Hi Gurus,
We have configured custom ruleset in which all function permission authorization objects has AND operator. Problem is Risk Analysis shows no violations if all the objects condition are not present in the security role.
for example, Risk --> Maintain GL master data AND Post Journal Entries.
Any user having FB50 and MASS t-codes must show High SOD violation but in our case it doesn't show violations because the security role having FB50 doesn't contain all objects present in the Function Permission for FB50. but If I simulate and include the other objects in the role by seeing the missing objects from Function then only it gives violations.
This means even if one object is absent in the security role then it will not show violation.
This is one of the example and we are not 100% comfortable with this ruleset implemented by our vendor.
Can anyone please advise the best practice ?
Regards,
Salman
Message was edited by: Salman Khan