on 09-29-2010 4:22 AM
Hi,
I am trying to run a simulation in CUP (GRC) and RAR to ascertain if removal of existing roles or addtion of new roles for a single user would resolve the SOD risks that show up in CUP. However I am not able to see the Existing roles that have been assigned to the user to be able to do that.
Can someone please help with this?
Thanks
Hi Sonal,
When you perform risk analyis on CUP request. Risk Analysis results will be due to role in the request + role already assigned to the user.
So when u try to add new role to user it will work fine. Risk anlaysis results will consider the roles that user already had in CUP as well as in RAR. So does not need to take care of existing roles.
In CUP there is option to select the existing role for role removal. Select role tab-> existing roles. but it is basically used for role removal.
Kind Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Srinivasan,
Is the Existing role tab also available at the Compliance Stage? Once the role has been requested and approved by the role owners and SOD conflicts are identified, it goes to the Compliance stage for the Compliance Manager to review and apply mitigating controls or reject the job. At this stage, can the Compliance Manager view the Existing roles somewhere and maybe run a simulation by removing some existing roles and adding the new role to resolve the SOD conflict?
Thanks,
Hi Sonal,
At compliance stage the existing role button will be visible. Stage level setting at compliance stage should be change request content as "YES" & Add Role "YES". approver's need to click on select Role and than existing role button.
From here you can see the roles that are already assigned to the user.
But I think it is not possible run a simulation by removing some existing roles to resolve the SOD conflict.
If you add a new role in the request, The Risk analysis due to this role + existing role will be visible in CUP.
Kind Regards,
Srinivasan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.