GRC 5.3 mitigation control

Dear Guys,
Please help me to understand the concept of mitigation control in GRC 5.3 and when it is useful and at what time we need to implement mitigation control.
How could we mitigate user and on what criteria....????
Also some brief about control monitor.
Thanks in Advance......

Hi Arpit,
Steps for remediation and mitigation strategy is as below,
Once you do risk analysis, you have the list of risk available in your system, after this you have the option to remove (Remediate) risk by removing conflicting permission or action from role.
OR
there is scenario where you have to accept the risk in this case you have to opt for mitigation control, just consider one example given below,
Function A: Create PO
Function B: Release PO
Above two functions are conflicting and create risk in standard process, so as a standard practice, in reference to compliance SAP recommends to have two people doing it separately, but customer might not be having 2 postions in org to separate this, so customer has to accept the risk and create mitigation control to document this and put the monitoring control so one person can perform this function.
This way it is helful to follow the compliance and when audit happens customer can show that they have identified the risk and documented it and put alternate monitoring control, so the risk cannot be misused.
Hope this helps you understand it.
BR,
Mangesh

Similar Messages

  • GRC AC V10 - Mitigation Control Approval Workflow

    Hi guys,
    can me explain somebody the difference between the processID SAP_GRAC_CONTROL_ASGN und SAP_GRAC_CONTROL_MAINT?
    And as well can somebody provide me the initiator rule ID for both so that we can have a detailed look into the brfplus rule.
    We only want to mitigate controls via an controlowner approval and not a process for the creation of new controls.
    That means an asisgnment approval workflow for mitigation controls.
    Thanks a lot.

    Hello Alexa,
    Did you ever employ SAP_GRAC_CONTROL_ASGN ? Were you able to identify the included agents ?
    I am interested in identifying approvers for mitigating controls who can be included in the workflow but are not risk owners. Would you have any suggestions for this type of agent ?
    Any information would be appreciated.
    Thanks,
    Jamie

  • Mitigation control ID validity extension -easy way

    I work in GRC AC 5.3. All Mitigation control IDs have a validity expiration on same date in near future. Our GRC has many mitigation control IDs with mitigated users. How can I change the valid to date in convenient way?
    It may be extended for all mitigated users separately/individually, but it will take huge time.

    You can download all of them in a text file, make changes and upload it back via the import/export utility under mitigation tab,
    Alpesh

  • Bringing mitigating controls from PC to AC in GRC 10.0

    Hi ,
    I am going through remediation process in GRC 10.0, However there are no mitigation controls setup in AC.
    my client is asking me to copy all the mitigating controls from PC to AC.
    Is this possible ? if yes, What will be the process ?
    Thank you.

    Hi Sri,
    you can achieve by downloading and uploading the mitigations.
    Go to SE38 and use the following program GRAC_DOWNLOAD_MIT_ASSIGNMENTS to download the file and make necessary changes to it and upload the file by using the following program GRAC_UPLOAD_MIT_ASSIGNMENTS.
    and put the active column in the file as X.
    Regards,
    Venugopal Ireni

  • Mass maintenance of Mitigation controls in GRC 10.0

    Dear All,
    How to do mass maintenance of mitigation in ARA of GRC 10.0. We successfully migrated the mitigation controls from 5.3 to 10.0. I need to change the monitors for many user conflicts and also add new user conflict mitigation controls. Is it possible to do a mass changes in GRC 10.0 as there is no upload functionality for mitigation controls
    Thanks and Best Regards,
    Srihari.K

    Hi Sri,
    you can achieve by downloading and uploading the mitigations.
    Go to SE38 and use the following program GRAC_DOWNLOAD_MIT_ASSIGNMENTS to download the file and make necessary changes to it and upload the file by using the following program GRAC_UPLOAD_MIT_ASSIGNMENTS.
    and put the active column in the file as X.
    Regards,
    Venugopal Ireni

  • GRC AC10 Mitigation Control Temporary Tables

    Hi everyone,
    I'm trying to find the table where GRC stores the organizational unit for a new mitigation control before the request is approved. As I could see, after approval (when the control is created) they are moved to HRP1000, 1001, etc.
    I've also tried with system trace (ST01 and ST05) but I could only find these tables: GRFNMWRTINST, GRFNMWRTINSTAPPL. Unfortunately I've checked them but they don't store OU data.
    Maybe it is stored in an XML file and that's why I cant reach the table.
    If you have any idea or any experience to share, I would really appreciate it!
    Thanks and regards,
    Fernando

