cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

GRC AC ARM - stage skipped post SoD mitigation

Go to solution
former_member566284
Participant

on ‎2017 Dec 01 4:43 PM

0 Kudos
718

Hello experts,

We are configuring ARM 10.1 for an SRM system where the requirement is to have Security team complete a few activities in SRM once a user is provisioned. Hence, the user provisioning will be semi-automated with 3 stages.

1. Manager

2. Role Owner (with SoD detour for risk mitigation) and

3. Security.

The three stages complete fine if there are no SoD conflicts. In the SoD conflict scenario, the request finishes after the second stage after being routed to get risks mitigated. The request does not go to the 3rd stage for security to complete manual activities.

Is it standard that all requests should close after SoD mitigation? How do I ensure that Security stage is not skipped in both scenarios of existing & non existing SoD conflicts?

Thanks,

Kashif

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (1)

Accepted Solutions (1)

sandeep_devaki
Explorer
‎2017 Dec 07 4:51 AM
0 Kudos

Hello Kashif,

This is a expected scenario. To achieve the security stage option for manual activity you need to add Security stage in your Routed path( Detour Path).

By doing this if there are any risk violations the request is routed to the Detour path and stage 1 would be your risk approver and as soon as the app over approves it will then goto security stage for manual activity.

Let me know if that helps.

BR

Sandeep Devaki

Show replies
Show replies
former_member566284
Participant
‎2017 Dec 07 7:43 PM
0 Kudos

Thanks Sandeep,

We have the SoD path mapped to multiple path for re-routing. Hence, cannot use the same path for new stage. I am creating another rule id and SoD path for this scenario with SoD routing. Will let you know how this goes.

Thanks,

Kashif

Answers (1)

Answers (1)

former_member226273
Active Participant
‎2017 Dec 05 5:07 AM
0 Kudos

Hello Kashif,

Have you maintained Security stage in the routed path as well?

Few screen shots of the MSMP configurations will help. (stage 5 and 6)

Kind regards,

Yashasvi

Show replies
Show replies
former_member566284
Participant
‎2017 Dec 06 4:09 PM
0 Kudos

Hi Yashasvi,

The stage for Security works or the task is sent to security when there is no SoD violation at Roleowner Stage. The request gets completed at the SoD owner stage routed from Roleowner for SoD violations. This is where it skips security stage. Screenshots are below for your review.

The path for SRM which has 3 stages:

Request completes Stage 021 when there are no SoDs.

Request closes in stage 011 when there are SoDs which is the issue. I believe it should move on to Stage 021 here as well.

Route mapping is below for SoD Detour Path which is OK.

SoD Detour Path and task settings is below:

Thanks,

Kashif

former_member226273
Active Participant
‎2017 Dec 07 5:31 AM

Hello Kashif,

Once the request is routed to another path (detour), it follows the new path.

In your case, the new path has only one stage which is mitigation, hence request gets completed as soon as that stage is approved. You should add the Security stage in the routed path, so that Security team will get the request after mitigation stage.

Please let me know in case of questions.

Kind regards,

Yashasvi

former_member566284
Participant
‎2017 Dec 07 7:38 PM
0 Kudos

Thanks Yashasvi,

I was not sure about this as the standard functionality. Now I can look into other options.

Kashif

Ask a Question