Skip to Content
avatar image
Former Member

SAP GRC 10.0 Access request submission - Risk analysis need to exclude medium risk

Hi GRC Experts,

We need to exclude any medium risk while running risk analysis on the access request form and consider only High risk. So we can mitigate only the High risk and can ignore the medium risk. Appreciate for an quick response. Attached screenshot to explain this.

System details:


SAP GRC 10.0

GRCFND_A V1000 Version:0011

Configuration details:


1024 - Default risk level for risk analysis - 1 (HIGH)

1071 - Enable risk analysis on form submission - YES

1072 - Mitigation of critical risk required before approving the request - YES



MediumRisk.jpg (110.8 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

1 Answer

  • avatar image
    Former Member
    Aug 14, 2013 at 03:49 PM

    Hi Feros,

    You have to use Mitigation control policy BRF+ rule to have this functionality.

    You can find in built mitigation control policy rule id in SPRO where you can also find user default and HR trigger rules.

    Copy the rule Id and execute BRF+ tcode, search your for the Mitigation policy rule Id.. Edit the rule Id and change it to function and event mode.

    And line item there as

    if risk level is medium or low, approver can approve the request even without mitigation

    if risk level if high,approver can't approve the request and mitigation is  needed.

    There is also some docs available for mitigation policy in SCN.

    Try searching on "Mitigation Policy", i am sure you will get a SAP docs for the same.



    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member


      You need to delete the Application rule id from the BRF Plus Function Mapping.

      Please check the SAP Note 1667440.


      Neeraj Agarwal