cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Include locked users options while running the risk analysis before approving the access request

former_member631141
Participant

on ‎08-31-2016 10:47 AM

0 Kudos

Hi All

GRC10.1 SP05 and NW 7.4 SP05

How to include locked users options while running the risk analysis before approving the access request?

I need this because roles are getting provisioned for locked users but they are not considered for risk analysis in access request..

Please advise

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (3)

Answers (3)

former_member631141
Participant
‎08-31-2016 2:02 PM
0 Kudos

Hi All,

thanks for feedback.

1028 and 1029 are already have value "YES".

Sync jobs also executed properly.

Flag "X" found in column expired in table GRACUSERCONN

SOD is not capturing while running the risk analysis before approving the access request for locked users.

Roles are getting provisioned and later user submitting the unlock request.

Due to this user is able to have the Roles with SOD. Found in adhoc analysis which executed monthly.

Hence looking for some solution to prevent these kind of scenarios.

Show replies
Show replies
japneet_singh2
Active Participant
‎08-31-2016 12:46 PM
0 Kudos

Dear Venu,

Make sure the parameters 1028 (expired) and 1029 (locked) are set to YES OR NO (as desired) - this will ensure that the locked and expired users would be Included OR Excluded while performing risk analysis. Importantly, make sure you have run the latest user sync (via repository object sync in IMG) - with this, the User Locked/Expired flag will be SYNCed from the Plugin system into GRC. This lock/expired flag can be seen in the table GRACUSERCONN - for the plugin connector for which you are raising a request and performing risk analysis within the Access Request. Once above is ensured, the risk analysis can be performed as desired. Thanks & Regards Japneet

Show replies
Show replies
Former Member
‎08-31-2016 12:37 PM
0 Kudos

Hi Venu,

Set parameter 1029 to YES for performing risk analysis on Locked users.

However, you don't see a specific option in the RA screen for locked users. You can also include locked users from the plug-in system for RA.

When the system does the provisioning it does not check whether the user is locked or not. It just goes ahead and provisions the approved roles.

Regards,

Manju

Show replies
Show replies
Ask a Question