    Hi Fernando
    Maybe it is stored in an XML file and that's why I cant reach the table.
    I was trying to figure out the same thing and suspected that was the case. Or if there might be a temporary text file
    I hope someone here can clear it up. But it's a bit annoying in the approach as you cannot tell what changes have been requested or compare changes to current. Hope SAP eventually cleans this up.
    Might need to trace it to identify the function module that is used by approver to view the request?
    Regards
    Colleen

  • Mitigating Control creation and application in SAP GRC 10

    Hi Expert,
    We have SAP GRC Access Control 10 being implemenmted for our client.  While trying to create Mitigating Control, we just realized that Before creating mitigating controls you need to create a Root Org entry, this replaces the Business Units in previous AC versions which is visible only when we activate the GRC-PC Application.
    My queries are:
    1. Is it that Mitigation control can only be created if PC is enable.
    2. What about Licencing if GRC-PC Application is used for Mitigating Control Creation.
    Thanking you i advance.
    Thanks & Regards,
    Abhimanu Kumar Singh

    HI,
    Thank you for the response, I just checked and could find that I can create Mitigating control without PC application. It is just that PC relevant fields are not displayed.
    However can anybody answer as to what happens if I use PC to create Mitigating Control, Do I have to purchase the license for SAP GRC PC or it is ok for shared resources.
    Thanks again.
    Thanks & Regards,
    Abhimanu Kumar Singh

  • GRC CUP 5.3 SP16.3 Mitigation Controls automation removal

    Does anyone know that if you create any user requests to remove roles from a user, that if any mitigation controls were assigned to the users for those roles, the mitigating control ids can also be automatically removed from RAR during auto provisioning of the request?
    Right now, GRC CUP, if configured properly, during auto provisioning, will assign the mitigation controls automatically to the userid in RAR to mitigate the risks when the request is processed if the new access will give any SOD violations.  But if you remove the roles from a user and he/she had any mitigation ids assigned in RAR, can the request also automatically remove the mitigated control id associated with it if the user will no longer have that risk?  I have not seen the request automatically remove the mitigated id from RAR when the role was removed from the user id during auto provisioning. But I'm not sure if this requires additional workflow configuration or not.
    Will greatly appreciate if any1 is aware of this issue and how to resolve it. Or is the only solution to manually remove it from RAR..but this can be tiresome..bc then you have to run the report every week or month in RAR to remove the excessive controls assigned if the users do not have the risks anymore..comparing reports from current to previous month, etc.
    Thanks,
    A.

    Hi Alley,
    It is not possible to automate the removal of mitigation controls through a workflow in CUP. The only solution is to review on a regular basis and remove them manually from RAR
    We also has the same issue and performing manual review at regular intervals of the user & role assigned mitigation controls
    Best Regards,
    Srihari.K

  • SAP GRC AC10 Common Practices on Mitigation Control

    Hi all,
    Currently, our company is implementing the GRC tool globally and we are required to set up mitigation control. I would like to get some ideas about what structures are used in various companies. And are those mitigation control align with the internal audit practices?
    We are having some initial idea that setting up template for those mitigation control, but should these be applied to all companies? And if we set up in this way, do we still need to identify any approver and monitor in local organization?
    And the mitigation controls should be owned by global organization or compliance department or local organization?
    Please help.
    Thx!

    Hi "GRC_SAP_AUDIT"
    I presume that you have a single Global Ruleset used within the company to define the risks across the company, but some risks may not be applicable or realistically avoidable in certain parts of the organisation in different countries due to the possible nature of a "Small office" structure (i.e. a small team doing various types of job tasks which are bound to cause SOD conflicts etc). So you may want to create a control for a risk in one area/region, but not for another. This is all possible with GRC AC.
    You can have a Specific Risk assigned to as many Mitigating Control definitions; therefore if you had different controls in different countries for that risk, e.g. UK Risk F001 is to have control X applied, whilst USA Risk F001 is to have control Y applied, it is good practice to define it that way.
    With the example above, you can then assign regional Control Owners and Monitors. Usually, I recommend giving the ownership of controls to the regional/company/departmental leads (depending on your org structure) who would manage the control, as I strongly feel that this has to be business driven. The decision of what approach to take is yours, as you have to see what will be the best solution to implement within your organisation.
    Hope this helps. If you wish to add any further detail, im sure the forum members are happy to help.

