cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Creating new SoD

Former Member

on ‎06-01-2015 8:18 PM

0 Kudos

Hi All,

We are using SAP GRC 10.0 access control, and got request from Business user to create one SoD with following condition

1) User has particular role.

2) User is part of on table

3) User is not assigned to particular position in table HR1001.

We have created different functions in past where only authorization object related to transaction codes where involved but never created any customized request where GRC need to check if user exist in particular and part assigned to particular position.

Please let us know if there is possibility to do that.

Thanks and Regards,

Arun Pathak

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎06-02-2015 12:00 PM
0 Kudos

Unsure what the exact requirement is, as it seems more of a Process monitoring risk, as opposed to Access related risk.

Whilst you probably can not specify a precise SoD risk definition within the AC rule set, you could try doing some of the below in AC.

You could make a critical permission risk to check if the person has access to a particular table (via auth object S_TABU_DIS).

You can define "Critical Roles" within the GRC set up, therefore see who has access to such roles via reports.

Show replies
Show replies
Former Member
‎06-02-2015 2:01 PM
0 Kudos

Hi Harinam,

How can we achieve this request through Process monitoring can you please help on that.

We need to check following three conditions:

1) User has one specific.

2) If user has that role, then is he or she part of one particular table.

3) If above both conditions are valid need to check if user is assigned to particular position S in table HR1001.

I hope requirement is clear now.

Thanks and Regards,

Arun Pathak

Ask a Question