cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risk Terminator

Go to solution
Former Member

on ‎02-02-2011 1:59 PM

0 Kudos

Dear Experts,

I configured risk terminator according to given procedure in configuration guide:

1. Maintain an RFC destination (SM59) in ECC6.0. Test successful.

2. Configure risk terminator in /N/VIRSA/ZRTCNFG.

3. Create the connector in GRC 5.3 RAR. Test successful and SAP adapter is green.

When assigning roles with SU01, everything works fine and I get the conflicts according the rules uploaded in GRC 5.3 RAR.

However if I set the parameter "Stops generation if service detects that a violation exists" to "YES", even if the risk has a mitigation control in RAR, I'm not able to save the user.

My question is if there is a way that using GRC 5.3 and Risk Terminator, with the parameter "Stops generation if service detects that a violation exists" set to "YES", save the user if a Mitigation Control exists and has been assigned to the user / violation found.

Thank you.

Pedro

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

koehntopp
Product and Topic Expert
Product and Topic Expert
‎02-02-2011 3:19 PM
0 Kudos

Not sure right now....

Have you set RAR to ignore risks with mitigating controls assigned?

Frank.

Show replies
Show replies
Former Member
‎02-02-2011 3:45 PM
0 Kudos

I Frank,

No, in RAR I have: Exclude Mitigated Risks - NO

"This option specifies whether risks with mitigating controls are excluded when running a risk analysis; default value is Yes."

The customer don't want to use CUP to manage the user permissions. The request is to block with Risk Terminator when we have an SoD Violation without mitigation control assigned. If there is no violations, or if a violation has a mitigation control, the RT should let the user to be saved and then the mitigation controls will be assigned in RAR.

Thank you.

Pedro

koehntopp
Product and Topic Expert
Product and Topic Expert
‎02-02-2011 4:07 PM
0 Kudos

Please try setting "Exclude Mitigated Risks = YES"

This is supposed to uppress mitigated risks - hope it works for Risk Terminator, too. If it does it should work exactly as you wish.

Frank.

Former Member
‎02-02-2011 4:51 PM
0 Kudos

Thank you Frank, it solved the problem.

However, in order to work, we have to first assign the mitigation control in RAR and then this risks will not be triggered in risk terminator.

Best regards,

Pedro

koehntopp
Product and Topic Expert
Product and Topic Expert
‎02-02-2011 8:24 PM
0 Kudos

In RT you can also assign mitigations.

I would still recommend using CUP. You don't necessarily have to do complex workflows - you can use it exactly the same way you use RT (if you wish), but you'll have MUCH better documentation.

Frank.

Answers (0)

Ask a Question