on 03-09-2015 6:21 AM
Hi Team
I have created a workflow in GRC 10.1(ARM) for access request containing SOD
risks should route to SOD onwner stage for approval and the Risk items needs to be mitigated and controls need to be assigned for the Permission
level risks before approval at SOD Owner stage .The SOD owner is assigning controls to all risks at permission level risks then also access request form is not getting approved and it giving error to mitigate all permission level risks.
I have deleted the Request Mitigation policy as per SAP Note 1667440 as this will full fill the purpose of un-checking the Task
Setting 'Approve Despite Risks', so that risks that are not mitigated,do not get approved but in spite of this Access request form is not
getting approved after assignment of controls to risk ids. Appreciate your advice here.
Hi Nitesh,
I assume you have MSMP Workflow Stage Task Settings has Configuration Paramater, 'Approve Despite Risks' as unchecked
Please check if parameter 1072 = YES (Mitigation of critical risk required before approving the request) has been set to YES
Can you share your request risk analysis screen and confirm if all risk violations have been mitigated and your roles with risks in requests
shows RED for Risk Violations and Green for Mitigation Controls
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Madhu
In MSMP stage 'Approve Despite Risks' is already unchecked,Regarding Parameter 1072 is ste to NO as we dont need to mitigate critical action risks. We are only concernded with risk at permiision level.
The issue we are geetign is that the Access Request form is not getting approved and asking me to mitigate risks at permission level which i already mitigated but not sure why it is not showing
I have attached the screen shots below.Please have a look.
1) Access request from with Permission level risks
2)
Assignment of Control to Risk id
3)
Approval of Request in SOD Owner Stage-I have deleted the
Request Mitigation policy as per SAP Note 1667440 as this will full fill the purpose
of un-checking the Task Setting 'Approve Despite Risks', so that risks that are
not mitigated, do not get approved but in spite of this Access request is not
getting approved after assignment of controls to risk ids.Not sure why the role is still showing in RED as i have already assigned the controls to user id in my previous step
Thanks
NItesh
Hi Madhu
I havent enabled the parameter 1062 as i dont want workflow for mitigation assignment.
My issue is solved now..Some things which i missed and did after your reply
After assigment of controls to risk ids ,i re ran the risk analysis,which solved the issue here.
Aslo fyi..The mitigation control was showing in RED after assigning controls to permission level risks as the access request was having risk at critical action which we dont want to mitigate and we have parameter 1072=NO for it
Thanks
Nitesh
Hi ,
Does your risk analysis result contain org rule id ?
If yes, then this is a known issue and the fix is not yet released by SAP .
Best Regards,
Aman
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.