on 06-16-2015 12:43 PM
Hi,
We have an interesting issue when performing offline or online analysis in NWBC.
We have setup the ruleset the way that there are 2 types of risks:
1. SoD risks
2. Critical action risks
Basically, the analysis works, because we get results for users on the respective system. However, only risks with risk type "Seggration of Duties" are displayed.
The risks with risk types "critical action" are not displayed, although we checked the box "critical action" in the risk analysis screen.
Lets have a look at the risks and functions:
- The functions are active. They have assigned the correct connector (back end system).
- The risks are active. They have assigned the correct function and have risk type "Critical Action". The risks are assigned to the correct ruleset.
What needs to be mentioned is that the system and thus the ruleset was migrated from 5.3 to 10.1 SP8.
Basically we assume that the migration of Access Control was correct, as we get results for SOD conflicts.
Does anybody have an idea what might be wrong here that we don't receive any hits on critical actions?
Best Regards,
Berrnd
Hello Bernd,
Check rules are generated
NWBC-->Rule Setup--> Generated Rules--> Access Rule Summary
Or
NWBC-->Reports & Analytics-->Access Rule Library.
i assume rules are generated
To get result for critical actions in risk analysis
check Analysis scope in Functions
"Make sure that the 'Analysis Scope' for the function is defined as single system instead of SOD"
could you check and re run the risk analysis
Regards
Baithi
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.