Skip to Content

Hi,

We have GRC RAR 15.3, We have defined composite roles for different sites.Let’s say A,B,C,D and E composite roles with different sites. A,B,C and D gives same high,medium and low risks for the role analysis, except E.Composite role E shows no risks at all.When i go for single role of composite role E then it gives high,medium and low risks. This is strange.

Thanks

Mash.

To report this post you need to login first.

4 Comments

You must be Logged on to comment or reply to a post.

  1. Kaushal Vastani

    Hey,

    It may be worth checking if your Object Repository sync jobs (User/Role/Profile etc) is running and up to date. Then try running the Risk Analysis again.

    Also ensure that you are running the same risk analysis report type i.e. either Action level or Permission level.

    Let us know if any of this makes a difference.

    (0) 
    1. mash dale Post author

      Hi Kaushal,

      We did incremental user/role/profile synch,batch user/role/profile and managment jobs on permission level.Still facing same issue.

      Thanks

      Mash

      (0) 
  2. Kaushal Vastani

    2 things come to mind

    1) Is there any strange authorization object restrictions within the single roles which create Composite E?

    2) Has Composite Role E had a Mitigating Control applied against it at Role Level?

    (0) 
    1. mash dale Post author

      1)Single role of E is a derived role like other single derived role of A,B,C and D composite roles.So, it has same authorization objects like other derived roles.

      2) No,these composite roles has no mitigation controls.

      Thanks

      Mash

      (0) 

Leave a Reply