Mitigation control ID validity extension -easy way
I work in GRC AC 5.3. All Mitigation control IDs have a validity expiration on same date in near future. Our GRC has many mitigation control IDs with mitigated users. How can I change the valid to date in convenient way?
It may be extended for all mitigated users separately/individually, but it will take huge time.
You can download all of them in a text file, make changes and upload it back via the import/export utility under mitigation tab,
Alpesh
Similar Messages
-
Validity period mitigating control
Hi,
I checked this forum but didn't find any helpful thread for my question. We are using GRC version 5.3. Is there any SAP report or tables available that would show history of mitigating controls per user? In running the Compliance Calibrator for a user, SOD issues were present that we didn't expect because we thought existing mitigating controls were applied and that we were regularly monitoring this user for the associated risks. We thought that the problem might be that the validity period might have expired, but our corporate security group currently doesn't even show the mitigating control for the user. I wanted to look at the history of the mitigating control for the user to see if I could validate their claim.
Thanks,
JohnHi,
First of all, there's a special forum for GRC: "Governance, Risk and Compliance".
Check under RAR-> configuration tab:
Default expiration time for mitigating controls (in days)
When assigning a mitigating control to a risk, you must specify the validity period of the controlIf the End Date is left blank, the value in this option is used to calculate the end date of the validity period; the default value is 365 (days)
Check also under CUP->configuration->mitigation.
You'll be able to find the documentation for this configuration parameters in the corresponding Config Guide.
Regarding Mitigation controls per user, I guess you can just check RAR -> Mitigation tab.
Cheers,
Diego. -
Maintain Validity Date for Mitigation Control Assignment to Users Virsa 5.2
We have over 1,000 SoD's all mitigated. The val;idity date for these mitigation controls needs to be updated. Does anyone know a way to perform a range of updates so it is not necessary to update each user assigned to a Mitigation Control.
The only way to do that currently would be to download the table information, edit in Excel and re-upload the table.
Not for the faint of heart, but doable.
Frank. -
Mitigation control: Sending failed No valid SAP sender address
GRC 5.3 SP10 RAR
In mitigation control: I have created a new control ID. When I am trying to assign it to a user getting error
"Sending failed No valid SAP sender address"
Please advise to resolve the issue. I need to mitigate user.Hello Pal,
Please go to RAR configuration -> Risk Analysis -> Additional Options. Here check if you have the parameter Enable Monitor Notification set to YES. If you do then set this one to NO. Also, kindly check and make sure that you have a valid email address maintained for each of the mitigation control monitor in Mitigation tab.
If you wish to have the parameter set to yes only then you need to do the JAVA mail settings in Visual Admin. Check configuration of the JAVA mail client, which can be done using Visual Administrator, to send the Email Notification.
(Configuration > Java Mail Client > Properties > Smtp).
Regards, Varun
Edited by: Thakur Varun on May 21, 2010 3:47 PM -
Is there an easy way to edit things under an invisible control
For clarity, I should mention that I'm trying to do these actions during edit time and not programmatically.
I have an invisible button floating over some other controls and a decoration. What's the easiest way to interact with the things under the invisible boolean. For example how would I delete or move the decoration or maybe toggle a boolean under the invisible button. Of course I could click on the invisible button and move it out of the way and then move it back but I'm hoping there's an easier way so I don't have to worry about repositioning the invisible button or messing around with reordering controls.
Message Edited by InfiniteNothing on 09-29-2009 02:00 PM
CLD (2014)billko wrote:
Why would you even have the invisible control overlaying the visible ones? Why not park it outside the visible area of your VI? Then you don't even have to make it invisible. Or does this control become visible at some point when running the VI?
Bill
I have used large invisible controls to quickly disable large selections of the front panel. It is a quick way to disable lots of controls at one time. Yes, you can disable them individually but it can be easier to disable them using a single control. If the invisible control sits over the area you want to prevent the user from interacting with you simply enable the control access to the items underneath is blocked. Disable the invisible control and everything underneath becomes usable again. I don't use this technique often but it is handy at times.
When I have used this technique a good way for interacting with the controls underneath are to drop a property node for the control in the VI and hide it. When it is hidden you can get at the items underneath it. When you are done editing unhide the control.
Message Edited by Mark Yedinak on 09-29-2009 04:16 PM
Mark Yedinak
"Does anyone know where the love of God goes when the waves turn the minutes to hours?"
Wreck of the Edmund Fitzgerald - Gordon Lightfoot -
Is there and easy way for Position control using analog input?
Hi Everyone,
I would like to set one of the axis with stepper motor using analog feedback to keep the set position which is coming from the analog input.
