on 06-28-2013 6:53 PM
Dear Experts,
Here I have a small confusion. We have created a role, its contains some conflicting actions so I need to give a control for that role. Here my question is how to control that role and how we know that mitigation control have done for the same role and the same user?
Could you please give me clear picture what we have to do.
Thanks in advance..
Balu
Hi,
I got the answer.
Thanks,
Balu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Mitigation role is not a good practise. best pratcise is to remediate the role.
if risk with in a role is mitigated , if assined to user it will show in analysis if you select include mitigated risk.as the risk already had been mitigated.
example.
user has risk :if mitigated ,that is applicable for that particular user.
if role has risk:if mitigated, will be applicable for all users who has that role.
advice look for remediation.
Regards,
Prasant
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Balu,
there are several ways how to mitigate a role. Best if you go to Access Management > Mitigated Roles (in Section Mitigated Access). There you can assign a mitigation control for your specific role and access risk. There is also another good way if you go through the access risk while performing a Role Level analysis (Access Management > Role Level (in Section Access Risk Analysis).
If you run a user risk analysis and select the check box "Include Mitigated Risks" you will see which user has the mitigation in place.
Best regards,
Alesandro
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.