cancel
Showing results for 
Search instead for 
Did you mean: 

ARQ: How to Specify specific system in "System" Field in "Risk Violations" Tab in Access Request???

former_member184114
Active Contributor
0 Kudos

Hi,

I would like restrict users from selection systems from the drop down in "Risk Violations" Tab. In order to achieve this, I opened  GRAC_OIF_RQUEST_SUBMISSION" application in Admin mode and disabled. As a result, this field is disabled. But this is blank. I am unable to maintain any value in it. I tried to select a value from the drop down and then disabling the field. I saved with the selected value. But later when Access Request application accessed, it is again showed blank.

However, when a user performs risk analysis, application still performs for all the connectors!

user is authorized to perform risk analysis for specific connector (controlled using GRAC_SYS object). But not sure where from application is picking up different connectors?

Secondly, I also noticed that this "System" drop down has multiple entries in it along with "ALL". I dont have any clue where these values are coming from!

Can anybody help me in understanding and addressing this?

Also, may I know how other are tackling this? I mean, is "System" drop down disabled with specific value as default or enabled with ONLY specific value?

Please advise.

Regards,

Faisal

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
0 Kudos

Hi Faisal,

the system list shows up based on the assignment of the user. Means if the user has 3 systems assigned all these systems will show up plus ALL.

Let me check how this can be achieved. Will come back to you.

Regards,
Alessandro

alessandr0
Active Contributor
0 Kudos

Faisal,

I assume that this isn't possible due to the fact that the list gets build dynamically in each request depending on system assignments. Hence it isn't possbile to default a value. Assume that you default SYSTEM_A but the user has no assignment for that particular system so SYSTEM_A won't show up.

Hope this helps anyways.

Best regards,

Alessandro

former_member184114
Active Contributor
0 Kudos

Alessandro,

Thanks for your reply

After a long time. Hope you are doing good.

I think you are right. I was not able to get this and was wondering where these connectors are being picked up. Now, I think I am getting the idea.

But I have noticed that when no roles are added and nothing is selected from the "System" Drop down, application performs risk analysis for "ALL" the connectors, including Active Directory. Users are also available in Active Directory and this connector is also picked up while performing risk analysis. There is no sense to consider AD connector for risk analysis. May I know how I can ignore it?

Is there any way we can configure application to not to perform risk analysis if no roles are added in Access Request?

Regards,

Faisal

Answers (2)

Answers (2)

FilipGRC
Contributor
0 Kudos

Hi Faishal,

I went through the challenge you have described. On top of mentioned issues - do you know that if a user select a system (has requested a role for it) but you have no sod rule book defined for it - grc will identify no sod risks for request and will mark all roles (even those for other systems for which rulebook is defined) as 'green' on access approver screen. The expected behavior would be only selected role would be marked as green and others would be still red. We have tried also with option 'ALL' however results provided in our case were not accurate (we did recons to single systems)

This strange system behavior (SP14) was reported to SAP. In this case if you have path defined for SoD detour - system will not go on detour as there is no risk defined.

What we did -was we setup a fix value in this field (our production system with rulebook) an put this system as parameter TVARV (system depended) and using the value of this parameter we fixed the system against which the analysis are executed.

Filip


former_member184114
Active Contributor
0 Kudos

Hi Filip,

Thanks for sharing these details.


What we did -was we setup a fix value in this field (our production system with rulebook) an put this system as parameter TVARV (system depended) and using the value of this parameter we fixed the system against which the analysis are executed.


May I know how you did it? It would be better if you share the steps.

Regards,

Faisal

FilipGRC
Contributor
0 Kudos

Hi Faisal,

it was developed by our ABAP team and I do not know exact deatils, I am sorry I can not help here,

Filip

former_member184114
Active Contributor
0 Kudos

Filip,

No problem, it is ok.

Regards,

faisal

former_member184114
Active Contributor
0 Kudos

Can I get any help on this?