RSA Archer GRC Platform Platform Administrator Guide

Welcome to Administrator Guide

The Administrator Guide is a compilation of topics from the RSA Archer GRC
Platform Help Center organized into an Adobe Portfolio. Topics are organized in
PDF files, similar to the way they are in the Help Center. All PDF files can be
printed and searched individually or as a collection.
The portfolio provides a way to preview the file before actually opening the PDF
file. When you first open the portfolio, the portfolio is displayed in the Layout view
in the viewer. The contents of the portfolio are displayed as thumbnails at the
bottom of page. You can scroll through the thumbnails by clicking the left and right
arrows in the viewer. As you select a thumbnail, the PDF file is displayed in the
viewer. After you open the PDF file, you can peruse its contents using bookmark
links to specific topics in the file.
You can also view the contents of the portfolio by the list of files in the portfolio.
Files in the portfolio are listed alphabetically. To view the list of files, click Files
from the viewer toolbar.
The following is a list of files in the Administrator Guide portfolio:

l Access Control l Management Reporting

l API Resources l Notifications
l Appearance l Packaging
l Applications l Questionnaires
l Calculations l Solutions
l Data Driven Events l Sub-Forms
l Data Feed Manager l Training and Awareness
l Data Imports l User Guide
l Data Publications l Values Lists
l Discussion Forums l Workflows
l Globalization l Workspaces and Dashboards

For additional information about using Adobe Reader, see “View and navigate
PDFs” from the Help menu in Adobe Reader.

Version Details and Supported Browsers

The Platform documentation is compatible with the current release of the software.

Application Version Information

Version 5.4

Welcome to Administrator Guide 1

 RSA Archer GRC Platform Platform Administrator Guide

Released June 2013

Supported Browsers
Internet Explorer 8 or 9
Firefox 19 or 20
*Chrome

Note: Chrome is classified as extended support due in part to the accelerated rate at
which Google releases versions.

Microsoft Silverlight 5

RSA Archer GRC Platform Overview

The Platform provides a simple, yet powerful way, to design, build, and manage
applications that can evolve right along with your business. You can create your
own enterprise-class, security-assured applications, package them into
comprehensive solutions, and deploy them in a way that works for your
organization.
The applications and solutions that you can build with the Platform are limited only
by your imagination. Through drag-and-drop functionality, you can build anything
from project management applications to trouble-ticketing systems to customer
relationship management solutions.
The Platform puts control into the hands of your business people, providing a secure
way to manage and automate processes.

Navigating Through the Portfolio

Navigation is extremely flexible and easy. To view the contents of the portfolio,
click the right and left arrow buttons in the Display panel.

The right arrow advances to the next PDF file in the portfolio.

The left arrow returns to the previously displayed PDF file.

2 Welcome to Administrator Guide

 RSA Archer GRC Platform Platform Administrator Guide

Viewing a File in the Portfolio

You can preview the contents of a file using the up and down arrows that appear
when the PDF file is selected in the display panel. The up arrow returns to the
previously displayed page in the PDF file. The down arrow advances to the next
page in the PDF file.

Opening a File in the Portfolio

There are two ways to open a PDF file in the portfolio:
l You can open the PDF file from the thumbnail in the display panel.
l You can open the PDF file from the Files list.

Open a PDF File in the Display Panel

You can open a PDF file from the display panel.

Procedure
1. Right-click the image of the thumbnail and click Open File.
The thumbnail in the display panel has an Open label on it to indicate the file is
open in another Adobe Reader window.

Welcome to Administrator Guide 3

 RSA Archer GRC Platform Platform Administrator Guide

The PDF file opens in the Adobe Reader.

2. Use the bookmarks in the Bookmark panel to navigate through the PDF file.

Open a PDF File from the Files List

You can open a PDF file from the Files list.

Procedure
1. From the Adobe Reader toolbar, click Files. 
The list of files in the portfolio is displayed. The files are listed alphabetically.
2. Double-click the file you want to open.
The file in the Files list is labeled with Open to indicate the file is open in
another Adobe Reader window.

4 Welcome to Administrator Guide

 RSA Archer GRC Platform Platform Administrator Guide

The PDF file opens in the Adobe Reader.

3. Use the bookmarks in the Bookmark panel to navigate through the PDF file.

View Product Licensing Information

You can view product licensing information from the Licensing Information page or
the Product Licensing Information report.
The Licensing Information dialog box contains general product information along
with the list of licensed solutions and the number of licensed on-demand
applications.
The Product Licensing Information report provides general product information,
such as licensed solutions, licensed users, and the version of the application that
currently is installed.
You can access the following types of information about your company's product
license:
l Number of licensed users
l Effective and expiration dates for the license
l Number of days remaining in the license term
l Installed version of the product
l Licensed RSA Archer eGRC Solutions
l Number of on-demand applications licensed, number in Production status, and
number available

Welcome to Administrator Guide 5

 RSA Archer GRC Platform Platform Administrator Guide

l Number of questionnaires licensed, number in Production status, and number

available
l Support plan

Procedure
Do one of the following:
l View Licensing on the Licensing Information page:
1. Click the Administration workspace.
2. From the Navigation Menu, click Application Builder > Manage
Applications > Licensing Information.

l View Licensing in the Product Licensing Information report:

1. In the top frame, click Reports.
The Master Report Listing page is displayed.
2. Expand the Administration node.
3. Expand the Instance Configuration node.
4. Click Product Licensing.

Document Conventions
The following table describes the document conventions used in the RSA Archer
Help Center.

Convention Description Example

Clear Deselect the checkbox or option If you do not want to define a

button. refresh rate for the iView, clear
Automatic Refresh.

Click Use the mouse to choose a Click the Access tab.

command or option.

Click, Drag, and Use the mouse to choose an
Drop object and then move it to the
appropriate location.
To add a field to the sub-form's
layout, select the field from the
Available Fields list, drag the
selection to the appropriate spot
in the layout and release the
mouse button.

6 Welcome to Administrator Guide

 RSA Archer GRC Platform Platform Administrator Guide

Convention Description Example

Drill Down Obtain more information by Click the pie piece to drill down
clicking an object. into the chart data.

Enter Use the keyboard to input Enter instructional or descriptive

information. text for the field in the Help
Text field.

Select Choose the checkbox or option To set the current theme as the
button. active appearance theme for the
application, select Active
Theme.

Product Terminology
The following tables provide definitions and examples for frequently used terms in
the Platform.

Term Definition Example

Value The smallest unit of data in the Platform.

Values can be selections from an established
list, text entries, dates, and a variety of other
formats.

Field A data collection device that stores a specific

type of value, such as a date or numeric entry.
Fields are displayed as interface controls on the
create/update record page in an application.
The Platform offers a diverse selection of field
types to support a variety of needs.

Record A collection of related field values. Records

can be used to perform a number of tasks
including tracking security incidents, providing
the latest contact information, and
documenting company policies.

Welcome to Administrator Guide 7

 RSA Archer GRC Platform Platform Administrator Guide

Term Definition Example

Application A collection of related records, for example,

incidents, contact information, or policies. All
records in an application have the same layout,
field types, and structure, but may contain
distinct content.

Solution A grouping of applications that work together

to solve a particular business need. For
example, the RSA Archer Incident
Management Solution includes the Contacts,
Facilities, Incidents, Response Procedures, and
Whistleblower applications.

Platform A system feature that enables administrators to

Feature customize the Platform and control access to
the Platform. Examples of Platform features
include Access Control, Application Builder,
and Notifications.

Displaying Information

Term Definition Example

Report A group of records that meet saved search criteria. When

users save search results as a named report, the users are
not actually saving the records displayed in the search
results. Instead, the search criteria that resulted in the
display of those records is saved. When a user runs a
report, all records that meet the report's search criteria at
that moment are displayed.

Chart A graphical display of a report's statistical information.

iView A small window of information that can be presented to

users. iViews can contain embedded URLs, lists of
internal and external links, reports, and other custom
content.

8 Welcome to Administrator Guide

 RSA Archer GRC Platform Platform Administrator Guide

Term Definition Example

Dashboard A container for a distinct set of iViews. Using

dashboards, administrators can organize iViews into sets
of related content for delivery to specific user audiences.

Workspace Displayed as tabs across the top of the screen, providing

users with quick access to information relevant to job
functions.

Locked and Static Elements

To enable Platform customers to more easily receive regular updates and
enhancements to their RSA Archer eGRC Suite products, some elements in the
standard RSA Archer eGRC Solutions, such as Enterprise, Risk, and Compliance
Management, are designated as either "locked" or "static." If an element is
designated as "locked," system administrators cannot delete the element, but some
properties, such as the name or description, can be modified.
For example, if the RSA Archer eGRC Policy Management solution is licensed,
system administrators cannot delete the Baselines application or specific fields in
the application. However, system administrators can change the names of the
elements and add additional content to facilitate business processes. The following
list identifies the types of elements that can be locked in the system:

l Applications l Global Values Lists

l Data Levels l iViews
l Events l Solutions
l Fields l Sub-forms
l Global Reports l Workspaces

Locked elements can be identified by the absence of a Delete icon in the

Actions field on a list page. Locked fields also can be identified by the Locked
Field icon, which is displayed next to the name of the field on the Field tab of the
Manage Applications and Manage Questionnaires pages.
If an element is designated as "static," no properties, other than access to the
element, can be modified and the element cannot be deleted. Fields are the only
element that can be labeled as "static." Static fields also can be identified by the
Static Field icon, which is displayed next to the name of the field on the Fields tab
of the Manage Applications and Manage Questionnaires pages.

Welcome to Administrator Guide 9

 RSA Archer GRC Platform Platform Administrator Guide

Alias Names
Numerous operations in the Platform require references to objects—everything
from solutions, applications, and fields to individual values list values—to specify
the target for a particular activity. One example is mail merge, in which you must
create templates with unambiguous references to individual fields in an application.
Another example is the process of mapping external data to fields in the Data Feed
Manager. To provide a constant name that is also human readable, all Platform
objects, such as workspaces, applications, fields, and notification templates, support
an alias.
An alias is a short name for a unique object in the system that is human readable,
but also can be used in code or as a reference in configuration processes. All alias
names must contain only alphanumeric characters, beginning with a letter and
containing no spaces. The maximum length is 40 characters.
An alias name must be unique in the entity type. The following are additional points
of consideration:
l Field aliases must be unique in the level.
l Values List Value aliases must be unique in a Values List.
l Level, Data Driven Event, Report, and Workflow Stage aliases must be unique
in an application.

You can edit the alias name for non-system provided entities. Alias name for
system-provided entities are read only.

Important: Applications cannot be named "ContentID". Applications with this name

are automatically changed to "Content_ID".

CAUTION: Alias name are used in configuration processes, system processes, and
web service API integrations. Modification of the alias name can cause these
functions to fail.

Set Filter Criteria on List Pages

You can filter listed information. The various types of information, such as text,
numeric, data, values lists, users, groups, and tracking ID, use different types of
filters. For example, the filters available for text values are Contains, Starts With,
Equals, and Not Equals. You can apply more than one type of filter at a time,
causing these filters to work together in a Boolean AND manner. For example, if
you select Policy Management in the Solutions field, Core Applications in the Type
field, and Development in the Status field, the search results return only the
applications that meet all three criteria.

Note: The filter criteria resets to the default setting upon leaving the list page.

10 Welcome to Administrator Guide

 RSA Archer GRC Platform Platform Administrator Guide

Procedure
1. Hover your mouse over the column that you want to filter and click .
2. Select the type of filter that you want to apply.
3. Enter the filter criteria.
4. To apply the filter criteria to the listing, click Filter.

Rich Text Editor Toolbar

When you are working in a text box of a Text Area field, the Rich Text Editor
toolbar is displayed at the top of the page, enabling you to format the appearance of
field content, check spelling, add links, and more. The toolbar supports standard
keyboard shortcuts for most common tasks, such as CTRL + C for copy and CTRL
+ V for paste.

Note: When a user's locale is assigned to use a double-byte character set, for
example, Japanese, the Rich Text Editor toolbar is not displayed. Instead, text is
displayed and can be entered in plain text. You can format the appearance of the
content in the text fields using HTML tags. Additionally, you can paste fully
formatted text into the text area.

The following figure shows the toolbar.

The following table describes the tools available in the toolbar.

Icon Description

The Find and Replace tool enables you to search for a text
string and replace the string with a different text string.

The Spell Check tool allows you to perform spell-checking

across all rich text fields on the current page. When you click
this tool, the Spell Check dialog box, which contains
traditional spell-checking and correction controls, opens.

The Cut tool deletes the currently selected text but retains a
copy of the text in the system clipboard. Text that is cut from a
field remains available for pasting until the clipboard content is
replaced by another copy or cut operation.

Welcome to Administrator Guide 11

 RSA Archer GRC Platform Platform Administrator Guide

Icon Description

The Copy tool enables you to place a copy of the currently

selected text in the system clipboard. Text that is copied from a
field remains available for pasting until the clipboard content is
replaced by another copy or cut operation.

The Paste tool enables you to paste the contents of the system
clipboard into the rich text field at the current insertion point,
automatically stripping all HTML and other formatting and
leaving only plain text. All line breaks are converted to <br>
tags and all other HTML tags are removed.

The Undo tool allows you to reverse the previous action or

keystroke from within a Text Area field.

The Redo tool allows you to reverse the effects of an "Undo"

command.

The Image Manager tool enables you to view, organize, and

edit images and upload images to the field.

The Font Family tool provides a drop-down list that specifies

font types, which can be used to format the currently selected
text.

The Font Size tool provides a drop-down list that specifies a

selection of font sizes, which can be used to format the
currently selected text.

The Bold tool allows you to apply bold formatting to the

currently selected text. If the selected text already is bold,
clicking the Bold tool removes the bold formatting from the
text.

The Italic tool allows you to apply italic formatting to the

currently selected text. If the selected text already is italicized,
clicking the Italic tool removes the italic formatting from the
text.

The Underline tool allows you to underline the currently

selected text. If the selected text already is underlined, clicking
the Underline tool removes the underlining from the text.

The Superscript tool enables you to cause the currently selected

text, or the text entered following the insertion point after
clicking the tool, to appear slightly above the baseline. If the

12 Welcome to Administrator Guide

 RSA Archer GRC Platform Platform Administrator Guide

Icon Description

selected text already has superscript formatting, clicking the

Superscript tool removes this formatting.

The Subscript tool enables you to cause the currently selected

text, or the text entered following the insertion point after
clicking the tool, to appear slightly below the baseline. If the
selected text already has subscript formatting, clicking the
Subscript tool removes this formatting.

The Text Color tool allows you to change the color of the
currently selected text. The tool face always displays an
example "swatch" of the most recently applied text color. To
change the color selection, click the drop-down arrow to the
right of the tool. The Color Selector dialog box opens. Select a
color, and the dialog box automatically closes.

The Background Color tool allows you to change the highlight

color of the currently selected text. The tool face always
displays an example "swatch" of the most recently applied text
color. To change the color selection, click the drop-down arrow
to the right of the tool. The Color Selector dialog box opens.
Select a color, and the dialog box automatically closes.

The Align Left tool allows you to align the currently selected
paragraphs with the left margin.

The Align Center tool allows you to center align the currently
selected paragraphs.

The Align Right tool allows you to align the currently selected
paragraphs with the right margin.

The Unordered List tool enables you to apply bullets to the

currently selected paragraphs. If the selected text is already
bulleted, clicking the Unordered List tool removes the bullets.

The Ordered List tool enables you to apply automatic paragraph

numbering to the currently selected paragraphs. If the selected
text is already numbered, clicking the Ordered List tool
removes the numbering.

The Indent tool allows you to indent the selected paragraphs

one step to the right. To indent the paragraphs more than one
step, click the tool again.

Welcome to Administrator Guide 13

 RSA Archer GRC Platform Platform Administrator Guide

Icon Description

The Outdent tool allows you to decrease the current indenting

for the selected paragraphs by one step to the left. If the
selected paragraphs are not indented, clicking this tool has no
effect.

The Insert Date tool allows you to insert the current date at the
current insertion point.

The Insert Custom Character tool allows you to insert special

symbols into the field. Clicking the tool and then clicking a
symbol from the Select custom character dialog box inserts that
symbol into the text at the current insertion point. The dialog
box includes currency, legal, math, and other symbol characters.

The Hyperlink Manager tool enables you to link the currently

selected text to an external FTP, HTTP, or HTTPS site or an
email address (External Link tab), or to an internal page, record,
or workspace (Internal Link tab). When you click the tool, the
Insert/edit link dialog box opens, where you can enter a URL
for an external hyperlink or select from a list of available
internal links.

The Unlink tool allows you to remove the hyperlink from the
currently selected text.

