cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Concurrent Role Maintenance(BRM) and Access Request(ARQ) can cause SoD risk violations

madhusap
Active Contributor

on ‎09-22-2015 7:43 AM

0 Kudos

Hi All,

In one of our implementations we have found that there is a SAP GRC product gap where there is a potential risk which allows the users to get access to the role having SOD risk violations. We have raised this issue to SAP as a product vulnerability and now product team is looking into this and requested us to put this in ideas place as well.

Below is the link to the issue we reported:

Concurrent Role Maintenance and Access Request can cause SoD violation : View Idea

Just wanted to know other experts opinion and their inputs in addressing this issue and also wanted to know if they have ever come across this issue during their implementations

Looking forward to hear from all of you as well as your support on getting this vulnerability fixed from SAP.

Thanks & Regards,

Madhu Sai.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

plaban_sahoo6
Contributor
‎09-24-2015 4:24 AM
0 Kudos

Hi Madhu,

I have the below suggestions, on your 3 recommendations

1. Risk analysis mandatory can be set(in stage level) as YES, so that even if 1071 is yes, approver has to perform risk analysis.however, this suffices, only of this is the last stage, before provisioning, and the approver submits the request immediately after doing risk analysis. in addition you have to remove ' Request mitigation policy', from SPRO ->..->Maintain AC applications and BRFplus Function mapping.

i will look into other recommendations, and will try to provide my feedback

Regards

plaban

Show replies
Show replies
Ask a Question