Prevent False Conflicts with Supplemental Rules in SAP Access Control

  • by Akansha Gupta, Senior Developer in SAP: Access Control, SAP Labs India Pvt. Ltd.
  • September 28, 2015
SAP Access Control provides you with the option to create a supplementary rule. The rule gives additional information to prevent a false conflict in a segregation of duties (SoD) risk analysis report. Learn the steps you need to complete to enable the supplementary rule.
Learning Objectives

By reading this article you will learn how to:

  • Configure the SAP GRC system to run supplementary risk analysis for a user at the permission level of a segregation of duties (SoD) risk
  • Create a supplementary rule and run supplementary risk analysis
Key Concept

A supplementary rule for segregation of duties (SoD) risk analysis helps you identify and prevent false reports of user conflicts. The supplementary rule is an additional check to decide whether the risk should be included in the report. The supplementary rule checks the field name in the database table. This database table exists in the SAP ERP (plug-in) system. The plug-in system contains information about users associated with the field name. For example, in database table name USR02 there is a BNAME field that contains the user name in the user master record.

The SAP Access Control supplemental rule is a functionality that eliminates false positives and provides additional information to identify segregation of duties (SoD) violations. It performs a check with the database table and field name and works to prevent having a false conflict reported as a SoD violation.

It identifies users who are allowed to perform a transaction, but are prevented from doing so by a false report. A false positive scenario in risk analysis wrongly indicates that the user could perform a fraudulent transaction with the given authorization access. For example, Akansha is a user who can run transaction code SU01 (Create User or Assign Role) anytime, which can be identified as a false positive risk. To check that false positive risk, the system does a further check to the database table that eliminates it.

Akansha Gupta

Akansha Gupta, senior developer, SAP Labs India Pvt. Ltd., has eight years of experience in SAP Labs India Pvt Ltd. and more than nine years of experience in the IT industry. Akansha is currently working with the Installed Base Maintenance Support (IMS) organization, SAP Labs, India, for SAP Access Control 5.3, 10.0, and 10.1. Akansha has vast experience in GRC and worked on multiple skills and technologies including BRF+, SAP UI5, HANA, JavaScript, Java, web services, OData services, ABAP WebDynpro, ABAP OO, SAP ABAP dictionary, and function modules for a broad range of SAP modules and the SAP Access Control ARA, ARQ, BRM components.

See more by this author


No comments have been submitted on this article. 

Please log in to post a comment.

To learn more about subscription access to premium content, click here.