on 04-29-2011 6:24 PM
I have 2 instances of GRC RAR (sp13) pointed to the same backend systems, and functions/risks identical (imported from same source). The issue is that on one of the instances, critical risks (for a user) are found and on the other they are not, and the user does have the risk. Any ideas?
And to answer before someone suggests it, I also deleted both the function(s) and the risk, regened the rules and then created (by hand) the function(s) and risks and updated the rules....no difference.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I have done as you suggested twice.....when you compare the rules on screen, they appear identical. And yes, I am using logical systems on both instances, when I bring over the functions, risks, rules, etc. I am also bringing over the connectors and logical systems.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
at this point the only thing I checked was critical actions and critical permissions and they both show false negatives. I suspect that SOD checks will also have issues. It doesn't happen every time on every risk, but is repeatable. In other words, a particular risk will show false negatives and will always show false negatives, while one that doesn't won't ever show a false negative.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
As I stated, ALL report parameters are identical and are set to ignore nothing, all user types, no critical roles/profiles defined, etc.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I forgot, the report parameters are identical as well.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
of course the risks are maintained...I think you probably meant enabled, and yes they are. Like I said, when you look at the risk or rule or function, they are identical....but one instance works and one does not.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Check if the critical actions are maintinaed in the otehr system, also check the report type parameters.
Regards,
Chinmaya
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.