Show TOC

Procedure documentationAnalyzing Risks When Approving Access Requests Locate this document in the navigation structure

 

On the Access Request screen, you can perform risk analysis and impact analysis before approving access requests. You have the following options for performing the analysis:

  • On the Risk Violations tab page, you can perform the analysis and save the results.

  • On the User Access tab page, the Simulation feature allows you to first perform the analysis, and then choose whether or not to save the results

Note Note

  • You can set the requirement that approvers must analyze risks before approving access requests. You maintain this setting in the Customizing activity Maintain MSMP Workflows, under   Governance, Risk, and Compliance   Access Control   Workflow for Access Control  . In the Stage Definition phase, under the Task Settings section, select the field Risk Analysis Mandatory, and choose Yes or No as needed.

  • You can allow approvers to approve access requests despite risks. You maintain this setting in the Customizing activity Maintain MSMP Workflows, under   Governance, Risk, and Compliance   Access Control   Workflow for Access Control  . In the Stage Definition phase, under the Task Settings section, select the checkbox for the field Approve Despite Risk.

For more information, see Maintaining Tasks and Authorizations for Request Approvers.

End of the note.

Procedure

The following procedure is the same regardless of the tab page you choose to initiate it. The only difference is that the Simulation allows you to choose whether or not to save the results.

  1. On the My Inbox work center, from the Workitems list, choose an access request.

    The Access Request screen appears.

  2. Do one of the following:

    • Select the Risk Violations tab page.

    • On the User Access tab page, choose Simulation.

      The Simulation screen appears.

  3. In the Analysis Type dropdown list, select the relevant analysis type:

    • You use Risk Analysis to determine violations pertaining to the authorizations assigned to the role, for example, as when the authorizations result in segregation of duties violations.

    • You use Impact Analysis to determine authorization violations pertaining to other roles. That is, the authorizations for the selected role, in combination with authorizations for another role, result in violations.

  4. Select the System and Rule Set from the respective fields.

  5. Under the Result Options area, select the format, type, and additional criteria for the analysis results.

    Example Example

    Format:

    Executive Summary

    Type:

    Action Level, Permission Level

    Additional Criteria:

    Include Mitigated Risks
    End of the example.

  6. Choose the Run Risk Analysis pushbutton.

  7. In the Result area, you can choose different ways to view the analysis results.

  8. If you are running a simulation, you can do the following:

    • Choose Cancel if you do not want to save the results of the analysis.

    • Choose Apply if you want to save the results of the analysis. The information is saved to the Risk Violations tab page, and you can view it whenever you open the request. The results are also available to the approver of the request.

  9. On the Risk Violations tab page, you can choose to mitigate any risks.

    Select a risk and choose Mitigate Risk.

More Information

Mitigating Risks