on 10-10-2007 1:04 PM
Hi everyone,
I'm working on CC 5.1 and the tool is stabilized and is working fine. We used this tool to remediate more or less 50% of our SoDs.
My question is:
If risk A is only a risk if the roles assigned to the user have the same Plant or Company code, how could I possibly set up CC to check this?
In other words, if the conflicted transactions are not used in the same Org. Level, it's not a risk anymore.
Many thanks in advance for your assistance.
Cheers
You can configure GRC to check for conflicts per Org.
P.Marcello
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
To expand a bit on Patrick's response. you can user Organizational Rules to eliminate the false positives that are being reported.
The user guide contains details on all of the steps required to use org rules, but in a ntushell this requires:
- Identication of the risk(s) being incorrectly reported
- Modification of the necssary functions to activate the appropriate org-level fields in the associated permissions
- Rule regeneration
- Use Rule Architect feature to create approriate org rules
- Run Org User Mapping batch function to collect data on org level/user relationships (needs to be executed on a recurring basis to be kept current)
Once these steps have been performed, user level risk analysis performed from the "Org Level" menu option should only report the desired conflicts.
Hi Everyone,
Many thanks for your input and support on my issue. I have tried a few steps and it's working fine, the only problem we have is the process flow, because in order to eliminate the false-positive you cannot run it via the "normal" risk analysis tool called "User Analysis".
That means, I will have to request from our support teams to run a risk analysis report for our users twice, a normal User risk analysis and the Org Risk analysis to have a complete vision of what is really a risk and what's not
Anyway, thanks for your help.
Cheers
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
There is a very good 14 page Quick Reference Guide that explains how to use Org Rules in GRC 5.2 available.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.