Skip to Content
avatar image
Former Member

Why Access Enforcer 5.2 considers u201CCritical Transactionu201D as a SOD Risk ?

Hello,

When I submit a request with Critical Transaction and no SOD conflict, Access Enforcer forwards my request to the SOD Manager.

I have a Detour Path triggered by the condition u201CSOD Violationsu201D.

The settings are in:

- Access Enforcer 5.2: Configurations -> Risk Analysis -> Default Analysis Type: Object Level

- Compliance Calibrator 5.2:

Configuration -> Risk Analysis -> Default Values -> Default report type for risk analysis: Permission Level

I am wondering why Access Enforcer 5.2 considers u201CCritical Transactionu201D as a SOD Risk

Thank you.

Abderrahim

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Nov 24, 2010 at 03:46 PM

    Hi,

    As per my knowledge even though you set the risk analysis to be done at a single level, AE will do at all the levels, i.e., at SoD, critical action, and critical permission. If you want to have only SOD risks, you need to either deactivate all critical action rules in RAR, or create a new ruleset and assign all the SOD risks to it and use it with AE.

    This will help you to address the issue.

    Best Regards,

    Raghu

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi,

      I think now you get what Alpesh and others are trying to tell you. As CUP doesn't have its own risk analysis capability and goes back to RAR(CC) for any risk analysis. So, in your compliance clibrator (v 5.2), critical transcations has been marked as risk. Remove that from Complince Calibrator and you won't be able to see any risk arise due to Critcal Transactions. Hope it clarifies.

      Thanks,

      Guru

  • avatar image
    Former Member
    Nov 24, 2010 at 03:21 PM

    In RAR do you have the option Ignore Critical Roles & Profiles. This can be found under Configuration --> Risk Analysis --> Additional options. Have you tried setting this to Yes?

    Thanks!

    Chinmaya

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Chinmaya,

      Indeed, in Compliance Calibrator 5.2, I have the setting:

      Ignore Critical Roles & Profiles -> Yes

      Thanks,

      Abderrahim