cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Why Access Enforcer 5.2 considers u201CCritical Transactionu201D as a SOD Risk ?

Go to solution
Former Member

on ‎11-24-2010 1:59 PM

0 Kudos

Hello,

When I submit a request with Critical Transaction and no SOD conflict, Access Enforcer forwards my request to the SOD Manager.

I have a Detour Path triggered by the condition u201CSOD Violationsu201D.

The settings are in:

- Access Enforcer 5.2: Configurations -> Risk Analysis -> Default Analysis Type: Object Level

- Compliance Calibrator 5.2:

Configuration -> Risk Analysis -> Default Values -> Default report type for risk analysis: Permission Level

I am wondering why Access Enforcer 5.2 considers u201CCritical Transactionu201D as a SOD Risk

Thank you.

Abderrahim

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎11-24-2010 3:46 PM
0 Kudos

Hi,

As per my knowledge even though you set the risk analysis to be done at a single level, AE will do at all the levels, i.e., at SoD, critical action, and critical permission. If you want to have only SOD risks, you need to either deactivate all critical action rules in RAR, or create a new ruleset and assign all the SOD risks to it and use it with AE.

This will help you to address the issue.

Best Regards,

Raghu

Show replies
Show replies
Former Member
‎11-24-2010 7:43 PM
0 Kudos

As Raghu mentioned, this is how CUP behaves. For our critical action, we created new ruleset and removed critical action from our SoD ruleset. This way, CUP only showed SoD violations.

Regards,

Alpesh

former_member771067
Active Participant
‎11-25-2010 10:16 AM
0 Kudos

Hi,

I think now you get what Alpesh and others are trying to tell you. As CUP doesn't have its own risk analysis capability and goes back to RAR(CC) for any risk analysis. So, in your compliance clibrator (v 5.2), critical transcations has been marked as risk. Remove that from Complince Calibrator and you won't be able to see any risk arise due to Critcal Transactions. Hope it clarifies.

Thanks,

Guru

Answers (1)

Answers (1)

Former Member
‎11-24-2010 3:21 PM
0 Kudos

In RAR do you have the option Ignore Critical Roles & Profiles. This can be found under Configuration --> Risk Analysis --> Additional options. Have you tried setting this to Yes?

Thanks!

Chinmaya

Show replies
Show replies
Former Member
‎11-24-2010 3:27 PM
0 Kudos

Hi Chinmaya,

Indeed, in Compliance Calibrator 5.2, I have the setting:

Ignore Critical Roles & Profiles -> Yes

Thanks,

Abderrahim

Ask a Question