cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC 10 ARA: Issue while generating SoD rules

former_member193071
Participant

on ‎2015 Apr 01 4:54 PM

0 Kudos
427

Hello,

I am facing one weird issue in SoD ruleset. Whenever I am generating the SoD rules, critical permission value is being inserted in to the function.

Lets say If I generate the SoD rules in system automatically under Permissions tab the permission group !^ZQF0RM is adding to GL01 function and

!^FEBA_BANK_DEPOSIT is adding to FI03 function which it causes to enable the risks in SoD report at user level. FEBA_BANK_DEPOSIT or ZQF0RM are not tcodes.

Please let me know if anyone is facing the same issue.

Regards,

Kesava

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (3)

Answers (3)

pawan_amarnani
Participant
‎2015 May 01 7:06 AM
0 Kudos

Hi Kesava,

What procedure are you following for rule set modification.

at front end side. you first add permission group in action tab. it reflects all the permissions(auth. object)  under permission tab. there you can make changes in the permission values or insert a new permission.

Direct insertion of permission under permission tab gives the ^!permission error. you need to delete the that permission from permission tab and follow the above process.

you can check the permission table in se16.(table GRAC*PERMISSION*)

For critical  Z risk., create a Zfunction, assign critical permission group to that function. create a Z risk, assign the Z function. save it and generate the rule set.

Show replies
Show replies
Former Member
‎2015 Apr 30 8:10 PM
0 Kudos

Maybe there is a customer-configured SU24 entry for one of the tcodes in the functions?  I highly recommend using permission-level rules; otherwise you will get thousands of false-positives.

-Ken

Show replies
Show replies
Former Member
‎2015 Apr 01 7:53 PM
0 Kudos

Hello Kesava,

it is because of special characters

Check the below NOTE

2130951 - Explanation of ^! characters in Permission Only rules



Regards

Baithi

Show replies
Show replies
former_member193071
Participant
‎2015 Apr 01 8:29 PM
0 Kudos

Hi Srinivas,

Thanks for your response. I have checked the note 2130951 it explained how the special char  ‘^!’ was introduced to distinguish between Action level/SoD risks and “Critical Permission” Risks.

In our case we have not defined any permission level risk intentionally. Whenever we generate the sod rules, these permission group with special characters have been auto inserted in to functions without any manual intervention. which we really don't required this critical permission. Though we have manually deleted it several times.

Regards,

Kesava

Former Member
‎2015 Apr 01 8:58 PM
0 Kudos

Hello,

May be below Note will give you some information

2113794 - GENERATED RULES in systems are NOT replacing Old values


1955032 - Rule generation issue with logical system groups


Regards

Baithi

former_member193071
Participant
‎2015 Apr 02 3:47 AM
0 Kudos

Hi Srinivas,

Thank You for your quick response. These notes are applicable if GRC 10.0 System is below SP15. Ours is SP15. We could not apply these notes.

Regards,

Kesava

Ask a Question