cancel
Showing results for 
Search instead for 
Did you mean: 

Request is getting approved at SOD_OWNER Stage despite of risks

0 Kudos

Hi Experts,

My access requests are getting approved even if risks are not mitigated in the access request.

parameter 1062 set to No

               1072 Yes

In SPRO maintain application mapping -> request mitigation policy is set to default.

working on GRC 10.1 SP12

Please can someone help me here?

Regards,

Ram

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Did you set risk analysis mandatory for SOD_OWNER stage ?

Thanks

0 Kudos

Thanks Shaik for the reply,

Yes under the task settings for stage configuration  SOD_OWNER


RA Mandatory is set to YES

also Approve Despite risk is unchecked.

former_member192902
Participant
0 Kudos

Hi Ram Krishna,

SAP has released Note for this and please follow this note steps and and do the changes


1614290 - Risk Analysis Mandatory for Access Request


SAP delivers a predefined Application and BRF rule mapping that decides the Risk Mitigation policy for GRC. You can either delete this mapping or change the BRF mapping as per your requirement to enforce the Approver to Mitigate the risk in a request.
The configuration is available through the below mentioned path.
SPRO =>Governance, Risk and Compliance =>Access Control =>Maintain AC Applications and BRFplus Function Mapping and check the mapping for application "Request Mitigation Policy".


With Regards

Trinadh Bokka

Former Member
0 Kudos

Hello Ram,

Did you check the logs in GRFNMW_DBGMONITOR_WD - you might get some clue.

Thanks

0 Kudos

Thank you Shaik for the response. I did check the log but it did not help. It just says approved at the SOD_OWNER stage. The path/detour are correctly triggered and followed.

0 Kudos

Hi Trinadh,

Thanks for the response.

Let me check and try to delete the default mitigation policy. As those are SAP default. Any implications of delete this?

Answers (3)

Answers (3)

0 Kudos

Hi Experts,

Is there a way to make mitigation of high risk mandatory but we can have unmitigated medium and low risk in a ARM request?

Our Business requires us to provision access request for medium and low risk without mitigation. They just want us to make the mitigation of high risk mandatory while provisioning.

Currently we have a setup which will not allow any access request to be provisioned with open risks (irrespective of the critical level)

Thanks

former_member192902
Participant
0 Kudos

Hi Ram Krishna,

Please go through below link to fullfill your requirement.

With Regards

Trinadh Bokka

former_member185447
Active Contributor
0 Kudos

Hello Trinadh,

Thanks a lot for sharing this solution.

Regards,

Deepak M

0 Kudos

Hi,

Please check parameter 1072 (Risk Analysis  - Access Request) is set to YES

1072 - Mitigation of critical risk required before approving the request

Regards,

Rakesh Kirve

0 Kudos

Thanks for the reply Rakesh,

1072 is set to YES already. 

Former Member
0 Kudos

Please check this note if it helps : 1667440 - AC10 - Workflow Stage Task Settings for 'Approve Despite Risks'

0 Kudos

Hi Harsha,

Thank you for your response.

I am trying these notes. I think both of them suggest to delete the Request Mitigation Policy

Below path needs to be followed.

SPRO =>Governance, Risk and Compliance =>Access Control =>Maintain AC Applications and BRFplus Function Mapping and check the mapping for application "Request Mitigation Policy".

1667440 - AC10 - Workflow Stage Task Settings for 'Approve Despite Risks'

1614290 - Risk Analysis Mandatory for Access Request



Will update once the issue is resolved.


Regards,

Ram