Mitigated Risks Still Show up on User Analysis - RAR

Similar Messages

• I just changed my user name to my e-mail address on my iMac. It works fine there but when I try to use my iPhone it still shows my old user name and will not let me enter??

  I just changed my user name to my e-mail address on my iMac. It works fine there but when I try to use my iPhone it still shows my old user name and will not let me enter??

  There is no user name needed to "enter" or use iPhones...
  Assuming you mean your iTunes Store account ID:
  Settings > Store > tap ID > sign out > sign in with new ID

• Risks has been removed but Mitigating Control still stays with the users?

  Hi all,
      I have a situation where after a risk has been removed from the users by removing the violating roles, however the Mitigating Control still remains tagged to the same user. Is there any efficient way of removing Mitigating Controls from users where the risks no longer exists?

  Hi Joseph, thanks for the info. My problem comes in when the user request to have the violating role removed via CUP and it so happens that the Mitigating Control assigned for the old risk still has 6 more months of validity left. It seem like there is no mechanism to auto remove this MC when the role has been removed after the request in CUP have been approved and auto-provision.
  My problem is that there might be many more of such users with redundant MC assigned to them in RAR. I can't find a way to search for such redundant MCs for cleanup. There is a possibility that when the same roles are assigned back to the users via request in CUP, these redundant MC if applicable will cause the Risk Analysis via CUP to not flag out any SoD issue.

• Mitigation runs against role but not user with same role assignment

  Hello, I'm currently running Compliance Calibrator 4.0. I've created a Mitigation Control and assigned a number of Risks to the Mitigation Control.
  I've then assigned the Risks in that Mitigation Control to a specific role.
  When I run the SoD check, the role no longer shows any issues. This is good and expected.
  However, when I run the SoD against a user that has that role assigned the user is reported with issues when no SoD issues should be shown.
  Am I missing something? I don't believe I need to assign Mitigation Control to the user, because one day the risk might be valid to that user, but just not for the role I'm trying to mitigate against. Many thanks.

  Hi Dylan, the system is reacting correctly.
  When you mitigate a role, you mitigate the risk associated with the role and under 'Role Analysis' you will see that this role has been mitigated.
  However when u run a User analysis, the system will still identify him if there is a 'RISK' associated with the user and this is regardless of whether the associated Role is mitigated or not because what you want to know is the risk of the user and not what roles this user has.
  You will need to specifically mitigate the User in order for the mitigation control to show against the User in the report.
  This is the same Vice Versa. when you mitigate a User, it also does not mean that all the associated Roles that the user have are mitigated. The risk associated with the roles will still appear when you do 'Role Analysis'
  Cheers!

• I upgraded from 3gs and want to use my old 3gs as an ipod. how can i update my new apple ID on the 3gs as it still shows a previous one that I had?

  I recently upgraded from 3Gs to Iphone4 and want to use my old 3Gs as an ipod. how can i update
  the user ID on the 3gs to a new one that I have as it is still showing a previous user ID?

  Settings>Store...tap the ID shown...sign out...sign back in with the ID you want to use.

• Virsa Config Logic?: Include Role/Prof mitigating contls in User Analysis

  Hello All, 
  After changing configurations option "26 Include Role/Prof mitigating contls in User analysis(YES/NO)" to YES from NO, I noticed that the mitigation seems to be overextending itself into other roles. Example:
  User with RoleA, RoleB and RoleC has potential conflicts. It turns out that RoleC is not a real problem but RoleA and RoleB are. So, I mitigate one rule against RoleC.
  With the configuration option 26 set to YES, I would expect that The mitigation control would apply only against RoleC and SoD issues against RoleA and RoleB should still be a problem; however, RoleA and RoleB are now also mitigated. Therefore, this means that roles which I had not intended to be mitigated are mitigated.
  How should the logic within Virsa be understood?
  Thanks, Dylan

  Adding details to this subject, here is a test scenario for which anyone can try:
  Build RoleA only with S_TABU_DIS and change/display access to P000 to PZZZ table groups.
  Build RoleB with transactions PC00_M10_CDTC and PC00_M99_CURSET
  Build RoleC also with transactions PC00_M10_CDTC and PC00_M99_CURSET
  Create a dummy user with all three roles assigned and run the SOD report against the user and risk H00600501.
  Afterward create a mitigation for that risk and RoleC combination only.
  Re-run the report. If possible, please also list your Virsa version and support pack level. The customer system I'm on is 4.0 and SP 04.
  Many thanks for any help in this regard. The mitigations configuration option is a really important option under the circumstances and I would like to use it but cannot at the moment considering the results.

