cancel
Showing results for 
Search instead for 
Did you mean: 

Dispaly role puts out risk at permission level

Former Member
0 Kudos

Hi Experts

I am running risk analysis in CC 5.2 for a display role , it puts out quite a few risks and when I checked the report in a detial format , I could discover that it checking the transaction start for each conflicting tranasaction .

As matter of fact the conflicitng transaction here are enabled in CC but all the underliying objects are disabled ,but its checking the S_tcode by default , how can I make this role risk free ?

Thanks in advance

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member366047
Contributor
0 Kudos

Prem-

CC is working as designed. It is picking up S_TCODE as a conflict because, as you said, it is enabled. If you disable it, it will not pick up the conflict...

Ankur

GRC Consultant

Former Member
0 Kudos

Hi Ankur,

I totally agree with you CC just works as we tune it , but I dont even have S_tcode enabled for them transactions

and S_tcode is not even check máintianed in Su24 fo these transactions ,

S_tcode doesnt appear under the transaction in CC how can I disable it .should I be adding the S_tcode and disable it , it as good as not adding it .

Thanks & Regards

former_member366047
Contributor
0 Kudos

Prem-

I just tested your scenario, and I am getting the same result for one of our Display roles. It was never caught before because, that role is not assigned to anyone. I know that you are not supposed to have s_tcode maintained in the su24 table.

I cannot explain why or how this is happening. I suggest opening an OSS note, if nobody else has an explanation for this...

Ankur

GRC Consultant

Former Member
0 Kudos

Hi Ankur,

I have played around a little bit and discoverd one thing , any transaction with no objects enabled underneath in CC will put out a risk for sure.

I have enabled atleast one object *( ofcourse which the one whihc is relevent ) then the risk is gone .

what I am trying to tell here is when the objects are disabled under the transaction , it is by deafult checking S_tcode and putting out a risk .if atleast one of the object is enabled then it wont put out S_tcode no more .

Try this Ankur it worked for me

Regards

former_member366047
Contributor
0 Kudos

Prem-

Great investigation; that explains it. No auth objects are enabled in our Display Role, so it is picking up s_tcode as a default. But this should not be happening...

Ankur

GRC Consultant

Former Member
0 Kudos

Ankur,

Since we running the job at permission level , Obviously the job is trying to put out risks at object level , since the transaction got no object enabled in CC it is putting out S_tcode as conflict .

Thanks for sharing your experience mate

Cheers

former_member366047
Contributor
0 Kudos

Prem-

In the Configuration tab, your default level for Risk Analysis is probably set on Action Level. Change that to Permisssion Level, and you should be ok...

Ankur

GRC Consultant

Former Member
0 Kudos

Hi Ankur,

No, it is set to Permission level , I have already cheked it.

Thanks& Regards

Prem