07-29-2008 1:46 PM
Dear Forum,
Can somebody shed some light on how alert generation works ? Are only the entries in the action tab of a function relevant ?
1. Suppose you have alertlog.txt
$ cat Alertlog.log
SYS-001 JDOE SM30 2008-07-28 09:15:07 ENDUSER
SYS-001 JDOE SU01 2008-07-28 09:45:24 ENDUSER
2. critical action rules
a) SM30 S_TABU_DIS 02 FC31 = open and close FI posting period
b) SU01 S_USER_GRP ACTVT 06 = Delete users
---> will the "Search Critical Action Alerts" functionality report JDOE or not ? That is, will SAP GRC take the permissions into account yes or no ? If not, than we have false positives.
Thanks - Sam
07-29-2008 1:54 PM
which version of CC or RAR are you referring to?
CC 4.0, 5.0, 5.1, 5.2 or
RAR 5.3
07-29-2008 3:46 PM
07-30-2008 10:20 AM
In AC 5.3 (which I am believe is the same as AC 5.2) you have 2 different types of Alerts
Conflicting Actions and Critical Actions
And you can choose the risk ids for both but there is no setting that suggests that they are using the permission level values for these risks.
07-31-2008 11:15 AM
Simon,
Thanks for the reply
Can we conclude as follows :
"SAP GRC Risk and Remediation alert monitoring and alert notification do not take into account any function permissions settings before, during or after alert analysis. By this logic, users will be reported as soon as alertlog.txt line items correspond with items from the action tab as part of functions, regardless the fact those users' user buffer does not have the necessary permissions as specified within that same function."
I have noticed your email suffix sap.com --> Can I consider your answer as an official answer from SAP to my question ?
07-31-2008 11:20 AM
HI Sam
I agree that I believe your description is correct. However, since I am just a consultant at SAP you can not take my response as being the official reply.
You would need support, development or solution marketing to make the official response.
Personally I would create an OSS note to confirm your view. Personally nobody has ever asked me this before either at a client on in the many classes I have taught around EMEA.
10-14-2008 3:07 PM
Absolutely agree with every word that Sam said.
I suffer exactly the same problem. A lot of false positives.
I can't understand why CC-RAR doesn't take in account action-permissions. This will be fixed by SAP in a future version of GRC-AC?
Thanks in advance
Victor