14 Welcome to Administrator Guide

RSA Archer GRC Platform 5.4
Access Control
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Access Control

Contents

Preface 5
About this Guide 5
User Accounts 5
Access Roles 5
Security Parameters 6
User Groups 6
LDAP Synchronization 6
Alias Names 7
Product Documentation 8
Support and Service 8
Chapter 1: Users 11
Managing Users 11
Add a User 11
Define User Account General Information 13
Change User Account Domain 13
Update User Account Contact Information 14
Change User Time Zone and Locale 15
Time Zones 15
Change User Account Status 17
View User Logon History 17
Change User Account Password 18
Require a User Password Change 18
Assign a Security Parameter to a User 19
Manage User Subscriptions to Notifications 19
Enter Notes Related to a User Account 20
Enroll a User in a Group 21
Assign an Access Role to a User 22
End an Active User Session 23
Delete a User Account 24
User Account Status 25
Chapter 2: Access Roles 27
Managing Access Roles 27
Add an Access Role 28
Update the General Properties of an Access Role 29
Assign a Group to an Access Role 29
Specify the Rights to an Access Role 30
Delete an Access Role 31
Access Role Privileges 31
Chapter 3: Security Parameters 33
Managing Security Parameters 33
Add a Security Parameter 33
Define the General Properties of a Security Parameter 34
Define the Password Properties for a Security Parameter 35
Establish Authorization Properties 36

3
 RSA Archer GRC Platform Access Control

Delete a Security Parameter 38

Chapter 4: Groups 41
Managing Groups 41
Add a Group 41
Update the General Properties of a Group 42
Define a Group's Membership 42
Nest a Group Under a Parent Group 43
Delete a Group 44
Chapter 5: LDAP Configurations 45
Managing LDAP Configurations 45
Add an LDAP Configuration 46
Update the General Information of LDAP Configuration 47
Configure the LDAP Directory Properties 48
Configure the LDAP Synchronization Properties 52
Run LDAP Synchronization 56
View the LDAP Synchronization Report 57
Cancel LDAP Synchronization 58
Delete an LDAP Configuration 58
LDAP Synchronization Status 59
Chapter 6: Reports 61
Access Control Reports 61

4
 RSA Archer GRC Platform Access Control

Preface

About this Guide

The Access Control feature enables administrators to allow or prohibit user access
to the Platform, as well as to applications and pages within the system. This feature
offers controls for creating and managing user accounts, configuring access roles,
managing security parameters, organizing user accounts into groups, and integrating
with an organization's Lightweight Directory Access Protocol (LDAP) server.
In addition, the Access Control feature provides a variety of reports to help
administrators track new user accounts, failed logon attempts, inactive accounts,
password changes, system configuration, and other user-related details.
Aliases provide references to objects so certain operations in the Platformcan
identify the target for a particular activity. Examples of such operations include
mail merges and data feeds.

User Accounts
To log on to the Platform, a user must have a Platform account. The properties of a
user account include the user's profile, account password, access rights within the
system, and group memberships. Access Control administrators can modify the
properties of any user account.

Access Roles
An access role is a collection of application-level and page-level rights that an
administrator creates and assigns to any number of users and groups to control their
privileges (create, read, update, and delete) for individual pages within the system.
Examples of access roles include General User, which might allow access only to
applications, and Administrative User, which might allow access only to features
such as Access Control and Application Builder.
The Access Control feature also includes a special access role called System
Administrator, which cannot be deleted or modified. The System Administrator role
grants users unrestricted access to all system features and to all records stored in
applications, including records enrolled in content review. Only users who have
already been designated as System Administrators can assign the System
Administrator role to other users.

Preface 5
 RSA Archer GRC Platform Access Control

An administrator can assign any number of access roles to a user. To simplify the
process of assigning permissions, the administrator can associate groups of users
with access roles. If the administrator assigns more than one role to a user or group,
the user or group has all of the privileges associated with the assigned access roles.
For example, if one role grants create, read, and update privileges in the Policies
applications and a second role grants only delete privileges, a user who is assigned
both roles possesses create, read, update, and delete privileges in the Policies
applications.

Security Parameters
In contrast to an access role, which is a collection of rights or privileges, a security
parameter is a collection of rules. A security parameter determines a user's
password creation restrictions, account lockout duration, allowable grace logons,
session time-out behavior, and active session time frames. Administrators can
create any number of security parameters, but only one parameter is assigned to
each user. A security parameter can be designated as the default parameter that is
used when new user accounts are created.

User Groups
Access Control administrators can create groups of application users for the
purpose of organizing user accounts and simplifying tasks within the system. A user
group is a collection of user accounts that can be constructed based on any criteria
appropriate for the organization. For example, an administrator might choose to
construct groups based on organizational structure or geographic placement of
operations.
Groups can also be nested to create a hierarchical structure of groups and
subgroups. For example, an administrator might create a Sales group that includes
all user accounts for members of the organization's Sales team. Nested under the
Sales group, the administrator can create subgroups, such as Midwest Sales Team
and East Coast Sales Team.
By organizing users into groups, many key tasks in the system can be streamlined,
as the following examples illustrate:
l Assign access rights at the application, page, record, and field level to groups of
users rather than individual users.
l Enroll an entire group in a discussion forum with a single click of the mouse.
l Send a Training and Awareness event to members of a specific group, such as
the Incident Investigation group.

LDAP Synchronization
The Lightweight Directory Access Protocol (LDAP) enables an organization to
streamline the administration of user accounts and groups by automatically
synchronizing them with the user and group information stored on an LDAP server
that already may exist in the organization's technology infrastructure.

6 Preface
 RSA Archer GRC Platform Access Control

Alias Names
Numerous operations in the Platform require references to objects—everything
from solutions, applications, and fields to individual values list values—to specify
the target for a particular activity. One example is mail merge, in which you must
create templates with unambiguous references to individual fields in an application.
Another example is the process of mapping external data to fields in the Data Feed
Manager. To provide a constant name that is also human readable, all Platform
objects, such as workspaces, applications, fields, and notification templates, support
an alias.
An alias is a short name for a unique object in the system that is human readable,
but also can be used in code or as a reference in configuration processes. All alias
names must contain only alphanumeric characters, beginning with a letter and
containing no spaces. The maximum length is 40 characters.
An alias name must be unique in the entity type. The following are additional points
of consideration:
l Field aliases must be unique in the level.
l Values List Value aliases must be unique in a Values List.
l Level, Data Driven Event, Report, and Workflow Stage aliases must be unique
in an application.

You can edit the alias name for non-system provided entities. Alias name for
system-provided entities are read only.

Important: Applications cannot be named "ContentID". Applications with this name

are automatically changed to "Content_ID".

CAUTION: Alias name are used in configuration processes, system processes, and
web service API integrations. Modification of the alias name can cause these
functions to fail.

Preface 7
 RSA Archer GRC Platform Access Control

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

8 Preface
 RSA Archer GRC Platform Access Control

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 9
 RSA Archer GRC Platform Access Control

Chapter 1: Users

Managing Users
Each user must have an account in the Platform to log on to the system. The
properties of a user account include the user profile, access rights within the
system, group memberships, notification subscriptions, and account password.
Access Control administrators can modify the properties of any user account.

Note: To determine how many user accounts are included in the Platform at any
given time, export the User Accounts All report to a .csv file and note the number
of line items in the spreadsheet.

You can perform the following user management tasks:

l Add a User
l Define User Account General Information
l Change User Account Domain
l Update User Account Contact Information
l Change User Time Zone and Locale
l Change User Account Status
l View User Logon History
l Change User Account Password
l Require User Password Change
l Assign a Security Parameter to a User
l Manage User Subscriptions to Notifications
l Enter Notes Related to a User Account
l Enroll a User in a Group
l Assign an Access Role to a User
l End an Active User Session
l Delete a User Account

Add a User
Complete this task to create new user accounts and to specify the properties of the
accounts.

Chapter 1: Users 11
 RSA Archer GRC Platform Access Control

Procedure
1. Navigate to the Manage Users page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
2. Click Add New.
The Manage User page is displayed.
3. On the General Information tab, in the General Information section, enter
the name of the user in the following fields:
l First Name
l (optional) Middle Name
l Last Name
4. In the Account Maintenance section, complete Enter and Confirm in the
Password field.
The password must conform to the default security parameter password rules.
Also the entries must exactly match.
5. (Optional) Select the Send user a notification with password information
checkbox if you want the Platform to send the user an email containing the
password information.
The Default Email address is used for the notification email. for more
information see Update User Account Contact Information.

Note: If you do not select this checkbox, then be certain to inform the user of
the new password.

6. Click Apply.

Next Steps
To complete the configuration of the new user account, see the following:
l Define User Account General Information
l Change User Account Domain
l Update User Account Contact Information
l Change User Time Zone and Locale
l Change User Account Status
l Require User Password Change
l Assign a Security Parameter to a User
l Manage User Subscriptions to Notifications
l Enter Notes Related to a User Account

12 Chapter 1: Users
 RSA Archer GRC Platform Access Control

l Enroll a User in a Group

l Assign an Access Role to a User

Define User Account General Information

Complete this task to change the general information of a user account, including
the system-generated user name.
The user name is the name that the user enters when logging on to the Platform.

Note: The system-generated user name is seven characters long, all lowercase. The
user name contains the first six characters of the Last Name field followed by the
first character of the First Name field. If the Last Name field is fewer than six
characters, the system appends additional characters from the First Name field to
make a seven-character user name. If the user name is not unique in the domain,
the system appends a number (up to 999) to the end of the name to make the name
unique.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. (Optional) On the General Information tab, in the General Information
section, change the name of the user in the following fields:
l First Name
l (optional) Middle Name
l Last Name
3. (Optional) To modify the system-generated user name, change the name in the
User Name field.
The user name must be unique in the domain.
4. Click Apply.

Change User Account Domain

Complete this task to select the domain to associate with a user account if your
Platform instance has one or more Lightweight Directory Access Protocol (LDAP)
configurations defined.

Before You Begin

See Managing LDAP Configurations.

Chapter 1: Users 13
 RSA Archer GRC Platform Access Control

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the General Information section, from the
User Domain list, select the appropriate domain.

Note: To use the Archer domain, select No Domain.

3. Click Apply.

Update User Account Contact Information

Complete this task to enter or modify contact information for a user.
At least one email address is required for configuring email notifications for the
user's account. You can enter up to five email addresses, enabling the user to
configure a notification subscription to send emails to alternate or multiple
accounts.

Note: Users can modify their own contact information from the Preferences menu.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. (Optional) On the General Information tab, in the Contact Information
section, complete the following fields:
l Address
l Company
l Title
3. (Optional) In the email fields, enter the email addresses used by the user. For
each email address that you enter, select an address type from the related list.

Note: The value in Default Email is used throughout the Platform when a user's
email is required, for example, when instructions are sent for resetting a
password from the User Login page.

14 Chapter 1: Users
 RSA Archer GRC Platform Access Control

An email address must contain one "at" symbol (@) and at least one dot
(period).
4. (Optional) In the phone fields, enter the phone numbers used by the user. For
each phone number that you enter, select a phone type from the related list.
5. Click Apply.

Change User Time Zone and Locale

Complete this task to change a user account time zone and locale to match the
current location of the user.
The system automatically assigns the Central Time (US & Canada) time zone and
the Default Locale to each new user account. The Locale setting establishes the
language of the user interface and Help Center.

Note: Users can change the time zone and locale assigned to their accounts from
the Preferences menu.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the Localization section, from the Time
Zone list, select the user's current time zone.
3. From the Locale list, select the user's current location.

Note: When the Default Locale option is selected, the location is determined by
the Locale setting in the RSA Archer Control Panel.

4. Click Apply.

Time Zones
The default time zone is stored in the Platform as Coordinated Universal Time
(UTC), also referred to as Greenwich Mean Time (GMT). The Platform uses this
time standard for converting time and dates based on the instance or user locale. All
time is stored as UTC and converted based on the time zone of the user.
Each user account has a time zone associated with it. The Platform uses this time
zone to standardize dates and times entered by a user. When a date field includes
the time component, the time zone is used so that the date and time can be stored in
the database as UTC and displayed to other users based on the time zone associated
with the User Profile of the other user.

Chapter 1: Users 15
 RSA Archer GRC Platform Access Control

All values for date fields entered in the Platform are stored in the database as UTC.
However, the Display Control type determines how the Platform handles time.
l For Date only, the Platform truncates the time.
l For Date and Time, the Platform converts the time based on the time zone
associated with the user profile.

Example 1: Date Only

Scenario User 1 is in time zone (GMT-6:00) Central Time (US & Canada).

User 2 is in time zone (GMT+5:30) Chennai, Kolkata, Mumbai, New
Delhi.

User 1 enters the date 11/14/2012 in record A.

The date is stored in the database as 11/14/2012 00:00:00 UTC.

User 2 accesses record A and sees 11/14/2012 as the date.

Because the field is Date only, the time is truncated and is shown to
the user as the date stored without time.

Example 2: Date and Time

Scenario User 1 is in time zone (GMT-6:00) Central Time (US & Canada).

User 2 is in time zone (GMT+5:30) Chennai, Kolkata, Mumbai, New
Delhi.

User 1 enters the date 11/14/2012 and the time 10:13 P.M. in record A.
The date and time are converted based on the time zone of user 1. As a
result the date and time are stored in the database as 11/15/2012
04:13:00 UTC.

User 2 accesses record A and sees 11/15/2012 9:43:00 A.M.

Because the field is Date and Time, the date and time are converted
from UTC to the time zone of user 2.

Data feeds and calculated fields use UTC. Using the previous example in a
calculated field with the DATEFORMAT function, the date and time is displayed
as 8/15/2012 04:13:00 UTC for all users regardless of their time zone. The date and
time are stored in a text field. When the date and time is stored in a text field, the
data is not converted because the Platform recognizes as only text.
The DATEFORMAT(NOW(),"yyyy-MM-dd hh:mm tt") function displays the
current date and time in UTC in the desired format. If you want to store it in a Date
Field with time enabled, convert the literal to a date time serial value.

16 Chapter 1: Users
 RSA Archer GRC Platform Access Control

DATETIMEVALUE(DATEFORMAT(NOW(),”yyyy-MM-dd hh:mm tt”)) displays

the current date and time converted from UTC to the current time zone of the user
because the data is being displayed in a Date field with time enabled.
A time zone is required when creating schedules to run processes like data feeds
and scheduled recalculations. If the time zone is not specified, the default time zone
for the instance is used. This time zone is set up in RSA Archer Control Panel
during the initial installation. For more information, see the "RSA Archer Control
Panel Help."

Change User Account Status

Complete this task to activate, inactivate, or lock user accounts.

Before You Begin

See User Account Status.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the Account Maintenance section, from
the Status list, select the appropriate status.
3. Click Apply.

View User Logon History

Complete this task to view a list of logon sessions for a user. The list contains the
dates and times when the user logged on and the active length of each of the user's
logon sessions.

Procedure
1. Navigate to the Manage Users page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
2. Click the user account that you want to view.
3. On the General Information tab, in the Account Maintenance section, click
the link in the Last Login field.
The Login History page is displayed.

Chapter 1: Users 17
 RSA Archer GRC Platform Access Control

Change User Account Password

Complete this task to change the password of an existing user account at any time.
When changing a password, be certain to inform the user of the change, and make
careful note of the case of the characters in the new password because the user is
required to match the case correctly when logging on.
When you change a user account password, the security parameter Previous
Passwords Disallowed is not enforced. Therefore, you can assign any password to
the user, regardless of whether the user has recently used that password.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the Account Maintenance section, click
Change Password.
3. In the Change Your Password dialog box, complete the following:
a. In the New Password field, enter the password that you want to assign to
the user account. The password must conform to the security parameter
password rules assigned to this account.
b. In the Retype Password field, re-enter the new password that you want to
assign to the user account. The entry must exactly match the password that
you entered in the preceding field.
c. Click OK.
4. Click Apply.

Require a User Password Change

Complete this task to require users to change their passwords the next time that they
log on to the Platform. When you create a new user account, the default option is to
force a password change, but you can override this setting.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.

18 Chapter 1: Users
 RSA Archer GRC Platform Access Control

2. On the General Information tab, in the Account Maintenance section, select

Force Password Change on Next Sign-In.

Note: If you are creating a new user account, the option is enforced the first
time that the user logs on. After the user logs on and changes the password, this
checkbox automatically clears.

3. Click Apply.

Assign a Security Parameter to a User

Complete this task to assign predefined security parameters to users for quickly
enforcing password length and character requirements, schedule password changes,
define account lockout and deactivation periods, and determine when users are
allowed to have active sessions within the Platform.

Before You Begin

l See Managing Security Parameters.
l Add a Security Parameter.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the Account Maintenance section, from
the Security Parameter list, select the parameter that you want to assign to the
user.
3. (Optional)View the properties of the selected security parameter:
a. In the Security Parameter Detail field, click View Security Parameter.
b. Click OK.
4. Click Apply.

Manage User Subscriptions to Notifications

Complete this task to view, change, and remove subscription notifications for a
user.

Chapter 1: Users 19
 RSA Archer GRC Platform Access Control

Before You Begin

l Learn about subscription notifications.
l Add a new subscription notification to the user account.
l Add an email address to the user account. See Update User Account Contact
Information.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the Account Maintenance section, in the
Notifications Subscriptions field, click the Manage Notifications
Subscriptions link.
The Manage Your Email Subscriptions page is displayed.
3. To subscribe or unsubscribe to an email notification, in the Subscribed column,
select or clear the checkboxes that correspond to the appropriate subscription
notifications.
4. Click Save.

Enter Notes Related to a User Account

Complete this task to add free-form notes to a user account. These notes are
displayed when users click a linked user name within the system to view the user's
profile.
Examples for using the Account Notes field include listing hours of availability or
preferences for how the user should be contacted.

Before You Begin

Learn about the Rich Text Editor toolbar options.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. On the General Information tab, in the Account Notes section, enter notes
and additional information related to the user account.

20 Chapter 1: Users
 RSA Archer GRC Platform Access Control

3. (Optional) Use the options in the Rich Text Editor toolbar to format the text.
4. Click Apply.

Enroll a User in a Group

Complete this task to assign individual users to one or more groups.

Important: If a group is created through LDAP synchronization, you cannot use the
Access Control feature to add or remove the group enrollment. To add or remove a
user from an LDAP group, you must make the appropriate changes within your
LDAP directory and then run a data synchronization. For more information, see
Managing LDAP Configurations.

Before You Begin

See Managing Groups.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.
2. Click the Groups tab.

Note: By default, a plus sign is displayed next to each group and subgroup in the
list. If a group does not have a subgroup, the plus sign disappears after you click
the sign.

3. Add groups to the user account:

a. Click Lookup.
b. In the Available list, expand the Groups tree and select the group.
The group is displayed in the Selected list.

Note: To search for a specific item, enter the item name in the Find field
and, if applicable, select the type from the adjacent list. Click . The
results of your search are displayed in the Available list of the Search
Results node.

c. (Optional) To remove a group from the Selected list, click for the group
that you want to remove from the list.
d. Click OK.
4. (Optional) To remove a group from the user account, in the Actions column,

Chapter 1: Users 21
 RSA Archer GRC Platform Access Control

click for the group that you want to remove.

