on 08-07-2015 7:43 AM
Hi Experts
We are currently on GRC 10 SP10. Our business users are looking for a Access Risk Report to run on ABAP.
The report should contain the Users details, Roles, Tcodes with Risk and Function ID.
Currently there is the User Level Risk Report, however this contains a lot of Technical information which the business does not understand.
In User Level Report the Management Summary or Executive Summary format does not help.
Is there anyone that has developed a report on ABAP similar to this?
Does anyone know which tables to use to get information generated by the User Level Report?
We are looking at upgrading to GRC 10.1 in the future. Would it be preferable to develop something at that stage or is there such a report on GRC 10.1?
Hope to get some positive responses from you experts
Regards
Mustafa
HI Mustafa,
I have done similar things with queries (SQVI) and gather the data from the following tables. Please be aware that the data stored in the tables are offline data. Real-time analysis fetches the data at runtime and hence they are not stored in a table.
To read offline risk analysis date please use the following tables (always consider action level and permission level for user/role/profile analysis):
For user level:
GRACUSERACTVL
GRACUSERPRMVL
For role level:
GRACROLEACTVL
GRACROLEPRMVL
For profile level:
GRACPROFILEACTVL
GRACPROFILEPRMVL
If you have further question please do let us know.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Alessandro
Thanks for the information regarding the tables. It was helpful.
We will be using table GRACUSERPRMVL and running queries however the issue is field ROLEID.
1) When trying to retrieve the Role name using table GRACROLE and entering the ROLEID from table GRACUSERPRMVL it does not match.
Is there any other way of getting the Role name? I would believe that the ROLEID should be the same.
2) Question from Alfredo, how do these tables update? What needs to be Run?
3) Is there a table that stores the users UserGroup?
Regards
Mustafa
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.