Show TOC

Procedure documentationAnalyzing Risks When Submitting Access Requests Locate this document in the navigation structure

 

On the Access Request screen, you can perform risk analyses and impact analyses on the following tab pages:

  • Risk Violations

    Use the analysis function on this tab page if you want to save the results of the analysis.

  • User Access

    The Simulation feature allows you to first perform the analysis, and then choose whether or not to save the results.

Note Note

The screen allows the requester to choose whether or not to perform an analysis when submitting a request. You can set the requirement that the application automatically analyzes risks when someone submits access requests. For example, if the requester chooses to submit a request without first analyzing the risks, the application automatically performs an analysis and adds the results to the access request that appears in the approver's Work Inbox.

You maintain this setting in the Customizing activity Maintain Configuration Settings, under   Governance, Risk, and Compliance   Access Control  . Enter the values as follows:

Column

Value

Parameter Group

Risk Analysis – Access Request

Parameter ID

1071

Parameter Value

Yes or No, as required
End of the note.

Procedure

The following procedure is the same regardless on which tab page you choose to initiate it. The only difference is that the simulation feature allows you to choose whether or not to save the results.

  1. On the Access Request screen, do one of the following:

    • Select the Risk Violations tab page.

    • On the User Access tab page, choose Simulation.

      The Simulation screen appears.

  2. In the Analysis Type dropdown list, select the relevant analysis type:

    • You use Risk Analysis to determine violations pertaining to the authorizations assigned to the role, for example, as when the authorizations result in segregation of duties violations.

    • You use Impact Analysis to determine authorization violations pertaining to other roles. That is, the authorizations for the selected role, in combination with authorizations for another role, result in violations.

  3. Select the System and Rule Set from the respective fields.

  4. In the Result Options area, select the format, type, and additional criteria for the analysis results.

    Example Example

    Format:

    Executive Summary

    Type:

    Action Level, Permission Level

    Additional Criteria:

    Include Mitigated Risks
    End of the example.

  5. Choose the Run Risk Analysis pushbutton.

  6. In the Result area, you can choose different ways to view the analysis results.

  7. If you are running the simulation feature, you can do the following:

    • Choose Cancel, if you do not want to save the results of the analysis.

    • Choose Apply, if you want to save the results of the analysis. The information is saved to the Risk Violations tab page, and you can view it whenever you open the request. The results are also available to the approver of the request.