Hello.
We testing new SODs and CA rulesets
In report the "false/positive" risk that ARA is showing is when we run the report to permission and action level.
Example:
User 1 have CA:
S_TCODE - TCD - OB52 - role 1 AND
S_TCODE - TCD - OB52 - role 2 AND
S_TABU_NAM - ACTVT - 02 - role 2 AND
S_TABU_NAM - TABLE - V_T0001B role 3 OR
S_TABU_NAM - TABLE - V_T0001B_COFI - role 3
But reality is that for S_TABU_NAM - TABLE values user has only 03 action.
As you see role 2 and 3 in conflict. It role 2 (with 02 action) there's no access to table V_T0001B, user can't change it.
And as a reasult we have false/positive" risk
How it can be changed? maybe some different mapping is needed
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.