cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAP GRC AC 5.3 Patch 10.2

Go to solution
Former Member

on ‎07-11-2012 6:37 AM

0 Kudos

Hi Gurus,

For configuring workflow for Risk / mitigation controls do we need to have a CUP in place or just we need CUP to configure workflow ?

Thanks

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎07-11-2012 6:40 AM
0 Kudos

Hi Arun,

Workflow is used to specify the conditions under which workflows are triggered.RAR supports CUP workflows only. Workflow stages and paths should be completed by the administrator.

You must enable Compliant User Provisioning for workflow to function.


For Mitigation Control maintenance:-
If you set this option to Yes, editing a mitigation control triggers workflow. The default value is No.

During mitigation control creation or maintenance, icon nomenclature implies whether workflow has been enabled.
> If the Submit option appears, it indicates that Workflow for Mitigation Control Maintenance is enabled. Thesystem notifies the risk owner through a workflow task and, on approval, saves the risk changes and generatesthe rules. Until the control is approved, it is not available for assignment.

>If the Save option appears, it indicates that Workflow for Mitigation Control Maintenance is disabled. The changeis immediate, and the control is available for assignment.

Regards,
Yukti

Show replies
Show replies

Answers (1)

Answers (1)

Former Member
‎07-11-2012 6:40 AM
0 Kudos

Hi Arunachalam,

Risks and Mitigation controls are defined in Risk analysis and Remediation(RAR) application.

However, if you want to configure workflow for the same (Creation and Maintenance), then you need to have CUP up and running.

I hope that answers your query.

Best Regards,

Smriti

Show replies
Show replies
Former Member
‎07-11-2012 6:52 AM
0 Kudos

Hi Smriti,

OK, Then its like i do not want to work physicaly with CUP, just for maitaining this we need to have CUP? is that correct ? or we need to use CUP in our environment for user administration ?

Former Member
‎07-11-2012 6:58 AM
0 Kudos

Hi Arunachalam,

CUP is generally used for provisioning(user and role).

CUP uses RAR to perform risk analysis while provisioning the roles to users to see whether these roles produce any risks or not. Also, you can mitigate the risks from CUP(by creating or assigning mitigating controls).

In RAR, when risks or Mitigating controls are being created and you want to configure workflow for the same, then CUP is used for the same.

I hope this clarifies your doubts.

Best regards,

Smriti

Former Member
‎07-11-2012 7:04 AM
0 Kudos

Yap i understand the same, but in our environment, we are not using CUP at all, my only thing, to configure this workflow we will just login into CUP and configure workflow and leave as it is... is that correct ?

Former Member
‎07-11-2012 7:12 AM
0 Kudos

Hi Arunachalam,

Yes that is correct.

Best regards,

Smriti

Former Member
‎07-11-2012 7:19 AM
0 Kudos

perfect thanks

Ask a Question