Skip to Content
Jun 16, 2015 at 11:43 AM

Risk analysis only shows SOD risks, no critical action risks



We have an interesting issue when performing offline or online analysis in NWBC.

We have setup the ruleset the way that there are 2 types of risks:

1. SoD risks

2. Critical action risks

Basically, the analysis works, because we get results for users on the respective system. However, only risks with risk type "Seggration of Duties" are displayed.

The risks with risk types "critical action" are not displayed, although we checked the box "critical action" in the risk analysis screen.

Lets have a look at the risks and functions:

- The functions are active. They have assigned the correct connector (back end system).

- The risks are active. They have assigned the correct function and have risk type "Critical Action". The risks are assigned to the correct ruleset.

What needs to be mentioned is that the system and thus the ruleset was migrated from 5.3 to 10.1 SP8.

Basically we assume that the migration of Access Control was correct, as we get results for SOD conflicts.

Does anybody have an idea what might be wrong here that we don't receive any hits on critical actions?

Best Regards,