Skip to Content
avatar image
Former Member

AC 10 - Supplementary Rules

Hello!

Is there any information or documentation regarding supplementary rules? I have a problem and didn't find any documents or help for GRC 10 so far.

So far, I was only able to create a rule that either affects all users or no users at all. I have created a table in R3 with fields system, user, risk and an active/inacvtive flag. I want this table to be the standard table for supplementary rules, where I define that a certain user is allowed to have a violation because it is his daily task (I'm talking about STs here). Parameter 1037 is set to "YES".

In GRC I have referenced to this table for a Test-Supplementary rule. However I am not able to get the result that I want, which is that (in this case) only ADMINGAHLER is allowed to have violations for risk BC12 and it doesn't come up in the analysis any more. Based on the setting of Parameter "Include Violations" the result is influenced that either all users are not shown any more or no users at all.

Is my approach completely wrong, or is there just some little mistake that produces the unwanted result?

Thanks for your help in advance!

NR
Michael

grc_table.jpg (26.6 kB)
Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

2 Answers

  • Best Answer
    avatar image
    Former Member
    Mar 30, 2012 at 10:13 AM

    Hi Michael,

    Please remove the Field Names "RISK" and "GRCSYSTEM" and then Save the Rule. Post updation, execute the Risk Analysis once again.

    I hope this will provide you the requisite results.

    Regards,

    Nikita Sharma

    Add comment
    10|10000 characters needed characters exceeded

  • Mar 28, 2012 at 02:18 PM

    Hi Michael,

    I whould put "*" in Access Risk ID and the function specific in "Function ID".

    Regards,

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member

      Hi Claudio!

      Thanks for your quick reply! Unfortunately this doesn't make any difference. I still have the same result: Either all users are excluded from the analysis or no one.

      Regards,