cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Provisioning Roles only after Risks have been mitigated

Go to solution
mhughes2
Participant

on ‎07-28-2017 9:33 PM

0 Kudos

All,

I have completed most of my provisioning workflow tasks with much success, but have run into the below issue that i cannot find any information on here and have not been able to resolve.

When I create a request for a user that contains a role with a risk that should go through the remediation process with an existing mitigating control, currently the role owner is able to approve that role for assignment and it provisions without forcing the approver to assign a mitigating control which would then prompt my "Mitigation Assignment" workflow to start.

If I assign a control on my own it will trigger the "mitigation assignment" workflow as normal but I need this to be a mandatory feature as role owners if left to their own devices will just approve the access most times.

In 5.3 this was standard and a request could NOT continue until after a Risk was mitigated and then reviewed by a compliance officer.

my Risk Analysis config settings:

The request showing the High Risk Levels but allowing the role owner to still approve it and provision even with the risk.

On a side note I updated my original workflow to have an escape route for the GRAC_MSMP_DETOUR_SODVIOL thinking that maybe it was missing the workflow to prompt the SOD initiator but even when up update the role owner Stage with this, and create a new route for the SOD detour it still provisions without forcing a mitigating control.

Here are those stage updates...

Any help would be appreciated.

Michael

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member226273
Active Participant
‎08-04-2017 9:13 AM
0 Kudos

Hello Micheal,

What is your GRC version, please check if any of these NOTEs would be helpful for you:

2360878 - GRC AC : Access Request is getting approved with unmitigated risks
1587489 - Allows Approval without mitigation

1667440 - AC10 - Workflow Stage Task Settings for 'Approve Despite Risks'

Kind regards,

Yashasvi

Show replies
Show replies
mhughes2
Participant
‎08-04-2017 7:07 PM
0 Kudos

Yashasvi,

I am currently on the latest Service pack. GRCPINW 10.1 V1100_731 SP18

All of the notes you provided are included in previous releases or no longer valid.

mhughes2
Participant
‎08-04-2017 9:07 PM
0 Kudos

Yashasvi,

Actually the following did resolve my issue:

1667440 - AC10 - Workflow Stage Task Settings for 'Approve Despite Risks

The MSMP process was not filled in on this after the BC set was activated. I deleted Appl ID 3 (which was missing the workflow) and then recreated it with the same BRF Function ID and then updated with the SAP_GRAC_CONTROL_MAINT workflow and this is now working.

Answers (1)

Answers (1)

Former Member
‎07-29-2017 12:06 AM
0 Kudos

Hi Micheal,

Did you enabled the Param ID 1061 & 1062?

Thanks

Ramesh

Show replies
Show replies
mhughes2
Participant
‎08-02-2017 9:56 PM
0 Kudos

Yes there are set as in the attached screen shot.

Ask a Question