on 07-09-2010 4:38 PM
Gurus,
I have a scenario where we have a rule set (not global) built on a logical system with 8 systems in it. We are trying to run the analysis with "ALL" systems instead of individual systems as we are hoping that the analysis will be performed only on the systems that are part of the logical systems. My understanding on how the risk analysis run may be wrong but I need a second opinion on my assumption. Please do let me know if any one needs more explanation.
Hi Varma,
The Risk Analysis System "ALL" is really all connectors and is not tied to the Logical System (LS). The LS defines which systems are applicable for the rules. If your LS has fewer systems than all the connectors, just keep in mind that this impacts the results.
Example:
Existing connectors = A, B, C, D, E, F (ALL = A-F)
LS-1 = A, B, D, F
Run the report for "ALL" systems/connectors and lets assume that every system has SOD issues. Your results would look like this:
A = SOD violations
B = SOD violations
C = "no violations found"
D = SOD violations
E = "no violations found"
F = SOD violations
You would either need to add C & E to LS-1 or create a LS-2 with connectors C & E and create/upload rules for LS-2. Then ALL would find SOD violations for connectors A - F.
Hopefully I didn't over explain the question. Short answer is system "ALL" = all connectors and there is no choice to run the SOD report based on a specific LS.
-Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thanks Dylan for the answer. Is it true that the analysis will be performed on the system where the rule set is not defined(applicable) and go though all the users and perform the analysis? My only concern is that it takes for ever to come back if I have more systems/connectors (we have ~35 connectors in my dev environment) configured in the RAR.
Hello Varma,
The first thing the SOD analysis does is goes and grabs the user and user information for selected connectors (ALL = all). Then the analysis runs through all the users by system to evaluate them against the rules.
If some systems do not have any rules configured/generated, then the check should be very quick and move on to the systems that have rules configured.
Other that that, I don't see any other solution than to a) run the SOD by individual system or b) delete connectors in RAR that you don't need.
-Dylan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.