  • Transport of mitigation controls from GRC Dev to GRC Production in 10.0

    Hi All,
    Is there an option to transport mitigation controls from Dev to Prod in 10.0. Where is that option available. We could not find even download or upload option unlike 5.3 in 10.0
    Thanks and Best Regards,
    Srihari.K

    Hi
    I can see that this question is marked as answered . Could you please update what steps were taken for transporting mitigation controls? Thanks
    Best Regards
    Srilakshmi S

  • GRC AC RAR: Comprehension question Mitigating Controls

    Hello all,
    I have a small comprehension question regarding Mitigating Controls.
    Situation:
    We have identified some authorization roles that contained lots of risks and we decided that they should not be used anymore. I therefore had our admins remove those roles from all the userIDs and update the role descriptions so it is clear that these roles are obsolete and must not be used anymore. For specific reasons we are currently not able to archive those roles in order to remove them from the system (can't delete them either for unclarified data retention questions).
    What has been done:
    1. I have created the necessary userIDs for Management Approver, Monitor, etc. in tab Mitigation -> Administrators -> Create
    2. I have created the necessary business unit and assigned to userIDs created in 1. in tab Mitigation -> Business Units -> Create
    3. I have created a Mitigation Control "Obsolete Roles" in tab Mitigation -> Mitigating Controls -> Create
    4. Within the Mitigatin Control I have mitigated all associated risks in tab "Associated Risks", added a userID in tab "Monitors" and I have added all the obsolete roles using the button "Mitigate roles"
    What I want to achieve:
    - Roles should not show up in the analysis anymore -> I've checked that and it works as expected
    - I now want the userID I added in tab "Monitors" and when mitigating the roles to regularly check in the SAP system whether the mitigated roles have been assigned to any userIDs again (using PFCG or any other suitable report in the system).
    Can I achieve that by using tab "Reports" within the Mitigating Control ?
    If I provide the system in column "System", provide "PFCG" in column "Action", "Use PFCG to check is role is assigned again" in "Description", add the userID in tab "Monitor" and set Frequency to "4" this would mean that that userID needs to check whether the roles have been used again at least every 4 weeks ?
    Will the system automatically send a reminder eMail to that userID every 4 weeks or does the user have to check the RAR manually in order to see "his/her" tasks ?
    Regards,
    Benjamin

