6 Replies Latest reply: Dec 24, 2009 6:27 PM by Simon Persin RSS

GRC5.3 RAR - User Level risk analysis

Manash Saha
Currently Being Moderated



We have ECC connected to GRC. Trying to do a user level risk analysis.


ECC Backend User Info:


User Name: SAP*

User Type:Service

Locked User

No roles assigned

Profiles: SAP_ALL and SAP_New is assigned


GRC5.3 RAR Risk analysis settings:


User Name:SAP*

System: ECC System

User Type:Service

Ignore: Locked and Expired users

Ignore Mitigated risks

Global Rule set


As per my understanding with the mentioned checks in GRC it should not show SAP* having any risks. But GRC is listing the risks present in all the users having their ID starts with SAP irrespective of their user type, thus treating " * " as a wild card.


N.B. In ECC Backend SAP* is the only service id starting with SAP.


Please help. Its becoming quite serious issue for us due to SOX audit which need to be addressed.

  • Re: GRC5.3 RAR - User Level risk analysis
    Simon Persin
    Currently Being Moderated

    The syntax in RAR will mean that if you put SAP* in the username, it will treat that as a wildcard search for users starting with SAP.


    Are you trying to just use RAR to report on the risks from this single user?


    From an auditing standpoint, you could manage this in numerous different ways.

    You could set SAP_ALL / SAP_NEW etc as critical permissions and then use your reports to run for them or not as required. You should not then need to specify the indiviual users as the reports would return the users which have those permissions.


    For SAP* there are also standard reports (RSUSR003) which will show the status of SAP standard users and you can prove that it is locked down from there.