Skip to Content
author's profile photo Former Member
Former Member

Risk Analysis - Violation and Mitigation Lights

Hi Experts,

I need to to understand about the Risk Violations Lights in Access Request. I know that lights are always w.r.t.to the roles in the request. Below is my current understanding.

When there are No risk violations I see lights as GREEN (For Risk Violations) - GREEN(For Mitigation Control)

When there are risk violations and not mitigated I see lights as RED (For Risk Violations) - RED (For Mitigation Control)

When there are risk violations and mitigated I see lights as RED (For Risk Violations) - GREEN(For Mitigation Control)


Now there is a business role in my access request. This business role has 10 roles inside it. Now in these 10 roles 5 roles have violations out of which violations from 3 roles are mitigated. Still
2 roles have risk violations which are not mitigated.

Now ARQ has only one Business role Line Item which has risk violations, but half of them are already mitigated and half of them are not mitigated.
So, in this scenario how to interpret Risk Violations and Mitigation Controls based on Lights in Access Request ?

What I observed is lights are showing as RED (For Risk Violations) - GREEN(For Mitigation Control). Is this how SAP shows the lights if half are mitigated and half are not mitigated?

As per my understanding only if all violations in the request are mitigated then only lights should show as RED (For Risk Violations) - GREEN (For Mitigation Control).
Please correct me if my understanding is not correct.

~ Madan

Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    Posted on Mar 25, 2015 at 02:08 PM

    Hi Madan,

    SAP note suggested by Alessandro should resolve your issue with Business Role lights as we had same issue which got fixed by this note.

    Irrespective of Single or Composite or Business roles, even if one risk is not mitigated in the request risk analysis then it should show Red and Red.

    If you have multiple risk analysis levels and your Permission Level risks are mitigated and Critical Actions not mitigated even then system should show it as Red and Red.

    Please try and let us know whether the note helps.

    Regards,

    Madhu.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Mar 25, 2015 at 06:59 AM

    Dear Madan,

    please implement the following note: http://service.sap.com/sap/support/notes/2055853

    Let us know if this answers your question.

    Best regards,

    Alessandro

    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.