on 02-02-2011 1:59 PM
Dear Experts,
I configured risk terminator according to given procedure in configuration guide:
1. Maintain an RFC destination (SM59) in ECC6.0. Test successful.
2. Configure risk terminator in /N/VIRSA/ZRTCNFG.
3. Create the connector in GRC 5.3 RAR. Test successful and SAP adapter is green.
When assigning roles with SU01, everything works fine and I get the conflicts according the rules uploaded in GRC 5.3 RAR.
However if I set the parameter "Stops generation if service detects that a violation exists" to "YES", even if the risk has a mitigation control in RAR, I'm not able to save the user.
My question is if there is a way that using GRC 5.3 and Risk Terminator, with the parameter "Stops generation if service detects that a violation exists" set to "YES", save the user if a Mitigation Control exists and has been assigned to the user / violation found.
Thank you.
Pedro
Not sure right now....
Have you set RAR to ignore risks with mitigating controls assigned?
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I Frank,
No, in RAR I have: Exclude Mitigated Risks - NO
"This option specifies whether risks with mitigating controls are excluded when running a risk analysis; default value is Yes."
The customer don't want to use CUP to manage the user permissions. The request is to block with Risk Terminator when we have an SoD Violation without mitigation control assigned. If there is no violations, or if a violation has a mitigation control, the RT should let the user to be saved and then the mitigation controls will be assigned in RAR.
Thank you.
Pedro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.