on 06-26-2007 7:45 AM
Hi,
I have defined a mitigating control in CC and also attached a role and a user to the same.
When the value for 'Exclude Mitigating Controls' in Risk Analysis in Configuration is set to 'No', I expected that the defined mitigating control shall be displayed under the column of 'Mitigating Control' in Risk Analysis report for the selected role / user. However the mitigating control is not displayed.
Even if the value of 'Exclude Mitigating Controls' in Risk Analysis in Configuration is set to 'Yes', the role for which mitigating control is defined is not excluded.
Is there any more setting to be done?
Thanks and regards,
Anjali
Dear Anjali,
The user has to run the Risk Analysis (by pressing the pushbutton) to see if the roles being requested will have any SoD conflicts.
Risk violaions would be displayed in the risk violation tab if there are any.
The user needs to highlight the risk id and press mitigation button. The mitigation control for this particular risk are displayed.
Regards,
Naveen.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Dear Naveen,
Thanks for your prompt response.
I had defined the mitigating control after getting the risk violation and attached it one role and one user.
Now when I run the Risk Analysis Report in Informer for a role level or user level - I expect this mitigating control displayed under the column meant for the same against the role and user which is attached through mitigation. However mitigating control is not displayed.
Can you guide me on this?
Thanks and regards,
Anjali
Simitaichi,
Thanks for your response.
I have given exact risk id for the mitigating control. Further the role and user have also been attached properly.
However I see the same report irrespective of the value for 'Exclude Mitigating Controls' and without mitigating control in the User or Role Analysis report.
Is there anything more to be done?
Anjali
Hi Anjali, you specified only the specific riskID? Is there an '*' appended at the end ?
you mentioned you have mitigated 1 user and 1 role for that control.
In that case it should work. Check the validity period of the user assignment?
Also, you may want to put '*' instead of the userID. This means that whichever user who has that risk will be mitigated automatically.
Hi Simitaichi,
I'm from SAP Basis team. One HR analyst complained about a similar problem. She is unable to get "Mitigating Control" column in the report, when she ran the Risk Analysis -> User Level for HR mitigating control
While creating the Mitigation Control, I'm unable to append the "*" for Risk Id. It's throwing the following error :
Exception!!. No relavent language message available in database for :0055
Note:- Under Risk Analysis -> User Level the "Ignore Mitigation" is set to "NO"
In Configuration tab- Risk Analysis -- Exclude Mitigated Risks is also set to "NO"
Can anyone please help in this regard?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.