    Hi Jwalant,
    sorry for my late reply, but I have waited for a few weeks to make be sure wheather the way you described works or not.
    - The background job gets executed once a week and finishes without any error.
    - The only thing that doesn't work is that the userID that I maintained in clolumn "monitor" and for which I defined a mitigation control which has to be executed every 2-weeks (using column "report") does NOT get a mail from the system that reminds him/her to execute the mitigating control.
    Log of background job execution:
    INFO: -
    Scheduling Job =>16----
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob run
    INFO: --- Starting Job ID:16 (GENERATE_ALERT) - Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob setStatus
    INFO: Job ID: 16 Status: Running
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
    FINEST: --- @@@@@@@@@@@ Updating the Job History -
    1@@Msg is Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION started :threadid: 2
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
    INFO: -
    Background Job History: job id=16, status=1, message=Z_SAP_GRC_AC_RAR_MITIGATION_CONTROL_ALERT_GENERATION started :threadid: 2
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
    INFO: @@@ Alert Generation Started @@@
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
    INFO: @@@ Conflict Risk Input has 1 records @@@
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
    INFO: @@@ Critical Risk Input has 1 records @@@
    Mar 28, 2011 4:00:00 AM com.virsa.cc.xsys.bg.BgJob alertGen
    INFO: @@@ Mitigation Monitor Control Input has 1 records @@@
    Mar 28, 2011 4:00:00 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
    INFO:  @@@@@ Backend Access Interface execution has been started @@@@@
    Mar 28, 2011 4:00:00 AM com.virsa.cc.common.util.ExceptionUtil logError
    SEVERE: null
    java.lang.NullPointerException
         at com.virsa.cc.comp.wdp.IPublicBackendAccessInterface$IStatRecInputElement.wdGetObject(IPublicBackendAccessInterface.java)
         at com.sap.tc.webdynpro.progmodel.context.NodeElement.getAttributeAsText(NodeElement.java:888)
         at com.virsa.cc.comp.BackendAccessInterface.execBAPI(BackendAccessInterface.java:401)
         at com.virsa.cc.comp.BackendAccessInterface.executeBAPI(BackendAccessInterface.java:302)
         at com.virsa.cc.comp.BackendAccessInterface.get_TcodeLog_Rec(BackendAccessInterface.java:2800)
         at com.virsa.cc.comp.BackendAccessInterface.alertGenerate(BackendAccessInterface.java:1940)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface.alertGenerate(InternalBackendAccessInterface.java:4355)
         at com.virsa.cc.comp.wdp.InternalBackendAccessInterface$External.alertGenerate(InternalBackendAccessInterface.java:4824)
         at com.virsa.cc.xsys.bg.BgJob.alertGen(BgJob.java:1666)
         at com.virsa.cc.xsys.bg.BgJob.runJob(BgJob.java:697)
         at com.virsa.cc.xsys.bg.BgJob.run(BgJob.java:362)
    here it keeps ranting on for pages about Null Pointer Exceptions
    I'll just leave that part out
    Mar 28, 2011 4:00:29 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
    INFO:  -
    No of Records Inserted in ALTCDLOG =>16 For System =>XXX_xxx -
    Mar 28, 2011 4:00:29 AM com.virsa.cc.comp.BackendAccessInterface alertGenerate
    INFO: ==$$$===Notif Current Date=>2011-03-28==$$$==Notif Current Time=>04:00:00===$$$===
    Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.mgmbground.dao.AlertStats execute
    INFO: Start AlertStats.............
    Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob alertGen
    INFO: @@@=== Alert Generation Completed Successfully!===@@@
    Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob setStatus
    INFO: Job ID: 16 Status: Complete
    Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.BgJob updateJobHistory
    FINEST: --- @@@@@@@@@@@ Updating the Job History -
    0@@Msg is Job Completed successfully
    Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.bg.dao.BgJobHistoryDAO insert
    INFO: -
    Background Job History: job id=16, status=0, message=Job Completed successfully
    Mar 28, 2011 4:00:29 AM com.virsa.cc.xsys.riskanalysis.AnalysisDaemonBgJob scheduleJob
    INFO: -
    Complted Job =>16----
    - Anothjer thing I noticed is that the job always adds some entries to table "ALTCDLOG" which I guess means something like "Alert T-Code Log".
    It always adds entries like:
    581 XXX_XXX userID#1 SE16 2011-03-21 07:49:44 xxx 5
    582 XXX_XXX userID#1 SM37 2011-03-21 07:55:44 xxx 5
    Where does the system get the information which T-Codes are "bad" and for which it needs to create those entries ? I have never configured anything like that in the system.
    Or is this an indicator that the authorization roles I mitigated have been used again ?
    Regards,
    Benjamin

  • Mitigation control errors out in CUP approval

    We are on GRC 5.3 SP8 and I am trying to create a mitigating control in RAR.  Once it goes for approval into CUP, it erroru2019s out when I try to approve it.  Here is the message:
    2010-05-25 10:57:43,367 [SAPEngine_Application_Thread[impl:3]_9] ERROR com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
    com.virsa.ae.service.ServiceException: com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:315)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callCCExitService(RequestExitServiceHelper.java:263)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.callExitServiceForApprovedRequest(RequestExitServiceHelper.java:51)
         at com.virsa.ae.accessrequests.bo.RequestBO.callExitService(RequestBO.java:5391)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5230)
         at com.virsa.ae.accessrequests.bo.RequestBO.approveRequest(RequestBO.java:5023)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.confirmRequestApproval(RequestViewAction.java:946)
         at com.virsa.ae.accessrequests.actions.RequestViewAction.execute(RequestViewAction.java:103)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(AccessController.java:219)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Caused by:
    com.virsa.ae.commons.utils.StringEncrypter$EncryptionException: Invalid PKCS#5 padding length: 32
         at com.virsa.ae.commons.utils.StringEncrypter.decrypt(StringEncrypter.java:200)
         at com.virsa.ae.accessrequests.bo.RequestExitServiceHelper.getCCDocument(RequestExitServiceHelper.java:305)
         ... 32 more
    Thanks,
    Peggy

    Hello Peggy,
      Did you recently upgraded your NW Java Support package? If yes, then kindly check the SAP Note "1417651 - Unable to retrieve connector & application configuration"
    The problem is coming due to change in NW encryption algorithm and impacted GRC as well. This is fixed in SP10 of GRC.
    Regards, Varun

