Mitigated Roles 
Use the Mitigated Roles screen to assign mitigating controls to a role.
Prerequisites
You must first define a mitigating control before you can assign it to a role to mitigate an access risk.
Assigning Mitigating Controls to Roles
-
Choose
Mitigated Access 
Mitigated Roles 
.The Mitigated Roles screen appears and displays a list of existing roles to which mitigating controls have been assigned.
-
Choose the Assign pushbutton.
The Roles Mitigation dialog box opens.
-
Enter information in the required fields marked with an asterisk (*) on the screen.
-
Access Risk ID — Select the field to enter the access risk ID.
-
Control ID — Enter the control ID.
-
Monitor — Automatically populated with system data after you choose the control ID.
-
Valid From — Start of the mitigating control period.
-
Valid To — End of the mitigating control period.
-
Status — Choose Active or Inactive from the dropdown list.
-
-
Choose the Add pushbutton to associate a system to the mitigating control.
-
Choose the Add pushbutton to associate a role to the mitigating control.
-
Choose
Submit Close .The mitigating control you assigned is included in the list on the Mitigated Roles screen.
Deleting Mitigating Controls from Roles
-
Choose
Mitigated Access Mitigated Roles .The Mitigated Roles screen appears and displays a list of existing roles to which mitigating controls have been assigned.
-
Select the role you want to delete and choose the Delete pushbutton.
A dialog box opens where you can confirm your decision to delete this mitigating control.
-
Choose the Yes pushbutton.
The mitigating control is removed from the Mitigated Roles screen.