Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Org Rule SOD risks @ User level not showing correct results.

Former Member

‎11-29-2014 9:11 AM

0 Kudos

Dear All

a. Create a 2 users having access to create & approve PO as per below matrix

User 1:

Role 1 - Create PO  for Purch  Grp 500

Role 2 – Approve PO for Purch Grp 400

User 2:

Role 3 – Create PO for Purch Grp 600

Role 4 – Approve PO for Purch Grp 600

Result : Now as usual the 2 user are showing as SOD users during the Permission level reporting.

GRC Setup :

a. @ function level of PR02 & PR04 the Auth field for EKGRP is made ACTIVE.

b. Create Organization rules as shown in the attached picture.

c. Ran the GRAC_GENERATE_RULES.

d. When the risk report on the user level with the Org rule included – the result screen shows blank screen without any risks at all.

Is any setting wrong? Pls advice

Raju

Preview file
105 KB
Preview file
86 KB
5 REPLIES 5

Former Member

‎12-02-2014 6:31 AM

0 Kudos

Dear All Any help on why i am unable to see risk reports @ Org rule level. Raju

alessandr0
Active Contributor
In response to Former Member

‎12-02-2014 7:14 AM

0 Kudos

Dear Raju,

it seems to be correct. Did you check the OSS notes? What's your current SP level?

Please see:

http://service.sap.com/sap/support/notes/1824956

http://service.sap.com/sap/support/notes/2038705

Please also see my document regarding org rules:

Let me know.


Regards,

Alessandro

former_member220726
Explorer

‎12-02-2014 12:04 PM

0 Kudos

Hi Raju,

Have you replicated this scenario in sand box with single T-CODES as you mentioned above ? , I have done same here , but I am not even getting the risk at permission level as you said ( I checked with both combinations ME21N & ME29N  also with ME21N & ME28 ) , can you attach the screen shot of your risks at permission level ( Please send detailed report ) .

Process you are following is correct , that has to work , I believe you must have entered both ME28 & ME29N in your role 2&4 .

Please also attach screen shots of your functions at permission level .

Thanks&Regards

Uma Shankar T

Former Member
In response to former_member220726

‎12-04-2014 12:42 PM

0 Kudos

Dear Uma

Thanks for response, Pls find the screen shots of the function settings & the p059 risk report shown during Permission level report only for the 2 users.

the same report shows blank when you consider the Org rule

I will now check if the same issue arises in different system

Raju

Preview file
167 KB
Preview file
116 KB

alessandr0
Active Contributor
In response to former_member220726

‎12-04-2014 1:31 PM

0 Kudos

Raju,

the issue is in the org rule definition. I have just tested and your definition doesn't work. In the org rule definition change the condition to OR instead of AND.

See also my example with WERKS instead of EKGRP with condition OR:

Analysis with considering org rules:

When you join EKGRP 400, 500, 600 with AND that means that all values must be given to match the rule. In your case you want to have the risk reported when the org.

Do you understand what I mean?

Regards,

Alessandro

Preview file
14 KB
Preview file
6 KB