In other words I would like the stepper to move when the analog input changes. I need it as a "background service" so the rest of the motion could be easily controlled from the NI-Motion Assistant.
Is there any easy way to do this? Even complicated is ok but the control should be done by the NI Motion card not the PC processor.
Thanks,
AndrasHello Andras,
please use the link below to get the motion example.
http://zone.ni.com/devzone/cda/epd/p/id/353
Kind regards,
Elmar -
Easy way to control IMAP access?
Is there an easier way to control which users have IMAP access though a GWIA
than by editing the class of service?
What would be nice is have a eDir group which would define the users that
can have access.
By default I have it set class of service that enables IMAP access for
everyone however I finding that more users are passing along the server
addresses and adding their mobile device to send/retrieve email which is
working but I would prefer some control over who and who doesn't have access
without cutting everyone off and adding them to the properties of the GWIA
agent.Originally Posted by dzanre
Michael Rae wrote:
> What would be nice is have a eDir group which would define the users that can
> have access.
You can have a GW distribution list that controls it though. I do that at a
number of customer sites . . . .
Danita
Novell Knowledge Partner
Moving GroupWise to Linux?
Shopping Cart
Danita, so if I understand this correctly, a way to control IMAP access (for example, for just users that go through a Notifylink or BES server) would be to:
1.Disable IMAP on the GWIA default class of service
2.Create a Groupwise distribution list that includes the person(s) you want to use IMAP
3.Create a second class of service on the GWIA with SMTP disabled and IMAP enabled and include the distribution group created in the previous step.
4.Stop and restart the GWIA
Is it really that simple?
Jeff -
Error while uploading mitigation controls
Dear All,
While uploading the mitigation controls i am facing with the below error. Can you please help me in resolving this error.
Error in table dataVIRSA_CC_MITUSER
SQL:=>Insert into VIRSA_CC_MITMON(MITREFNO,MONITORID) Values(?,?)
Record::Line Number :21 : D VIRSA_CC_MITMON TESTC1 TEST1
Below is the text file which i am uploading into the RAR for test purposes
M VIRSA_CC_ADMIN USERID NAME EMAILID ROLEID
D VIRSA_CC_ADMIN TEST1 TEST1 test M
M VIRSA_CC_BUSUNIT BUSID
D VIRSA_CC_BUSUNIT TH
M VIRSA_CC_BUSUNITT BUSID LANG DESCN
D VIRSA_CC_BUSUNITT TH EN Thailand
M VIRSA_CC_BUAPPVR BUSID APPROVERID
D VIRSA_CC_BUAPPVR TH TEST1
M VIRSA_CC_BUMONITOR BUSID MONITORID
D VIRSA_CC_BUMONITOR TH TEST1
M VIRSA_CC_MITREF MITREFNO BUSID APPROVERID
D VIRSA_CC_MITREF TESTC1 TH TEST1
M VIRSA_CC_MITREFT MITREFNO LANG DESCN
D VIRSA_CC_MITREFT TESTC1 EN Test mitigation control
M VIRSA_CC_MITRISK MITREFNO RISKID
D VIRSA_CC_MITRISK TESTC1 F006*
M VIRSA_CC_MITMON MITREFNO MONITORID
D VIRSA_CC_MITMON TESTC1 TEST1
M VIRSA_CC_MITRPT MITREFNO ACTIONS VSYSKEY MONITORID FREQUENCY
M VIRSA_CC_MITUSER MITREFNO RISKID USERID VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITROLE MITREFNO RISKID ROLEID VALIDFROM VALIDTO MONITORID STATUS
D VIRSA_CC_MITROLE TESTC1 F006* Z1.*.ASST-SC-FINC-MGR 6/9/2010 7/25/2010 TEST1 0
M VIRSA_CC_MITHROBJ MITREFNO RISKID HROBJ HROBJTYP VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITPROF MITREFNO RISKID PROFILE VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_MITUSRORG MITREFNO RISKID USERID ORGRULEID VALIDFROM VALIDTO MONITORID STATUS
M VIRSA_CC_DETDESC OBJECT_TYPE OBJECT_ID LANG DETAIL_DESCN
D VIRSA_CC_DETDESC MIT TESTC1 EN Test Mitigation control
We are not mitigating users now. Only roles are getting mitigated and hence we have not provided any values to the MIT USER table.
Thanks and Best Regard,
Srihari.KDear Varun,
Thanks for your reply. It helped me a lot. But however i am facing the following issue while uploading the mitigation controls
After exporting the mitigation file from RAR, we opened the text file in a spreadsheet format and added few lines to the file and saved in the same text format or in UTF-8 format also
After uploading the same into RAR again after changes we are facing similar errors mentioned in above query.