5. Click Apply.

Assign an Access Role to a User

Complete this task to control the user privileges for create, read, update, and delete
in individual application pages by assigning predefined access roles to the users.
You can assign an access role to any number of users, and users can have more
than one access role.
You can assign access roles to users in one of the following ways:
l Assign access roles to individual users, as described in this topic.
l Automatically assign roles to multiple users at the same time by associating the
roles with groups of users. For instructions on linking groups to access roles, see
Assign a Group to an Access Role.

Before You Begin

l See Managing Access Roles.
l Add an Access Role.

Procedure
1. Select the user account that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
c. Click the user account.

22 Chapter 1: Users
 RSA Archer GRC Platform Access Control

2. Click the Roles tab.

3. To add roles to a user account, do the following:
a. Click Lookup.
b. In the Available list, expand the Roles tree and select the role.
The role is displayed in the Selected list.

Note: To search for a specific role, enter the role name in the Find field
and, if applicable, select the type from the adjacent list. Click . The
results of your search are displayed in the Available list in the Search
Results node.

c. (Optional) To remove a role from the Selected list, click for the access
role that you want to remove from the list.
d. Click OK.
4. (Optional) To remove a role from the user account, in the Action column, click
for the access role that you want to remove.

Note: You only can remove roles in which the Assignment Method is set to
Manual.

5. Click Apply.

End an Active User Session

Complete this task to end an active user session. The user is logged off from the
system immediately and must log back on to continue working.

Procedure
1. Navigate to the Manage Users page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
2. Click the row of the user account that you want to log off and view the
description.

Note: If the user is currently logged on to the system, a checkmark is displayed

in the Logged In column.

3. In the Actions column, click for the user account that you want to log off.

Chapter 1: Users 23
 RSA Archer GRC Platform Access Control

Delete a User Account

Complete this task to delete a user account. When you delete a user account, the
user can no longer log on to the Platform. The user name is no longer available for
selection in the User/Groups List and Record Permissions fields. In saved records
where the user name has been selected in a User/Groups List or Record
Permissions field, the user name is removed.
After you have deleted a user account, you can reuse the associated user name for
another account, or you can re-create the deleted account and assign the same user
name that was used in the original account.

Procedure
1. Navigate to the Manage Users page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Users.
2. Click the row of the user account that you want to delete and view the
description.

3. In the Actions column, click for the user account that you want to delete.
4. When prompted to confirm the deletion, click OK.

24 Chapter 1: Users
 RSA Archer GRC Platform Access Control

User Account Status

The following table describes the types of status that can be assigned to user
accounts.

Status Description

Active The user can log on to the system.

Inactive The user cannot log on to the system. In addition, the user does not
receive alert notifications triggered by notification templates to
which the user is subscribed.
An administrator can manually set a user account to Inactive. A user
account can be automatically deactivated if the user has not logged
on to the system within the maximum time of account inactivity.
The Automatic Account Deactivation field within the user's security
parameter defines the number of days that a user account can remain
inactive before the system deactivates the account.

Locked The user cannot log on to the system. However, the user continues
to receive alert notifications triggered by notification templates to
which the user is subscribed.
An administrator can manually set a user account to Locked. A user
account can be automatically locked if the user exceeds the
maximum number of failed logon attempts defined by the user's
security parameter. For example, if a user's security parameter allows
three failed logon attempts and the user incorrectly enters an invalid
password four times while attempting to log on, the system locks
the user account.

Chapter 1: Users 25
 RSA Archer GRC Platform Access Control

Chapter 2: Access Roles

Managing Access Roles

An access role is a collection of application-level and page-level rights that an
administrator can create and assign to any number of users and groups to control
user privileges (create, read, update, and delete) for individual pages within the
Platform. Examples of access roles include General User, which can allow access
only to applications, and Administrative User, which can allow access only to
Platform features.
The Access Control feature also includes a special access role called System
Administrator, which cannot be deleted or modified. The System Administrator role
grants users unrestricted access to all system features and to all records stored in
applications, including records enrolled in content review. Only users who have
already been designated as System Administrators can assign the System
Administrator role to other users.
As an administrator, you can assign any number of access roles to a user. You also
can associate a group of users with access roles to simplify the process of assigning
permissions. If you assign more than one role to a user or group, the user or group
has all of the privileges associated with the assigned access roles. For example, if
one role grants create, read, and update privileges to a user in a specific
application, and a second role grants only delete privileges, the user has create,
read, update, and delete privileges in the application.
When a user becomes a member of a group with an associated role, whether
through LDAP synchronization or manual group management, the user
automatically receives the permissions of the role. For example, a Policy
Administrators group with an associated role that grants create, read, and update
privileges to the Policies application, all members of the group are granted the
appropriate access rights to carry out their policy-related job functions.

Note: As the number of users, groups, and applications increases, keeping track of
who has access to what becomes more complex. Best practices recommend
simplifying the process. Start by creating granular access roles for each of your
applications, for example, Policy Administrator, Policy Author, and Policy Reader.
Granting access to new or existing users and groups then becomes as simple as
selecting from a list of predefined roles.

In contrast to an access role, which is a collection of rights or privileges, a security

parameter is a collection of rules. A security parameter determines a user's
password creation restrictions, account lockout duration, allowable grace logons,
session time-out behavior, and active session time frames. Administrators can
create any number of security parameters, but only one parameter is assigned to
each user.

Chapter 2: Access Roles 27

 RSA Archer GRC Platform Access Control

You can perform the following access role tasks:

l Add an Access Role
l Update the General Properties of an Access Role
l Assign a Group to an Access Role
l Specify the Rights to an Access Role
l Delete an Access Role

Add an Access Role

Complete this task to create access roles for controlling the privileges of users and
groups. An access role is a collection of page-level privileges (create, read, update,
and delete) that controls access to individual pages in the Platform.

Procedure
1. Navigate to the Manage Access Roles page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Access
Roles.
2. Click Add New.
3. Do one of the following:
l To use the settings of an existing access role as a starting point for the new
access role, select Copy an existing Access Role and then select the
existing access role from the Access Role list.
l To select new settings for the access role, select Create a new Access Role
from scratch.
4. Click OK.
5. On the General tab, do the following:
a. In the Name field, enter the name of the new access role.
b. (Optional) In the Description field, enter a brief description of the access
role.

Note: The description is for internal use only and is not visible to end users.

6. Click Apply.

Next Steps
To complete the configuration of the new access role, see the following:

28 Chapter 2: Access Roles

 RSA Archer GRC Platform Access Control

l Update the General Properties of an Access Role

l Assign a Group to an Access Role
l Specify the Rights to an Access Role

Update the General Properties of an Access Role

Complete this task to update the general properties of an access role, including the
system-generated alias.
Aliases provide references to objects so that certain operations in the Platform can
identify the target for a particular activity. Examples of such operations include
mail merges and data feeds. For more information, see Alias Names.

Procedure
1. Select the access role that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Access
Roles.
c. Click the access role.
2. Click the General tab.
3. (Optional) In the General Information section, complete any of the following:
l In the Name field, change the name of the access role.
l In the Description field, enter a brief description of the access role.

Note: The description is for internal use only and is not visible to end users.

l To modify the system-generated alias, change the value in the Alias field.
4. (Optional) To define the access role as the default role that is assigned to new
users, in the Default Access Role section, select Assign as Default.

Note: Only one access role can be selected as the default.

5. Click Apply.

Assign a Group to an Access Role

Complete this task to quickly assign create, read, update, and delete privileges to
multiple users by associating groups with access roles.

Note: If you associate a group with an access role and the group contains
subgroups, the subgroups are not associated with the access role. To associate
subgroups with an access role, you must select the subgroups.

Chapter 2: Access Roles 29

 RSA Archer GRC Platform Access Control

Before You Begin

Learn about groups. See Managing Groups.

Procedure
1. Select the access role that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Access
Roles.
c. Click the access role.
2. Click the General tab.
3. In the Group Assignments section, do the following:
a. Select Assign.
The Group Assignments section expands to enable you to search for and
select groups.
b. Under Available, select the group or groups to assign to the access role.
The selected groups are displayed under Selected.

Note: To search for a specific item, enter the item name in the Find field
and, if applicable, select the type from the adjacent list. Click . The
results of your search are displayed in the Available list of the Search
Results node.

c. (Optional) To remove a group from the Selected list, click for the access
role that you want to remove from the list.
4. Click Apply.

Specify the Rights to an Access Role

Complete this task to create access roles that you can later assign to users and
groups to control their privileges (create, read, update, and delete) for individual
pages in the Platform. An access role is a collection of page-level privileges that
can be assigned to any number of users or groups.

Procedure
1. Select the access role that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Access
Roles.
c. Click the access role.

30 Chapter 2: Access Roles

 RSA Archer GRC Platform Access Control

2. Click the Rights tab.

The Page Rights section displays all available solutions, applications, and
pages.
3. Select or clear the checkboxes that correspond to the appropriate rights for each
page. See Access Role Privileges.
4. Click Apply.

Delete an Access Role

Complete this task to delete an access role that is no longer needed.

Note: You cannot delete the default access role. To delete the default access role,
you must first assign another access role as the default access role.

Procedure
1. Navigate to the Manage Access Roles page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Access
Roles.
2. Click the row of the access role that you want to delete.

3. In the Actions column, click for the access role that you want to delete.
CAUTION: Deleting an access role is permanent. You cannot recover a deleted
access role. Users and groups that were assigned the deleted access role lose
the privileges of the access role.

4. When prompted to confirm the deletion, click OK.

Access Role Privileges

The following table describes the page-level privileges that can be granted to a user
or group through an access role.

Privilege Description

Create Create new content on a page, such as records, fields, notification

templates, and content review stages.

Read Read existing content on a page, such as records, fields, notification

templates, and content review stages.

Update Modify existing content on a page, such as records, fields, notification

templates, and content review stages.

Chapter 2: Access Roles 31

 RSA Archer GRC Platform Access Control

Privilege Description

Delete Delete page content.

32 Chapter 2: Access Roles

 RSA Archer GRC Platform Access Control

Chapter 3: Security Parameters

Managing Security Parameters

Security parameters enable you to control end-user access to the Platform and to
individual pages. You can create any number of unique security parameters.
While access roles control page-level privileges (create, read, update, and delete),
security parameters specify rules for password creation, password change
enforcement, account lockout duration, session time-out behavior, and active
session restrictions. These parameters include account lockout duration, session
time-out behavior, active session restrictions, and sync alert behaviors.

Note: If your organization leverages a single sign-on (SSO) solution, most security
parameter settings are irrelevant because your network enforces password
expiration, account lockout, time frames, and password strength requirements for
you. After successfully authenticating, SSO solution users can access the Platform.

Complete all tasks to define security parameters:

l Add a Security Parameter
l Define the General Properties of a Security Parameter
l Define the Password Properties for a Security Parameter
l Establish Authorization Properties
l Delete a Security Parameter

Add a Security Parameter

Complete this task to create security parameters that specify rules for the following:
l Password creation
l Password change enforcement
l Account lockout duration
l Session time-out behavior
l Active session restrictions

Procedure
1. Navigate to the Manage Security Parameters page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Security
Parameters.

Chapter 3: Security Parameters 33

 RSA Archer GRC Platform Access Control

2. Click Add New.

3. Do one of the following:
l To use the settings of an existing security parameter as a starting point for
the new security parameter, select Copy an existing Security Parameter
and then select the existing security parameter from the Security Parameter
list.
l To select new settings for the security parameter, select Create a new
Security Parameter from scratch.
4. Click OK.
5. In the General Information section, in the Name field, enter the name of the
new security parameter.
6. (Optional) In the Description field, enter a brief description of the security
parameter.

Note: The description is for internal use only and is not visible to end users.

7. Click Apply.

Next Steps
To complete the configuration of the new security parameter, see the following:
l Define the General Properties of a Security Parameter
l Define the Password Properties for a Security Parameter
l Establish Authorization Properties

Define the General Properties of a Security Parameter

Complete this task to update the general properties of a security parameter,
including the system-generated alias.
Aliases provide references to objects so certain operations in the Platformcan
identify the target for a particular activity. Examples of such operations include
mail merges and data feeds. For more information, see Alias Names.

Before You Begin

Add a Security Parameter

Procedure
1. Select the security parameter that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Security

34 Chapter 3: Security Parameters

 RSA Archer GRC Platform Access Control

Parameters.
c. Click the security parameter.
2. Complete the General Information section:
a. In the Name field, change the name of the security parameter.
b. (Optional) In the Description field, enter a brief description of the security
parameter.

Note: The description is for internal use only and is not visible to end users.

3. (Optional) To modify the system-generated alias, change the value in the Alias
field.
4. (Optional) To designate the current parameter as the default to be assigned to
new users, in the Default Security Parameter section, select Assign as
Default.

Note: This option is not available when the security parameter is assigned as the
default. Only one security parameter can be selected as the default.

5. Click Apply.

Define the Password Properties for a Security Parameter

Complete this task to determine various password properties:
l Minimum number of characters
l Change interval
l Special characters
l Password expiration notice interval

For RSA Archer recommendations on best practices for generating and managing
user account passwords, see "RSA Archer GRC Platform Security Configuration
Guide."

Before You Begin

Add a Security Parameter

Procedure
1. Select the security parameter that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Security
Parameters.
c. Click the security parameter.

Chapter 3: Security Parameters 35

 RSA Archer GRC Platform Access Control

2. In the Password Properties section, do any of the following:

l From the Minimum Password Length list, select the minimum number of
characters required for a valid password, or select Other to enter a different
value.
l From the Numeric Characters Required list, select the minimum number
of numeric characters required for a valid password, or select Other to enter
a different value.
l From the Uppercase Characters Required list, select the minimum number
of uppercase characters required for a valid password, or select Other to
enter a different value.
l From the Password Change Interval list, select the number of days after
which a user is required to change the password, or select Other to enter a
different value.
l From the Previous Passwords Disallowed list, select the number of previous
passwords a user may not use as the new password, or select Other to enter
a different value.
l From the Alpha Characters Required list, select the minimum number of
alphabetic (non-numeric) characters required for a valid password, or Other
to enter a different value.
l From the Special Characters Required list, select the minimum number of
special characters required for a valid password, or Other to enter a
different value.

Note: Special characters include: ` ~ ! @ # $ % ^ & * ( ) _ + - = { } | : ” < > ? [ ] \ ; ’ ,

./

l From the Lowercase Characters Required list, select the minimum number
of lowercase characters required for a valid password, or select Other to
enter a different value.
l From the Grace Logins list, select the number of times a user is allowed to
bypass the Required Password Change page without changing the account
password, or select Other to enter a different value.
l From the Password Expiration Notice list, select the number of days before
a user's password expires that you want to prompt the user to change the
password, or select Other to enter a different value.
3. Click Apply.

Establish Authorization Properties

Complete this task to create security parameters that specify rules for:

36 Chapter 3: Security Parameters

 RSA Archer GRC Platform Access Control

l Password creation
l Password change enforcement
l Account lockout duration
l Session time-out behavior
l Active session restrictions

The Maximum Failed Login Attempts setting also is applied to the maximum
number of failed attempts when a user tries to change the password. When the
maximum value is reached, the user account is locked for the period of time
specified in the Account Lockout Period field.

Note: A session is defined as a successful logon and logoff activity.

For RSA Archer recommendations on best practices for setting authorization

properties, see "RSA Archer GRC Platform Security Configuration Guide."

Before You Begin

Add a Security Parameter

Procedure
1. Select the security parameter that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Security
Parameters.
c. Click the security parameter.
2. In the Authorization Properties section, do any of the following:
l From the Maximum Failed Login Attempts list, select the number of times
a user is allowed to attempt to access the account using an incorrect user
name, company ID, and password combination. Or, select Other to enter a
different value.
l From the Session Timeout list, select the maximum length of time a user's
session without activity can remain active before the session is automatically
timed out or, select Other to enter a different value and select a type of
duration..
l To specify a time period when active users are only allowed access to the
system, select the Limit Session Time option. Enter the start and stop times
that active sessions are allowed, and select the time zone that applies to the
active session limitation.

l In Days Disallowed, click and select the days of the when active user
sessions are not allowed. You can remove a day from the Selected list by

Chapter 3: Security Parameters 37

 RSA Archer GRC Platform Access Control

clicking adjacent to the day that you want to remove from the list. Click
OK.

Note: If the option is not set, users can have active sessions at any time of
the day.

l From the Account Lockout Period list, select the length of time that an
account remains in locked status if a user reaches the maximum number of
failed logon attempts. Or select Other and enter the number and type of
duration.
l From the Automatic Account Deactivation list, select the number of days a
user account can remain inactive before the account becomes deactivated or
select Other to enter a different value.

Note: If a user account becomes deactivated, an administrator must

reactivate the account before the user can log on to the system again.

l To specify the timed interval for reauthentication of active user sessions,

select the Static Session Timeout option and select the frequency. Or, select
Other and enter the number and type of frequency.

Note: If reauthentication fails, the user session is terminated.

l In Dates Disallowed, click and select the actual dates when active user
sessions are not allowed. You can remove a date from the Selected list by
clicking adjacent to the date that you want to remove. Click OK.
3. Click Apply.

Delete a Security Parameter

Complete this task to delete a security parameter that is no longer needed.
Removing a security parameter is permanent. You cannot recover a deleted security
parameter.

Note: You cannot delete the default security parameter. To delete the default
security parameter, you must first assign another security parameter as the default.
For more information, see Define the General Properties of a Security Parameter.

Procedure
1. Navigate to the Manage Security Parameters page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Security
Parameters.

38 Chapter 3: Security Parameters

 RSA Archer GRC Platform Access Control

2. Click the row of the security parameter that you want to delete and view the
description.

3. In the Actions column, click for the security parameter that you want to
delete.
4. When prompted to confirm the deletion, click OK.

