cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

What is the use of Rule ID for access risk in mitigation control ?

Go to solution
Former Member

on ‎08-02-2016 1:15 PM

0 Kudos

Hi Experts,

Could you please advice the importance and usages of Rule ID (Against risk ID ) in access risk tab while creating Mitigation control ?

What will be impact if we leave this blank.

Is there any table or report for rule ID ?

Screenshot attached.

GRC version : GRC 10.1 . SP12

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎08-02-2016 7:12 PM
0 Kudos

Hi Rajesh,

If you need to apply mitigation for specific Rule ID wrt access risks then you need to maintain the Rule ID's.

Set the Rule ID as * so that the application will include all rules when mitigating access risks.

This is controlled through parameter 1012(Consider Rule ID also for mitigation assignment) and the default value is NO.


Table GRACACTRULE will give you the generated rules based on the Risk ID.




Regards,

Manju

Show replies
Show replies
Former Member
‎08-16-2016 3:55 PM
0 Kudos

My understanding is :

1. Rule ID is a combination of tcode automatically created in system.

2. To uniquely identify combination of conflicting tcode we use Risk ID & Rule ID.

3. The rule ID can be associated with multiple Risk ID.

Former Member
‎08-16-2016 4:35 PM
0 Kudos

Hi Rajesh,

Please find the response below

1. Rule ID can be a combination of Actions(Tcodes) and Permissions(Objects) for a Risk

2. Uniquely identify conflicting Tcodes and Objects

3. YES

Regards,

Manju

Former Member
‎08-16-2016 4:42 PM
0 Kudos

Thanks Manju !!!

Answers (0)

Ask a Question