On the Access Request screen, you can perform risk analyses and impact analyses on the following tab pages:
Risk Violations
Use the analysis function on this tab page if you want to save the results of the analysis.
User Access
The Simulation feature allows you to first perform the analysis, and then choose whether or not to save the results.
Note
The screen allows the requester to choose whether or not to perform an analysis when submitting a request. You can set the requirement that the application automatically analyzes risks when someone submits access requests. For example, if the requester chooses to submit a request without first analyzing the risks, the application automatically performs an analysis and adds the results to the access request that appears in the approver's Work Inbox.
You maintain this setting in the Customizing activity Maintain Configuration Settings, under
. Enter the values as follows:Column |
Value |
---|---|
Parameter Group |
Risk Analysis – Access Request |
Parameter ID |
1071 |
Parameter Value |
Yes or No, as required |
The following procedure is the same regardless on which tab page you choose to initiate it. The only difference is that the simulation feature allows you to choose whether or not to save the results.
On the Access Request screen, do one of the following:
Select the Risk Violations tab page.
On the User Access tab page, choose Simulation.
The Simulation screen appears.
In the Analysis Type dropdown list, select the relevant analysis type:
You use Risk Analysis to determine violations pertaining to the authorizations assigned to the role, for example, as when the authorizations result in segregation of duties violations.
You use Impact Analysis to determine authorization violations pertaining to other roles. That is, the authorizations for the selected role, in combination with authorizations for another role, result in violations.
Select the System and Rule Set from the respective fields.
In the Result Options area, select the format, type, and additional criteria for the analysis results.
Example
Format: |
Executive Summary |
Type: |
Action Level, Permission Level |
Additional Criteria: |
Include Mitigated Risks |
Choose the Run Risk Analysis pushbutton.
In the Result area, you can choose different ways to view the analysis results.
If you are running the simulation feature, you can do the following:
Choose Cancel, if you do not want to save the results of the analysis.
Choose Apply, if you want to save the results of the analysis. The information is saved to the Risk Violations tab page, and you can view it whenever you open the request. The results are also available to the approver of the request.