GRC 10.1 SP07
When I run a user level scan (Access Management WorkCentre) and include mitigated risks (checkbox) the user I am looking at has mitigation for a particular risk.
When I run a mitigated user report (Reports and Analytics WorkCentre) this user does not show up as having any mitigated risks.
I have not done any additional analysis other than this one user, but what could be the problem. I did see note 2144782, but wasn't 100% sure this applies to my issue.
I have a few questions:
1) Are there two tables I can compare to see the difference between these reports? GRACMITUSER does not show this user.
2) Running GRAC_DOWNLOAD_MIT_ASSIGNMENTS does not show this user
3) Which side is accurate - the report or the user level scan? Where does the user level scan get the information (that the user IS mitigated)?
4) If this note (2144782) fixes the problem I would like ot know the extent of the problem first - in other words, what will the new report show (goes back to the earlier questions asking about the tables)?
5) Could there just be a sync job somewhere I don't know about?
Add comment