Chapter 3: Security Parameters 39

 RSA Archer GRC Platform Access Control

Chapter 4: Groups

Managing Groups
Access Control administrators can create groups of users for the purpose of
organizing users and simplifying tasks within the Platform. A group is a named
entity that refers to a collection of users and other groups. Groups can be
constructed based on any appropriate criteria for your organization. For example,
you might construct groups based on organizational structure or geographic
placement of operations.
In the Platform, you can select user groups, which enables you to simplify many key
tasks. The selection of groups rather than individual users can significantly ease the
amount of effort required to control entitlements throughout the Platform. You can
use groups to manage access to the following:

l Administrative functions l Email notifications

l Global reports l Content Review stages
l Data records l Training and Awareness campaigns
l Private fields l Forums and polls

You can perform the following group management tasks:

l Add a Group
l Update the General Properties of a Group
l Define a Group's Membership
l Nest a Group Under a Parent Group
l Delete a Group

Add a Group
Complete this task to create and manage user groups. This includes naming and
describing a group, defining its membership, and nesting it as a subgroup under
another group.

Procedure

Note: The description is for internal use only and is not visible to end users.

Chapter 4: Groups 41
 RSA Archer GRC Platform Access Control

1. Navigate to the Manage Groups page:

a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Groups.
2. Click Add New.
The Manage Group page is displayed.
3. In the General Information section, in the Name field, enter the name of the
new group.
4. (Optional) In the Description field, enter a brief description of the group.
5. Click Apply.

Next Steps
Update the General Properties of a Group

Update the General Properties of a Group

Complete this task to change the general properties of a group.

Procedure
1. Select the group that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Groups.
c. Click the group.
2. Complete the General Information section:
a. In the Name field, change the name of the group.
b. (Optional) In the Description field, enter a brief description of the group.

Note: The description is for internal use only and is not visible to end users.

3. Click Apply.

Define a Group's Membership

Complete this task to define a group's membership by enrolling or removing users
and subgroups.

Procedure
1. Select the group that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Groups.

42 Chapter 4: Groups
 RSA Archer GRC Platform Access Control

c. Click the group.

2. In the Members section, from the Available list, select the groups and users
that you want to be members of the group.
The selected groups and users are displayed in the Selected list.

Note: To search for a specific item, enter the item name in the Find field and, if
applicable, select the type from the adjacent list. Click . The results of your
search are displayed in the Available list of the Search Results node.

3. (Optional) To remove a group or user from the Selected list, click for the
group or user that you want to remove from the list.
4. Click Apply.

Nest a Group Under a Parent Group

Complete this task to define a user group as a subgroup of one or more other groups.
For example, if you are creating groups of regional sales people within your
organization, you might want to nest each regional group under a parent group
called "Sales Team."

Procedure
1. Select the group that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Groups.
c. Click the group.
2. In the Member Of section, from the Available list, select the group or groups
that you want to serve as a parent for the current group.
The selected group or groups are displayed in the Selected list.

Note: To search for a specific item, enter the item name in the Find field and, if
applicable, select the type from the adjacent list. Click . The results of your
search are displayed in the Available list of the Search Results node.

3. (Optional) To remove a group from the Selected list, click for the group that
you want to remove from the list.
4. Click Apply.

Chapter 4: Groups 43
 RSA Archer GRC Platform Access Control

Delete a Group
Complete this task to delete a user group. Groups that cannot be deleted include the
Everyone group, which contains all users, and any group that has been selected
from a User/Groups List or Record Permissions field within a content record.
System messages are displayed when you attempt to delete groups that have parent
or child relationships.
If a group contains subgroups, you must remove the subgroups from the group
before you are allowed to delete the group. For information on removing subgroups
from a group, see Nest a Group Under a Parent Group.

Important: If the group was created through LDAP synchronization, you cannot use
the Access Control feature to delete the group. You must make the appropriate
changes within your LDAP directory and then run a data synchronization. For more
information, see Managing LDAP Configurations.

Procedure
1. Navigate to the Manage Groups page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage Groups.
2. Click the row of the group that you want to delete and view the description.

3. In the Actions column, click for the group you want to delete.
4. When prompted to confirm the deletion, click OK.

44 Chapter 4: Groups
 RSA Archer GRC Platform Access Control

Chapter 5: LDAP Configurations

Managing LDAP Configurations

Administrators of the Access Control feature can synchronize information between
the Platform and their organization's Lightweight Directory Access Protocol
(LDAP) server. With LDAP synchronization, the administration of user accounts
and groups can be streamlined by allowing updates and changes that were made in
the LDAP server to be automatically reflected in the Platform following a
synchronization.
The LDAP configuration feature provides the capabilities to:
l Associate user accounts with LDAP users.
l Create accounts when new users are found on the LDAP server.
l Deactivate accounts that can no longer be directly associated with a user in
LDAP. (User accounts cannot be deleted through LDAP synchronization.)
l Reactivate accounts when certain user criteria is found on the LDAP server, for
example, renewed employment status.
l Update user profile data for accounts based on LDAP changes.
l Map LDAP groups to other groups and maintain group membership through
LDAP synchronization.

The LDAP configuration feature accepts multiple-domain, single sign-on (SSO)

information, as well as synchronizing with multiple discrete LDAP systems.
Additional capabilities:
l Unify logon procedures in heterogeneous domain environments.
l Incrementally add new domains to existing user access configurations.
l Synchronize data with multiple domain accounts.

You can perform the following LDAP configuration tasks:

l Add an LDAP Configuration
l Update the General Information of LDAP Configuration
l Configure the LDAP Directory Properties
l Configure the LDAP Synchronization Properties
l Run LDAP Synchronization
l View the LDAP Synchronization Report

Chapter 5: LDAP Configurations 45

 RSA Archer GRC Platform Access Control

l Cancel LDAP Synchronization

l Delete an LDAP Configuration

Add an LDAP Configuration

Complete this task to add an LDAP configuration that stores the LDAP
synchronization settings.

Procedure
1. Navigate to the Manage LDAP Configurations page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
2. Click Add New.
3. On the General tab, in the Name field, enter the name of the new LDAP
configuration.

Note: The name of the LDAP configuration should be easily identifiable. Avoid
non-descriptive names like "Domain 1" and "Domain 2". Instead use descriptive
names like "East Coast Bank Domain" and "Midwest Bank Domain."

4. (Optional) In the Description field, enter a description of the LDAP

configuration.

Note: The description is for internal use only and is not visible to end users.

5. On the Configuration tab, do the following:

a. In the User's Domain field, enter the domain to which user accounts from
this LDAP server belong.
Important: The name must be unique for all LDAP configurations.

If you are using Windows Authentication, ensure that the User Domain
field matches the Windows domain name. If these values do not match,
single sign-on (SSO) fails. These domain names are not case sensitive.

b. In the Name/IP Address field, enter the complete name or IP address of

your LDAP or Active Directory server.
c. In the Base DN field, enter the Base Distinguished Name (DN) for the
location of user account information within your LDAP directory.
d. In the Field Mapping section, select the appropriate values from the
following attribute lists:

46 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

l User Name
l First Name
l Last Name
l Email Name
6. Click Apply.

Next Steps
To complete the configuration of the new LDAP configuration, see the following:
l Update the General Information of LDAP Configuration
l Configure the LDAP Directory Properties
l Configure the LDAP Synchronization Properties

Update the General Information of LDAP Configuration

Complete this task to specify a name, status, and description for the configuration.
RSA Archer recommends that you do not specify a default LDAP configuration if
your organization employs multiple domains and allows non-unique user names
across your domains. If you do, an individual with an identical user name to an
individual in the default domain could potentially gain improper access to the
Platform.
For example, suppose the following two people existed in different domains: John
Smith from the Asia-Pacific domain ([email protected]) and Jim Smith
from the United States domain ([email protected]). Assume that the
apac.company.com domain is not valid in this Platform instance. Also assume that a
default LDAP configuration is specified and the default domain is us.company.com.
Now, suppose John Smith ([email protected]) tried to log on to the
Platform using SSO. Because the apac.company.com domain is not valid, the
Platform attempts to validate him in the default domain by the user name "jsmith."
The Platform matches this user name to an existing account,
[email protected], even though it is a different individual and allows John
Smith to log on to the Platform with Jim Smith's account.

Procedure
1. Select the LDAP configuration that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
c. Click the LDAP configuration.

Chapter 5: LDAP Configurations 47

 RSA Archer GRC Platform Access Control

2. On the General tab, in the Name field, change the name of the LDAP
configuration.

Note: The name of the LDAP configuration should be easily identifiable. Avoid
non-descriptive names like "Domain 1" and "Domain 2." Instead use descriptive
names like "East Coast Bank Domain" and "Midwest Bank Domain."

3. From the Status list, change the status of this LDAP configuration.
To prevent the use of this LDAP configuration, select Inactive.
4. (Optional) To set the LDAP configuration as the default, which is used to
identify accounts when no domain or an invalid domain is specified, select
Default LDAP Configuration.
Important: To avoid creating a security issue, do not specify a default LDAP
configuration if your organization employs multiple domains and allows non-
unique user names across domains.

5. (Optional) In the Description field, enter a description of the LDAP

configuration.

Note: The description is for internal use only and is not visible to end users.

6. Click Apply.

Configure the LDAP Directory Properties

Complete this task to define the properties of your LDAP directory, map user
profile fields to the existing fields in your LDAP directory, and test the properties to
ensure that a valid connection can be established.
When mapping LDAP attributes to the user profile fields, note the following
information:
l A user profile field that is mapped to an LDAP attribute is not populated for new
accounts. The value is retained for existing accounts.
l A user profile field that is mapped to an LDAP attribute that does not have a
value is not populated for new accounts. The value is retained for accounts that
were previously created.
l If the Email Address or Phone field in the user profile is mapped to an LDAP
value, the LDAP value is inserted in the first email or phone number field in the
user profile for new user accounts. For existing accounts, the LDAP value
replaces the value in the first email or phone number field in the user profile. If a
user has modified the email address or phone number through the Platform, the
modification is overwritten by LDAP synchronization unless the LDAP value is
null.
l The Time Zone field in the user profile cannot be mapped to an LDAP attribute.

48 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

Procedure
1. From the Administration workspace, navigate to Navigation Menu > Access
Control > Manage LDAP Configurations.
2. Select the LDAP configuration that you want to update.
3. Click the Configuration tab.
4. (Optional) Complete the fields in the LDAP/Active Directory Server section.

Field Action

User's Domain Enter the domain to which user accounts from this LDAP server
belong.
The name must be unique across all LDAP server configurations.

Important: If you are using Windows Authentication, ensure that

the User's Domain field matches the Windows domain name. If
these values do not match, single sign-on (SSO) fails. These
domain names are not case sensitive.

Connection Select whether to use a secure connection.

Note: When this option is selected, the Use Serverless Binding

option is not available.

Name/IP Enter the name or IP address of your LDAP or Active Directory

Address server.
If you are using an Active Directory server, select whether to use
serverless binding in the Binding field. If you select serverless
binding, you do not need to enter a value in the Name/IP Address
field.
Microsoft recommends the use of serverless binding for fault
tolerance. Serverless binding enables you to bind the LDAP
connection to a default domain controller without specifying the
name of a default server. If the previously contacted domain
controller is unavailable, a secondary domain controller is
identified and used instead. For example, if your primary LDAP
server is down for maintenance, the Platform would be directed to
the secondary server to execute LDAP synchronization. Selecting
this option ensures that your server assumes responsibility for
directing the Platform to the appropriate domain controller.

Binding If you are using an Active Directory server, select whether to use
serverless binding. If you select Use Serverless Binding, you do
not need to enter a value in the Name/IP Address field. When this
option is selected, the Use Secure Connection option is not
available.

Chapter 5: LDAP Configurations 49

 RSA Archer GRC Platform Access Control

5. (Optional) Complete the fields in the LDAP/Active Directory Server

Configuration section.

Field Action

User Name If additional authentication is required to access the LDAP or Active

Directory server, enter the following
Password
l User Name
Active
Directory l Password

Domain l Active Directory domain

User Enter the attribute that identifies the object as a user object.
Identifier
For new LDAP configurations, the default value is "user."
For Active Directory servers, the default value is typically "user."
For other LDAP servers, the default value is typically "inetOrgPerson."
To obtain the actual default values for your organization, see your
LDAP administrator.

Group Enter the attribute that identifies the object as a group object.
Identifier
For new LDAP configurations, the default value is "group."
For Active Directory servers, the default value is typically "group."
For other LDAP servers, the default value is typically
"groupOfUniqueNames."
To obtain the actual default values for your organization, see your
LDAP administrator.

Additional Enter additional attributes that must be retrieved from the LDAP
Attributes source during search. For example, if you are using filters, enter the
filters in this field.

User's Enter the attribute that identifies the groups to which the user belongs.
Group
For new LDAP configurations, the default value is "memberOf."
Identifier
For Active Directory servers, the default value is typically
"memberOf."
For other LDAP servers, the default value is typically
"uniqueMember."
To obtain the actual default values for your organization, see your
LDAP administrator.

50 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

Field Action

Users and For Active Directory servers, if the user-group association is defined in
Groups the user object, select Users Contain Groups.
For other LDAP servers, if the user-group association is defined in the
group object, select Groups Contain Users.

Connection Enter the time-out value in seconds for the LDAP query.
Time-out
This value must be a whole number greater than 0.
For new LDAP configurations, the default value is 60.

Binding If your server does not allow connection using the Simple
Authentication and Security Layer (SASL) protocol, or if you
experience errors, select Use Simple LDAP Binding.
If your server does not support paged searching, select Disable page
searching.
If you are using an LDAP server other than Active Directory, to
remove unnecessary white space in the Distinguished Name (DN)
before the names are compared, select Remove whitespace from the
DNs.

6. (Optional) Complete the fields in the User Field Mapping section.

Field Action

Base DN Enter the Base Distinguished Name for the location of user
account information within your LDAP directory.

Filter To filter the LDAP information available for mapping to user

profile fields, enter the appropriate filters using the following
format: objectClass=class name.

Example
To map only LDAP values associated with the “user” class, enter
objectClass=user as the filter. This entry results in the values
associated with this class being available for mapping.

Attributes If you have specified the appropriate connection information, click

Get Attributes to populate the Attribute lists in the Field
Mapping section.

Chapter 5: LDAP Configurations 51

 RSA Archer GRC Platform Access Control

Field Action

Field Mapping For each User Profile field, from the Attribute list, select the
appropriate LDAP attribute.

Important: To perform successful data synchronization, required

profile fields must be mapped to LDAP attributes.

Synch To validate the connection settings, click Test Connection.

Connector Test
Note: An error message is displayed when the number of records
returned exceeds the configured size limit for the directory.
Contact your LDAP administrator to request a configuration
change.

7. Click Apply.

Configure the LDAP Synchronization Properties

Complete this task to define the schedule for data synchronization and determine
how user accounts and groups are managed.

Note: When you click Test Connection on the Configuration tab of the Manage
LDAP Configurations page, an error message is displayed when the number of
records returned exceeds the configured size limit for the directory. Contact your
LDAP administrator to request a configuration change.

Procedure
1. Select the LDAP configuration that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
c. Click the LDAP configuration.

52 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

2. Click the Data Synch tab.

3. (Optional) Complete the fields in the Synch Schedule section.

Field Action

Frequency From the list, select how often you want to run the LDAP
synchronization process.

Time Enter the time of day to run the LDAP synchronization process.

Time Zone Select the time zone reference for the Time field.

Important:  If the Platform cannot access the LDAP directory at the scheduled
time, the Platform automatically tries to connect with the directory 10 times,
over a 1-hour period, before logging an error record and stopping the
synchronization process. If the Platform fails to synchronize with LDAP, the
Platform sets the Synch Status field to Inactive.
While the Synch Status field is Inactive, the Platform suspends further
synchronization attempts until an administrator manually corrects the problems
with the connection and sets the Synch Status field to Active.

Chapter 5: LDAP Configurations 53

 RSA Archer GRC Platform Access Control

4. (Optional) Complete the fields in the User Account Management section.

Field Action

Updating To update all user accounts based on the information contained

in your LDAP server, select Update all user accounts on each
synch.
To update user accounts based on a specific LDAP attribute,
select Update only user accounts where the LDAP attribute
meets the following criteria and then enter the LDAP criteria.

Example
To update only user accounts from your New York office, from
the Attribute list, select Office, from the Operator list, select
equals and enter New York in the Value field.

Create/Update Select whether to create an account for a user in the LDAP

source that is not in the system. The name for the new user
account is assigned the value of the LDAP attribute mapped to
the Platform User Name (Login) field.

Deactivation To deactivate user accounts for which no matching LDAP

account is found during data synchronization, select Deactivate
all user accounts that do not have a matching LDAP user.
To deactivate user accounts based on a specific LDAP attribute,
select Deactivate those user accounts where LDAP attribute
meets the following criteria and then enter the LDAP criteria.

Example
To deactivate user accounts where the employment status for the
matching LDAP user account is set to inactive, from the
Attribute list, select Employment Status, from the Operator list,
select equals and in the Value field, enter Inactive.

54 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

Field Action

Reactivation To reactivate user accounts based on a specific LDAP attribute,

select Reactivate those user accounts where the LDAP
attribute meets the following criteria and then enter the LDAP
criteria.
Example
To reactivate inactive user accounts where the employment
status in the matching LDAP user account is set to active, from
the Attribute list, select Employment Status, from the Operator
list, select equals and enter Active in the Value field.

Send Notification To send a notification to each user that is created for alerting the
user of a new password, select Send a notification to each user
alerting them of their new password. This will only occur is
an email address is provided.
The Default Email Address in the user account must exist to use
this functionality.
When this option is selected, a notification message will be sent
to all users that are being created. RSA recommends disabling
this option when synchronizing a large number of records.
Uploading a large number of users can cause the email server to
exceed its capacity for sending email messages.

Chapter 5: LDAP Configurations 55

 RSA Archer GRC Platform Access Control

5. (Optional) Complete the fields in the Group Management section.

