cancel
Showing results for 
Search instead for 
Did you mean: 

Risk Analysis - Violation and Mitigation Lights

Former Member
0 Kudos

Hi Experts,

I need to to understand about the Risk Violations Lights in Access Request. I know that lights are always w.r.t.to the roles in the request. Below is my current understanding.

When there are No risk violations I see lights as GREEN (For Risk Violations) - GREEN(For Mitigation Control)

When there are risk violations and not mitigated I see lights as RED (For Risk Violations) - RED (For Mitigation Control)

When there are risk violations and mitigated I see lights as RED (For Risk Violations) - GREEN(For Mitigation Control)


Now there is a business role in my access request. This business role has 10 roles inside it. Now in these 10 roles 5 roles have violations out of which violations from 3 roles are mitigated. Still
2 roles have risk violations which are not mitigated.

Now ARQ has only one Business role Line Item which has risk violations, but half of them are already mitigated and half of them are not mitigated.
So, in this scenario how to interpret Risk Violations and Mitigation Controls based on Lights in Access Request ?

What I observed is lights are showing as RED (For Risk Violations) - GREEN(For Mitigation Control). Is this how SAP shows the lights if half are mitigated and half are not mitigated?

As per my understanding only if all violations in the request are mitigated then only lights should show as RED (For Risk Violations) - GREEN (For Mitigation Control).
Please correct me if my understanding is not correct.

~ Madan

Accepted Solutions (1)

Accepted Solutions (1)

madhusap
Active Contributor
0 Kudos

Hi Madan,

SAP note suggested by Alessandro should resolve your issue with Business Role lights as we had same issue which got fixed by this note.

Irrespective of Single or Composite or Business roles, even if one risk is not mitigated in the request risk analysis then it should show Red and Red.

If you have multiple risk analysis levels and your Permission Level risks are mitigated and Critical Actions not mitigated even then system should show it as Red and Red.

Please try and let us know whether the note helps.

Regards,

Madhu.

Answers (1)

Answers (1)

alessandr0
Active Contributor
0 Kudos

Dear Madan,

please implement the following note: http://service.sap.com/sap/support/notes/2055853

Let us know if this answers your question.

Best regards,

Alessandro