Skip to Content

Archived discussions are read-only. Learn more about SAP Q&A

Creating Mitigating Control at Rule Level vs Role & User Level Analysis

Hello GRC Gurus,

We are on GRC V10.1 & SP9,I think the following question will be applicable to all GRC version irrespective of the SP Level.

We Created a Mitigation Control for the Risk S020 and Rule 0019 & 0018 as per the SAP Standard Note

1600667 : Transaction that conflict with themselves

and we have not assigned the mitigating control at user level or role level.

The question I have here is when there is a mitigating control for risk S020 and Rule 0018 & 0019,why they are not populating at user level or role level risk analysis.The Risk and Rule are common irrespective if we run risk analysis at User level or Role Level. I think it should populate the mitigation control if there is one? If not I can assign one.

I agree if we mitigate at user level or role level, I am able to see the Mitigation Control at user level or role level risk analysis.

I hope I am not confusing anyone, can you please let me know if any one thought of this or its a SAP standard behavior.



Not what you were looking for? View more on this topic or Ask a question