But when we add lines directly in the wordpad and upload the file then it is successful.
We have to add so many mitigation controls and roles to be assigned for which excel would be easy way to dump.
Is there anything wrong we are doing here in editing and converting the files.
Thanks and Best Regards,
Srihari.K -
Detect obsolete mitigating control assignments?
Hello,
What report/s would you use to detect obsolete mitigating control assignments?
The scenario is: A user has been assigned a mitigating control, let's say during the CUP workflow, to mitigate a certain risk that came with a certain role. Later, that role is removed from the user. Now the user is in the scope of a mitigating control. However, the user is not even subject to the risk in question anymore.
Which way (periodically?) could you detect these cases and clean up the mitigating control assignments?
Thanks and regards
PatrickHey,
My experience of cleaning up controls has not been very straight forward.
I have had to perform various risk analysis reports and look up a list of user accounts that have been marked as "Expired" etc.
It can be slightly more difficult if, like many organisations, you decide to assign a control with a infinite validity period (i.e. 12.12.9999).
The Business and Internal Control team need to be very proactive about regularly monitoring the controls and reviewing the assignments. This is one reason why I strongly recommend that controls are only assigned for a set period (i.e. 365 days/1 year), so a compulsory review takes place by the control owners/business on a regular basis. This makes the controls much more affective, robust and fit for purpose.
Happy to hear other's opinions and ideas. -
CC: Entering Mitigation Controls
Hi ,
I am entering mitigation controls in CC and am noticing 2 issues
1) I cannot blanket mitigate a selection of users. Blanket mitigation only seems to apply if I want to mitigate all users. Is there any way to add 10 select users to a mitigation control by selecting the 10 users, rather than having to specify risk, validity dates etc. for all 10?
2) I have noticed in SAP documentation that * should be entered after the risk ID e,g, P005*. Why should this be entered. This does not default when setting up the mitigation control and if I forget to do it, I have to delete the mitigation entry for the user and recreate. Can anybody advise why * must be entered and if there is a way to default *
Thanks,
GaryGary,
1) No there is no way to select 10 individual users without creating a line item for each one. Unless they all get the access from the same Role. If that was the case you could just create the mitigating control for that role and anyone that would have the conflict via that Role would not appear in your risk reports.
2) The reason you have to enter * in the mitigating controls is so that all risk ID's are mitigated by your rule. For example short risk ID P033 is made up of multiple long risk ID's based on each transactional combination i.e. P03300101 for ME21,ME51, P03300201 for ME21N,ME51, P03300301 for ME22,ME51, P03300401 for ME22N,ME51.
So to cover all possible transaction combinations with a mitigating control you need to enter it for P033*. This would also allow you to enter a mitigating control for only long risk id P03300101 it your mitigating control only covered users with access to ME21 and ME51.
Hope that helps.
Matt. -
Mitigating Controls got Inactivated
Friends,
we got some mitigating controls popped up in controls library option under management view, but those are actually active and i suspect this is happening because of not mentioning valid to date when they are created and mitigating controls gets expired after 365 days(as per our setting).
Is there any way that these can be reactivated or do we need to delete and re-create them.
Thanks for the help in advance.Hi Srinu,
Mitigation controls will never get inactivated. It is the users who will be out of the mitigation controls after 1 year (default mitigation period).
However, if you are referring to the Active and Inactive controls in the management view under the control library, the Inactive controls are the one which are untouched from a long time. If you mitigate another user, it will be automatically added in the active control list.
Hope this helps!!
Regards,
Raghu -
Risks has been removed but Mitigating Control still stays with the users?
Hi all,
I have a situation where after a risk has been removed from the users by removing the violating roles, however the Mitigating Control still remains tagged to the same user. Is there any efficient way of removing Mitigating Controls from users where the risks no longer exists?Hi Joseph, thanks for the info. My problem comes in when the user request to have the violating role removed via CUP and it so happens that the Mitigating Control assigned for the old risk still has 6 more months of validity left. It seem like there is no mechanism to auto remove this MC when the role has been removed after the request in CUP have been approved and auto-provision.