• Mitigating risks during new user account creation

  I have a requirement for AC 10.
  Is it possible to send a message from the security admin stage to role owner stage to know whether to mitigate the risk or not without approving the request at security stage. I am unable to understand the stages to be configured so the mitigation risks can be done during the new/change account request type.
  I would like to know who should be responsible for mitigating the risks while creating the request for new or change user account. If we assume that the risk is not mitigated already.  Is security admin or role owner will mitigate it.

  Is it possible to send a message from the security admin stage to role owner stage to know whether to mitigate the risk or not without approving the request at security stage.
  It is not possible to send a notification. However, the mitigation options can be used to identify the same in the request.
  I would like to know who should be responsible for mitigating the risks while creating the request for new or change user account..
  This is purely based on the process that you follow in your organization/project. Here are some instances:
  1. If the role framework is properly maintained (risks are mitigated at the role level, and only composites are assigned to user) - Niether the business owner nor the security person needs to mitigate the risks at users level, since all the risks are already mitigated at the role level.
  2. If the role framework is not properly maintained and single roles are assigned to users - Migitation is required. However, in a few instances, the BPOs or the functional owners will perform a risk analysis, mitigate if necessary and then raise the request. This can be done in RAR manually or also can be done in CUP.
  3. The mitigation tasks are completely owned by Security team and BPOs or functional owners will only approve/review.
  Hope this answers your question.
  Regards,
  Raghu

• I am a new ipod touch user; have gone through all the dowload/install stuff, plugged the device into my computer but ipod screen still shows plug in to tunes.  I am totally computer useless - how can I get my ipod to work, please?  Charles Jones.

  I am a new ipod touch user; have gone through all the dowload/install stuff, plugged the device into my computer but ipod screen still shows plug in to tunes.  I am totally computer useless - how can I get my ipod to work, please?  Charles Jones.

  You did install the latest iTunes (10.5) right?  If the problem was that iTunes does not see the iPod try:
  iPhone, iPad, or iPod touch: Device not recognized in iTunes for Windows
  or
  iPhone, iPad, iPod touch: Device not recognized in iTunes for Mac OS X

• In Pages the first page of all my documents show the pages user guide. How can I reinstate my documents. They are still on my iPhone

  Help Please!   All my numerous documents in Pages have recently altered, so that there are no contents other than the face page, which is the Pages User Guide page. Ie Showing the pen and ink bottle. I think this was brought about by me trying to see if I could print the Guide Pages!!!  (To no avail)!
  Please. How can I reinstate my documents?  They are still showing ok on my iPhone.

  If you click the link I posted previously, it takes you right to the Pages community.
  Here >  Pages: iWork: Apple Support Communities
  Then click New.

• Lync User Phone Number Changed in AD - Still Showing Old (Normalized) Number Days Later in Lync Client Contact Detail

  Environment:  Lync 2013 backend; Lync 2010 and Lync 2013 clients.  Enterprise Voice not implemented.  November 2013 CU Applied on Server.
  Issue:  Lync user (User A) phone number changed in AD but still showing old number for others days later.
  Believed Cause:  User A has not logged into Lync since change to republish new phone number?
  So after reading this http://masteringlync.com/ I am beginning to think that something I perceived as an issue may actually be by design?
  Action:
  User A work phone number changed in AD.  User A has only one phone entry in AD.  Normalization rule in place to basically leave number unchanged (working)
  Result: 
  New phone number propogated fine to Exchange/Outlook fine.  Old number displaying only in Lync client when viewing User A contact card detail
  Lync 2010 Client displays only old number when looking at Client A contact detail (this client only presents phone numbers if they are actually normalized)
  Lync 2013 Client displays two work numbers. 
           One that we identify as a "display number" just as entered in AD - this shows correctly as the new number.  Another that we identify as the "normalized number" which is still the old
  number (same as 2010 Client)
  Same results whether contact is saved in Lync Client or not and is not related to Outlook contacts - in fact one test was with a Lync account that is not Mail Enabled.
  I did a dbanalyze to view the SQL database detail for User A and see that Category 'userInformation' has the old phone number and the time stamp on it seems to coincide with a Lync Cllient database change (user login or refresh on that end) so this seems
  to futher confirm my findings thus my reaching the point of conceding it might be out of my control.
  My Question I guess is ....
  Have others discovered this?  Is this a bug or do normalized phone numbers actually requre a client login to accept/republish the number correctly to others even though the information is updated in AD?  User detail and how it propogates seems to
  be the biggest mystery and it gets harder and harder to explain to users why changes aren't displaying accuralely.

