cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Restrict check boxes in ARQ (Risk Analysis Tab)

Go to solution
former_member541582
Participant

on ‎03-08-2012 10:24 AM

0 Kudos

Hi,

In the access request, risk violation tab. Is there any way to make the check boxes for analysis type and additional criteria display only? I want it pre-set and grayed out for the end user.

Kind Regards,

Vit

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎03-08-2012 11:10 AM
0 Kudos

Hi Vit,

I have tried to investigate this also, but it seems the specific risk analysis screen is not modifiable via the "EUP" method.

I presume this would involve custom coding and also adding custom SPRO Configuration parameters to allow the admin to "Enable/Display only" certain selection fields for the risk report runs.

The only thing you can do by default is select the "Default" Risk Analysis Report type, of which you can only select one exclusive value. Ideally, I would like to have Permission Level and Critical Actions running as default in a single analysis. Having said that, this doesn't address your requirements of disabling selections.

Sorry I can't be of much help, but would be interested in reading what other members of the Forum think about your idea.

Good luck

Show replies
Show replies
former_member541582
Participant
‎03-08-2012 11:28 AM
0 Kudos

Hi Kaushal,

Thank you for your prompt answer. This is a real issue because the end users could easily override the control (preventive analysis) by checking critical permissions, knowing that we don't use that functionality.

As for the default values, you can select only one value.

The only thing I can come up with is an automatic analysis on request submission which would route the request to a detour for resolution if any violations where detected. However...I believe it only do the analysis type set as default... and only one value can be selected.

Kind Regards,

Vit

Former Member
‎03-08-2012 12:07 PM
0 Kudos

Hi Vit,

Your understanding on how the tool works is correct.

But to be honest, the only way to remove risks within a Access Request is by either removing the access from the request (which isnt a bad thing), or by mitigating the risk. There is an additional workflow that can be enabled, where the Mitigating Control Owner is required to approve the assignment of any control they own to the user within the request. Is this something worth considering for implementation?

My solution at a current project is basically exactly what you have set up, minus the Mitigating Control Assignment approval sub path. We have made it mandatory for the risk analysis to be performed by the Risk Owner if the request gets detoured to them (SOD Violation detour path) and we have instructed them to select Permission Risk and Critical Action and Perm report types. In the ideal world, if all 3 were enabled automatically and also "locked" from deselecting (as you wish to have), that would be the ultimate solution.

Edited by: Kaushal Vastani on Mar 8, 2012 1:08 PM

Answers (0)

Ask a Question