GRC RAR 15.3,composite roles for different site give same role analysis risks except for one
We have GRC RAR 15.3, We have defined composite roles for different sites.Let’s say A,B,C,D and E composite roles with different sites. A,B,C and D gives same high,medium and low risks for the role analysis, except E.Composite role E shows no risks at all.When i go for single role of composite role E then it gives high,medium and low risks. This is strange.
It may be worth checking if your Object Repository sync jobs (User/Role/Profile etc) is running and up to date. Then try running the Risk Analysis again.
Also ensure that you are running the same risk analysis report type i.e. either Action level or Permission level.
Let us know if any of this makes a difference.
We did incremental user/role/profile synch,batch user/role/profile and managment jobs on permission level.Still facing same issue.
2 things come to mind
1) Is there any strange authorization object restrictions within the single roles which create Composite E?
2) Has Composite Role E had a Mitigating Control applied against it at Role Level?
1)Single role of E is a derived role like other single derived role of A,B,C and D composite roles.So, it has same authorization objects like other derived roles.
2) No,these composite roles has no mitigation controls.