Hi All,
I can't seem to get this to work. I'm trying to add 4 bespoke authorisation objects to the RuleSet. These objects relate to budget upload directly from MS Excel and are not associated with any transaction code.
Is that where the problem lies? Does GRC insist on associating these objects with a Permission Group (transaction) when creating the Function? I've tried adding a Z in to Permission Group and it accepts it but i can't get any violations back even after generating the RuleSet. Do these Functions need to be added in to Critical Action or Critical Permission Risks?
Can these never be part of the SOD result set? Can we only report on specific authorisation objects in terms of their sensitivity as opposed to their SOD impact?
Any help greatly appreciated. Is there a course i should attend? A colleague attended GRC 300 but this appeared to be more BASIS related.
Regards,
Colin