on 04-20-2012 11:54 AM
Hi
I have run Risk analysis for two roles in GRC RAR, it shows Critical risks fro these two roles..
But If I run Riskanalysis for same roles in GRC CUP (Via GRC CUP Request), I didnt get any Risks..It shows 0 Risks found..
Please help out ..
Reg,
Naga
Hi,
A few checkpoints:
1) Are you using GRC 5.X or 10? if 5.X, ignore my additional comments below.
2) Are you using multiple rule sets?
3) By default, what type of risk analysis is performed in CUP? If it is an SOD risk analysis (Action or Permission Level) then Critical Risks will not be detected by default. I know that there is a restriction in having more than one risk analysis type running as default in a CUP request (due to Config Param 1023 - Default report type for Risk analysis). The user has to manually select the other risk analysis report types and then re-run the risk analysis within the request again to get the full violation picture.
Hope that helps
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Nagaraju,
Please refer the below mentioned notes:-
1472227 / 1145700 / 1540822.
I hope these SAP notes will help you to resolve your issue.
Regards,
Yukti
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
CUP has two tabs for risk results - SoD risks and critical action risks are different. Also, you need to configure CUP to also check for action level risk if that's what you want.
So, it's either the case that you didn't see the result, or you did not configure CUP to look at the type of risk you have defined, please chekc those two.
Frank.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
The purpose of these tabs are
If mitigation of critical access risks is not required before approving, then critical
access risks are displayed on the Critical Access Risks tab page for information only
Risks displayed on the Risks for Mitigation tab page require mitigation before approving
The approver needs to mitigate risks displayed on the Risks for Mitigation tab page,
depending on the configuration (Approve despite conflicts at global and workflow stage level
setting)
Is it correct..if not please tell me what is teh difference between these tabs and where we need to change Risk analysis type in GRc CUP Configuration..
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.