  • Implementing Mitigation Control IDs

    Hi,
    We are planning to implement mitigation control ids in GRC. Currently we are only having 1 mitigation control id and all the users are mitigated into this id.
    Now, the plan is to include the mitigation control advise/comments by the SOD approvers into the GRC and thus by introducing multiple mitigation control id we could achieve this.
    In our system users are mapped as per the Business Unit and we have around 25-30 business units. so each BU is have a seprate mitigation control approval (SOD Approver).
    We have around 150 Risk IDs.
    We are not able to understand how to design mitigation control IDs in such case? Is it a best practice to create mitigation control ID for each Risk ID in the system (May be we can group similar Risk IDs)? Your help is appreciated.
    Thanks,
    Umesh

    Hi Umesh,
    No, for 1 Mitigation COntrol there are serveral Monitors and users who are mitigated are added to only 1 mitigation control id.
    Which means you have multiple people monitoring every risk in your system. Does all of the monitors belong to the same functional group?? If yes, what happens if there is a risk in other functional groups? How they can identify and monitor it??
    If no, why a FI functional group monitor, needs to monitor the risk related to other groups?
    Can you pls explain more on primary and secondary functions?
    If the risk is related to one functional area only, the respective functional area will own it. If it is a cross functional risk, then it will be owned by both the functional area managers, which is often referred as primary and secondary functions.
      and what are the disadvantage of creating 1 mitigation control id for each risk (may be grouping some risks) considering the fact that we have 25 business units.
    It is just like giving 1 coke with 100 straws while you still have a stock in your refrigerator
    Regards,
    Raghu

  • Mitigation Control Description export

    Hi all,
    I am working on upgrade from Virsa to GRC 5.3 upgrade.
    I am trying to upload the mitigating controls into GRC-RAR after exporting from Virsa.
    I am not able to get the descriptions of the Mitigation control in complete on my export. Only the first line is getting exported.
    We have about 900 ! Controls in place.
    Is there a better way  to get all the lines in the description field when we export it out of Virsa.
    your suggestion will be helpful.
    Thanks
    Vidyar

    Hi,
    do you have a J2ee cluster running on your server??? if so, you have to set up the same url parametter for reporting, i the parameter area of AC.
    regards,
    Alejandro

  • Validity period mitigating control

    Hi,
    I checked this forum but didn't find any helpful thread for my question. We are using GRC version 5.3. Is there any SAP report or tables available that would show history of mitigating controls per user? In running the Compliance Calibrator for a user, SOD issues were present that we didn't expect because we thought existing mitigating controls were applied and that we were  regularly monitoring this user for the associated risks. We thought that the problem might be that the validity period might have expired, but our corporate security group currently doesn't even show the mitigating control for the user. I wanted to look at the history of the mitigating control for the user to see if I could validate their claim.
    Thanks,
    John

    Hi,
    First of all, there's a special forum for GRC: "Governance, Risk and Compliance".
    Check under RAR-> configuration tab:
    Default expiration time for mitigating controls (in days) 
    When assigning a mitigating control to a risk, you must specify the validity period of the controlIf the End Date is left blank, the value in this option is used to calculate the end date of the validity period; the default value is 365 (days)
    Check also under CUP->configuration->mitigation.
    You'll be able to find the documentation for this configuration parameters in the corresponding Config Guide.
    Regarding Mitigation controls per user, I guess you can just check RAR -> Mitigation tab.
    Cheers,
    Diego.

Maybe you are looking for

  • IMac 27" flashes to white on startup, chimes, then goes to a black screen. It works fine on an external monitor. Any ideas how I can fix this?

    I've got a late 2009 iMac 27". When I start it up, it chimes and makes all the normal sounds. The screen flashes white for 2 seconds, then goes black. The iMac starts up (if I use an external monitor, it works fine) but the screen remains black. Weir

  • [SOLVED] Unable to boot Arch installer

    Hello everyone. I am no experienced Linux user (I'm just about one year and a half), but I think that dealing with things is the way to learn about them. I'm using Debian and want to switch to Arch. I have an USB drive, and would like to put the inst

  • Airport Printing fails after one job

    There seems to be a lot of printing issues with Airport but I can't find a solution for my problem. I have an Airport Extreme attached to a USB printer. It will print fine from my Powerbooks running Tiger or Leopard but when I try to print from the n

  • Help. please ResultSet prob

    hi using a mckoi databse setup. i have a number being read in from a txt file whiichis in turn used for searching the database, no problem there, so its finding the data ok. problem is i need to use the data it finds in other parts of the program. ho

  • Refresh the window only one time

    hi, i want to refresh my window only one time using the javascript code window.location = window.location.href. But i am in a situation to write the code in the event of form load. so i the code is executing infinitely. but i want to refresh my windo