Mass application of mitigating control to users

Similar Messages

• Mass maintenance of Mitigation controls in GRC 10.0

  Dear All,
  How to do mass maintenance of mitigation in ARA of GRC 10.0. We successfully migrated the mitigation controls from 5.3 to 10.0. I need to change the monitors for many user conflicts and also add new user conflict mitigation controls. Is it possible to do a mass changes in GRC 10.0 as there is no upload functionality for mitigation controls
  Thanks and Best Regards,
  Srihari.K

  Hi Sri,
  you can achieve by downloading and uploading the mitigations.
  Go to SE38 and use the following program GRAC_DOWNLOAD_MIT_ASSIGNMENTS to download the file and make necessary changes to it and upload the file by using the following program GRAC_UPLOAD_MIT_ASSIGNMENTS.
  and put the active column in the file as X.
  Regards,
  Venugopal Ireni

• Need help on making desktop application to web application having individual controls for users at the same time

  Hi,
  I have an desktop application and the following are the functionalities of the same.
  1. User inputs the data file with path (log file) to parse the required data.
  2. Once the user enters the path and starts the tool with start button, the tool parse the required data in terms of records and gives the records (creates output file containing all the useful records).
  3. Have popup window to display a group of data.
  4. Have popup to Plot graph. When a button is pressed in main GUI, the popup is opened giving scroll bar menus to choose the data for the graph. User after selecting the data (multiple Y axis) press another button to plot the graph. The input to this popup is the output file generated by this tool.
  5. The main GUI has buttons (play, step forward, step backward, reverse play, pause, stop, 1st record, last record - like tape recorder buttons) to play the records one by one.
  This application is used by many people and since its a desktop application (created in labview 2009), the user every time has to manually install the newer version.
  "So it is required to make the application into web based so that, the user can individually access the tool at the same time (different instances same as desktop app) and run their own data files from their system. The output files to be stored in the respective user's system."
  Can this be done using Web Publishing or Web Services present in LabView?
  I tried using Web Publishing but it gives control to only one user at a time and loading the files from the client path to run the tool is not possible.

  Simple. 
  If all you are worried about are updates, just put the EXE on a shared network drive and have your users launch it from there.

• CUP-5.3-SP13-Mitigation Controls by rol/users

  Hi all!
  Since RAR consider mitigations contros both by rol and users, If I have the role ZROL1 mitigated for the ID risk P001* then, would be able CUP to consider this mitigation control even when CUP is managing users?
  I mean, if ZROL1 has a mitigation control, would appear at the request the ID risk whenever I add this role to a user?
  Many thanks in advance! any help would be welcomed.
  Margarita.

  Hi Margarita,
  If you want it will consider the role level mitigation controls. So in the request risk violation will not be shown.
  For this u need check the option, consider mitigation control in CUP. Configuration-> Risk anlsysis.
  Also in RAR following things needs to be done.
  RAR Configuration->Risk analysis-> Defaults values.
  Exclude mitigated Risk as yes.
  RAR Configuration-> Risk Analysis ->Additional options
  Include Role/Profile Mitigating Controls in User Analysis  as yes.
  If above values are defined as No. than Risk Voilation will be shown in the request.
  Kind Regards,
  Srinivasan

• RAR 5.3 - Mitigating Control Mass Upload

  Hi Everyone,
  My client wants to perfrom a mass upload of Mitigating Controls, but I can't find the format of the tables that are needed.
  I have tried creating a control manually, exporting it and then changing the file and uploading but it always throws an error.
  I know that there is a SAP Note about this but it is Internal Only.
  Can anyone help?  I guess I am looking for standard upload file format or something of that nature.
  regards
  Simon

  Hi Frank
  as always you are the man who knows the answer!!
  You were correct Excel 2007 had converted 2010-10-11 to 11/10/2010, during the importation process, even though I had told it to keep all fields as text.
  Additionally, on almost every row of the export file after having made the changes in excel, it had added several "TAB" characters as well, so I had to go down every line of the upload file to remove the extra "TABS".
  After that it worked perfectly.
  Now I will attempt world domination, after all it must be easier than trying to configure Access Controls 5.3
  Simon
  Edited by: Simon Carty on Nov 26, 2010 10:05 AM
  Edited by: Simon Carty on Nov 26, 2010 10:05 AM

• Risks has been removed but Mitigating Control still stays with the users?

