Application Development Discussions
Join the discussions or start your own on all things application development, including tools and APIs, programming models, and keeping your skills sharp.
cancel
Showing results for 
Search instead for 
Did you mean: 

Virsa Config Logic?: Include Role/Prof mitigating contls in User Analysis

Former Member
0 Kudos

Hello All,

After changing configurations option "26 Include Role/Prof mitigating contls in User analysis(YES/NO)" to YES from NO, I noticed that the mitigation seems to be overextending itself into other roles. Example:

User with RoleA, RoleB and RoleC has potential conflicts. It turns out that RoleC is not a real problem but RoleA and RoleB are. So, I mitigate one rule against RoleC.

With the configuration option 26 set to YES, I would expect that The mitigation control would apply only against RoleC and SoD issues against RoleA and RoleB should still be a problem; however, RoleA and RoleB are now also mitigated. Therefore, this means that roles which I had not intended to be mitigated are mitigated.

How should the logic within Virsa be understood?

Thanks, Dylan

1 REPLY 1

Former Member
0 Kudos

Adding details to this subject, here is a test scenario for which anyone can try:

Build RoleA only with S_TABU_DIS and change/display access to P000 to PZZZ table groups.

Build RoleB with transactions PC00_M10_CDTC and PC00_M99_CURSET

Build RoleC also with transactions PC00_M10_CDTC and PC00_M99_CURSET

Create a dummy user with all three roles assigned and run the SOD report against the user and risk H00600501.

Afterward create a mitigation for that risk and RoleC combination only.

Re-run the report. If possible, please also list your Virsa version and support pack level. The customer system I'm on is 4.0 and SP 04.

Many thanks for any help in this regard. The mitigations configuration option is a really important option under the circumstances and I would like to use it but cannot at the moment considering the results.