  Thanks Richard... your blog definitely hit home with what I was seeing but guess I just didn't want to accept that as the end of the road on this.  I'm still in a little misbelief that client interaction is necessary to update a backend change.
  This process really makes phone numbers in Lync an unreliable source given a user will never know if it is it up to date.  And the problem with Lync 2013 client is it shows both numbers in the client ... the address book one with the
  updated AD numbers and the one the normalized AD one that the user has to login to republish.  I now more fully understand the process but trying to explain that to users when they see different work numbers .. ugh. 
  Oh well, guess the important part is to understand the process so thanks again.

• Deleted user account, but account still shows up in Login Window

  I deleted the user from the system preferences but it is still showing up in the login window. I restarted and rebooted. I even reset the admin password manually with rm/ var/db/.AppleSetupDone.
  What do I do?
  User V.K. helped a previous post but I am not sure if those instructions are specific to what the needs were of the person. I need an explanation for TERMINAL COMMAND.
  Thanks!

  Might be a corrupted preference file...
  Open the Finder. From the Finder menu bar click Go > Go to Folder
  Type or copy paste the following;
  ~/Library/Preferences/com.apple.loginitems.plist
  Click Go then move the com.apple.loginitems.plist file to the Trash.
  Reatart your Mac.
  If that didn't help, move the com.apple.loginwindow.plist file from the Preferences folder as well, then restart.

• I deleted a user account but my macbook still shows 106gigs used.. How do i erase it??

  Hey guys iam gonna sell my computer and erased my old user account after i made a new one and for some reason its still showing 106 gigs used.. how can i delete the content since my computer will be sold in a few hours

  Does it boot from the Install Disc?
  "Try Disk Utility
  1. Insert the Mac OS X Install disc, then restart the computer while holding the C key.
  2. When your computer finishes starting up from the disc, choose Disk Utility from the Installer menu at top of the screen. (In Mac OS X 10.4 or later, you must select your language first.)
  *Important: Do not click Continue in the first screen of the Installer. If you do, you must restart from the disc again to access Disk Utility.*
  3. Click the First Aid tab.
  4. Select your Mac OS X volume.
  5. Click Repair Disk, (not Repair Permissions). Disk Utility checks and repairs the disk."
  http://docs.info.apple.com/article.html?artnum=106214

• Name/Password radio clicked -- users still show

  We're tightening security on our macs and have been changing login options from showing a list of users to showing Name and password.
  On one particular machine, I logged into the admin account to make the switch and the panel in System Prefs-->Accounts-->Login Options where you would normally choose a radio button under Display Login Window As: ... was grayed out. I though that odd, so I enabled the root user, logged in as root, was able to choose the appropriate radio button and logged out.
  When I came back, I was presented with what I wanted -- Name and Password boxes. But when I log in as the local user (or admin user) and Log Out (or Restart), I'm presented with the list of users again, NOT the Name/Password boxes.
  Looking again at the selections as the admin, the correct selection is chosen, but the options are grayed out and I couldn't change them if I wanted.

  OK, found it. I recalled this happened just after I bound the machine to Active Directory. I had chosen to allow administration by enterprise admins, and I guess somewhere up the line, somebody has turned on showing List of Users as the preference. I unbound, unchecked, restarted and now all is well.
  Now I have to track down the network admin up the line to make sure that doesn't happen again down the road.

• When i updated my username on laptop, my i touch still showing "old" user name even after sync.

  When i updated my userid at apple web site using my laptop, my i touch still showing "old" userid and will not accept "old" or new password even after sync.

  What do you mean you "had to unlock it"?  Do you mean you jailbroke it?  If it was jailbroken and you updated iOS, then wiping it out is the natural consequence of that.

• User analysis at Action level and Permission level

  Hi Gurus,
  I am totally confused by the way our CC is working while using it for User Analysis. I understand that during Risk Analysis for a user with Report Type "Action Level" will give the conflicts at the transaction level for the user and with Report Type "Permission Level" will give the conflicts at the Object level for the user. Also the permission level report includes the results of the action level report as well and hence Permission level report is more detailed & reliable.
  But now when I run the analysis report for a particular user both at Action & Permission level...the user is not getting any conflicts at Action level but it is showing conflicts at the Permission level. For another user the vice versa is happening. Could anyone help me in understanding the above 2 scenarios?
  Regards,
  Lakshmi.

  Hi
  A user to be need to have a action level conflict should have that transansaction code access only ie object s-tcode =  xyz transaction code.
  Similarly for a user to be reported in permission level conflict the user should have access to
  S_tcode = xyz transaction code Plus all other authorisation objects...Or in other words if the user is missing any authorisation object it wont be reported there...
  So just check what authorisation object level check is enabled for that transaction code in the rule architect tab.. Thereafter see whether user have access to all those authorisation object with the values specified...
  Parveen