  Hi all,
      I have a situation where after a risk has been removed from the users by removing the violating roles, however the Mitigating Control still remains tagged to the same user. Is there any efficient way of removing Mitigating Controls from users where the risks no longer exists?

  Hi Joseph, thanks for the info. My problem comes in when the user request to have the violating role removed via CUP and it so happens that the Mitigating Control assigned for the old risk still has 6 more months of validity left. It seem like there is no mechanism to auto remove this MC when the role has been removed after the request in CUP have been approved and auto-provision.
  My problem is that there might be many more of such users with redundant MC assigned to them in RAR. I can't find a way to search for such redundant MCs for cleanup. There is a possibility that when the same roles are assigned back to the users via request in CUP, these redundant MC if applicable will cause the Risk Analysis via CUP to not flag out any SoD issue.

• Validity period mitigating control

  Hi,
  I checked this forum but didn't find any helpful thread for my question. We are using GRC version 5.3. Is there any SAP report or tables available that would show history of mitigating controls per user? In running the Compliance Calibrator for a user, SOD issues were present that we didn't expect because we thought existing mitigating controls were applied and that we were  regularly monitoring this user for the associated risks. We thought that the problem might be that the validity period might have expired, but our corporate security group currently doesn't even show the mitigating control for the user. I wanted to look at the history of the mitigating control for the user to see if I could validate their claim.
  Thanks,
  John

  Hi,
  First of all, there's a special forum for GRC: "Governance, Risk and Compliance".
  Check under RAR-> configuration tab:
  Default expiration time for mitigating controls (in days) 
  When assigning a mitigating control to a risk, you must specify the validity period of the controlIf the End Date is left blank, the value in this option is used to calculate the end date of the validity period; the default value is 365 (days)
  Check also under CUP->configuration->mitigation.
  You'll be able to find the documentation for this configuration parameters in the corresponding Config Guide.
  Regarding Mitigation controls per user, I guess you can just check RAR -> Mitigation tab.
  Cheers,
  Diego.

• How to mitigate control at User levels

  Hello Friends,
  Can anyone send me step by step process documentation on how to mitigating control at user levels? I have already run the risk analysis ( Global Conflict roles analysis/risk analysis). So I do have all detail information like control ID , management approver and description,etc.
  It will be highly appreciated on any guidence on this.
  Regards,
  Suvi

  Hi,
  Please follow the below steps to mitigate user.
  1.  once you get the all details ( Mitigation control id, approver id and Monitor id), then select/click on the RAR Mitigation tab-> click on the Mitigated User option->search.
  There is one page is open and then click on ADD button at the bottom of the screen. once you click on add option it will ask the Mitigation control id, user id, Risk id etc... once filled the all required filelds and save. Now successfully applied the moitihation control to the particler user.
  Regrads,
  Arjuna.

• Uploading mitigating controls - UAT to production system

  Dear gurus
  Before i place the issue i would like to give some background: In the Production system of Complaince calibrator we have 3 systems assigned Production, UAT and Develeopment. We are the implementation team and are not authorised to assign the mitigating controls for users in production system , therefore before going live we have assigned the mitigating controls to same set of users in UAT system in the production system of compliance calibrator. Now the region has gone live and the same set of mitigating controls needs to be assigned to same set of users with same risks to production system users.
  Issue: Now there are over 100 users and its not feasible for us to manually once again assign the same mitigating controls to the users. is there a posiibility to automate this assignment or will we have to do it manually. In case we can automate then how? in case we have to manually do it what is the best way to cover the users faster.
  Thanks in advance
  Vani

  Thanks Frank, Would you advise which would be the better editor?
  Hi Alpesh,
  If i understand correct, you mean to say that its the same table, since its the same RAR production system, but currently while adding the mitigations I would have chosen the users as mentioned in UAT system that is attached to RAR production, but how do I make it as production system? If i go by what you say, I should add the user ids as per the production backend system in the same tabel and then it will automatically pick it while running reports for production users, is that correct?

