GRC CUP to disable mitigate option

Hi,
How can i disable mitigate option,when approver do risk analysis,we don't want approver to assign/create mitigate control .I know if i wouldn't put mitigation URL in mitigation can work.But, in SP14 if i remove mitigation URL. approver gets 500 server error.
Any solution.
Thanks
MUSHU.

Try removing the permissons Viewmitigation and create mitigationcontrol from the role.
Regards,
Chinmaya

Similar Messages

  • Role Upload template for SAP GRC CUP 5.3

    Good Morning / Afternoon / Evening SAP Security Gurus,
    I am looking to upload end user roles via a role upload template spreadsheet for use in SAP GRC CUP 5.3.  I am referring specifically to the recommended template mentioned in step 11 of the 5.3 Post Installation CUP guide, so that roles can be picked within ERM for workflow.
    According to the guide, it recommends uploading from the backend systems via a spreadsheet - any template versions or advice on finalising this would be most appreciated.
    Best Regards
    Steve

    Thanks Ashish,
    Someone else recommended this option as well via another forum. Have tried it out and working fine. 
    Thanks for the reply
    Steve

  • GRC CUP 5.3 SP16.3 Mitigation Controls automation removal

    Does anyone know that if you create any user requests to remove roles from a user, that if any mitigation controls were assigned to the users for those roles, the mitigating control ids can also be automatically removed from RAR during auto provisioning of the request?
    Right now, GRC CUP, if configured properly, during auto provisioning, will assign the mitigation controls automatically to the userid in RAR to mitigate the risks when the request is processed if the new access will give any SOD violations.  But if you remove the roles from a user and he/she had any mitigation ids assigned in RAR, can the request also automatically remove the mitigated control id associated with it if the user will no longer have that risk?  I have not seen the request automatically remove the mitigated id from RAR when the role was removed from the user id during auto provisioning. But I'm not sure if this requires additional workflow configuration or not.
    Will greatly appreciate if any1 is aware of this issue and how to resolve it. Or is the only solution to manually remove it from RAR..but this can be tiresome..bc then you have to run the report every week or month in RAR to remove the excessive controls assigned if the users do not have the risks anymore..comparing reports from current to previous month, etc.
    Thanks,
    A.

    Hi Alley,
    It is not possible to automate the removal of mitigation controls through a workflow in CUP. The only solution is to review on a regular basis and remove them manually from RAR
    We also has the same issue and performing manual review at regular intervals of the user & role assigned mitigation controls
    Best Regards,
    Srihari.K

  • Deletion of mass roles from GRC CUP 5.3

    Dear All,
    I have requirement to delete 1000 roles from GRC CUP 5.3.
    I can see option to delete the roles individually under "search role" option but I am not able to find option to delete mass roles.
    Please advice.
    Regards
    Trinadh Bokka

    Hello Trinadh,
    It is not possible to delete all the roles at once through the User Interface. However, you can select a lot of roles at the same time by searching for a role pattern. For example, retrieve all roles starting with Z*:
    Hope it helps,
    Fernando

  • Future direction of User Provisioning Tools ( GRC CUP or IDM)

    Hi Security Colleagues,
    We all know that SAP has GRC CUP(Access Enforcer) and NW IDM for provisioing.
    We can use either of toll for user provisioning.
    Based on your experience , what is the best tool ? ofcourse ,It changes from one company to other depends on requirements.
    I am noticed that  lot of SAP devlopment activity going on around IDM.
    Based on SAP's future direction, what is the best tool ?
    Its a common problem for most of SAP customers as SAP is giving IDM freely as part of NW license.
    please share your thoughts..
    Thank You.

