Analyzing Risks When Submitting Access Requests

Use

On the Access Request screen, you can perform risk analyses and impact analyses on the following tab pages:

Risk Violations

If you want to save the results of the analysis, use the analysis function on this tab.
User Access

Simulation allows you to perform the analysis first and then choose whether or not to save the results.

Note

You can set the application to analyze risks automatically when someone submits an access request. For example, if the requester chooses to submit a request without analyzing the risks first, the application performs an analysis and adds the results to the access request that appears in the approver's Work Inbox.

Maintain this setting in the Customizing activity Maintain Configuration Settings, under Start of the navigation path Governance, Risk, and Compliance Next navigation step Access Control End of the navigation path . For the parameter Enable risk analysis on form submission, enter the values as follows:

Column	Value
Parameter Group	Risk Analysis – Access Request
Parameter ID	1071
Parameter Value	Yes or No, as required

You can set the application to include firefighter assignments in the risk analysis.

Maintain this setting in the Customizing activity Maintain Configuration Settings, under Start of the navigation path Governance, Risk, and Compliance Next navigation step Access Control End of the navigation path . For the parameter Consider FF Assignments in Risk Analysis, enter the values as follows:

Column	Value
Parameter Group	Risk Analysis
Parameter ID	1038
Parameter Value	Yes or No, as required

Procedure

This procedure is the same regardless of which tab page you choose to initiate it. The only difference is that the simulation feature allows you to choose whether or not to save the results.

On the Access Request screen, do one of the following:
- Select the Risk Violations tab.
- On the User Access tab, choose Simulation.
In the Analysis Type dropdown list, select the relevant analysis type:
- Use Risk Analysis to determine violations pertaining to the authorizations assigned to the role. An example is when the authorizations result in segregation of duties violations.
- Use Impact Analysis to determine authorization violations pertaining to other roles. That is, the authorizations for the selected role, in combination with authorizations for another role, results in violations.
Select the System and Rule Set from the respective fields.

In the Result Options area, select the format, type, and additional criteria for the analysis results.

Choose the Run Risk Analysis pushbutton.
In the Result area, choose different ways to view the analysis results.
If you are running a simulation, you can:
- Choose Cancel if you do not want to save the results of the analysis.
- Choose Apply if you want to save the results. The information is saved to the Risk Violations tab and you can view it whenever you open the request. The results are also available to the approver of the request.

Format:	Executive Summary
Type:	Action Level, Permission Level
Additional Criteria:	Include Mitigated Risks