• How to create the user on Internet Application Server(IAS) control console

  Hi All,
  My Client is asking me for How to create the user on Internet Application Server(IAS) control console 10.1.2( 10g release 2).
  If anyone have the document for How to Create the User on Internet Application Server (IAS) console 10g release 2 , then please send me the document and help me out from this Concern.
  Regards,
  Yadav@intelli.
  Edited by: 851080 on Apr 8, 2011 6:31 PM

  Are you using OID? Can you provide more details about your iAS environment?

• Maintain Validity Date for Mitigation Control Assignment to Users Virsa 5.2

  We have over 1,000 SoD's all mitigated.  The val;idity date for these mitigation controls needs to be updated.  Does anyone know a way to perform a range of updates so it is not necessary to update each user assigned to a Mitigation Control.

  The only way to do that currently would be to download the table information, edit in Excel and re-upload the table.
  Not for the faint of heart, but doable.
  Frank.

• Mitigating Control creation and application in SAP GRC 10

  Hi Expert,
  We have SAP GRC Access Control 10 being implemenmted for our client.  While trying to create Mitigating Control, we just realized that Before creating mitigating controls you need to create a Root Org entry, this replaces the Business Units in previous AC versions which is visible only when we activate the GRC-PC Application.
  My queries are:
  1. Is it that Mitigation control can only be created if PC is enable.
  2. What about Licencing if GRC-PC Application is used for Mitigating Control Creation.
  Thanking you i advance.
  Thanks & Regards,
  Abhimanu Kumar Singh

  HI,
  Thank you for the response, I just checked and could find that I can create Mitigating control without PC application. It is just that PC relevant fields are not displayed.
  However can anybody answer as to what happens if I use PC to create Mitigating Control, Do I have to purchase the license for SAP GRC PC or it is ok for shared resources.
  Thanks again.
  Thanks & Regards,
  Abhimanu Kumar Singh

• Mitigation controls assignation to users in RAR

  Hi,
  While assigning mitigation control to the users (RAR>Mitigation> Mitigated Users-->Add), it is only possible to assign 1 user at a time...Would it be possible to assign more than 1 user through multiple selection
  Thanks
  Abhijeet

  Abhijeet,
  From that path, you cannot assign multiple users at once however, if authorised, you can upload mitigation controls and within the upload files, you can upload users assigned to them.
  Simon

• Workaround for non-SAP mitigating control reminders

  Dear all,
  Our business users would like to document mitigating controls in RAR 5.3 regardless of whether they are connected with an SAP report. They would also like to receive email reminders for those controls.
  Unfortunately, the frequency of the control can only be defined per connected SAP report and reminders will only be sent for controls if the SAP report has not been executed.
  Have you been exposed with a similar requirement? It seems like a natural thing to ask from a business perspective. RAR 5.3, however, is not designed in that way.
  Have you come up with any feasible workarounds for this?
  My current approach would be to create a dummy Z-report per SAP system (such as Z_MANUAL_MITCTRL) that control monitors have to call once to confirm the execution of their control.
  Cheers and best regards
  Patrick

  Hello,
  Regarding your question, in fact this is dependant on how your UME (User Management Engine) is configured on your WAS (Web Application Server). If the UME is connected to your R/3 back-end then the user need to have a R/3 account to connect to CC, otherwise if your UME is "independant" then you just need to create an account in the UME.
  Regards,
  Jérôme.

• Report Tab in Mitigation Control

  Dear Experts,
  Can anyone explain me the purpose/usage of Report Tab in Mitigration Control. I have browsed the forum but could not understand the actual need of this tab as I found different answers.
  Thanks,
  Raj

  HI Raj,
  Access Controls is used as a documental tool for Mitigating Controls, rather than a implementing tool, i.e. you apply the control against the role/user, but the actual application of the control is performed outside of Access Control. This may be realized by running a custom SAP report to monitor the usage of the risky functions within the ECC system etc.
  Access Control allows you to document such reports against the Mitigation Control, so this is the purpose of the tab. Given that GRC 10.0 integrates AC and PC, Mitigating Controls is master data that is shared amongst the different GRC modules, so I get the feeling Process Controls might utilize the "Report" data and check if the reports are being monitored by the control monitor/s at the scheduled frequency etc.