    For Futuristic product availabliliy, I always prefer the following two places to check. Can you please also check their?
    http://service.sap.com/pam
    http://service.sap.com/scl
    Check the following Two points under the 2nd Link:
    Scenario & Process Component
    SAP's Release Strategy
    Now based on your query I will also stick to the suggestions given in the Other two posts. To add few more points which you may get helpful I would like to emphasize on the below discussion:
    u2022 SAP NetWeaver Identity Management helps companies to centrally manage their user accounts (identities) in a complex system landscape. This includes both SAP and non-SAP systems.
    u2022 The solution provides an authoritative, single source of user information and enables self-service management of user information and authorizations using workflow technology.
    u2022 In many cases resources such as meeting rooms, PCs and mobile devices, which all may have their own identity in some context, can be included in an identity management solution.
    Out of all other points, lets discuss about Provisioning:
    u2022 The term provisioning is often used to denote user provisioning or account provisioning.
    u2022 The functionality includes:
    o creation of accounts
    o setting initial passwords
    o setting and modifying access rights
    o disabling (revoking) an account
    o deleting an account
    u2022 The overall purpose is to make sure an identity (for example a user) has the correct access to the applications.
    u2022 User provisioning products also include workflow capabilities to apply business rules to the account provisioning process and typically provide user self-service capabilities (e.g., password reset)
    (All these details I picked up and pasted here from different section of a Solutioning Material I prepared for my company to introduce IDM solutions to my customer... couldn't give here properly due to space constraints). You can understand the Importance SAP is imposing on this product for All aspects of Automating Security and Identity of Living and Non-Living staffs as well. By using this you can get more benefits besides of Provisioning which is available in separate Solutions under other products like Virsa etc. Please go through the relevant materials available in the IDM Forum (Bernhard provided u the link) to understand go for an realization assessment.
    regards,
    Dipanjan
    Edited by: Dipanjan Sanpui on Oct 5, 2009 11:42 AM

  • SAP GRC CUP Getting message "Some unmitigated risks exist".

    Hi,
    when there is one profile or role,when approver mitigate the request.It gets message" Some unmitigated risks exist".
    Already it's configured as unchecked for "Allow Approvers to approve access, despite any conflicts" in GRC CUP.
    Any advise or solution.
    Thanks
    shahed.

    Hi Shahed,
    When u you the seeting "Allow approver to approve dispite Risks" as unchecked. This setting exist at stage level as well as at global level. Stage level setting get the preference. With this setting Approver will not be able to approve the request untill all risks are mitigated or no risks exists. It will show an error some unmitigated risk.
    Kind Regards,
    Srinivasan

  • How to disable the option of "Overprint [Black] Swatch at 100%" in Indesign by Java Scripting

    Hi Guys,
    We have a requirement where we have to disable the option of "Overprint [Black] Swatch at 100%" in Indesign. This option is available when we go to Indesign ---> Preferences----> Appearance of Black.
    Also, if a user opens a file, in which the swatch is already enabled, then it should prompt him for disabling.
    I am aware of doing it through AppleScripting, however I would be needing it on both mac as well as Windows Workstations and hence as such I require a JavaScript here.
    I am novice to JavaScripting and any help would be highly appreciated.
    Thanks Everyone,
    Abhishek

    Thanks for your response!!
    However, currently this action gets applied to only active documents.
    Can we keep the status disabled after we close the indesign document. We need to have it disabled in the preferences panel.
    Thanks again for your help !!
    Regards,
    Abhishek

  • How to disable the option of "Overprint [Black] Swatch at 100%" in Indesign by Apple Scripting

    Hi Friends,
    I am new to Indesign Scripting by Apple Script. As a beginner, I am trying to do some basic scripting in Indesign by Apple Script.
    My aim is to disable the option of "Overprint [Black] Swatch at 100%" in Indesign. This option is available when we go to Indesign ---> Preferences----> Appearance of Black.
    Also, if a user opens a file, in which the swatch is already enabled, then it should prompt him for disabling.
    I can make a display dialog in AppleScript. But, I am bit unsure as how can I go ahead and disable this option. I tried this below script:
    tell application "Adobe InDesign CS4"
          tell every layout window to set overprint preview to false
    end tell
    However, it is changing the view option to overprint preview.
    Appreciate your help and suggestions!
    Thanks,
    Abhishek

    tell application "Adobe InDesign CS5"
              tell the active document
                        set overprint black of document preferences to false
              end tell
    end tell

  • How to disable save option from adobe toolbar in Acrobat Reader

    We need to disable Save option from Acrobat Reader plugin in Internet Explorer 8/9/10 version.
    Acrobat version is X.
    Is it possible to disable Save ( Floppy Disk) icon?
    We have disabled printing and copying.
    Please help

    You are, I'm afraid, chasing an impossible security that cannot exist. Many have sought this, but it just isn't there -- and there is so much more than the save button involved.
    If you are a big enterprise with sensitive information consider DRM solutions ($$$$+).

