cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Access Request form not getting approved in spite of the assigning controls to risk items in GRC 10.1

former_member218247
Participant

on ‎03-09-2015 6:21 AM

0 Kudos

Hi Team

I have created a workflow in GRC 10.1(ARM) for access request containing SOD

risks should route to SOD onwner stage for approval and the Risk items needs to be mitigated and controls need to be assigned for the Permission

level risks before approval at SOD Owner stage  .The SOD owner is assigning controls to all risks at permission level risks then also access request form is not getting approved and it giving error to mitigate all permission level risks.

I  have deleted the Request Mitigation policy as per SAP Note 1667440 as this will full fill the purpose of un-checking the Task

Setting 'Approve Despite Risks', so that risks that are not mitigated,do not get approved but in spite of this Access request form is not

getting approved after assignment of controls to risk ids. Appreciate your advice here.

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

madhusap
Active Contributor
‎03-09-2015 12:05 PM
0 Kudos

Hi Nitesh,

I assume you have MSMP Workflow Stage Task Settings has Configuration Paramater, 'Approve Despite Risks' as unchecked

Please check if parameter 1072 = YES (Mitigation of critical risk required before approving the request) has been set to YES

Can you share your request risk analysis screen and confirm if all risk violations have been mitigated and your roles with risks in requests

shows RED for Risk Violations and Green for Mitigation Controls

Regards,

Madhu.

Show replies
Show replies
former_member218247
Participant
‎03-09-2015 1:51 PM
0 Kudos

Hi Madhu

In MSMP stage 'Approve Despite Risks' is already unchecked,Regarding Parameter 1072 is ste to NO as we dont need to mitigate critical action risks. We are only concernded with risk at permiision level.

The issue we are geetign is that the Access Request form is not getting approved and asking me to mitigate risks at permission level which i already mitigated but not sure why it is not showing

I have attached the screen shots below.Please have a look.

1) Access request from with Permission level risks

2)

Assignment of Control to Risk id

3) 

Approval of Request in SOD Owner Stage-I have deleted the
Request Mitigation policy as per SAP Note 1667440 as this will full fill the purpose
of un-checking the Task Setting 'Approve Despite Risks', so that risks that are
not mitigated, do not get approved but in spite of this Access request is not
getting approved   after assignment of controls to risk ids.Not sure why the role is still showing in RED as i have already assigned the controls to user id  in my previous step

Thanks

NItesh

madhusap
Active Contributor
‎03-09-2015 2:20 PM
0 Kudos

Hi Nitesh,

1. Do you have mitigation assignment enabled via parameter 1062? If you have assigned mitigation control Re-Run risk analysis after assigning Mitigation Control

2. Can you show risk Ids maintained in your Mitigation Control ?

Regards,

Madhu.

former_member218247
Participant
‎03-09-2015 4:00 PM
0 Kudos

Hi Madhu

I havent enabled the parameter 1062 as i dont want workflow for mitigation assignment.

My issue is solved now..Some things which i missed and did after your reply

After assigment of controls to risk ids ,i re ran the risk analysis,which solved the issue here.

Aslo fyi..The mitigation control was showing in RED after assigning controls to permission level risks as the access request was having risk at critical action which we dont want to mitigate and we have parameter 1072=NO for it

Thanks

Nitesh

madhusap
Active Contributor
‎03-09-2015 4:05 PM
0 Kudos

Hi Nitesh,

Good to hear that your issue is solved. Please mark the thread as answered and close it.

Regards,

Madhu.

Former Member
‎03-09-2015 9:07 AM
0 Kudos

Hi ,

Does your risk analysis result contain org rule id ?

If yes, then this is a known issue and the fix is not yet released by SAP .

Best Regards,

Aman

Show replies
Show replies
former_member218247
Participant
‎03-09-2015 9:33 AM
0 Kudos

Hi,

The risk analysis report does not consider Org rule.

Thanks

Nitesh

Ask a Question