cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC risk anlaysis results include inactive permission rules

Former Member

on ‎12-10-2015 5:35 AM

0 Kudos

Dear GRC experts,

We have unexpected results from Risk Analysis report: the user have ACTVT 03 for SE16, and we don't want it to be caught in the risk analysis. We have made SE16 ACTVT 03 permission to be inactive, but it still shows in the risk analysis. Is there something that we are missing? Please help us.

We have GRC 10.0 SP19.

Thanks in advance for your time and help.

Regards,

Emma

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member192902
Participant
‎12-10-2015 11:47 AM
0 Kudos

Hi Emma,

Here is two things need to explain

1. You have inactivated at permission level and running the risk analysis report at Action level (as per screen shot)

2. when you inactive at permission level system will not show any risks at permission level but system will show at action level if T-codes are active/Enabled

You just run the risk analysis at permission level and check whether system showing any risks at permission level.

With Regards

Trinadh Bokka

Show replies
Show replies
former_member182655
Contributor
‎12-10-2015 7:40 AM
0 Kudos

Hi Emma,

You don't write about risk generation, so I have to ask you.

Have you regenerated your risks after changes?

It might be the reason.

Regards,

Artem

Show replies
Show replies
Former Member
‎12-10-2015 6:43 AM
0 Kudos

Hi Emma,

    Check out the roles. The roles must be having "*" in ACTVT. The system cannot behave differently. Definitely there is some leakage of access. Check out the permission you have made as active in BS03 function and the permissions maintained in the roles showing up in the risks.

Thanks,

Fazil

Show replies
Show replies
Ask a Question