cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Risk analysis only shows SOD risks, no critical action risks

angeber
Explorer

on ‎06-16-2015 12:43 PM

0 Kudos

Hi,

We have an interesting issue when performing offline or online analysis in NWBC.

We have setup the ruleset the way that there are 2 types of risks:

1. SoD risks

2. Critical action risks

Basically, the analysis works, because we get results for users on the respective system. However, only risks with risk type "Seggration of Duties" are displayed.

The risks with risk types "critical action" are not displayed, although we checked the box "critical action" in the risk analysis screen.

Lets have a look at the risks and functions:

- The functions are active. They have assigned the correct connector (back end system).

- The risks are active. They have assigned the correct function and have risk type "Critical Action". The risks are assigned to the correct ruleset.

What needs to be mentioned is that the system and thus the ruleset was migrated from 5.3 to 10.1 SP8.

Basically we assume that the migration of Access Control was correct, as we get results for SOD conflicts.

Does anybody have an idea what might be wrong here that we don't receive any hits on critical actions?

Best Regards,

Berrnd

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member197694
Active Contributor
‎06-16-2015 1:27 PM
0 Kudos

Hello Bernd,

Check rules are generated

NWBC-->Rule Setup--> Generated Rules--> Access Rule Summary

Or

NWBC-->Reports & Analytics-->Access Rule Library.

i assume rules are generated

To get result for critical actions in risk analysis

check Analysis scope in Functions

"Make sure that the 'Analysis Scope' for the function is defined as single system instead of SOD"

could you check and re run the risk analysis

Regards

Baithi

Show replies
Show replies
angeber
Explorer
‎06-17-2015 6:26 AM
0 Kudos

Hello Baithi,

thanks for your answer. The 'Analysis Scope' for the function is still defined as single system:

Regards

Bernd

Former Member
‎06-17-2015 9:31 AM
0 Kudos

Hi Bernd,

Does your 'Corporate' Ruleset contain Risks of Critical action. if not, you need to include it.  Can you tick mark 'Include Mitigated risk, and see if you get any Critical Action risks.

regards

plaban

former_member185447
Active Contributor
‎06-16-2015 1:18 PM
0 Kudos

Hello Berrnd,

In the result screen, just select Type as Critical action and you will see those results as well.

Regards,

Deepak M

Show replies
Show replies
angeber
Explorer
‎06-17-2015 6:33 AM
0 Kudos

Hello Deepak,

I still use "critical action" in the analysis critera - but it doesn't work

Regards

Bernd

former_member185447
Active Contributor
‎06-17-2015 6:47 AM
0 Kudos

Hello Bernd,

In the next screen where you get results, select type as critical action and view the results.

Regards,

Deepak M

angeber
Explorer
‎06-17-2015 6:54 AM
0 Kudos

Hi Deepak,

but there is still no violation:

The (test)user ANGERBER2 has profile SAP_ALL - so there must be a lot of violations?!?

Regards

Bernd

former_member185447
Active Contributor
‎06-17-2015 7:04 AM
0 Kudos

Hello Bernd,

Check if you have maintained SAP_ALL in Critical Profiles and maintained the parameter IGNORE CRITICAL ROLES and PROFILES as YES

Regards,

Deepak M

Ask a Question