cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

GRC5.3 RAR - User Level risk analysis

Former Member

on ‎12-10-2009 5:00 AM

0 Kudos

Hi,

We have ECC connected to GRC. Trying to do a user level risk analysis.

ECC Backend User Info:

User Name: SAP*

User Type:Service

Locked User

No roles assigned

Profiles: SAP_ALL and SAP_New is assigned

GRC5.3 RAR Risk analysis settings:

User Name:SAP*

System: ECC System

User Type:Service

Ignore: Locked and Expired users

Ignore Mitigated risks

Global Rule set

As per my understanding with the mentioned checks in GRC it should not show SAP* having any risks. But GRC is listing the risks present in all the users having their ID starts with SAP irrespective of their user type, thus treating " * " as a wild card.

N.B. In ECC Backend SAP* is the only service id starting with SAP.

Please help. Its becoming quite serious issue for us due to SOX audit which need to be addressed.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎12-10-2009 11:35 AM
0 Kudos

The syntax in RAR will mean that if you put SAP* in the username, it will treat that as a wildcard search for users starting with SAP.

Are you trying to just use RAR to report on the risks from this single user?

From an auditing standpoint, you could manage this in numerous different ways.

You could set SAP_ALL / SAP_NEW etc as critical permissions and then use your reports to run for them or not as required. You should not then need to specify the indiviual users as the reports would return the users which have those permissions.

For SAP* there are also standard reports (RSUSR003) which will show the status of SAP standard users and you can prove that it is locked down from there.

Simon

Show replies
Show replies
Former Member
‎12-10-2009 6:32 PM
0 Kudos

Totally agree with Simon. Create SAP_ALL and SAP_NEW as critical profile not critical action and then you can ignore the risks coming from SAP_ALL/SAP_NEW.

Alpesh

Former Member
‎12-11-2009 5:13 AM
0 Kudos

Got that!

The thing is SAP* is a single user with type service and status locked. Now during User level risk analysis we are selecting option for user type service and also to ignore locked users. Technically that should not bring up any risks, as locked users should be ignore. There is not other user id starting with SAP and type service. I guess the filter options on the RAR user level analysis are not working.

Please suggest.

Former Member
‎12-11-2009 8:32 AM
0 Kudos

MK,

What Support pack level your RAR is at? I checked in RAR @ SP09, there isn't any issue with Risk analysis filter.

Application correctly excludes the users based on filter, even if search criteria contains * (ex SAP*) and there are other users matching the pattern. If users don't satisfy the filter criteria RAR doesn't fetch the auth information from backend to do risk analysis.

Former Member
‎12-23-2009 9:35 AM
0 Kudos

Hi Amol,

Ours is SP08. We are planning to upgrade it to SP10 by first quater of 2010. If we upgrade from SP08 to SP10 will there be any issues?

Regards

Manash

Former Member
‎12-24-2009 5:27 PM
0 Kudos

Almost Certainly!!

There will be substantial changes by implementing SP10, mostly bug fixes but also some new functionality. I suggest that you look at the SAP Notes to check the released functionality.

You should also plan for some substantial regression testing as Support packs can often cause side-effects resulting in breaking functionality which was already working successfully. Be aware that you may also have to check the compatibility of the RTAs in the ERPs to ensure that they are also in sync.

Simon

Ask a Question