Hi Jose,
In GRC 10 you can perform all the risk analysis by following the below link
NWBC-> Access Control -> User Level(Role level etc).
You can perform the risk analysis at Action(Tcode) Level, Permission level, Critical action, critical permission & critical role/Profile level.
I hope this will help.
Thanks
Japneet Singh