on 09-20-2011 9:56 AM
Hi,
We assign roles to users in production only through CUP requests.. We use GRC 5.3
Here we have a case where we need to assign one role to 60 users in production(each user may have different roles assigned in the back end) . I can raise one CUP request for all users using " multi-user" option in Copy request . But when we want to make a risk analysis , it will not show risks at user level as each user had different roles and may get different risks by adding new role.
Instead it will give risks if any for only that new role which want to assign. Our manager is not accepting as this is not giving complete picture of risks for each user when we add new role.
Please suggest me if there is any other way where I can make a risk analysis for each user when I created a CUP request for multiple users.
Or the only solution is to create 60 CUP requests ?? this would be too manual
Regards ,
jaags
Hi,
The only possibility is to run the risk anlysis for these 60 users offline and attach the risk analysis report to the CUP request.
However, as per auditing standards, it is recommend to have a individual request even though you are assigning the same role to 60 different users. This way you are documenting the risks correctly.
Regards,
Raghu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Raghu,
thanks for the reply, you are right as per the audit .But suppose if it is for 200 users ,creating 200 CUP requests will be impractical right.
there should be some solution for this , because there will be many situations practically where we have to assign roles to N number of users.
Is this possible in GRC 10 ? any idea ?
Regards,
Jaags
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.