Field Action

Group Synch To replicate your LDAP group structure within the system each
time the system synchronizes with LDAP, select Group Synch.
The common name (CN) of the group on your LDAP server is
used as the group name in the Platform. If you have a group in
the Platform that was created before the configuration of LDAP
synchronization, and you have a group with a matching name in
your LDAP directory, the group within the Platform is not
synchronized with the LDAP group. Instead, a new group with
the same name is created in the Platform during the
synchronization process. This new group is labeled with the
Synchronization icon.

Important: Selecting the Group Synch option makes your LDAP

server the authoritative system for the Platform group
management. Any groups that you delete from your LDAP
server also are deleted from the Manage Groups page and all
corresponding pages and lists. Also, any changes made to your
groups on the LDAP server are reflected in the Platform. You are
not allowed to edit or delete groups within the Platform that
were created through LDAP synchronization. However, you can
create additional groups in the Platform that are not included in
your LDAP group structure, and you can fully manage these
groups through the Platform.

Group Base DN Enter the Base Distinguished Name (DN) for your LDAP group
structure.
If you selected Group Synch and you do not specify a DN for
your group structure, the group synch query defaults to the
value entered in the Base DN field on the Configuration tab of
the Manage LDAP Configuration page.

6. Click Apply.

Run LDAP Synchronization

Complete this task to override the established data synchronization schedule and to
execute immediate data synchronization.

Note: This option is not available if the system is currently performing data
synchronization.

56 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

You can view the status of LDAP synchronization in the Current Synch Status field.
For more information, see LDAP Synchronization Status.
If you make changes to your LDAP configuration, you must save those changes
before requesting an immediate data synchronization. Otherwise, the last saved
LDAP configuration is used.

Procedure
1. Navigate to the Manage LDAP Configurations page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
2. Click the LDAP configuration that you want to synchronize.
3. Click the Synch Status tab.
4. In the Immediate Synch Request section, in the Synch Request field, click
Run Synch Now. 
If the LDAP synch status is Queued or Running, the Cancel Synch Job section
is displayed instead of the Immediate Synch Request section.

View the LDAP Synchronization Report

Complete this task to view a report of your last data synchronization. If there were
any items that failed during the last synchronization, you can view a text file that
details the date, time, and specific items that failed to synchronize.

Procedure
1. Navigate to the Manage LDAP Configurations page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
2. Click the LDAP configuration for which you want to view the synchronization
report.
3. Click the Synch Status tab.
4. In the Status field, click Refresh Status.
A report of the last data synchronization is displayed in the fields in the Last
Synch Attempt section.
5. If failures occurred in the last synchronization attempt, in the Failure Detail
field, click View Failure Detail to view failure information in a text file.

Chapter 5: LDAP Configurations 57

 RSA Archer GRC Platform Access Control

Cancel LDAP Synchronization

Complete this task to cancel data synchronization that is in process. This option is
available only if the current synch status is Queued or Running. You can view the
status of LDAP synchronization in the Current Synch Status field.

Before You Begin

Review LDAP Synchronization Status.

Procedure
1. Navigate to the Manage LDAP Configurations page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
2. Click the LDAP configuration for which you want to cancel the data
synchronization.
3. Click the Synch Status tab.
4. In the Cancel Synch Job section, click Cancel Synch.

Note: The Cancel Synch Job section is displayed only when a synchronization is
running. Otherwise, the Immediate Synch Request section is displayed.

Delete an LDAP Configuration

Complete this task to delete a configuration for an LDAP server.

CAUTION: Take extreme caution when deleting an LDAP configuration. If you also
delete users and groups that are associated with this configuration, the user and
group information is permanently deleted.

Procedure
1. Navigate to the Manage LDAP Configurations page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Access Control > Manage LDAP
Configurations.
2. Click the row of the LDAP configuration that you want to delete and view the
description.

3. In the Actions column, click for the LDAP configuration that you want to
delete.
4. When prompted to confirm the deletion, click OK.

58 Chapter 5: LDAP Configurations

 RSA Archer GRC Platform Access Control

LDAP Synchronization Status

The following table describes the possible synchronization statuses.

Status Description

Idle The connection is active, but LDAP synchronization is not currently in

process.

Inactive The connection is inactive, and no scheduled synchronizations run.

Queued A synchronization request has been issued, but the system has not yet
responded to the request.

Running LDAP synchronization is currently in process.

Running, LDAP synchronization is currently in process, but a cancel request has

pending been issued. The system has not yet responded to the request.
cancel

Chapter 5: LDAP Configurations 59

 RSA Archer GRC Platform Access Control
Chapter 6: Reports
Access Control Reports
The following table describes the system reports within the Access Control feature.
You can access these reports by selecting View Access Control Reports from the
Access Control menu.
Report
Access Control Rights by Role
Access Control Rights by User
Application Owners
Failed Login Attempts
Locked Accounts
Members by Group
Roles by Groups
Roles by Solution
Chapter 6: Reports
Description
Provides a summary of the access control rights
associated with a given access role. A role is defined
as a collection of access control rights that can be
assigned to a unique group of users. You can filter
this report by role, application, and page type.
Provides a summary of the access control rights
currently assigned to a given user. For each page
within the system, you can view a user’s create, read,
update, and delete privileges. You can filter this
report by user, application, and page type.
Lists the users and groups who have been assigned
ownership rights over individual applications. You
can filter the list by application, questionnaire, and
owner.
Lists all failed logon attempts within the past twenty-
four hours.
Lists all user accounts that are currently locked. The
report also includes the time and date that each
account was locked.
Lists users by the group to which the users belong.
You can filter the list by group.
Lists all groups with a corresponding description and
the roles associated with each group. You can filter
this report by group or role.
Provides a summary of the access control rights
assigned to the applications within the solution. For
each application, you can view all of the associated
roles and the respective content access. You can view
61
 RSA Archer GRC Platform Access Control
Report
Security Events
Security Parameter Properties
Subform Owners
User Accounts All
User Inactivity Log
62
Description
all roles associated with users' create, read, update, or
delete rights for each application within the system.
You can filter this report by solution, application, or
role.
Lists events related to access control and global report
permissions that may be of interest to administrators
monitoring the security of the system. You can filter
the report by event type or by date range.
If the reports exceeds 10,000 records, a warning
dialog box is displayed. Do one of the following:
l To modify the search parameters, click OK.
l To include all records in a .csv file, click
Download the entire report data in CSV.
Lists the properties of all security parameters that have
been defined within the system. A security parameter
specifies rules for password creation, password change
enforcement, account-lockout duration, and session
time-out behavior.
Lists the users and groups who have been assigned
ownership rights to individual sub-forms. You can
filter the list by sub-form.
Provides an inventory of all existing user accounts.
The report displays the last name, first name, user
name, and account status for each user in the system.
You can filter the report by access role and account
status.
If the report exceeds 10,000 records, a warning dialog
box is displayed. Do one of the following: 
l To modify the search parameters, click OK.
l To include all records in a .csv file, click
Download the entire report data in CSV.
Lists the users whose accounts have remained inactive
for a specific amount of time. You can filter the report
by inactive date and last accessed date range.
Chapter 6: Reports
RSA Archer GRC Platform 5.4
API Resources
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform API Resources

Contents

Preface 5
About this Guide 5
Product Documentation 6
Support and Service 6
Chapter 1: API Sources 9
Download a Web Services Description Language File 9
Generate API Code 10

3
 RSA Archer GRC Platform API Resources

Preface

About this Guide

Web Services are an industry-standard way of integrating web-based or Internet-
connected applications using open standard protocols, such as Extensible Markup
Language (XML) and Simple Object Access Protocol (SOAP). The RSA Archer
Web Services API is a collection of web services that provide a programmatic
interface for interacting with the Platform. Each web service supports multiple
methods that can be used together to automate the exchange of information between
the Platform and an external application. The available web services include the
following classes:
l Access Control. Provides programmatic access to the Access Control feature,
such as creating users and managing security parameters.
l Access Role. Provides programmatic access to options relating to managing
access roles.
l Field. Allows you to manage and configure the values lists used in the
applications, questionnaires, and sub-forms.
l General. Allows you to create and terminate Web Services API user sessions.
l Module. Provides programmatic access to module information.
l Record. Allows you to manipulate content records in content applications.
l Search. Allows programmatic access to the search features of the Platform.

The API Integration Manager in the Integration feature offers links to download
Web Services Description Language (WSDL) files and to the Web Services API
code generator to help you more efficiently format your code to integrate
applications with services. From the API Integration page, you can also download
the Web Services API Reference Guide and connect to the Web API Development
discussion forum via the Archer Community.
For more information on the RSA Archer Web Services API, see the RSA Archer
Web Services API Reference Guide, which you can access from the RSA Archer
Community. This guide documents each available web service and provides XML
formatting guidelines and samples. If you do not have access to the RSA Archer
Community site, but want to obtain this guide, contact the support team at
[email protected].
You can perform the following tasks using the API Integration Manager:
l Download a Web Services Description Language File
l Use the Web Services API Code Generator

Preface 5
 RSA Archer GRC Platform API Resources

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

6 Preface
 RSA Archer GRC Platform API Resources

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform API Resources

Chapter 1: API Sources

Download a Web Services Description Language File

You can download a Web Services Description Language (WSDL) file.
The Web Services Description Language (WSDL) is an XML language that defines
the standard interface for interacting with the RSA Archer Web Services API
(WebAPI). The WSDL file specifies the location of the web service and the
operations the service can perform. The WSDL files enable you to automate the
process of locating and invoking web service functions independent of language or
platform, allowing applications to easily integrate new services with little or no
manual code.
For more information on the RSA Archer Web Services API, see the RSA Archer
Web Services API Reference Guide, which you can access from the RSA Archer
Community site. This guide documents each available web service and provides
XML formatting guidelines and samples. If you do not have access to the RSA
Archer Community site, but want to obtain this guide, contact the support team at
[email protected].

Procedure
1. Navigate to the Integration pages:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
2. Click Obtain API Resources.
The API Integration Manager page is displayed.
3. Click Download WSDL Files.
4. Click the link for the class whose code you need for your project.
The WSDL file opens.
5. Copy the entire block of code and paste it into your project.
For instructions on generating API code, see Generate API Code.

Chapter 1: API Sources 9

 RSA Archer GRC Platform API Resources

Generate API Code

The development of Web Services API (WebAPI) code involves specifying the
unique identifiers for objects that may be manipulated via the API. The Web
Services API code generator automates the creation of a set of human-readable
variables that facilitate WebAPI development in C#. Using the Web Service API
Code Generator page, you can generate source code that contains the Globally
Unique Identifier (GUID) for each supported element in your application. The
following application elements are included in a code generation:
l Application GUID
l Field GUIDs
l Field GUIDs for fields residing in related sub-forms
l Values list value GUIDs for Values List fields residing in the application or the
related sub-forms

You can download this source code to a .csv file. You then can copy the identifiers
that you need and paste them into a Visual Studio project.
For more information on the RSA Archer Web Services API, see the RSA Archer
Web Services API Reference Guide on the RSA Archer Community site. This guide
documents each available web service and provides XML formatting guidelines and
samples. If you do not have access to the RSA Archer Community site, but want to
obtain this guide, contact the support team at [email protected].

Procedure
1. Navigate to the Integration pages:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
2. Click Obtain API Resources.
The API Integration Manager page is displayed.
3. Click Generate API Code.
4. From the Application list, select the application for which you want to generate
the source code.
A file that contains the source code is generated.
5. Click Download Source File.
The File Download dialog box opens.
6. Click Save, browse to where the source file should be saved and click Save
again.

10 Chapter 1: API Sources

RSA Archer GRC Platform 5.4
Appearance
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Appearance

Contents

Preface 5
About this Guide 5
Product Documentation 5
Support and Service 6
Chapter 1: Appearance 7
Managing Appearance 7
Select a Theme 7
Select a System Header 8
Change the Name of the System 9
Chapter 2: Themes 11
Managing Themes 11
Alias Names 12
Add a Theme 12
Change the General Information of a Theme 13
Select Theme Styles 14
Select Page Effects 15
Format the System Text 16
Create Hover Effects for Links 17
Select Button Colors 18
Customize the System Tabs 19
Delete a Theme 20
Hover Effects Properties 21
Application Header Hover 21
Navigation Menu Hover 22
Workspace Text Hover 22
Hyperlink Text Hover 23
Page Effects Properties 23
Application Colors 24
Navigation Colors 25
Workspace Colors 26
Page Colors 26
Toolbar Background Colors 27
Grid Display Colors 28
Menu Colors 29
System Tab Properties 30
Page Tab Style 30
Workspace Tab Style 30
System Text Properties 31
Application Header Text 31
Navigation Menu Text 32
Workspace Text 33
Page Text 33
Hyperlink Text 34

3
 RSA Archer GRC Platform Appearance

Preface

About this Guide

You can use the Appearance feature to brand and customize the look and feel of the
user interface across the entire Platform, according to your corporate design
standards.
The Platform provides a variety of professionally designed appearance components
to choose from, such as themes and graphics. In addition, the Platform supports full
customization of each element of the user interface.

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference
Guide
Provides IT managers and programmers with a list of
the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

Preface 5
 RSA Archer GRC Platform Appearance

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

6 Preface
 RSA Archer GRC Platform Appearance

Chapter 1: Appearance

Managing Appearance
The Manage Appearance page enables you to quickly deploy a consistent look and
feel across the entire user interface by configuring the following appearance
components:
l Theme. A set of graphical properties that defines the look and feel of the user
interface. You can choose from professionally designed system themes or
custom themes that you create.
l System header. The area of the top frame of the user interface in which you can
display graphics, such as your company logo. You can also choose the shape of
the menu strip in the top frame.

Note: To change the background of the header, see Select Page Effects.

l System name. The name to display in the browser, as the title of the system tab
and in the browser title bar.

The Manage Appearance page also provides preview fields that show how your
selections will be displayed.
To customize specific elements of the user interface, see Managing Themes.
You can perform the following tasks on the Manage Appearance page:
l Select a Theme
l Select a System Header
l Change the Name of the System

Select a Theme
You can quickly change the look and feel of the Platform by selecting and saving a
different theme. You can select a system theme, or you can select a theme that you
created through the Manage Themes page.

Note: When you click Save or Apply, the Platform immediately updates the
appearance of your system. To avoid impacts to the user experience of your
organization, best practices recommend that you update appearance settings during
off hours.

Before You Begin

See Managing Themes.

Chapter 1: Appearance 7
 RSA Archer GRC Platform Appearance

Procedure
1. Navigate to the Manage Appearance page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Appearance.

2. In the Theme field, click .

The Theme Selector dialog box opens.
3. To scroll through the available themes, do one of the following:
l Use the scroll bar across the bottom of the dialog box
l Click the theme previews to the left or right of the center preview
4. When the theme that you want is displayed in the center, click OK.
In the Theme section, the Preview field shows how your selection will be
displayed.
5. When you are ready to apply the new theme to the system appearance, click
Apply.

Next Steps
l (Optional) Customize the system header. For instructions, see Select a System
Header.
l (Optional) Change the name of your system. For instructions, see Change the
Name of the System.

Select a System Header

You can customize and preview the following elements of the system header:
l Menu strip. The menu strip that is displayed in the upper right area of the top
frame.
l Logo. The primary graphic, typically your company logo, that is displayed on the
left side of the system header.
l Supporting Graphic. The secondary graphic, which could be a company tag line
or the name that you have given to your system, that is displayed on the right side
of the system header.

Note: When you click Save or Apply, the Platform immediately updates the
appearance of your system. To avoid impacts to the user experience of your
organization, best practices recommend that you update appearance settings during
off hours.

Before You Begin

See Managing Appearance.

8 Chapter 1: Appearance
 RSA Archer GRC Platform Appearance

Procedure
1. Navigate to the Manage Appearance page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Appearance.
2. To change the shape of the menu strip, from the Template list, select the
template that you want to use.
3. To change a graphic in the header, in the Logo field, do the following:
a. Click Edit for the graphic that you want to modify.
b. Select an image from the Graphic Selector dialog box or click Add New to
upload an image.
c. Click OK.
In the System Header section, the Preview field shows how your selections
will be displayed.
4. When you are ready to apply changes to the system header, click Apply.

Next Steps
l (Optional) Change the appearance theme. For instructions, see Select a Theme.
l (Optional) Set or change the system name. For instructions, see Change the
Name of the System.

Change the Name of the System

You can define the name of your system. The system name is displayed in the
browser title bar and system tab.
For example, if your system manages enterprise governance, risk, and compliance
processes, you might name your system My Company eGRC Portal.

Note: When you click Save or Apply, the Platform immediately updates the
appearance of your system. To avoid impacts to the user experience of your
organization, best practices recommend that you update appearance settings during
off hours.

Before You Begin

See Managing Appearance.

Procedure
1. Navigate to the Manage Appearance page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Appearance.

Chapter 1: Appearance 9
 RSA Archer GRC Platform Appearance

2. In the System Name field, enter the name that you want to use for the system.
3. Click Save.
4. When you are ready to apply the new system name, click Apply.

Next Steps
l (Optional) Change the appearance theme. For instructions, see Select a Theme.
l (Optional) Customize the system header. For instructions, see Select a System
Header.

10 Chapter 1: Appearance
 RSA Archer GRC Platform Appearance

Chapter 2: Themes

Managing Themes
The Manage Themes page enables you to create, edit, and delete themes. A theme
is a set of color schemes, text styles, and graphical properties that consistently
controls the appearance of the Platform from application to application and from
page to page:
l System theme. A professionally designed theme that is provided with the
Platform.
You cannot edit or delete a system theme. To modify the properties of a system
theme, you must first copy the theme and then customize the copied version.
l Custom theme. A theme that you can create, edit, and delete.
When you create a theme by copying an existing theme, the default theme
properties are based on the original theme. When you create a new theme from
scratch, the default theme properties are based on the default theme of the
Platform.

