cancel
Showing results for 
Search instead for 
Did you mean: 

Can Mitigation Controls have 2 Owners in SAP GRC 10

Former Member
0 Kudos

Hi Experts,

I need your advice on this.

We have a requirement when primary controller not mitigate risk then that request escalates to Backup Controller.so Can Mitigation Controls have 2 Owners in SAP GRC 10.

If not then any advice how i achieve this.

Accepted Solutions (0)

Answers (1)

Answers (1)

former_member274402
Participant
0 Kudos

Hi,

One owner and multipale monitors.

Regards, Mel

Former Member
0 Kudos

Hi Mel,

Thanks.

Can you please tell what is the main role of Monitor.Just Monitor the controls or other things.

former_member274402
Participant
0 Kudos

Hi,

The monitor is responsible for the assignment of the risk. If the risk can be mitigated this person will be responsible for the monitoring of this risk. If the risk is a sensitive access risk the monitor will be responsible for the following:

  1. Mitigation of the risk when the access gets requested via access control.
  2. Annual mitigation cycles to approve risk for another 365 days if parameter for mitigation cycles isn’t set. If parameter is set the risk will pop up for re-mitigation and he will need to re-mitigate the risk.

The risk owner is responsible for what risk gets added to the mitigating control.

Hope this helps!

Former Member
0 Kudos

Hi,

Thanks for the information.

Can you please help in this scenario.

When a request have SoD then is Detour & moves to Controller. For a particular location we have 2 Controllers A,B.

A is a controller which is owner of control id but B don't have that thing.

now when a request comes then we use User A to mitigate a risk coz A is a owner of that risk.But we got error "Rule with ID &GRAC_CNTRLASGN_INITIATOR& does not exists for rule type 1  "

BUT User B is able to submit mitigation control workflow request[User B is does not have any Control/Risk id owner] then only User A got mitigation control approval request.