Hello everyone,
I am new bee to GRC and I am getting very confused the way GRC is pulling the report.
In my organization, we have ran a report on permission level.
Now this screen is showing two conflicting function AP02 and GL01. In both the function, the permission level is set with AND condition for authorsation object F_BKPF_BUK but when I see the role in backend system, the role consists only activity 01 and not activity 02.
So my question, if it is AND condition the GRC should not generate this as a risk because 02 is not maintained in the role. This is my understanding, please let me know if I am wrong.
Accepted Solutions (1)
Hello,
if you have defined a range from ACTVT 01 to 02 it consider once a value in that particular range is present. In that case you have tcode FB01 with the ACTVT 01/02.
Let me just explain once violation (Rule ID: 01UN):
The violation exists because of the two functions (AP01 and GL01). In both functions you have transaction FB01 with resource F_BKPF_BUK and this authorization object has either activity 01 or 02, or both.
To avoid the violation either change your rule set (if the risk shall only appear if 01 AND 02 is present, then change the function and add two line items.. one with 01, and one with 02, so that they are AND connected), or change the authorization within the PFCG role.
Hope this helps.
Regards,
Alessandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.