The Manage Themes page also provides preview fields that show how your theme
selections will be displayed.
You can perform the following tasks on the Manage Themes page:
l Add a Theme
l Change the General Information of a Theme
l Select Theme Styles
l Select Page Effects
l Format the System Text
l Create Hover Effects for Links
l Select Button Colors
l Customize the System Tabs
l Delete a Theme

Chapter 2: Themes 11
 RSA Archer GRC Platform Appearance

Alias Names
Numerous operations in the Platform require references to objects—everything
from solutions, applications, and fields to individual values list values—to specify
the target for a particular activity. One example is mail merge, in which you must
create templates with unambiguous references to individual fields in an application.
Another example is the process of mapping external data to fields in the Data Feed
Manager. To provide a constant name that is also human readable, all Platform
objects, such as workspaces, applications, fields, and notification templates, support
an alias.
An alias is a short name for a unique object in the system that is human readable,
but also can be used in code or as a reference in configuration processes. All alias
names must contain only alphanumeric characters, beginning with a letter and
containing no spaces. The maximum length is 40 characters.
An alias name must be unique in the entity type. The following are additional points
of consideration:
l Field aliases must be unique in the level.
l Values List Value aliases must be unique in a Values List.
l Level, Data Driven Event, Report, and Workflow Stage aliases must be unique
in an application.

You can edit the alias name for non-system provided entities. Alias name for
system-provided entities are read only.

Important: Applications cannot be named "ContentID". Applications with this name

are automatically changed to "Content_ID".

CAUTION: Alias name are used in configuration processes, system processes, and
web service API integrations. Modification of the alias name can cause these
functions to fail.

Add a Theme
You can fully customize the system's appearance by creating your own theme.

Before You Begin

See Managing Themes.

Procedure
1. Navigate to the Manage Themes page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.

12 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

2. In the Themes section, click Add New.

3. In the Add Theme dialog box, do one of the following:
l To start with the theme properties of the default system theme, click Create
a new theme from scratch.
l To start with the theme properties of a copied theme, click Copy an existing
theme and then select a theme from the Themes list.
4. Click OK.
5. In the General Information section, do the following:
a. In the Name field, enter a name for the theme.
b. (Optional) In the Description field, enter a description.
6. Click Apply.
7. (Optional) In the Alias field, change the default alias. .
8. Click Apply.

Note: To use the new theme in your system, see Select a Theme.

Next Steps
To complete the configuration of the new theme's settings, see the following:
l Select Theme Styles
l Select Page Effects
l Format the System Text
l Create Hover Effects for Links
l Select Button Colors
l Customize the System Tabs

Change the General Information of a Theme

You can edit the name, description, and alias of an existing theme. For more
information, see Alias Names.

Before You Begin

See Managing Appearance.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.

Chapter 2: Themes 13
 RSA Archer GRC Platform Appearance

c. Click the theme.

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. In the General Information section, change any of the following fields:

l Name
l Description
l Alias
3. Click Apply.

Select Theme Styles

You can select predefined theme styles that control the shape and design of the
following elements throughout the user interface:
l Page style
l Section style
l Page tab style
l Workspace tab style
l Button style
l Gradient style

Before You Begin

See Managing Themes.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
c. Click the theme.

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. Click the Theme tab.

3. Expand the Theme Styles section.
The Theme section provides a preview field that shows how your selections will
be displayed.

14 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

4. Select an option for each style that you want to change.

5. Click Apply.

Select Page Effects

You can control the following page effects throughout the user interface:
l Application colors, including the background design of the system header
l Navigation colors
l Workspace colors
l Page colors
l Toolbar background colors
l Grid display colors

Before You Begin

See Managing Themes.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
c. Click the theme.

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. Click the Page Effects tab.

For detailed information about page effect properties, see Page Effects
Properties.
3. To change the background design of the header, do the following:
a. From the Application Colors section, in the Header Background field,
click .
b. In the Background Type Selector dialog box, click the background design
that you want to use for the header.
c. Click OK.

Chapter 2: Themes 15
 RSA Archer GRC Platform Appearance

4. To change the color of a property, do one of the following:

l To choose a color from the Color Selector dialog box, click .

l Enter the HTML code for the color, for example, #00386A.
5. Click Apply.

Format the System Text

You can control the font, size, color, and style of the following text elements
throughout the user interface:
l Application header text
l Navigation Menu text
l Workspace text
l Page text
l Hyperlink text

Before You Begin

See Managing Themes.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
c. Click the theme.

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. Click the Text Styles tab.

The Preview column of each section shows how your selections will be
displayed.
For detailed information about system text properties, see System Text
Properties.

16 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

3. Edit the properties in the Text Styles tab .

Property Action

Font From the Font list, select a font.

Note: Because the fonts in the Font list exist on the computers of all
users, text is correctly displayed for every user.

Font Size From the Size list, select a size.

Note: Depending on where the text is displayed in the system, the range
of sizes varies.

Font
Do one of the following:
Color

l To choose a color from the Color Selector dialog box, click .

l Enter the HTML code for the color, for example, #00386A.

Font Select one or more of Bold, Italic, and Underline, if available.

Style

4. Click Apply.

Create Hover Effects for Links

You can control the hover-text appearance of the following types of links throughout
the user interface:
l Application header hover
l Navigation Menu hover
l Workspace text hover
l Hyperlink text hover

Before You Begin

See Managing Themes.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
c. Click the theme.

Chapter 2: Themes 17
 RSA Archer GRC Platform Appearance

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. Click the Hover Effects tab.

The Preview column of each section shows how your selections will be
displayed.
For detailed information about hover effect properties, see Hover Effects
Properties.
3. Edit the properties in the Hover Effects tab.

Property Action

Font From the Font list, select a font.

Note: Because the fonts in the Font list exist on the computers of
all users, text is correctly displayed for every user.

Font Size From the Size list, select a size.

Note: Depending on where the text is displayed in the system, the

range of sizes varies.

Font or
Do one of the following:
Background
Color l To choose a color from the Color Selector dialog box, click
.
l Enter the HTML code for the color, for example, #00386A.

Font Style Select one or more of Bold, Italic, and Underline, if available.

4. Click Apply.

Select Button Colors

You can control the following button color properties throughout the user interface:
l (Basic buttons) Base color
l (Basic buttons) Selected color
l (Basic buttons) Hover color
l (Page Help and Exit buttons) Base color

Note: To select the style for basic buttons, see Select Theme Styles.

18 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Before You Begin

See Managing Themes.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
c. Click the theme.

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. Click the Buttons tab.

The far right side of the Buttons section provides an interactive preview of each
type of button.
3. To change the color property of a button, do one of the following:

l To choose a color from the Color Selector dialog box, click .

l Enter the HTML code for the color, for example, #00386A.
4. Click Apply.

Customize the System Tabs

You can control style properties, such as fonts, backgrounds, gradients, and borders,
of the following types of system tabs throughout the user interface:
l Page tab style
l Workspace tab style

Before You Begin

See Managing Themes.

Procedure
1. Select the theme that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
c. Click the theme.

Chapter 2: Themes 19
 RSA Archer GRC Platform Appearance

Note: The Save, Apply, and Delete controls are unavailable for system themes.
To modify the properties of a system theme, you must first copy the theme and
then edit the copied version. See Add a Theme.

2. Click the Tabs tab.

The Preview field provides an interactive preview of each type of tab.
For detailed information about system tab properties, see System Tab
Properties.
3. To change the color of a font, background, or border property of a tab style, do
one of the following:

l To choose a color from the Color Selector dialog box, click .

l Enter the HTML code for the color, for example, #00386A.
4. To change the gradient color property of a tab style, from the Gradient Color
list, select a gradient style.
5. Click Apply.

Delete a Theme
If you no longer need a theme, you can delete the theme from the system. You
cannot delete system themes, which are provided with the system.

CAUTION: Deleting a theme is a permanent action. You cannot recover a deleted

theme.

Before You Begin

See Managing Themes.

Procedure
1. Navigate to the Manage Themes page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Appearance > Manage Themes.
2. Locate the theme that you want to delete.

3. In the Actions column, click for the theme that you want to delete.
4. When prompted to confirm the deletion, click OK.

20 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Hover Effects Properties

On the Hover Effects tab of the Manage Themes page, you can define text
properties, such as font, size, color, and style, for the following elements of the user
interface:
l Application header hover
l Navigation Menu hover
l Workspace text hover
l Hyperlink text hover

Application Header Hover

The following table describes the fields in the Application Header Hover section.

Example of Page or
Field Description
Frame Part

System Menu Controls the hover text for the Preferences,

Header Links Reports, Help, and Logout links in the
menu strip of the top frame.

Chapter 2: Themes 21
 RSA Archer GRC Platform Appearance

Navigation Menu Hover

The following table describes the fields in the Navigation Menu Hover section.

Example of Page or
Field Description
Frame Part

Primary Controls the hover text for the top-level

Menu Level nodes in the Navigation Menu, which
include multi-application solutions and
single-application solutions.

Secondary Controls the hover text for the Platform

Menu Level features in the Navigation Menu for the
Administration workspace and second-
level nodes in the Navigation Menu for
other workspaces, which include
applications displayed beneath a solution.

Menu Links Controls the hover text for the links to the
Advanced Search page, reports, data
import, and so on, available within the
Navigation Menu.

Workspace Text Hover

The following table describes the fields in the Workspace Text section.

Example of Page or
Field Description
Frame Part

Quick Controls the text for the links to various

Reference reports, pages, and external websites
Links available on the Quick Reference bar at
the top of a workspace.

22 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Hyperlink Text Hover

The following table describes the fields in the Hyperlink Text section.

Example of Page or
Field Description
Frame Part

Content Controls the hover text for links within

Hyperlink application records.

Page Effects Properties

On the Page Effects tab of the Manage Themes page, you can define the following
color properties:
l Application colors
l Navigation colors
l Workspace colors
l Page colors
l Toolbar background colors
l Grid display colors
l Menu colors

Chapter 2: Themes 23
 RSA Archer GRC Platform Appearance

Application Colors
The following table describes the fields in the Application Colors section.

Example of Page or
Field Description
Frame Part

Header Controls the background design for the

Background header of the user interface. The header
background can be a solid color, a
gradient color, an image, or a pattern.
If you specify a gradient color, the color
fades from the start color at the top of the
area to the stop color at the bottom of the
area.

General Controls the background design for the

Background general page background.
If you specify a gradient color, the color
fades from the start color at the top of the
area to the stop color at the bottom of the
area.

Navigation Controls the background design for the

Background Navigation Menu background.
If you specify a gradient color, the color
fades from the start color at the top of the
area to the stop color at the bottom of the
area.

Header Menu Controls the background color for the

Strip header menu within the top frame of the
system.

24 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Navigation Colors
The following table describes the fields in the Navigation Colors section.

Example of Page or
Field Description
Frame Part

Primary Controls the background color for primary-

Level level links within the Navigation Menu.
Background

Secondary Controls the background color for

Level secondary-level links within the
Background Navigation Menu.

Panel Controls the color for the line separating

Separator items within the Navigation Menu.

Menu Link Controls the background color for menu-

Background level links within the Navigation Menu.

Chapter 2: Themes 25
 RSA Archer GRC Platform Appearance

Workspace Colors
The following table describes the fields in the Workspace Colors section.

Example of Page or
Field Description
Frame Part

Tab Row Controls the background color for the

Background workspace tab strip.

iView Controls the background color for the

Header header row of an iView where the title and
drop-down control are located.

Quick Controls the background color for the

Reference Quick Reference bar at the top of a
Background workspace.

Page Colors
The following table describes the fields in the Page Colors section.

Example of Page or
Field Description
Frame Part

Page Controls the background color of the

Header/Footer Welcome bar and the headers, footers,
and borders of individual pages within
the system.

Page Controls the background color for each

Background page within the system.

Page Shading Controls the color for applications

selected in the Fields to Display section
of the Advanced Search page.

26 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Example of Page or
Field Description
Frame Part

Tab Row Controls the default background color of

Background tab strips appearing within individual
pages of the system.

Field/Control Controls the default outline color for

Border fields, list boxes, and tables.

Field Control Controls the default background color for

Shading field controls on the view and edit page
of a record.

Field Label Controls the default background color for

Shading field labels on the view and edit page of
a record.

Toolbar Background Colors

The following table describes the fields in the Toolbar Background Colors section.

Example of Page or
Field Description
Frame Part

Filter Toolbar Controls the background color for the filter

toolbar on administration pages as well as
the Master Reports Listing page.

Rich Text Controls the background color for the Rich

Toolbar Text Toolbar.

Search Controls the background color for the

Navigation toolbar at the bottom of search results.
Toolbar

Quick Filter Controls the background color for Quick

Toolbar Filter toolbar.

Charting Controls the background color for

Toolbar Charting toolbar.

Chapter 2: Themes 27
 RSA Archer GRC Platform Appearance

Grid Display Colors

The following table describes the fields in the Grid Display Colors section.

Example of Page or
Field Description
Frame Part

Row Controls the background color for rows

Background within search results and administration
pages.

Grouping Controls the background color for the

Background grouping bar within search results.

Row Controls the background color for the

Highlight selected row within search results and
administration pages.

28 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Example of Page or
Field Description
Frame Part

iView Header Controls the background color for the

Row header of iViews.

iView Controls the background color for every

Alternating other record row within an iView.
Row

Menu Colors
The following table describes the fields in the Menu Colors section.

Example of Page or
Field Description
Frame Part

Selected Item Controls the background color for the

Background selected menu item.

Current Item Controls the background color for the

Background menu item the user is hovering over.

Chapter 2: Themes 29
 RSA Archer GRC Platform Appearance

System Tab Properties

On the Tabs tab of the Manage Themes page, you can define colors for the fonts,
backgrounds, gradients, and borders of the system tabs for these elements of the
user interface:
l Page tab style
l Workspace tab style

Page Tab Style

The following table describes the fields in the Page Tab Style section.

Field Description

Selected Color Determines the background color of a selected page tab.

Non Selected Color Determines the background color of a non-selected page tab.

Hover Color Determines the background color of a page tab when a user
hovers the mouse pointer over the tab.

Selected Font Determines the font color of a selected page tab.

Non Selected Font Determines the font color of a non-selected page tab.

Hover Font Determines the font color of a page tab when a user hovers the
mouse pointer over the tab.

Workspace Tab Style

The following table describes the fields in the Workspace Tab Style section.

Field Description

Selected Color Determines the background color of a selected workspace tab.

Non Selected Color Determines the background color of a non-selected workspace

tab.

Hover Color Determines the background color of a workspace tab when a

user hovers the mouse pointer over the tab.

Selected Font Determines the font color of a selected workspace tab.

Non Selected Font Determines the font color of a non-selected workspace tab.

Hover Font Determines the font color of a workspace tab when a user
hovers the mouse pointer over the tab.

30 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

System Text Properties

On the Text Styles tab of the Manage Themes page, you can define text properties,
such as font, size, color, and style, for these elements of the user interface:
l Application header text
l Navigation Menu text
l Workspace text
l Page text
l Hyperlink text

Application Header Text

The following table describes the fields in the Application Header section.

Example of Page or
Field Description
Frame Part

System Menu Controls the text for the Preferences,

Header Links Reports, Help, and Logout links in the
header of the system.

Chapter 2: Themes 31
 RSA Archer GRC Platform Appearance

Navigation Menu Text

The following table describes the fields in the Navigation Menu Text section.

Field Description Example of Page or Frame Part

Primary Controls the text for the top-level

Menu nodes in the Navigation Menu,
Level which include multi-application
solutions and single-application
solutions.

Secondary Controls the text for the Platform

Menu features in the Navigation Menu for
Level the Administration workspace and
second-level nodes in the
Navigation Menu for other
workspaces, which include
applications displayed beneath a
solution.

Menu Controls the text for the links to the

Links Advanced Search page, reports, data
import, and so on, available within
the Navigation Menu.

32 Chapter 2: Themes
 RSA Archer GRC Platform Appearance

Workspace Text
The following table describes the fields in the Workspace Text section.

Field Description Example of Page or Frame Part

Quick Controls the text for the links to

Reference various reports, pages, and external
Links websites available on the Quick
Reference bar at the top of a
workspace.

iView Controls the text for the title of an

Display iView.
Name

Page Text
The following table describes the fields in the Page Text section.

Example of Page or
Field Description
Frame Part

Page Name Controls the text in the title bar of each

page.

Page Controls the text at the top of menu pages

Description for Platform (administration) features.

Section Controls the text for headings at the top of

Heading sections.

Chapter 2: Themes 33
 RSA Archer GRC Platform Appearance

Example of Page or
Field Description
Frame Part

Column Controls the text for column headings

Heading within the system.

Page Text Controls the text for control group names,

tab text, interface text, saved field values,
and the date and search-criteria within
headings on the Search Results page.

Field Name Controls the text for field names for

content records in view and edit mode and
for pages within Platform (administration)
features.

Hyperlink Text
The following table describes the fields in the Hyperlink Text section.

Example of Page or
Field Description
Frame Part

Content Controls the text for links within

Hyperlink application records.

