Mitigated Roles

Prerequisites

You must first define a mitigating control before you can assign it to a role to mitigate an access risk.

Assigning Mitigating Controls to Roles

1. Choose Access Management  Mitigated Access  Mitigated Roles.

   The Mitigated Roles screen displays a list of existing roles to which mitigating controls have been assigned.

2. Choose Assign.

   The Roles Mitigation dialog box opens.

3. Enter information in the required fields marked with an asterisk (*).

   • Access Risk ID – Select the field to enter the access risk ID.

   • Control ID – Enter the control ID.

   • Monitor – Automatically populated with system data after you choose the control ID.

   • Valid From – Start of the mitigating control period.

   • Valid To – End of the mitigating control period.

   • Status – Choose Active or Inactive from the dropdown list.

4. Choose Add to associate a system to the mitigating control.

5. Choose Add to associate a role to the mitigating control.

6. Choose Submit  Close.

   The mitigating control you assigned is included in the list on the Mitigated Roles screen.

Deleting Mitigating Controls from Roles

1. Choose Access Management  Mitigated Access  Mitigated Roles.

   The Mitigated Roles screen displays a list of existing roles to which mitigating controls have been assigned.

2. Select the role you want to delete and choose Delete.

   Confirm your decision to delete this mitigating control.

3. Choose Yes.

   The mitigating control is removed from the Mitigated Roles screen.