cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to restrict risk owner to mitigate their own risks

Go to solution
Former Member

on ‎07-07-2016 2:06 PM

0 Kudos

Hello All,

Could you please help me on this setting, We are on GRC 10.1 SP level 13.

Risk owner should be able to mitigate their own risks but not others.

For Example - In the access requests we have got 4 risks P001,P002, S001, S002.

For P001, P002 risk owner is ZPOWNER and for S001, S002 risk owner is ZSOWNER.

At the Risk owner stage, request is waiting for approval ZPOWNER and ZSOWNER. Approval type is set to "All Approvers"

But here ZPOWNER is mitigating all the risks (Were ZPOWNER is not the risk owner for risks S001 and S002) and request is getting closed.

System should only allow risk owner ZPOWNER to mitigate risks P001,P002 and risk owner ZSOWNER should mitigate only S001, S002 risks.

Could you please advise, how do we restrict such cases. Risk owners should be able to mitigate their own risks but not others.

Thanks in advance.

Regards,

Abhi

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

alessandr0
Active Contributor
‎07-11-2016 9:35 AM
0 Kudos

Dear Abhi,

how did you restrict the authorizations? GRAC_RISK and GRAC_MITC?

Regards,

Alessandro

Show replies
Show replies
Former Member
‎07-11-2016 10:02 AM
0 Kudos

Hi Alessandro,


Thanks for your time and reply on this.


I have checked the objects GRAC_RISK and GRAC_MITC except activity field all other fields are maintained are "*". Screenshot below.


Based on your reply, i guess we need to restrict field GRAC_MITC in object GRAC_MITC.


Please provide your suggestion on this to over my issue.


Thanks in advance.


Regards,

Abhi



Answers (2)

Answers (2)

plaban_sahoo6
Contributor
‎07-11-2016 7:57 AM
0 Kudos

Hi,

I think Risk Owners are approving at SOD violation stage. if so, could you implement Note: 1670504. Then you can route Risks to their respective owners, and not to Owners of other Risk ids. So, could you provide the Agent id used by you, for Approval of Risk.

Regards

Plaban

Show replies
Show replies
Former Member
‎07-11-2016 9:58 AM
0 Kudos

Hi Plaban,

Thanks for the reply, We already implement Note: 1670504 but still risk owners are able to mitigate other owner's risk.

Thank you.

Regards,

Abhi

alessandr0
Active Contributor
‎07-11-2016 10:00 AM
0 Kudos

Abhi,

that's per design. Please see my comment regarding the authorization you need to check to restrict from mitigating other risks.

Regards,

Alessandro

Former Member
‎07-08-2016 2:43 PM
0 Kudos

Hi All,

Can any one able to advice me on this please.


Thanks in advance.


Regards,

Abhi

Show replies
Show replies
Ask a Question