on 05-25-2010 3:26 PM
Dear forum,
We have a parallel workflow where the different paths are divided by business processes.
We want that SoD free paths continue as normal. Problematic paths are sent for resolution.
The problem as I see it is that the SoD detour condition is set on request level, not path level. Both problematic and non-problematic paths will meet the condition and are pushed into the detour. The non-problematic path will get stalled, because it has to wait for mitigation approval. Is there any workaround?
Kind Regards,
Vit V.
When you define your detour, you specify for which path it is, and at what stage it should detour. We do something similar where requests with SOD violations go thru a detour whereas requests with no SOD violations continue in their current path. For multiple paths, you will have to configure multiple detours.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jose,
We have different detour paths for every parallel path. But if any SoD conflict is detected, the SoD condition is met for all paths and are pushed into the detour(s). Have you successfully tested it?
Example:
Main Paths
P1
P2
P3
Stages
_1: Manager
_2: Role Owner
_3: BPO (CAD business process of role)
P1_1
P1_2
P1_3
P2_1
P2_2
P2_3
P3_1
P3_2
P3_3
Detours (1-stage with mitigation controll approver)
P1_DT
P2_DT
P2_DT
SoD detour takes place at stages:
P1_2
P2_2
P3_2
Problem 1: If the SoD conflict condition is met, all paths are pushed into their detours
Problem 2: Let say we have two paths with SoD conflicts, a third one is not. Two mitigation controlls are applied. All three paths are pushed into their detour paths for mitigation approval.
Worst case scenaro:
Conflicting path 1: Mitgation Approver 1 approves
Conflicting path 2: Mitgation Approver 1 + Mitgation Approver 2 Approves
Non-conflicting path: Mitgation Approver 1 + Mitgation Approver 2 Approves
kind regards,
vit v
Hi VIt,
I got chance to go through your scenario, what I am thinking is that issue is not detour paths taken by the request.
But the conflicts or SOD violation of one path is also visible in another path. Hence the detour path is taken.
like if you have role 1 in path1 that has violations say Risk " RSK1" and role 1 is there in path1. In Path2 you have role 2 that does not have violations.But Risk "RSK1" will be also visible in path2 hence detour 2 is taken.
Check it is existing in your landscape. If it is limitation. Raise a message with GRC support.
Kind Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.