34 Chapter 2: Themes
RSA Archer GRC Platform 5.4
Applications
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Applications

Contents

Preface 7
About this Guide 7
Product Documentation 8
Support and Service 9
Chapter 1: Applications 11
Create an Application 11
Select a Solution for an Application 12
Change the Status of an Application 13
Application Status Options 13
Enable or Disable Task Management for an Application 14
Enable or Disable Notifications for an Application 15
Enable Spell Check in Application 16
Enable Direct Edit Mode 17
Select a Default Format for Search Results 17
Enable Data Levels for an Application 18
Manage Data Levels for an Application 20
Set the Design Language for an Application 21
Attach Documentation to an Application 21
Remove an Application from a Solution 22
Change the Display of an Application in the Navigation Menu 22
Assign Application Owners 24
Assign Global Report Creation Rights for an Application 26
Delete All Content from an Application 27
Delete an Application 28
Chapter 2: Fields 29
Managing Fields 29
Key Fields 29
Create a Field 30
Update the General Properties of a Field 30
Field Name Guidelines 31
Configure the Display and Functionality of a Field 32
Available Field Types 33
Access History Field 34
Access History Field Options 34
Attachment Field 35
Attachment Field Options 36
Cross-Application Status Tracking Field 38
Cross-Application Status Tracking Field Options 39
Configure the Display and Functionality of a Cross-Application Status
Tracking Field 40
Cross-Reference Field 42
Cross-Reference Field Options 50
Date Field 55
Date Field Options 56

3
 RSA Archer GRC Platform Applications

Discussion Field 59
Discussion Field Options 60
External Links Field 62
External Links Field Options 63
First Published Date Field 64
First Published Date Field Options 64
History Log Field 65
History Log Field Options 66
Image Field 68
Image Field Options 69
IP Address Field 72
IP Address Field Options 72
Last Updated Date Field 75
Last Updated Date Field Options 75
Matrix Field 76
Matrix Field Options 77
Configure the Display and Functionality of a Matrix Field 78
Multiple Reference Display Control Field 80
Multiple Reference Display Control Field Options 81
Numeric Field 84
Numeric Field Options 85
Questionnaire Reference Field 90
Questionnaire Reference Field Options 90
Record Permissions Field 91
Configure Manual Selection for a Record Permissions Field 95
Configure Inherited Permissions for a Record Permissions Field 98
Configure Automatic Selection for a Record Permissions Field 99
Record Permissions Field Options 102
Record Status Field 104
Record Status Field Options 104
Related Records Field 105
Related Records Field Options 113
Sub-Form Field 118
Sub-Form Field Options 119
Text Field 121
Text Field Options 122
Tracking ID Field 126
Tracking ID Field Options 128
User/Groups List Field 129
User/Groups List Field Options 131
Values List Field 135
Field-Specific Values List Field Options 137
Global Values List Field Options 141
Voting Field 144
Voting Field Options 145
Create Field-Level Help 146
Assign Access Rights to a Field 149
Define Numeric Ranges for a Numeric Field 150
Convert a User/Groups List Field to a Record Permissions Field 151
Convert a Field-Specific Values List to a Global Values List 152
Define Field-Specific Values for a Matrix Field 153

4
RSA Archer GRC Platform Applications

Delete a Field 154

Configuring Trending 154
Trending Examples 155
Enable Trending for a Field 155
Disable Trending on a Trended Field 156
Chapter 3: Application Layouts 157
Customizing the Layout of an Application 157
Create Tabbed Groupings of Fields in an Application 158
Add Sections to an Application's Layout 161
Manage the Visibility Properties of a Field in an Application 162
Add Text Boxes to an Application's Layout 163
Add Placeholders to an Application's Layout 164
Add Custom Objects to an Application's Layout 165
Arrange Elements in an Application Layout 166
Add a Trending Chart to an Application Layout 168
Chapter 4: Reports 169
Application Reports 169

5
 RSA Archer GRC Platform Applications

Preface

About this Guide

When creating the basic foundation of an application, prior to adding its fields, you
should make some decisions about how the application is used and how its content
is managed. Consider the following questions:
l Should the application be placed in production immediately, or should it remain
in development until its structure has been formally approved?
l Is there any need to assign and track tasks associated with the application's
content records?
l Would the use of multiple data levels make information stored within the
application easier to use and organize?
l Should notification emails be used to alert users of new and updated records
within the application?
l Which administrative users should be granted ownership rights to the
application?
l Who should be able to create global reports in the application to share with other
application users?

Once you have made these decisions, you can frame the basic structure of an
application, add the appropriate fields, configure the display of the application in the
Navigation Menu, and create sub-forms, among many other application options.
You can perform the following tasks to manage applications:
l Create an Application
l Change the Status of an Application
l Configure Data Levels within an Application
l Enable or Disable Task Management for an Application
l Enable or Disable Notifications for an Application
l Enable Spell Check in Application
l Enable Direct Edit Mode
l Select a Default Format for Search Results
l Select a Solution for an Application
l Attach Documentation to an Application
l Change the Display of an Application in the Navigation Menu

Preface 7
 RSA Archer GRC Platform Applications

l Assign Application Owners

l Assign Global Report Creation Rights for an Application
l Delete All Content from an Application
l Delete an Application

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

8 Preface
 RSA Archer GRC Platform Applications

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 9
 RSA Archer GRC Platform Applications

Chapter 1: Applications

Create an Application
You can create a new, original application or create an application from a copy. If
you choose to create an original application, you must define all of the application's
structural components and create its fields. If you select to copy an application,
your new application contains all of the fields and structural components of the
copied application, but it does not include any attachment files or content records.
You can modify the properties of the copied application to address a new business
need.
Once you create an application, you can define fields for the new application,
configure the application’s layout and Navigation Menu properties, import data into
the application and more using the Manage Applications page in the Application
Builder.

Procedure
1. Navigate to the Manage Applications page:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
2. In the Applications toolbar, click Add New.
3. In the New Application dialog box, do one of the following:
l To use the settings of an existing application as a starting point for your new
solution, select Copy an Existing Application and select the existing
solution from the Applications list.
l To select new settings for a application, select Create a new Application
from scratch.
4. Click OK.
The New Application dialog box displays General Information options.
5. In the Name field, enter a name for the application.

Note: Application names must be unique.

6. In the Solutions field, click , assign the application to one or more solutions
and click OK.
7. Click OK.

Chapter 1: Applications 11
 RSA Archer GRC Platform Applications

The Manage Application page displays for the new application. Using the tabs
and fields on this page, you can provide additional information necessary for the
application.

Next Steps
Select a Solution for an Application

Select a Solution for an Application

You can assign an application to one or more solutions.
Solutions are groups of related applications that work together to address a
particular business need. For example, you might have a Security Compliance
solution that contains the following applications: Audit Tracking, Audit Requests,
and Contacts.
By selecting multiple solutions for a single application, you can reuse the same
information for a variety of purposes. For example, you could group a Contacts
application into your Customer Relationship Management and Project Management
solutions so both solutions can pull contact information from the same source.

Before You Begin

Create an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the General tab.

3. In the General Information section, in the Solutions field, click .

4. From the Available list, select the solution that you want to house your
application.
5. Click OK.
6. Click Apply.

Next Steps
Change the Status of an Application

12 Chapter 1: Applications
 RSA Archer GRC Platform Applications

Change the Status of an Application

You can change the status of an application.

Before You Begin

l Create an Application
l Select a Solution for an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab of the Manage Applications page, from the Status field,
select the status for the application. See Application Status Options.
3. Click Apply.

Next Steps
Enable or Disable Task Management for an Application

Application Status Options

An application's status can be set to any one of the following options:
l Production. Production applications are available to end users for data entry.
These applications can be referenced using Cross-Reference and Cross-
Application Status Tracking fields, and users can execute searches in these
applications and save those searches as named reports.
l Development. A development application has all of the characteristics of a
production application, but all records within the application are displayed with a
watermark. Development applications do not count toward your organization’s
custom application licenses.
l Archived. When you archive an application, end users can continue to search
and display the application's content, but that content is read only. The Add, Edit,
and Delete options are disabled, along with the Data Import feature. End users
can continue to select records in an archived application through Cross-
Reference fields in production applications. However, calculated fields and

Chapter 1: Applications 13
 RSA Archer GRC Platform Applications

record permissions are not recalculated in archived applications. Archived

applications do not count toward your organization’s custom application licenses.
l Retired. Retired applications are not available to end users. Records cannot be
created or edited in these applications, and users cannot execute searches or
view reports that were saved in the application at a time when it was set to the
Production status. In addition, if you retire an application that an administrator
has referenced in another application’s Cross-Reference or Cross-Application
Status Tracking field, that field is also retired. Although retired applications are
hidden from end users, application owners can continue to modify retired
applications from the Application Builder feature, and they can assign access
rights for retired applications from the Access Control feature. Application
owners can also create notification templates for retired applications from the
Notifications feature.

Important: Once your organization has reached its application limit as specified by
your license, you are unable to create additional Production applications. You can
still create new Development applications.

Enable or Disable Task Management for an Application

You can enable or disable task management capabilities for an application. By
enabling an application with task management capabilities, users can easily track
and manage open and completed activities associated with specific content records.
When you enable task management capabilities for an application, a Related
Records field is placed on the application's layout. The Related Records field
contains the following components:
l Open Tasks/Activities. Lists all of the open Task Management records
associated with the content record.
l Activity History. Lists all of the closed Task Management records associated
with the content record.

This procedure explains how to enable or disable task management capabilities for
an application.

Before You Begin

Create an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.

14 Chapter 1: Applications
 RSA Archer GRC Platform Applications

c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Locate the Options section on the General tab of the Manage Applications
page.
3. To enable task management capabilities for an application, select the checkbox
in the Task Management field.

Note: If you clear the checkbox and disable task management capabilities for an
application, Task Management records are no longer viewable within content
records of the associated application. However, all Task Management records
still are stored within the Task Management application. If task management
capabilities are subsequently reactivated, all existing Task Management records
are displayed with their associated content records.

4. (Optional) To rename the default settings for the Related Records fields, enter
the names in the Task Field Name field and in the History Grid Label field.
5. Click Apply.

Next Steps
Enable or Disable Notifications for an Application

Enable or Disable Notifications for an Application

You can enable or disable notifications for an application. When notifications are
enabled, end users are allowed to receive notifications when content in the
application is published or updated.
A further step in configuring notifications for an application is to create a
notification template in the Notifications feature. When you create a notification
template for an application, end users can subscribe to that template and receive
email alerts when records in the application are added or updated.
This procedure explains how to enable or disable notifications for an application.

Before You Begin

Create an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.

Chapter 1: Applications 15
 RSA Archer GRC Platform Applications

c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab of the Manage Applications page, in the Options section,
do one of the following:
l To enable notifications for an application, select the checkbox in the
Notifications field.
When you enable notifications for an application, you allow users to receive
notifications when content in the application is published or updated.
l To disable notifications for an application, clear the checkbox in the
Notifications field.
When you disable notifications for an application, you restrict application
users from receiving email notifications related to application content.
3. Click Apply.

Next Steps
Enable Spell Check

Enable Spell Check in Application

You can select to enable an automatic spell check each time a record is saved in an
application.

Before You Begin

Create an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab, in the Options section, select the checkbox in the Spell
Check field.
3. Click Apply.

16 Chapter 1: Applications
 RSA Archer GRC Platform Applications

Next Step
Enable Direct Edit Mode

Enable Direct Edit Mode

You allow users to open a record for editing from a Search Results list by enabling
direct edit mode. Users with update rights for content records in the application will
open an editable record instead of a view-only record when they click the key field
link for a record in a Search Results list.

Before You Begin

Create an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab, in the Options section, select the checkbox in the Direct
to Edit field.
3. Click Apply.

Next Step
Select a Default Format for Search Results

Select a Default Format for Search Results

You can select a default format for search results generated from the Display All
link in the Navigation Menu and from the Advanced Search page.

Before You Begin

l Create an Application
l Select a Solution for an Application

Chapter 1: Applications 17
 RSA Archer GRC Platform Applications

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab, in the Options section, in the Search Results field, select
the desired format for the application's default search.
3. Click Apply.

Next Steps
Enable Data Levels for an Application

Enable Data Levels for an Application

You can create multiple data levels within an application. A data level is a
hierarchical grouping mechanism that acts as a container for a subset of fields
within an application.
Organizing fields into levels allows for the creation of master-detail record
relationships within a single application. By linking records from one level to
records at the level above or below it, you can create powerful hierarchical
applications. As a best practice and to ensure optimal application performance, you
should create no more than four data levels within a application.
The Policies application in the Policy Management solution is an example of a
leveled application. It contains three levels of data: Policy, Area, and Section. Each
record in the Area level is related back to a record in the Policy level, and each
record in the Section level is related back to a record in the Area level, as shown in
the associated diagram of the Policies application.

Note: Using a leveled application makes the most sense when records in a child
data level can relate to one and only one parent-level record. In the Policies
application example above, you can see that record “8.3.3 Password Expiration” in
the Section data level can only relate back to record “8.3 Authentication” in the
Area level. It would not make sense to relate record “8.3.3” in the Section level to
record “5.5 Project Management” in the Area level.
If you are considering the use of a leveled application but you foresee child-level
records relating back to more than one parent-level record, you might consider
creating two applications instead and linking those applications with a Cross-
Reference field.

18 Chapter 1: Applications
 RSA Archer GRC Platform Applications

Before You Begin

l Create an Application
l Select a Solution for an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab, in the Options section, in the Structure field, select
Leveled (Outline).
The Levels section displays.
3. To add new levels to the application, click Add New.
A single application can have many levels, and each data level has its own
distinct fields, as shown in the following figure.

4. Click Apply.

Note: If you do not add any new levels at this time and the application contains only
one level, when you save the application, the setting in the Structure field reverts to
Standard.

Next Steps
Manage Data Levels for an Application

Chapter 1: Applications 19
 RSA Archer GRC Platform Applications

Manage Data Levels for an Application

You can select the data levels for your application. Once you have enabled your
application to support data levels, you can access the Levels section and manage
the data levels for the application.

Before You Begin

l Create an Application
l Enable Data Levels for an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab, locate the Levels section.

This section provides controls for adding, editing and deleting data levels.

Note: If you do not see the Levels section, in the Options section, verify that the
Structure field is set to Leveled (Outline).

3. Do one of the following:

l To add a new data level, click Add New.
l To edit an existing data level, click the level in the Level Name column.
The Manage Data Level dialog box opens.
4. In the Name field, enter a name for the data level.
5. In the Description field, enter text that describes the data level’s purpose and
content.
This description is displayed for users when they add new records in the
application and are prompted to select a data level.
6. Click OK.

Next Steps
Attach Documentation to an Application

20 Chapter 1: Applications
 RSA Archer GRC Platform Applications

Set the Design Language for an Application

The design language for a new application is set automatically to the default
language for the instance. If you create an application in a different language, set
the design language for the application to reflect the different language used for
field names and other user interface elements.

Procedure
1. Click Administration > Application Builder > Manage Applications.
2. Select an application.
3. In the General tab > Options section, select the design language in the
Language field.
4. Click Apply.

Attach Documentation to an Application

You can attach documentation to an application. You can include design documents,
sign off information, and so on. You can also view the name, size, type, and upload
date for each attached document.

Before You Begin

Create an Application

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab of the Manage Applications page, in the Documentation

section, click Add New.
The File Upload dialog box opens.
3. Select the document file or files that you want to add to the application.
4. Click OK.
The system loads the file or files and displays all uploaded document files in the
Documentation section.
5. Click Save.

Chapter 1: Applications 21
 RSA Archer GRC Platform Applications

Remove an Application from a Solution

You can remove an application from a solution.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab, in the General Information section, in the Solution(s)

field, click .
The Select Solution dialog box opens.

3. Click to the right of the solution name in the Selected list.

4. Click OK.
5. Click Save.

Change the Display of an Application in the Navigation Menu

You can select how many menu items for an application are displayed in the
Navigation Menu. Menu items include:
l Advanced Search
l Add New
l Display All
l Data Import
l By [field name]
l By [data level]
l Reports

By [field name] menu items serve as quick filters that enable you to search for
records that include a specific field value. The following field types enable quick
filtering from the Navigation Menu:
l Cross-Reference
l Matrix

22 Chapter 1: Applications
 RSA Archer GRC Platform Applications

l Record Permissions
l Record Status
l User/Groups List
l Values List

By [data level] menu items are available for leveled applications and enable you to
select records that reside within a specific data level.
In addition to configuring the display of menu items in the Navigation Menu, you
can define default search settings for searches executed in the application from the
Navigation Menu, including the fields that are displayed and the sort order of those
fields.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Navigation Menu tab to select display properties.

You can configure the display properties of each item in the Menu Item
column.
3. To enable the display of a specific menu item, select Show Item.
Selecting this checkbox displays the item within the Navigation Menu for the
application. To hide a menu item, clear Show Item.
4. To edit additional properties of a menu item, click the name in the Menu Item
column.
5. Select from the following options to configure your Navigation Menu link:
l Visibility. To display the item in the Navigation Menu, select Display the
item in the Navigation Menu.
l Display Alias. If you selected to display the item in the Visibility field, the
Display Alias field is enabled. In the Display Alias field, enter the name that
you want displayed in the Navigation Menu.
l Default Expansion. If you selected to display the item in the Visibility field,
the Default Expansion field is enabled. To expand the item node in the
Navigation Menu by default, select Expand this folder by default.

Chapter 1: Applications 23
 RSA Archer GRC Platform Applications

l Fields to Display. For the Display All and By [field name or By [data
level] menu items, select the fields to display in the search results when a
user clicks one of these items to execute a search. From the Available list,
select the fields that you want to include in the search results. Use the
below the Selected list to arrange the fields in the display order. To remove a
field from the search results for a menu item, click to the right of the field
name in the Selected list.
l Sorting. For the Display All and By [field name or data level] menu items,
specify the sort order for search results that are executed when a user clicks
the menu item.From the Field drop-down menu, select the field by which
search results should initially be sorted (Ascending or Descending). To add
new fields to sort by, click Add New and select additional fields.
6. Click OK.
7. Click Save.

Assign Application Owners

You can select the users who will serve as "owners” of an application. Application
owners have full editing rights over their designated applications, meaning that they
can fully customize an application’s properties. This includes adding and arranging
fields in the application, enabling notifications, configuring data driven events, and
so on.
Application owners also have unrestricted access to all record content in their
applications, including sub-form content. In relation to record content, application
owners are permitted to:
l Create new records in the application and its sub-forms
l View all records and field content in the application and its sub-forms,
regardless of record-level or field-level permissions
l Update all records in the application and its sub-forms
l Delete any existing records in the application and its sub-forms
l Create global reports for the application

If you have been assigned as an owner for one or more applications, you can open
those applications for editing from the Manage Applications page. When you access
this page, you see all of the applications that administrators in your organization
have created, but you can only edit those applications for which you have ownership
rights. If no users have been assigned ownership for an application, only users who
have been granted the System Administrator access role can open the application
for editing.

