Skip to Content
avatar image
Former Member

How to restrict risk owner to mitigate their own risks

Hello All,

Could you please help me on this setting, We are on GRC 10.1 SP level 13.

Risk owner should be able to mitigate their own risks but not others.

For Example - In the access requests we have got 4 risks P001,P002, S001, S002.

For P001, P002 risk owner is ZPOWNER and for S001, S002 risk owner is ZSOWNER.

At the Risk owner stage, request is waiting for approval ZPOWNER and ZSOWNER. Approval type is set to "All Approvers"

But here ZPOWNER is mitigating all the risks (Were ZPOWNER is not the risk owner for risks S001 and S002) and request is getting closed.

System should only allow risk owner ZPOWNER to mitigate risks P001,P002 and risk owner ZSOWNER should mitigate only S001, S002 risks.

Could you please advise, how do we restrict such cases. Risk owners should be able to mitigate their own risks but not others.

Thanks in advance.

Regards,

Abhi

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Jul 11, 2016 at 08:35 AM

    Dear Abhi,

    how did you restrict the authorizations? GRAC_RISK and GRAC_MITC?

    Regards,

    Alessandro

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Alessandro,


      Thanks for your time and reply on this.


      I have checked the objects GRAC_RISK and GRAC_MITC except activity field all other fields are maintained are "*". Screenshot below.


      Based on your reply, i guess we need to restrict field GRAC_MITC in object GRAC_MITC.


      Please provide your suggestion on this to over my issue.


      Thanks in advance.


      Regards,

      Abhi



      GRC_MITC.png (80.0 kB)
  • avatar image
    Former Member
    Jul 08, 2016 at 01:43 PM

    Hi All,

    Can any one able to advice me on this please.


    Thanks in advance.


    Regards,

    Abhi

    Add comment
    10|10000 characters needed characters exceeded

  • Jul 11, 2016 at 06:57 AM

    Hi,

    I think Risk Owners are approving at SOD violation stage. if so, could you implement Note: 1670504. Then you can route Risks to their respective owners, and not to Owners of other Risk ids. So, could you provide the Agent id used by you, for Approval of Risk.

    Regards

    Plaban

    Add comment
    10|10000 characters needed characters exceeded