cancel
Showing results for 
Search instead for 
Did you mean: 

sap grc rar false positive roles at object level role

Former Member
0 Kudos

GURUs, what does that mean please....

Creating a Role Containing SOD Violation on the Finance Area for Action but false positive at object Level

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
0 Kudos

thanks gurus

Former Member
0 Kudos

Simple example could be a role containing the transaction code ME21N, which can cause a Action level risk with other finance transactions; as it is a "create" transaction, but the authorizations assigned to the objects within the role could be ACTVT 03 (display), therefore it is unlikely the risk would really be realised at Permission level.

A mundane example, but that is one easy way describe a "False Positive" risk results.

Former Member
0 Kudos

That was a good example to explain .

False positives usually are because of org level restrictions . If your company is org level structure then it is better to use org level analysis and if they exists at transaction level , then you need to look at your GRC rule set . Default rule set should always be tweaked depending upon nature of the business, client business process and client requirements. Check your GRC rule set and you should be able to take care of all the false positives.

Hope it gives you some clarification.

Vikas

Former Member
0 Kudos

Thanks much to all of you......