  • GRC CUP Error creating request. Approver not found

    Hi,
    We just upgrade from GRC CUP 14 to GRC CUP 15.6 support pack.I already performed post upgrade steps and when i try to create a request i am getting approver not found.i didnot change workflow.In stage for role approver we have approver determinator "role".
    system log report
    com.virsa.ae.workflow.NoApproverFoundException: No approvers found for req no : 493, for reqPathId, 662, for path, PROD_APPRV_PATH and approver determinator : Role
         at com.virsa.ae.workflow.bo.WorkFlowBOHelper.handleApproversTransactions(WorkFlowBOHelper.java:1469)
         at com.virsa.ae.workflow.bo.WorkFlowRequestCreateHelper.handleWFForNewPath(WorkFlowRequestCreateHelper.java:278)
         at com.virsa.ae.workflow.bo.WorkFlowRequestCreateHelper.createNewWorkflow(WorkFlowRequestCreateHelper.java:167)
         at com.virsa.ae.workflow.bo.WorkFlowBO.saveNewWorkflow(WorkFlowBO.java:120)
         at com.virsa.ae.accessrequests.bo.RequestBO.saveNewRequest(RequestBO.java:579)
         at com.virsa.ae.accessrequests.actions.CreateRequestAction.createRequest(CreateRequestAction.java:381)
         at com.virsa.ae.accessrequests.actions.EUCreateRequestAction.createRequestHandler(EUCreateRequestAction.java:135)
         at com.virsa.ae.accessrequests.actions.EUCreateRequestAction.execute(EUCreateRequestAction.java:68)
         at com.virsa.ae.commons.utils.framework.NavigationEngine.execute(NavigationEngine.java:295)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:431)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
         at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
         at com.virsa.ae.commons.utils.framework.servlet.AEFrameworkServlet.service(AEFrameworkServlet.java:461)
         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:401)
         at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:266)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:386)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:364)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:1039)
         at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:265)
         at com.sap.engine.services.httpserver.server.Client.handle(Client.java:95)
         at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:175)
         at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
         at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
         at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
         at java.security.AccessController.doPrivileged(Native Method)
         at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:104)
         at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:176)
    Please let me know solution ASAP.This is high priority.
    Thanks
    Yakoob.

    It looked like some old request stuck in DB.But, not sure about it.I tried by changing the number ranges in configuration by giving the current request number in "from number",but it didn't work.
    This is strange some time it gives "error creating request: path not found." and once this error gone then "error creating request : approver not found".
    To avoid this i created one more stage by custom approver determinator with application attribute and approver assiged.This stage, i assigned before role approver stage then it worked,Request get created and request get provisioned.
    i don't understand why it's not working,if i assigned role approver stage first in a path of workflow.role approver (approver determinator:"role" standard one, "approver" gets from configuration:roles:create role:role approver OR upload from role import).
    Please help
    Thanks
    Yakoob.

  • Disable cut option in Indesign CS5.5

    Hi,
    I want to disable CUT option in indesign once document is opened. I have added ActionFilter.cpp in my project and added following code in "FilterAction" function,
    IDocument* myDoc = Utils<ILayoutUIUtils>()->GetFrontDocument();
        if (myDoc)
           switch(actionID->Get())
                   CAlert::WarningAlert("1");
                case kCutActionID:
                case kCopyActionID:
                case kPasteActionID:
                   CAlert::WarningAlert("2");
                    *componentClass = kSampleActionComponentBoss;
                    break;
                default:
                    break;
    But it is failed to disable CUT menu. and even warning alert "1" is not displayed. Am I missing anything in this? please let me know.
    Thanks in advance

    Hi,
    I have solved this issue
    took help of SuppUI sample code of indesign.
    Thank you

