GRC 10.1: Issue with Rule Based on Risk Violation in Request, Using BRF+ Procedure Calls
As per our project requirement, post Role owner Risk analysis the High risk should route to SOD Violation path whereas Low & Medium Risk should move to No SOD Violation path.
I have created my BRF+ as per the document of Amanjit (link below), I am able to move the High risk to SOD Violation path but Low & Medium Risk are not being moved to No SOD Violation path.
The routing rule is moving the whole request to routing path rather than separating the line items.
My requirement is to move Role with Low & Medium to another path not to the Risk owner of high risk.
BRF+ Decision Table - Screenshot
MSMP Config - Screenshot
Access Request Audit Log - Only one route of SOD Violation is taken, roles without SOD violations are also moved to the same path
Any input is highly appreciated.