My problem is that there might be many more of such users with redundant MC assigned to them in RAR. I can't find a way to search for such redundant MCs for cleanup. There is a possibility that when the same roles are assigned back to the users via request in CUP, these redundant MC if applicable will cause the Risk Analysis via CUP to not flag out any SoD issue. -
Itunes needs help finding a 1/3 of my music library. is there an easier way
this is my 3rd post to this question with no responses as of yet. please help
"a couple of weeks ago i decided i needed to move my itunes folder to an external hd to save space on my macbook. everything was smooth except for itunes not being able to find a quarter of my music and me having to locate the songs one by one. i bought an iphone yesterday and decided my life would be much easier to move the music back to the computer and make room by moving other things off the macbook. i was also thinking this may remedy the missing file problem. nope. i know how to find the songs and they're in the right place, just wondering if there is an easier way then locating 3000+ songs individually? not sure whats going on. thanks "Again many thanks. I have tried to tidy up the folders as per your idiot guide- which term is appropriate for me
Under iTunes Media though I do not have folders for Books,iPod Games, Mobile Applications, Movies, TV Shows so I only have Auto Add to iTunes, Music, Downloads and Podcasts - My question here is is this OK.
Next - Library files that you mention are there but do not end .itdb
Next - in the main iTunes folder followingon from Artwork and Media folders there is some other iTunes database stuff like Library Extras, Library Genius, Library and Music Library(xml) all dated 10/02/12 plus MimiPlayer .dll dated 21/02/14 and Set Up Short Cut dated22/03/14
AND there is also a Programme Files folder with a sub folder holding file folders called CD Configuration,iTunes Resources, iTunes Help Resources, iTunes Mini Player Resources and Mozilla Plugins all dated 24/03/14 ( when I downloaded the new iTunes) and then a lot of application extension stuff from 2011
To recap I unistalled the old 32 bit iTunes and installed the new 11.1.5 (64 bit) version over the weekend SO is any of the old stuff listed above required.
Outcome right now is that as previously I can only call up the Downloaded music not Podcats or CD copies.
Regards
David Pugh -
Workaround for non-SAP mitigating control reminders
Dear all,
Our business users would like to document mitigating controls in RAR 5.3 regardless of whether they are connected with an SAP report. They would also like to receive email reminders for those controls.
Unfortunately, the frequency of the control can only be defined per connected SAP report and reminders will only be sent for controls if the SAP report has not been executed.
Have you been exposed with a similar requirement? It seems like a natural thing to ask from a business perspective. RAR 5.3, however, is not designed in that way.
Have you come up with any feasible workarounds for this?
My current approach would be to create a dummy Z-report per SAP system (such as Z_MANUAL_MITCTRL) that control monitors have to call once to confirm the execution of their control.
Cheers and best regards
PatrickHello,
Regarding your question, in fact this is dependant on how your UME (User Management Engine) is configured on your WAS (Web Application Server). If the UME is connected to your R/3 back-end then the user need to have a R/3 account to connect to CC, otherwise if your UME is "independant" then you just need to create an account in the UME.
Regards,
Jérôme. -
Any Easy Way to pass initial parameters to a VI created with New VI?
In LabVIEW 2010 I can use OpenG's New VI function to create and launch a VI that is built from a template.
Is there any easy way to pass initial parameters from the VI that creates the New VI to the New VI that will be available as soon as the New VI starts?Check out the Control Value Set invoke node. I personally don't like this node, and tst has got a great suggestion to promote cleaner, less fragile syntax for launching VI's dynamically that require input parameters.
a.lia-user-name-link[href="/t5/user/viewprofilepage/user-id/88938"] {color: black;} a.lia-user-name-link[href="/t5/user/viewprofilepage/user-id/88938"]:after {content: '';} .jrd-sig {height: 80px; overflow: visible;} .jrd-sig-deploy {float:left; opacity:0.2;} .jrd-sig-img {float:right; opacity:0.2;} .jrd-sig-img:hover {opacity:0.8;} .jrd-sig-deploy:hover {opacity:0.8;}
Maybe you are looking for
-
I lost my disk, the link on the site to download the trail for elements 6 is broken. Where can I download Photoshop Elements 6? I was trying to install the trail because that was the only thing available and I have the product key. Can you plea
-
i am having a problem with my iphone 4s. it is not displaying its volume bar in music or anywhere when not connected to earphones. kindly help me with its volume settings.
-
many of the apps in my newstand won't let me get past the "connect to iTunes" notification. When i touch "OK" the same notice keeps coming back. What do i do.
-
New to Flash - Imported layers contain contents of lower layers?
Hello. I have just started using flash, and know next to nothing about some of its functions, so I apologise if I appear to ask questions with obvious answers. Anyway, I am attempting to add animation to a previously created layered image, which I am
-
Old/new field values in CDPOS
Hi I have two changes logged to material master record. However when I viewed these changes in CDHDR and CDPOS I couldnt see the Old and New values. I mean there was an entry for each of these changes but old value & new value fields in CDPOS were bl