on 10-14-2014 4:32 AM
Hi All,
Can you please suggest, which Management report needs to be completed, for generating SOD review requests. I have already run the program: GRAC_BATCH_RISK_ANALYSIS and the table GRACMGRISKD shows all the risks. After this, i have run Background scheduler (data genration for SOD request), but still, no SOD review request, as shown below
Regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Plaban,
Here is a link to a how-to guide and steps below to help solve common SOD review issues:
SOD Violation Review reports unmitigated SOD violations in the target system and uses workflow to route requests for review as to whether to remove the violation by modifying access or to mitigate the risk when violations are necessary. In the case of remediation, the reviewer specifies the access to be removed.
The high-level process for SOD Review is as follows:
• Batch risk analysis is executed (required OFFLINE set to YES).
• SOD Review requests are generated.
• E-mail notifications are sent to reviewers.
• Requests are reviewed and actions are noted by the reviewer to propose the removal of a function, assign a mitigating control for the risk, or confirm the existing mitigating control assignment.
• Mitigating control assignments or extensions are automatically executed.
• Functions marked for removal are analyzed and addressed by Security.
Need to run jobs "Generate data for access request SoD Review"
Then after review is completed, "Update workflow for SoD request".
For SOD review to work, please run daily batch risk analysis, action usage sync, role usage sync jobs, and repository object sync.
1. Offline analysis needs to be set to YES.
2. Parameters 2016 - 2023 should be set in SPRO IMG.
3. Maintain Service Level agreement for SOD review.
4. A default request type is needed for SOD review.
5. Agent type in workflow should be directly mapped users to pull from risks.
6. Risks should be assigned owners. Those owners need to exist in the GRC system.
Regards,
Madhu.
Hi Plaban,
Are you getting confused with reports types with Management reports..?
Management reports will help you to see the reports details in summarized formats, like in pie-chart formats.
Once you would run all the mentioned jobs, you would be able to see the data for SoD reviews.
Hope this is clear now. Let us know for any further assistance.
Regards,
Ameet
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.