cancel
Showing results for 
Search instead for 
Did you mean: 

Risk Analysis On Request Submission property config

former_member325725
Participant
0 Kudos

Hi,

We have configured the New and Change access request to go through a Role Owner Approval in CUP. As to enable the role owners aware of the reported risks with an access request when it lands in their Inbox, we have enabled the Risk Analysis config: 'Risk Analysis On Request Submission' to Yes. This setting makes the system to perform Risk Analysis using the RA webservice on ALL requests.

But we are not enforcing the Risk analysis and mitigation in all systems that are provisioned through GRC CUP. The property seems global and hence we are looking for a work around to bypass the RA on requests for some systems or rather a system specific setting.

Is there any tweak available with GRC 5.3 SP08 to achieve this?

As of now, we don't maintain the RAR rules for the systems where risk analysis is non-mandatory, but notice that the system is unnecessarily performing RA amounting to inefficient utilization of resources.

Any help would be greatly appreciated.

Thanks, Anil

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
0 Kudos

Wouldn't creating seprate initiators based on the application type help you in this case. Just have different intiators for different system.

Thanks!

Chinmaya

former_member325725
Participant
0 Kudos

Thx Chimaya for checking on this. The problem here is before the request gets to the initiator evaluations. The RA gets done before the request identifies the Initiator.

Rgds, Anil

Former Member
0 Kudos

The only way to proceed with risk analysis on submission is to have all systems created in RAR. This is a simple dummy connector that can be created via the File - Local connector type. Insert dummy values, but make sure the technical name matches the name in CUP.

This will allow you to receive accurate SOD results and no errors when using the "Risk Analysis on Submission" feature.

former_member325725
Participant
0 Kudos

Hi Tyler,

This already there in place, and as you mentioned, it's just a dummy system in RAR. Else the system won't create a request itself. But what I'm trying to achieve is to avoid the unnecessary RA when I know i don't maintain any rules for some systems and hence the RA comes back with no violations for those systems.

Thx, Anil

Former Member
0 Kudos

I totally agree with Tyler and that is the only way to achive this. Having different initiators based on systems would not work as CUP can not route requests to parallel path based on system selection.

Create a connector in RAR and CUP both for all the systems and do not generate rules in RAR for the systems for which you don't want to run risk analysis.

Regards,

Alpesh

Former Member
0 Kudos

Anil,

There will be a few seconds extra for each system not included in risk analysis, but it should realize very quickly that there are no rules for that system (and that it can't even connect to pull authorizations if it is a dummy system).

Sorry there isn't a better answer, but it's the way it is built.

Tyler