are displayed as result. At the same time, when I use Role Level Risk Analysis the role with deactivated critical authorization objects doesnt appear.

Does anybody know how to solve this issue? Is there any configuration parameter to be adjusted?

thanks

best regards

Sabrina

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member193066
Active Contributor
‎08-19-2014 6:48 PM
0 Kudos

Hello,

Please paste screenshot with show all object and detail view.

Regards,

Prasant

Show replies
Show replies
Former Member
‎08-20-2014 6:01 PM
0 Kudos

Prasant,

here are the screenshots of the Job result:

1. Mass role Risk Analysis

2. Risk Analysis on the (Single) Role Level

Im Backend you can see that the role contains lots of deactivated autorization objects.

I have run all sync Jobs, but seemingly it doesnt help.

Thanks,

Sabrina

alessandr0
Active Contributor
‎08-20-2014 6:16 PM
0 Kudos

strange - could it be that you run the first analysis, where you have the wrong risks showing, with option "offline data"? It might be that the batch risk analysis wasn't performed for a while and hence the analysis shows the wrong result.

Also I would like to now where you start the first analysis and with which options/criterias did you start?

Regards,

Alessandro

Former Member
‎08-21-2014 12:25 PM
0 Kudos

Offline-Data Option is not activ (Parameter 1027 set to NO). Anyway, I have performed the Batch Risk Analysis, but the Job result remains the same. Deactivated authorization objects are displayed in the result table.

The mass role Analysis start:

Which Options/criterias are behind the mass Risk Analysis? Where I can get this Information?

Regards,

Sabrina

former_member193066
Active Contributor
‎08-25-2014 8:17 PM
0 Kudos

does the role has the tcodes mentioned in mass risk analysis.

the report is not at object level hence object is deactivated in role does not matter.

Regards,

Prasant

Former Member
‎09-08-2014 1:55 PM
0 Kudos

Hello Prasant,

the role has the permission objects F_BKPF_BUK mentioned in the mass Risk Analysis, but only active are the activities 03 and 08.

Activity 01 and 02 are deactivated.

Therefore they shouldnt be critical.

We have the same issue in the CUP reguests. The roles with the deactivated permission objects have red risk Status and goes automatically to security stage. This is actually a big problem, because it leads to a huge job overload for our security stage. They have to check whether the role has deactivated permission objects or not.

I really hope, we can find any solution for this issue.

Regards

Sabrina


alessandr0
Active Contributor
‎08-19-2014 3:17 PM
0 Kudos

Sabrina,

what SP level are you?

There are some notes regarding mass role risk analysis. Did you check them? e.g. http://service.sap.com/sap/support/notes/1698178

Regards,

Alessandro

Show replies
Show replies
Former Member
‎08-19-2014 5:04 PM
0 Kudos

Hello Alessandro,

thank your for the hint, but we are on SP 14. There must be another reason for this issue.

Ask a Question