In SOD review request, there can be 2 options available for SOD Request Reviewer (risk owner) (a) Actual Removal (b) Propose Removal.
Question 1 - Have noticed that the Actual Removal directly removes ALL roles bringing the risk for the User. If used, this action actually ends up removing large amount of access for the User. Can we ensure only one of the twin roles or partial of the roles causing the risk be removed for the user there by performing a remediation act?
Question 2 - On the flipside, IF Propose Removal is used as the action; the request just ends with status suggesting to remove function etc causing this risk. Now, is the SAP recommendation here to view the SODR report and based on action remediate the respective user present Risk manually? or is there any other process/reason, plz update the same.
Question 3 - How does this SODR routing rule help ? I have tested for the Actual Removal action and the request is routed to the respective assigned agent (preferably Coordinator or Security Admin). But they too have the same options as the Risk Reviewer i.e.. Actual Removal/Propose Removal and Mitigate Risk. I see this doesn't help as Actioning the request with Actual Removal/propose removal or Mitigate risk is a MUST here as well. What is the expectation from this Routing rule ? How can this be effectively used ?
Question 4 - I have browsed all relevant sources for the best practice suggested by SAP for the SOD review and couldn't find any documentation detailing what these ACTIONS in the request do and how the process is handled or provisioning happens for the user in the request. Plz share relevant material or references to learn the same.
PS: Appreciate if you answer against each question above to get an end to end understanding of the SODR feature. Good day!