on 03-11-2015 9:53 AM
Hello Experts,
One of the end user is not able to see Mitigate Risk buttong on Risk Violations Tab. User is following steps in Access Request.
1. Going to work Inbox
2. Opening Access Request, change role/account,
3. Running Risk Analysis
3. Selecting all risks
Here normally next step should be to click on Mitigate Risk button, which is not visible to this user.
I did check application logs but did not find anything.
Could you please share your views and resolution?
Thank you in advance.
Regards
Kedar G.
Hi Kedar,
Firstly, why would an end user need access to mitigate the risks. This should be the Job of a Monitor.
And if you were referring to Monitor only, then this could be due to missing Authorizations. I remember facing similar issue and it was the problem of authorizations. Make sure the one who is trying to assign Mitigation ID has enough access.
Usually the Monitors are assigned with SAP_GRAC_CONTROL_MONITOR role which gives the access to assign Mitigation ID.
Hope this helps, Let us know for any queries.
Regards,
Fazil
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Fazil,
As per my knowledge GRAC_MITC object is more to control the authorization to Create/Assign/Delete Mitigation controls but this is not related to Mitigate Risk button visibility in access request screen.
Are you sure this controls Mitigate Risk button visibility as well? I don't have system to check So wanted to confirm..
Regards,
Madhu.
Hi Madhu,
Yes the Object can even be used to create the Mitigation Control, but under Activity, we do have option to maintain for assigning the Mitigation Control only(ACTVT = 78). So I was just wondering if this access is given, then the user might be able to mitigate risks by assigning the mitigation Control
Correct me if I am wrong
@Kedar : Try this and let us know if this works.
Regards,
Fazil
Hello,
I have checked user, who is not an end user but administrator is assigned with role SAP_GRAC_CONTROL_MONITOR already, also auth object GRAC_MITC is having following values.
Activity 02, 03, 78
SOD Control ID *
HR Object ID *
Administrator is not able to see Mitigate Risk button at all.
Please find attached screen.
Kindly check and assist.
Thank you.
Regards
Kedar
Hi Kedar,
Do you face this problem in Dev box also? If yes, then you can do a simple and quick test just to find out if its access issue or not. Try giving the Admin ID SAP_ALL and SAP_NEW and try mitigating. If it works after this, then this is an access issue. We can think about the access correction. This could be a silly test but you never know
If it still doesn't work, then probably SAP needs to provide you some correction
Let us know the result if possible.
Regards,
Fazil
Hi Kedar,
This cannot be authorization issue as GRAC* objects are not part of SAP_ALL or SAP_NEW profile. They will be in role SAP_GRAC_ALL and more over for "Mitigate Risk" button visibility there is no authorization object.
Check during request submission in "Risk Violations" tab is there "Mitigate Risk" button?
Check from Approver's Work Inbox for any request if in "Risk Violations" tab is there "Mitigate Risk" button? Is it happening with particular request or all requests?
Regards,
Madhu.
Hello,
I had checked with GRC system administrator who is also not able to see Mitigate Risk tab on Risk Violation Tab.
But when she open the request by clicking on Administration tab she is able to see Mitigate Risk Tab in Risk Violation Tab.
I had authorization trace for above activity and had captured following authorization objects with values. Kindly check.
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_ALERTS;ACTVT=03;
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_ALL;ACTVT=03;
S_USER_AGR RC=0 ACT_GROUP=SAP_GRAC_BASE;ACTVT=03;
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_CONTROL_APPROVER;ACTVT=03
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_CONTROL_MONITOR;ACTVT=03
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_CONTROL_OWNER;ACTVT=03;
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_END_USER;ACTVT=03;
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_FUNCTION_APPROVER;ACTVT=03;
S_USER_AGR RC=0
ACT_GROUP=SAP_GRAC_RISK_ANALYSIS;ACTVT=03;
S_DEVELOP RC=0
DEVCLASS= ;OBJTYPE=WDCC;OBJNAME=GRAC_FPM_CC_LPD_ACCESS_MGMT 00;P_GROUP=
;ACTVT=03
GRAC_RA
RC=0 ACTVT=16;GRAC_OTYPE=1
GRAC_RA
RC=0 ACTVT=16;GRAC_OTYPE=2
GRAC_RA
RC=0 ACTVT=16;GRAC_OTYPE=3
GRAC_RA
RC=0 ACTVT=16;GRAC_OTYPE=4
GRAC_REQ RC=0
ACTVT=02
GRAC_REQ RC=0
ACTVT=70
GRAC_ROLED RC=0
GRAC_ACTRD=03
GRAC_ROLED RC=0
GRAC_ACTRD=V5
GRAC_ROLED RC=0
GRAC_ACTRD=V7
GRAC_ROLED RC=0
GRAC_ACTRD=V7
GRAC_RLMM RC=0
ACTVT=38;GRAC_RLMMT=02
GRAC_RLMM RC=0
ACTVT=38;GRAC_RLMMT=02
GRAC_RLMM RC=0
ACTVT=38;GRAC_RLMMT=03
GRAC_RLMM RC=0
ACTVT=38;GRAC_RLMMT=06
GRAC_BGJOB
GRAC_MITC RC=0
ACTVT=78
GRAC_REQ RC=0
ACTVT=01
GRAC_HROBJ RC=0 ACTVT=01
GRAC_REQ RC=0
ACTVT=03
GRAC_REP RC=0
ACTVT=16;GRAC_REPID=GRAC_ERM_ACTION_USG
GRAC_ROLED RC=0
GRAC_ACTRD=V1
GRAC_REP RC=0
ACTVT=16;GRAC_REPID=GRAC_ERM_USR_RL_LINK
Thank you.
Hi Kedar,
Is the "Mitigate Risk" button completely invisible or read only?
Please share screenshot
Regards,
Madhu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.