  • Disable Bluetooth Option

    Our company deals with audio/video media provided by content providers and per MPAA guidelines we need our macs configured where no media content can be copied/transferred out of Macs via External Drives, Wireless, Bluetooth etc.
    I was able to configure mac to restrict copy to external connected drives. But iam wondering how to disable bluetooth option so that data transfer to a bluetooth device can be avoided. Is there a way we can disable or remove bluetooth option in Macs?
    Thanks for yourhelp

    Have you checked this item in BIOS: "BIOS --> Security --> I/O Port Access --> Bluetooth"?
    ThinkPad T500 2082-6PG: T9400(2.53GHz), 2GB RAM, 250GB 5400rpm HD,
    LCD, 256MB ATI Radeon HD3650, Secure chip, Fingerprint reader, WinXP SP2

  • Is there a way to disable the option to save files in the cloud for a companies user base in the new subscription model??

    Our corporation is mandated by privacy laws within provincial legislation that prevents us from using cloud based storage outside of our province for the storage of data.  We are unable to continue using Adobe products based on the new subscription based model due to the inclusion of cloud based storage.  We need to have a way to disable the ability/option for our large corporate user base to store data files in the cloud.  Merely having the "option" to store files in a location of one's choice is not sufficient based on the policies we are legally forced to adhere to.  Without the option of disabling the cloud storage for our user base we will be forced to look at other vendors products to fill the needs we have that are currently filled by the Adobe line of products.  We would prefer to stay with Adobe products...so if someone knows how to disable this option (via registry edits, etc.), please advise.

    hi Nikolay,
    there is no clean solution for your problem. Browsers cache files by url, you can avoid caching appending in query string unique value per deployment. For example
    _layouts/my_js_file.js?v=<current date> - will be refreshed from cache when day changes
    _layouts/my_js_file.js?v=<GUID> - if guid is generated on every request, this file should never cache
    _layouts/my_js_file.js?v=<product version> - more preferable solution, browser will update cache on every new version that was deployed
    Actually, ScriptLink should take care about this, internally it has a method that appends unique id into query string based on js file content, if content changed, hash is also changed and new unique id is generated.
    Check Below link for more information
    http://sharepoint.stackexchange.com/questions/57874/how-to-avoid-caching-issue-when-using-custom-javascript-and-css-deployed-under
    You can also check this link
    http://www.sharepointnutsandbolts.com/2011/11/avoiding-bugs-from-cached-javascript.html
    Please mark the Answer and Vote if it will help to resolved your issue

  • How to disable the option of Resart for application error in SXMB_moni

    Hi Experts,
    I have a scenario of JDBC to Proxy.In this we have created Fault message type to capture any error.The requirement is to disable the option of Restart in SXMB_MONI for application error generated with Fault message.We have made coding for generating application error in inbound proxy code.Looking for a quick reply.
    Thanks
    Deepak

    Hi Mayank,
    I am looking for disabling the "Application Error" generated from Fault message of inbound proxy to "Resart" using Resart button in SXMB_moni of Application system ECC.what I am referring to is how to disable u201Crestartu201D (not resend) of the messages in SXMB_MONI if they have errors.
    For example, the interface to load some entries calls a proxy which may load some messages successfully and some may result in errors. This would appear in the SXMB_MONI with application errors with restart capability. If the user restarts the message it will post the entries again which were successfully posted earlier. We would like to prevent this from happening.
    Thanks
    Deepak
    Edited by: deepak jaiswal on Mar 2, 2010 5:19 PM

  • How does GRC CUP handle scheduled termination set up in SAP HR ?

    Dear Experts,
    We are planning to use "HR Tiggers"  for Hire, Terminate and transfer events in GRC CUP ? Can some body help me understand how does GRC CUP handle the termination requests that are scheduled in future ?
    Thanks
    Kumar

    I configured HR trigger rule for infotype 0000 & subtype Z1,field MASSN with value equal to 01 to trigger new hire...i don't see any data being populated into table /VIRSA/INT_TRIG & ?VIRSA/DATA.
    I could see the rule in table /VIRSA/RULEATTR.
    Any help would be appreciated.
    Thanks,
    Srinu

Maybe you are looking for