on 10-27-2015 3:39 PM
Hello GRC Gurus,
We are on GRC V10.1 & SP9,I think the following question will be applicable to all GRC version irrespective of the SP Level.
We Created a Mitigation Control for the Risk S020 and Rule 0019 & 0018 as per the SAP Standard Note
1600667 : Transaction that conflict with themselves
and we have not assigned the mitigating control at user level or role level.
The question I have here is when there is a mitigating control for risk S020 and Rule 0018 & 0019,why they are not populating at user level or role level risk analysis.The Risk and Rule are common irrespective if we run risk analysis at User level or Role Level. I think it should populate the mitigation control if there is one? If not I can assign one.
I agree if we mitigate at user level or role level, I am able to see the Mitigation Control at user level or role level risk analysis.
I hope I am not confusing anyone, can you please let me know if any one thought of this or its a SAP standard behavior.
Thanks
Ramesh
Ramesh:
Make sure you are looking at the DETAIL view when you select these lines as they are only valid for those combinations of actions. I usually recommend that you only mitigate at the risk level as it usually the same report / mitigation that is needed for any action combination in the risk.
Your selection to mitigate on the request risk analysis needs to match what you have listed to mitigate.
Thanks.
Kevin Tucholke
SAP America
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.