on 01-21-2015 12:11 PM
Experts,
I have a question:
We have a case that we need to register in RAR risk matrix The J1BTAX transaction (SAP ECC).
I need to add objects: S_TABU_DIS and S_TABU NAM within the same function / risk.
When I add in this way, the risk analysis identifies only cases where there are these two objects: S_TABU_DIS and S_TABU_NAM
But I have other scenarios that should be identified in the risk analysis, such as:
S_TABU_DIS And S_TABU_NAM
S_TABU_DIS only or
S_TABU_NAM only.
Is there any way of registering within the same function (and risk)?
So that the risk analysis validate:
object1 and object2
object1 or object2
is it possible?
This scenario is part of the same risk, did not want to create two risks separating objects.
I know I can use the conditions (AND, OR, NOT) to check, but it works only for fields, not for objects.
I'm using the GRC AC 5.3 - Version: AC-RAR 5.3_21.2
Thanks
Chester Souza
Hi Chester
It's an AND statement to join objects (as you have discovered)
Are you able to test if you can list the same transaction twice for action to then maintain different permissions? I can't remember the primary key to confirm this
If not, you will need to define a different function for each
Another option to consider, if you are trying to rid S_TABU_DIS completely, you could define that object as a critical permission and check that no roles contain any access to then only work with S_TABU_NAM (though I think there are still some TSTCA - SE93 additional checks) that contain S_TABU_DIS to force you to use them).
Regards
Colleen
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.