ExpressGRC | SAP Cyber Security Software for SAP Compliance

SAP GRC Controls Managing you object changes in SAP roles

When you add transaction to the role the objects are brought into the roles in two states Standard or maintained. When you change the Standard state the object will go to changed status.  But if you make changes to the role in future you will see the same standard object brought back into the role.  This may introduce unwanted authorizations into the role.

Cause:  If you change the standard object then when you add a new transaction to role PFCG tool will compare the values in role with SU24 values. Since there will be a difference due to change status PFCG will pull the standard object into the role.

GRC tool for User Provisioining
GRC tool for User Provisioning

 

Option1.

Add the object manually and change the values in the object to desired values.

Cons: When you add the transaction to any other role then you will encounter the same error again since the object will not get pulled automatically

Option 2.

Disable the standard object and copy the object. Then change object values in the new copy of the object

Best option:

Update SU24 with the desired values and let the object values automatically come into PFCG tool when you add the transaction.

OneAccess-UserManager also helps you manage the complex documenting, testing, process control, and sign-off requirements mandated by Sarbanes-Oxley sections 302, 404, and 409

 

 

Exit mobile version