on 11-07-2008 2:58 PM
Hello,
Let's say I have two systems: SYS1 and SYS2. I also have a cross-system defined for these two systems: X_SYS1&2
The question is about how CC5.3 is designed. When I run cross-system analysis (using X_SYS1&2 of course), should I be getting SYS1-only conflicts, SYS2-only conflicts, and cross-system conflicts or should I be getting only conflicts that are truly cross-system?
In limited testing, I seem to be getting both results. Sometimes I get cross-system conflicts only, sometimes I get the conflicts from cross system PLUS the individual systems. Again, I'm running risk analysis on X_SYS1&2, which is a cross of SYS1 and SYS2,
Any info to help clear up this confusion would be greatly appreciated!
Thanks,
Jes
Hi Jes,
Here are some details I checked regarding your question.
CC 5.3 Cross-System Risk Analysis
Definition: A cross system is two or more physical systems grouped together so you can perform user
analysis operations across multiple systems.
Usage: You can select and view cross systems when you generate and view Informer
Management Reports or perform Risk Analysis.
Relationships between Physical systems, logical systems, and cross systems:
You can link one physical system to one or more logical systems.
You can link one physical system to one or more cross systems.
You can perform risk analysis against one system or all systems.
How to do: you must define two or more systems as a cross system. With a subset of systems defined as a cross system and available in the System dropdown list, you can perform analysis operations against one physical system, all physical systems, or a selected cross system.
When you define or modify a cross system, you must regenerate the rules for all the risks, so
the system-specific rules can be updated in the database. You generate rules by navigating
to Cross Systems > Generate Rules. Updating a particular risk only requires updating the
rules for that risk and, subsequently, does not require access to the Configuration tab.
To answer your question, where you have two systems SYS1 ans SYS2 and a cross system, X_SYS1&2 defined and here is how it works:
You will get Risk Analysis of SYS1
You will get Risk Analysis of SYS2
You will get Risk Analysis of X_SYS1&2
Regards,
Kiran Kandepalli.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
>
> To answer your question, where you have two systems SYS1 ans SYS2 and a cross system, X_SYS1&2 defined and here is how it works:
>
> You will get Risk Analysis of SYS1
> You will get Risk Analysis of SYS2
> You will get Risk Analysis of X_SYS1&2
>
> Regards,
> Kiran Kandepalli.
And this is what I've always thought, but in some cases, I'm getting results that don't reflect this. For example, I have a user (TEST_USER), and when I run risk analysis on him for SYS1 only (single system), he gets a A012 and a A013 risk. However, when I run cross-system analysis on him - the cross-system being SYS1 & SYS2 - I'm not seeing the A012 or A013 risk anymore. According to what you have posted above, included in the report should be both single system and cross-system risks, so since A012 and A013 pop up on the single system report, I should also see them on the cross-system report.
Any ideas as to why this example appears incorrect?
Thanks for your response!
Jes
HI Jes,
When you choose a single system Risk Analysis, lets say SYS1, you will get results of SYS1 only.
When you choose Cross System Risk Analysis, Lets says SYS1+SYS2, you will get results that have SoD Risks arising between Functions in the systems SYS1 and SYS2 when combined and not each single system alone.
Now in my first reply, I meant that you will all the three possibilities of results depending on which system you choose, SYS1, SYS2 or SYS1+SYS2.
But dont get surprised if you dont find SYS1 results only on a user when you ran a cross system risk analysis resulting from SoD Risks conflicting between SYS1 and SYS2.
Hope this answers your question.
Regards,
Kiran Kandepalli.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.