cancel
Showing results for 
Search instead for 
Did you mean: 

SoD-User level analysis Permission level - Detailed report Issue (GRC 10 SP09)

Former Member
0 Kudos

HI All,

We are running on SP09. We have two fucntions as below

Fucntion IDTransactionObjectFieldLowHighConditionActive/Inactive
Func 1F.80F_BKPF_BUKACTVT0102ANDActive
Func 1F.80F_BKPF_KOAACTVT01
ANDActive
Func 1F.80F_BKPF_KOAKOARTS
ANDActive
Func 1F.80S_PROGRAMP_ACTIONSUBMIT
ANDActive
Func 1F.80S_PROGRAMP_GROUPF_003
ANDActive
Func 2FS00F_SKA1_BESACTVT0102ORActive
Func 2FS00F_SKA1_BESACTVT0506ORActive
Func 2FS00F_SKA1_BUKACTVT0102ORActive
Func 2FS00F_SKA1_BUKACTVT0506ORActive

Rule should be all the permissions of Function 1 along with any of the permissions of Function 2 together should be a risk.

But we are having a issue which is explained below.

If a role just have S_PROGRAM --> P_ACTION --> SUBMIT with no other values defined in function 1 this is getting pulled in User level detailed SoD analysis.

I am working to find any SAP note for the same, dropping this message if anyone can help me on this.

Please reply back if you need any further clarification on the issue.

Thanks,

Sravan

Accepted Solutions (0)

Answers (1)

Answers (1)

Colleen
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hi Sravan

Have you looked at the User Master you the risk is appearing for (e.g. check SU56 buffer) to see if another role is providing them with the access to the rest of Function 1 and any of the values in Function 2?

Have you tried to run the Risk Analysis for the Role and only specified the role?

Former Member
0 Kudos

Hi Colleen,

Thanks for your reply.

Yes, I have checked user buffer where user is having S_PROGRAM -> SUBMIT for F_003 together in a authorization from only two roles. But from other roles user has just authorization to S_PROPGRAM-> SUBMIT and not F_003. But all the roles are getting pulled in user level analysis instead of just the two roles.

Role level analysis is working fine. Violations are shown only for the two roles.

Regards,

Sravan