on 11-19-2013 9:40 AM
Hi ,
I created a Business Role in SAP GRC 10.0 mapped with couple of single roles from different systems.
I have done the role level risk analysis for the buiness role and assigned the Mitigation control for the Risk IDs generated.
when this business role is assigned to the user through access request,mitigation control that is assigned to the Business Role, is assigned to the user or not?
Steps performed
End user select the business role and submit the request
Request triggers the Role owner
When the Role owner opens the request and done the risk analysis for the business role the Mitgated risk id are still showing.
But I have already assigned the mitigation control for the risk ids of the role.
I want to know if mitigation done at role(business) level is also reflected in user level.
#User is a new and has not been provisioned yet.
Thanks,
Mamoon
Mitigating role and Mitigating Risk of users are different.
Suppose Role1 has risk X and it has been mitigated, it does not mean that user assigned with Role1 and risk X(from other roles) would automatically have risk X mitigated.
Mitigating self conflicting roles means that given role wont show risk in itself for mitigated risk but it can show risk with combination of authorization from other roles.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Gurus,
Please reply if possible..I am stuck.
Thanks,
Mamoon
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.