cancel
Showing results for 
Search instead for 
Did you mean: 

Rule Generation (Action & Permission) in RAR

Former Member
0 Kudos
108

Hi All,

I have a query about rule generation in RAR.

Although action & permission rules are generated automatically in RAR with respect to risk level but

1. How these rules are generated internally.

2. Please differentiate between Action Rule ID (0003005) & Permission Rule ID (e.g. 000300101).

Regards,

Mohit

View Entire Topic
Former Member
0 Kudos

Hi Mohit,

a risk is the combination of (typically) two functions, lets say fucntion A and function B.

From each combination of an action of function A and an action of function B will be generated a action-rule.

From each combination of an action together with the related persmissions of function A and an action together with the related persmissions of function B will be generated a permission-rule.

Analysis on action level has findings for (e.g) roles which have both transactions. On permission level maybe there won't be a finding, because the role has only ACTVT 03 for one of these transactions.

For example on action level there will be a risk for a role with transaction FS00 and FB01, but not a because object F_SKA1_BUK is just with ACTVT 03 included in role.

Best regards,

Bianca