cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Search for GRC access requests with specific risk level (for example "high")

e_gen
Explorer

on ‎2020 Sep 29 12:26 PM

0 Kudos
1,966

Hi,

does anyone know, if there is a quick way to search for accesss requests with a selection on the risk level?

The report "Requests with Conflicts and Mitigation" unfortunately offers only the risk ID...

But in my case I am basically looking for all access requests, which have been approved by user X and had risks of level "high" or "critical" as we don't care for level "medium".

I already looked on table level (GRACSODREP..., GRACREQRSKDET) but I don't find the relevant information there.

Any ideas?

BR

Eugen

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

Monsores
Active Participant
‎2020 Oct 02 7:37 PM
0 Kudos

Hi Eugen.

I believe a query of this kind will not be possible without a complex development.

GRACREQRSKDET has just summary info about your request items being free or risks or not, while GRACSODREP* tables have its details in a way which is not so easy to be retrieved.

We had this kind of report in my previous company, but not in a straight way. As we had a detour rule to add an extra approval step for access requests with high or critical risks, we could easily retrieve all these requests at once based on this approval step. If you have different approval paths based on the risk level you can try to do the same.

Regards,

Marcelo Monsores

Show replies
Show replies
e_gen
Explorer
‎2020 Oct 05 12:20 PM
0 Kudos

Hi Marcelo,

Indeed, that would be a possible option, but only for the future 🙂

Did you do the seperation based on risk level with BFRplus? We were even thinking about routing only "High" and "Critical" to an extra step for Internal Audit and letting "Medium" just be a one step approval.

BR,

Eugen

Monsores
Active Participant
‎2020 Oct 08 12:52 AM
0 Kudos

Hi Eugen.

No, we have created a Function Module based detour rule in MSMP.

This Function Module retrieves the last Risk Analysis results and returns a value to this detour rule whenever the access request contains unmitigated critical or high level risks. In this case the workflow will be detoured to an extra approval step.

For low and medium risks this detour rule receives an empty response and doesn't trigger this extra step.

Regards,

Marcelo Monsores

RameshVithanala
Active Participant
‎2020 Oct 01 10:08 PM
0 Kudos

Hi Eugen,

Did you try the dashboard report Risk Violation in Access Request? I am pretty sure it will be a huge file, you might have to break in to small intervals and also do you have the mitigation policy rule implemented for risk level high & critical?

Thanks

Ramesh

Show replies
Show replies
e_gen
Explorer
‎2020 Oct 05 12:15 PM
0 Kudos

Hi Ramesh,

thanks for the hint. I just checked that but if I click on one of the risk level (e.g. "High") for more details it only shows me the user and risk ID but is missing the access request no. 😞

Maybe it is an error in our system but that column is empty (see screenshot).

BR

Eugen

Ask a Question