Skip to Content
0

GRC AC ARM - stage skipped post SoD mitigation

Dec 01, 2017 at 04:43 PM

68

avatar image

Hello experts,

We are configuring ARM 10.1 for an SRM system where the requirement is to have Security team complete a few activities in SRM once a user is provisioned. Hence, the user provisioning will be semi-automated with 3 stages.

1. Manager

2. Role Owner (with SoD detour for risk mitigation) and

3. Security.

The three stages complete fine if there are no SoD conflicts. In the SoD conflict scenario, the request finishes after the second stage after being routed to get risks mitigated. The request does not go to the 3rd stage for security to complete manual activities.

Is it standard that all requests should close after SoD mitigation? How do I ensure that Security stage is not skipped in both scenarios of existing & non existing SoD conflicts?

Thanks,

Kashif

10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

2 Answers

Best Answer
avatar image
Former Member Dec 07, 2017 at 04:51 AM
0

Hello Kashif,

This is a expected scenario. To achieve the security stage option for manual activity you need to add Security stage in your Routed path( Detour Path).

By doing this if there are any risk violations the request is routed to the Detour path and stage 1 would be your risk approver and as soon as the app over approves it will then goto security stage for manual activity.

Let me know if that helps.

BR

Sandeep Devaki

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Thanks Sandeep,

We have the SoD path mapped to multiple path for re-routing. Hence, cannot use the same path for new stage. I am creating another rule id and SoD path for this scenario with SoD routing. Will let you know how this goes.

Thanks,

Kashif

0
Yashasvi Sanvaliya Dec 05, 2017 at 05:07 AM
0

Hello Kashif,

Have you maintained Security stage in the routed path as well?

Few screen shots of the MSMP configurations will help. (stage 5 and 6)

Kind regards,

Yashasvi

Show 3 Share
10 |10000 characters needed characters left characters exceeded

Hi Yashasvi,

The stage for Security works or the task is sent to security when there is no SoD violation at Roleowner Stage. The request gets completed at the SoD owner stage routed from Roleowner for SoD violations. This is where it skips security stage. Screenshots are below for your review.

The path for SRM which has 3 stages:

Request completes Stage 021 when there are no SoDs.

Request closes in stage 011 when there are SoDs which is the issue. I believe it should move on to Stage 021 here as well.

Route mapping is below for SoD Detour Path which is OK.

SoD Detour Path and task settings is below:

Thanks,

Kashif

xtynp.png (52.7 kB)
0

Hello Kashif,

Once the request is routed to another path (detour), it follows the new path.

In your case, the new path has only one stage which is mitigation, hence request gets completed as soon as that stage is approved. You should add the Security stage in the routed path, so that Security team will get the request after mitigation stage.

Please let me know in case of questions.

Kind regards,

Yashasvi

1

Thanks Yashasvi,

I was not sure about this as the standard functionality. Now I can look into other options.

Kashif

0