Skip to Content
avatar image
Former Member

RAR Mitigated Users show up after Mitigated during risk analysis.

Hello all,

need your advice and help

GRC 5.3 SP11

Only RAR installed.

I have mitigated few users against few of the risks, but when I run an analysis, the Mitigated users also show up with violations.

I have checked the setting under configuration, the parameter : Exclude Mitigated Risks = YES "

Is there any other setting I have to do so that the mitigated users do not show up.

Thanks

Vidyar

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Dec 08, 2010 at 07:47 PM

    What you are doing is correct. I think there could be an issue with the way users were mitigated? While applying mitigation at user level did you use risk id* as the convention. For Eg. if you want to mitigated user A for F034 then while mitigating user, please put F034*.

    Regards,

    Alpesh

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 09, 2010 at 09:30 AM

    Hi,

    In Mitigation tab, do you see that user under Mitigated User table?

    Can you please copy paste that entry.

    Regards,

    Surpreet

    Add comment
    10|10000 characters needed characters exceeded

  • avatar image
    Former Member
    Dec 10, 2010 at 01:08 PM

    If you ran the risk report and then mitigated the user directly in that report by selecting the mitigate button you should be fine. I would think the mitigated user is getting this risk from a new role or transaction. If you want to mitigate the user directly in the risk you just click on the users tab in the risk and add the user. Make sure you enter the risk information correctly. As far as adding a * to the end of the risk you don't have to do that with the SP you are on but it's worth a try

    Add comment
    10|10000 characters needed characters exceeded