Scribd
Upload
75 views4 pages

Simulation Error

The document discusses configuring and running risk analysis in a GRC 10.0 system. It describes creating functions, business processes, risks, users, and roles, and assigning roles to users. It then explains running risk analysis for a user with a specific role assigned, which should show no risks when simulating that role. Finally, it lists some important repository tables related to users, roles, generated rules, and storing results of online and offline risk analysis.

Uploaded by

nagsri143
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
75 views4 pages

Simulation Error

The document discusses configuring and running risk analysis in a GRC 10.0 system. It describes creating functions, business processes, risks, users, and roles, and assigning roles to users. It then explains running risk analysis for a user with a specific role assigned, which should show no risks when simulating that role. Finally, it lists some important repository tables related to users, roles, generated rules, and storing results of online and offline risk analysis.

Uploaded by

nagsri143
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

As shown below, the following Functions, Business Process and Risks are created in GRC 10.0 system.

We also have created users and roles and assigned the corrresponding roles to the users in the backend
system.

Now when I try to run risk analysis against the user TEST_RISK (role TEST_ROLE_RISK assigned), I get the
following risks (R001 S.O.D risk).
Now when I try to run against the user TEST_RISK (role TEST_ROLE_RISK assigned) and by simulating
against the role (TEST_ROLE_RISK3) and keeping the option Risk from Simulation only


No when I execute keeping the above option, the system should not show me any Risk whether it may
be at Action Level / Permission Level / Critical Action level.



The Fist Step is to make sure that the repository data is synced to the GRC box. Some of the
important repository tables in the GRC system are

GRACUSERCONN
GRACRLCONN

The generated rule for the Risk Id's are stored in the following tables
GRACACTRULE
GRACACTRULEEXT
If you are using the online(ad-hoc) risk analysis the violations will be fetched at run time but if you
are using the Offline risk analysis the result will be stored in the risk analysis result will be stored in
the following tables

Action level violations
GRACUSERACTVL
GRACROLEACTVL
GRACPROFILEACTVL

Permission level violations
GRACUSERPRMVL
GRACROLEPRMVL
GRACPROFILEPRMVL

You might also like