cancel
Showing results for 
Search instead for 
Did you mean: 

GRCAC 5.3 - RAR Include OR condition between objects in the same function

Former Member
0 Kudos

Experts,

I have a question:

We have a case that we need to register in RAR risk matrix The J1BTAX transaction (SAP ECC).

I need to add objects: S_TABU_DIS and S_TABU NAM within the same function / risk.

When I add in this way, the risk analysis identifies only cases where there are these two objects: S_TABU_DIS and S_TABU_NAM

But I have other scenarios that should be identified in the risk analysis, such as:

S_TABU_DIS And S_TABU_NAM

S_TABU_DIS only or

S_TABU_NAM only.

Is there any way of registering within the same function (and risk)?

So that the risk analysis validate:

object1 and object2

object1 or object2

is it possible?

This scenario is part of the same risk, did not want to create two risks separating objects.

I know I can use the conditions (AND, OR, NOT) to check, but it works only for fields, not for objects.

I'm using the GRC AC 5.3 - Version: AC-RAR 5.3_21.2

Thanks

Chester Souza

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Advisor
Advisor
0 Kudos

Hi Chester

It's an AND statement to join objects (as you have discovered)

Are you able to test if you can list the same transaction twice for action to then maintain different permissions? I can't remember the primary key to confirm this

If not, you will need to define a different function for each

Another option to consider, if you are trying to rid S_TABU_DIS completely, you could define that object as a critical permission and check that no roles contain any access to then only work with S_TABU_NAM (though I think there are still some TSTCA - SE93 additional checks) that contain S_TABU_DIS to force you to use them).

Regards

Colleen