Skip to Content
avatar image
Former Member

Mitigation Control Display Restriction

Hi ,

Please let me know whether we can restrict the display of mitigation control to Owner/Approver according their region i.e is organizational Hierarchy.

Means Approver/Owner should able to view their respective region control only while mitigating the risk.

Thanks

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Sep 06, 2016 at 06:18 PM

    Hi Lakshmi,

    I encountered a similar requirement.  The list of available controls is based on the org structure hierarchy in GRC NWBC, but the list also includes the parent-org's controls.  If my org structure is "Org A (parent)" --> "Org B (child)", then Org B's available controls will include Org A controls.  You can try removing the organizational hierarchy relationship between the regions and their parents, and instead have each region be a top-level or second-level org.

    Hope this helps!

    -Ken

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Ken,

      Thanks for your reply.

      I didn,t understand the below point.

      You can try removing the organizational hierarchy relationship between the regions and their parents, and instead have each region be a top-level or second-level org?



      Thanks,

      Lakshmi

  • Sep 07, 2016 at 08:58 AM

    Hi,

    Mitigation Control assignment can be controlled through workflow. So, only the respective Mitigation Owner can assign, i.e only a Owner can assign Control, for whom he is the owner, and not for other Controls.

    So, do not assign other role to Mit. owner except the standard ones(i think it is SAP_GRAC_MIT_CONTROL_OWNER), so that the owner can only approve workitem in Inbox.

    Regards

    plaban

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hello Plaban,

      Thanks for your suggestion.

      Let me know whether standard workflow will behave like this?

      or whether we have to make any customising in the workflow.

      Thanks,

      Lakshmi