Hello,

We are experiencing an odd issue in RAR. Every Sunday, we run a User SOD report to catch conflicts for users that have roles that were tweaked during the past week. This report is essentially our fail-safe to catch everything we missed the week before.

We do not mitigate roles unless we absolutely have to. So our roles are pretty clean. We do mitigate users and if there are users on this Sunday SOD Report, we mitigate them. We are seeing the same users coming up on the report several weeks in a row with the same conflict. Our security admin team mitigates the the conflicts, then runs Risk Analysis on the users to ensure they are indeed "clean." But sure enough, a week later, it's as if the mitigating control disappears, and the conflict returns.

When a user shows up on the report with a conflict, it's usually due to A) a role was added to them in the last week. B) a role they already have had additional authorizations added to it. or C) the control that was previously assigned to a user to mitigate a risk was removed for some reason.

With our issue, we don't think any of these scenarios have occured, so we are wondering why these users keep showing up on the report when we think we are saving the mitigation every time and we are certain no one is going in to RAR and removing the mitigating control. Since we are just noticing this, we are going to start saving the report every week and also take snapshots of the MITUSER table to do further analysis but in the meantime, I am wondering...is anyone else experiencing this or something similiar?

Any insight or info would be greatly appreciated!

Thanks

--

Jes

Edited by: Jes Behrens on Sep 22, 2009 4:22 PM