Skip to Content

GRC AC ARM - stage skipped post SoD mitigation

Hello experts,

We are configuring ARM 10.1 for an SRM system where the requirement is to have Security team complete a few activities in SRM once a user is provisioned. Hence, the user provisioning will be semi-automated with 3 stages.

1. Manager

2. Role Owner (with SoD detour for risk mitigation) and

3. Security.

The three stages complete fine if there are no SoD conflicts. In the SoD conflict scenario, the request finishes after the second stage after being routed to get risks mitigated. The request does not go to the 3rd stage for security to complete manual activities.

Is it standard that all requests should close after SoD mitigation? How do I ensure that Security stage is not skipped in both scenarios of existing & non existing SoD conflicts?

Thanks,

Kashif

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 07, 2017 at 04:51 AM

    Hello Kashif,

    This is a expected scenario. To achieve the security stage option for manual activity you need to add Security stage in your Routed path( Detour Path).

    By doing this if there are any risk violations the request is routed to the Detour path and stage 1 would be your risk approver and as soon as the app over approves it will then goto security stage for manual activity.

    Let me know if that helps.

    BR

    Sandeep Devaki

    Add comment
    10|10000 characters needed characters exceeded

    • Thanks Sandeep,

      We have the SoD path mapped to multiple path for re-routing. Hence, cannot use the same path for new stage. I am creating another rule id and SoD path for this scenario with SoD routing. Will let you know how this goes.

      Thanks,

      Kashif

  • Dec 05, 2017 at 05:07 AM

    Hello Kashif,

    Have you maintained Security stage in the routed path as well?

    Few screen shots of the MSMP configurations will help. (stage 5 and 6)

    Kind regards,

    Yashasvi

    Add comment
    10|10000 characters needed characters exceeded