- SAP Managed Tags
The Purpose of this Blog is to explain the enhancement for considering or dismissing(exclude) Empty (Dummy) authorization values in GRC Risk Analysis.
We observe that the risk analysis engine does not consider the empty (dummy) authorization values maintained in the authorization objects (like object S_USER_GRP field CLASS with value ' ') starting from GRC AC 12 SP16. The most probable symptom is the disappearance of some permission level violations.
Before AC 12.0 SP16, the risk analysis considered the empty authorization values (dummy values), but with the introduction of SP16, they automatically became excluded. SAP has come up with the enhancement after we reporting this issue. With this enhancement you can decide how the risk analysis should handle the empty(Dummy) authorization values. You can either restore the pre-SP16 behavior or go with the current one by excluding Empty authorizations.
Solution is : Please implement the attached Correction Instruction in the note 3482508 or upgrade to the equivalent Support Package. Please be informed that you also need to perform the Manual Activities (if the objects are not created by Snote) after the Note implementation.
A new SPRO parameter has been introduced: 1056 Consideration type for empty authorization values
Path: SPRO--> Governance, Risk and Compliance --> Access Control-->Maintain Configuration Settings
This parameter decides whether the risk analysis considers or skips the empty values in the authorizations.
Possible values for the SPRO 1056 parameter:
If set to '1' -> empty auth values will NOT be considered (risk analysis behaves as of SP16)
If set to '2' -> empty auth values will be considered (risk analysis behaves as worked before SP16)
Bluesky| User | Count |
|---|---|
| 28 | |
| 25 | |
| 24 | |
| 20 | |
| 14 | |
| 13 | |
| 12 | |
| 11 | |
| 11 | |
| 11 |
