Skip to Content
author's profile photo Former Member
Former Member

GRC AC 10.1 - Risk Analysis Dashboard - Update

Hi experts!

Im working in GRC AC 10.1 SP07, and i have a dude with GRAC_BATCH_RISK_ANALYSIS / Dashboard Update. First time, we ran GRAC_BATCH_RISK_ANALYSIS program with no filters in User tab, so it synchronized all users, for example, FireFighter ID Users.

Then, i corrected this using Group User as filter (excluding FireFighter user group) and running program in full mode.

Problem is that in Risk Analysis Dashboard, FireFighter ID users still appears. I think GRAC_BATCH_RISK_ANALYSIS's filters works fine but it doesn´t delete users not included in filters from dashboard.

¿Is this a program error? or it´s just normal way program works? anybody has have similar experiences?


Add a comment
10|10000 characters needed characters exceeded

Assigned Tags

Related questions

2 Answers

  • Best Answer
    author's profile photo Former Member
    Former Member
    Posted on Jun 05, 2015 at 01:43 PM

    My suggestion for your problem is to use the "Maintain Exclude Objects for Batch Risk Analysis" SPRO configuration step under SPRO -> Access Control -> Access Risk Analysis -> Batch risk analysis. After entering the IDs or roles you want to exclude, they will automatically be removed from the dashboards.

    In regards to Ken's comment, if you want to report on critical actions separate from SOD risks then you could change the risk rankings for the critical actions to "Critical" or create a custom risk ranking. That way you will see them in different categories.

    Add a comment
    10|10000 characters needed characters exceeded

  • Posted on Jun 03, 2015 at 07:22 PM

    Hi Emiliano,

    This is how the dashboards have always behaved in 10.0, and this is the reason why I feel the dashboards are USELESS. You are facing the exact issue that I faced several times, and I have concluded that the dashboards simply aren't a great way to capture a clear picture of the health of the landscape. In fact, because of the initial execution where you used * for all restrictions, you now have a ton of data for all users and roles that make things look much worse than they are.

    Moreover, there isn't the ability to view SOD risks only. All of the violation #s in the dashboards include ALL risk types, including Critical Action risks (that you may not want to report on, like in my situation).

    I recommend not using the dashboards at all because they paint a worse picture than what really exists. The only dashboard that might be useful is the "Violations Comparison" which will show you how the risk totals change over time during remediation efforts.

    Stick to the true ARA reports and build pivot tables in Excel to give you a clear picture of the health of your landscape.


    Add a comment
    10|10000 characters needed characters exceeded

Before answering

You should only submit an answer when you are proposing a solution to the poster's problem. If you want the poster to clarify the question or provide more information, please leave a comment instead, requesting additional details. When answering, please include specifics, such as step-by-step instructions, context for the solution, and links to useful resources. Also, please make sure that you answer complies with our Rules of Engagement.
You must be Logged in to submit an answer.

Up to 10 attachments (including images) can be used with a maximum of 1.0 MB each and 10.5 MB total.