24 Chapter 1: Applications
 RSA Archer GRC Platform Applications

Note: If you create a new application, you are automatically granted ownership
rights to it. However, your rights can be revoked by any other user who is
subsequently granted ownership of the application.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Administration tab.

3. In the Application Owners control group, click .

The Select User/Group(s) dialog box opens, enabling you to assign users and
groups as owners of the application.
4. From the Available list, select the users or groups who you want to serve as
owners for the application.
To search for a specific name, enter the name in the Find field and (if
applicable) select the type from the adjacent list, and click Search. The results
of your search are displayed in the Search Results node in the Available list.

5. To revoke application ownership from a user or group, click to the right of

the appropriate name in the Selected list.
6. Click Save.

Chapter 1: Applications 25
 RSA Archer GRC Platform Applications

Assign Global Report Creation Rights for an Application

You can assign permissions to users and groups for creating and editing global
reports within a specific application. Global reports can be shared with any user in
the application, but only users with access to the application for which the report
was created can see the contents of the report. Users who do not have global report
creation rights can only create personal reports, which cannot be shared with other
users.

Note: By default, application owners have global report creation rights for their
applications.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Administration tab.

3. In the Report Administrators control group, click .

The Select User/Group(s) dialog box opens, enabling you to assign users and
groups as global report creators for the application.
4. From the Available list, select the users or groups to which you want to assign
global report administration rights.
To search for a specific name, enter the name in the Find field and (if
applicable) select the type from the adjacent list, and click Search. The results
of your search are displayed in the Search Results node in the Available list.

26 Chapter 1: Applications
 RSA Archer GRC Platform Applications

5. To revoke global report administration rights from a user or group, click to

the right of the name in the Selected list.
6. Click Apply.

Delete All Content from an Application

You can delete all content records from an application. The content delete feature
can be extremely useful if you have created a large number of records to test the
functionality and performance of a new application or to remove demo data from a
newly installed Archer solution.

Important: Take extreme caution in deleting content from an application because

once the content is deleted, it cannot be recovered. RSA Archer highly recommends
that you create a backup of your data before deleting application content.
You cannot import data into an application until the content delete process is
complete. If the application contains a large number of records, this process could
take several minutes. To determine whether all content has been deleted from the
application, reactivate the application and run a "Display All" search in the
application from the Navigation Menu. When your search returns zero records, you
can initiate your data import.

Before You Begin

Retire the application. (See Change the Status of an Application.) The content
delete feature is available only for retired applications.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. On the General tab of the Manage Application page, ensure that Retired is
selected in the Status field. If it is not selected, select Retired and click in
the page toolbar to save your changes.
3. Click the Administration tab.
4. In the Delete Application Content control group, click Delete Content. If this
button is unavailable, the application is not retired.

Chapter 1: Applications 27
 RSA Archer GRC Platform Applications

5. In the Warning dialog box, select the checkbox indicating that you understand
the implications of performing this operation.
6. Click OK.

Delete an Application
If you have delete permissions to the Manage Applications page, you can delete
applications for which you have ownership rights.

Important: Take extreme caution when deleting applications. Once an application is

deleted, all data within that application is permanently lost.

Procedure
1. Navigate to the Manage Applications page:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
2. Select the row of the application that you want to delete.
The row expands to display a description and associated solutions.

3. In the far-right column for that application, click .

Prior to deleting the application, the system prompts you to confirm or cancel
your deletion.

Note: Some Archer applications may be locked, allowing administrators limited

access. The absence of a indicates that an application is locked and cannot be
deleted.

28 Chapter 1: Applications
 RSA Archer GRC Platform Applications

Chapter 2: Fields

Managing Fields
A field is a data collection device that is displayed as an interface control for end
users as they create and update records within an application. Each field has a
configurable set of properties that govern how the field is displayed in the
application and how (or whether) the user is to interact with it.
The Platform provides a wide variety of field types to allow you to collect and
shape information according to your business requirements. From the Fields tab on
the Manage Applications page, you can add, edit, configure and arrange data
collection fields within applications.
You can perform the following tasks to manage fields:
l Create a Field
l Update the General Properties of a Field
l Configure the Display and Functionality of a Field
l Create Field-Level Help
l Assign Access Rights to a Field
l Delete a Field

Key Fields
All applications must contain a key field, and multi-level applications must contain
a key field at each data level. The key field setting is exclusive; only one field
within each single-level application or within each level of a multi-level application
can serve as the key field.
On the Advanced Search page in the Fields to Display section and on the Layout
tab of the Manage Applications page, the Key Field icon indicates the key field.
The key field is displayed in search results as a hyperlink within each record. By
clicking the hyperlink, users can click the key field to view the details of a record.
By default, the Tracking ID field is set as the key field. You can select this setting
for another field. The following field types can serve as the key field:
l Text
l Numeric
l Date

Chapter 2: Fields 29
 RSA Archer GRC Platform Applications

l IP Address
l Tracking ID

Create a Field
You can create fields from both the Fields tab and the Layout tab on the Manage
Applications page.

Note: To protect data integrity, the application prohibits field type changes, for
example, changing a Date field to a Text field, once a field has been created.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Do one of the following:

l Click the Fields tab. Click Add New and in the Add Field dialog box, select
to create an original field or to create a copy of an existing field.
If you selected to create an original field, select the type of field that you
want to create and click OK.
l Click the Layout tab and in the Available Fields list, from the Add New
Field drop-down list, select the type of field that you want to create.
The Manage Field page is displayed and is prepopulated with the type of field
that you selected.
To learn more about the various fields types, see Available Field Types.

Next Steps
Update the General Properties of a Field

Update the General Properties of a Field

You can update the general properties of a field, including its name, description,
and status.

Before You Begin

Create a Field

30 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Procedure
1. Select the application containing the field that you want to update:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.
2. Click the Fields tab.
3. In the Field column, click the field that you want to configure.
4. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the field. See Field Name Guidelines.
b. In the Description field, enter a brief description of the field.
This description is for internal use only and is not visible to the end user.
c. In the Status field, select whether the field is Active or Inactive.
Active fields display when users add, edit, and view records in the application.
They can be referenced in advanced searches, calculated field formulas, and
data driven events. Inactive fields are not displayed in any application record
and cannot be referenced by other options in the Platform.
5. Click Apply.

Next Steps
Configure the Display and Functionality of a Field

Field Name Guidelines

The following are general guidelines for specifying field names:
l Limit field names to one or two words wherever possible. For example,
"Description" is preferable to "Description of the Asset."
l To ensure readability, limit field name lengths to 20 characters wherever
possible.
l Capitalize the first letter of each word in the field name. For example,
"Predicted Impact" is preferable to "Predicted impact."
l Avoid redundant wording in field names. For example, the use of the word
"Asset" is unnecessary and should be removed from the following series of
fields: "Asset Name," "Asset Type" and "Asset Value."
l Use noun-based field names whenever possible; avoid verb-based field names.

Chapter 2: Fields 31
 RSA Archer GRC Platform Applications

Configure the Display and Functionality of a Field

You can define the display and functionality of a field using the Options tab on the
Manage Fields page.

Before You Begin

Create a Field

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field column, click the field that you want to configure.
4. Click the Options tab to access controls for configuring the display and
functionality of the field.
5. Select options. For field-specific options for this tab, select the field type with
which you are working:

Access History Last Updated Date

Attachment Matrix

Cross-Application Status Tracking Multiple Reference Display Control

Cross-Reference Numeric

Date Questionnaire Reference

Discussion Record Permissions

External Links Record Status

Field-Specific Values List Related Records

First Published Date Sub-Form

32 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Global Values List Text

History Log Field Tracking ID

Image User/Groups List

IP Address Voting

6. Click Apply.

Next Steps
Create Field-Level Help

Available Field Types

Data collection field types are divided into three categories: basic, advanced, and
system.

Note: Field types may or may not be available depending on the type of application
into which you are adding fields.

Basic field types include:

l Attachment l Numeric
l External Links l Text
l Date l User/Groups List
l Image l Values List
l IP Address l Voting

Advanced field types include:

l Cross-Application Status Tracking l Multiple Reference Display Control

(CAST)
l Questionnaire Reference
l Cross-Reference (and the associated
l Record Permissions
Related Records field)
l Sub-Form
l Discussion
l Matrix

System field types include:

Note: System fields do not allow data input from users. They are automatically
populated by the system when a record is saved.

Chapter 2: Fields 33
 RSA Archer GRC Platform Applications

l Access History l Last Updated Date

l First Published Date l Record Status
l History Log l Tracking ID

Access History Field

The Access History field type enables users to access a record-specific view
history for the record. By clicking the View Access History link within a record in
View or Edit mode, you can track:
l For a particular content record, who has accessed the record and when.
l At the application level, what content records have been accessed by whom and
when.

The Access History field type and the Record Views – Detail report allow you to
better understand how users are interacting with content within Archer. By using
the Access History field in appropriate records, you have visibility into individual
user content activities to ensure that the sensitive information you handle within the
Archer environment is secure and managed properly. The Record Views – Detail
report supports internal audit requirements and provides easy access to reporting
related to end user access history.
For instructions on configuring the Access History field type, see Configure the
Display and Functionality of a Field and Access History Field Options.

Access History Field Options

You can configure the display options and functionality of an Access History field
on the Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the Access History field, see Access History Field.
The following table lists the options for the Access History field.

Option Action

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

34 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Attachment Field
The Attachment field type allows users to upload one or more files and attach them
to a record. The Attachment field accepts any type of file, as long as its size does
not exceed the limitations set for the field.
For instructions on configuring the Attachment field type, see Configure the Display
and Functionality of a Field and Attachment Field Options.
When configuring an Attachment field, you can specify the total number of files
that can be uploaded (attached) to the field, as well as the file size (between 1 and
100 MB) permitted for each file. You can also enable end users to keyword search
into attached documents. The following file types are supported for document
searching:
l Microsoft Word
l Microsoft Excel
l PDF
l Text
l .CSV

An Attachment field can be expressed to users in one of two display controls: Grid
or Single Column. In a Grid control, the attachment information displays as a
resizable grid control that displays the name, size and file type for each file. The
Attachment field can also display as a single column with links to the files. When
you select the Grid option, users with appropriate access can view the Download
History report. This report provides a summary of the download history of a
document including the user, email address, and download date. Users can upload
files by clicking Add New.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selection
l Maximum File Size

Chapter 2: Fields 35
 RSA Archer GRC Platform Applications

Attachment Field Options

You can configure the display and functionality of an Attachment field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the Attachment field, see Attachment Field.
The following table lists the options for the Attachment field.

Option Action

Display Control Section

Grid Select this option to display a grid containing the name of the
file, the size of the file, the file type, and the upload date for each
attachment added to the record.

Single Column Select this option to display the name of the attachment as a
single column. Users can click the name of the file to access the
file.

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required
fields are indicated with an icon (selected in the Appearance
feature) to alert users that they must supply a value. If this
checkbox is not selected, users can skip this field when adding or
editing a record in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot include
this field in search results or reference the values in the field in
search filters.

36 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

Search Default Field Select this option to include the field by default in search results
for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Keyword Searching Select this option to allow users to keyword search in documents
attached to the field. File types supported for document searching
include Microsoft Word, Microsoft Excel, PDF, Text, and .CSV. If
a user does not have access to the field but the field is configured
to allow document searching, the field is still searched when the
user executes a keyword search in the application. However, the
field is not displayed in the search results.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field
Display Options section.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always option is
not selected, the field is validated only when the value in that
field has changed.

Configuration Section

Minimum In these fields, enter the maximum and minimum number of

Attachments and attachments that you want to require for the field.
Maximum
Attachments

Chapter 2: Fields 37
 RSA Archer GRC Platform Applications

Option Action

Maximum Size In the Maximum Size field, select the maximum file size, up to
100 MB, that you want to allow for each file uploaded to the
Attachment field. This setting does not restrict the total size of all
files uploaded to the field.

Important: Users may experience a long wait time when

attaching large files to a record. If you allow users to
attach multiple large files, you should periodically monitor
the available space and current usage of the Archer
server’s file repository to ensure optimized system
performance. For more information on the file repository,
see the RSA Archer eGRC Platform Installation Guide.

Display Fields Select which fields of information you want to display along with
your attachment file.

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you must enter supporting information and select a display option.

Display Text Enter your supporting text in this field. For example, you can
enter a specific question related to values users enter in the field,
such as "When was the date of your last security audit?" This text
is always displayed, even if you select to hide the field name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Cross-Application Status Tracking Field

The Cross-Application Status Tracking (CAST) field type allows users to track the
completion status of tasks stored in one application against records in another
application. For example, you could track the implementation of security controls
against specific assets, indicating status changes, using the CAST field's status
values list.
For instructions on configuring the Cross-Application Status Tracking field type, see
Configure the Display and Functionality of a Field and Cross-Application Status
Tracking Field Options.

Note: The application that contains the task records (such as security controls or
patches) is considered the child application, and the application that contains the
object records (such as assets or vendors) that you want to track tasks against is the
parent application.

38 Chapter 2: Fields
 RSA Archer GRC Platform Applications

To build a status tracking relationship between two applications, you add a Cross-
Application Status Tracking field to the parent application from Application
Builder. During the field configuration process, select the child application with
which the linkage should occur, and then select a global values list containing status
values to populate the Cross-Application Status Tracking field. For example, you
could select a global values list with the values Accept Risk, Implemented, Time
Extension and Not Applicable.
Finally, you determine the method to use to link records from the child application
to those in the parent application. Child-application records can be linked to parent-
application records by selecting a field in each application that is populated with an
identical global values list and/or by creating a field-value rule with one or more
conditions that filters out records in the child application. You can also select a
cross-reference field referencing the same application.
You can use the following two methods for linking child-application records to
parent-application records:
l Relate Content by Field. If you have a values list field in your parent
application, for example, Asset Management, that denotes the Asset Type, and
you have the same field in your child application, for example, Security Controls,
you can link the two fields so controls are only linked to an asset if the asset
shares the same value in the Asset Type field.

Note: RSA Archer requires only that there is a single common value between the
fields.

l Relate Content by Rule. If you relate content by a rule, all content records in
the child application that satisfy that rule are linked to all records in the parent
application. For example, you can create a rule that links all records in the child
application with the value "High" in the Priority field to records in the parent
application.

After you link a Cross-Application Status Tracking field to a child application, a

matching field automatically is created in the child application to note the linkage.
When updating a record in the parent application, a user can select a value from the
Cross-Application Status Tracking field to define the status of the relationship
between the parent-application record and the child-application record. For
example, while updating an asset record in the parent application, a user can select
the implementation status of a related security control from the Cross-Application
Status Tracking field.

Cross-Application Status Tracking Field Options

You can configure the display and functionality of a Cross-Application Status
Tracking (CAST) field on the Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Cross-
Application Status Tracking Field.

Chapter 2: Fields 39
 RSA Archer GRC Platform Applications

For more information on the Cross-Application Status Tracking field, see Cross-
Application Status Tracking Field.
The following table lists the options for the Cross-Application Status Tracking field.

Options Section

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Quick Status Change Select this option to display statuses in a dropdown menu
on the Status Tracking Results page to enable immediate
status changes.

Configuration Section

Relate Content By Select this option to relate the two applications based on a
Field field in both applications.

Relate Content By Rule Select this option to specify a rule which determines the
records to link from the outside application.

Application Field and If you selected the Relate Content By Field option, you can
Related Field select the application field and related field for which to
relate the two applications.

Rule If you selected the Relate Content By Rule option, you can
add or remove search criteria in the table to specify a rule
that determines which records to link from the outside
application.

Configure the Display and Functionality of a Cross-Application Status

Tracking Field
You can configure the display and functionality of a Cross-Application Status
Tracking (CAST) field on the Options tab of the Manage Fields page.
For more information on the Cross-Application Status Tracking field, see Cross-
Application Status Tracking Field.

40 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Before You Begin

Create a Field

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field Name column, click the field that you want to configure.
The Manage Fields page is displayed. This page allows you to specify the
properties of the field.
4. On the General Information tab in the Associated Application field, click
Select and select the application to relate through the CAST field.
The related application is the child or tasks application. This application stores
the items you are tracking against. For example, if you include a CAST field in
an Incidents application, the application you relate might store response
procedures.

Important: If you change the associated application for a CAST field, but
records with values for the CAST field were already saved in the previously
associated application, those values are no longer displayed in the previously
associated application because the CAST field is removed. Therefore,
RSA Archer recommends that you do not change the associated application for
a CAST field if records in the current related application have already been
saved.

5. In the Status List field, click Select and select the values list to populate the
CAST field.
The values list that you select should contain status values that users can select
from when indicating the current completion status for a task such as
Completed, Not Started, and Time Extension Granted.

Chapter 2: Fields 41
 RSA Archer GRC Platform Applications

Important: If any records were saved using the current values list for the CAST
field, changing the status of the values list is not recommended. If you change
the values list after records have already been saved with values from a
previous values list, the CAST values in those records are set to the default
value for the new values list. If no default value is configured for the new
values list, the CAST values in records saved with the previous values list is set
to No Value. In either case, you lose any status changes made to records saved
with the previous values list.

6. Click the Options tab to access controls for configuring the field's display and
functionality.
7. Select options. For detailed information on options, see Cross-Application Status
Tracking Field Options.
8. Click Apply.

Next Steps
Create Field-Level Help

Cross-Reference Field
The Cross-Reference field type allows you to create associations between records
in the same application (internal references) or records in two separate applications
(external references). For example, if you have a Cross-Reference field configured
to create internal references in a Trouble Tickets application, you could associate
one ticket to other related tickets. Or, if you have a Cross-Reference field within a
Violations application that is configured to create external references to an
Investigators application, you could select investigators for individual violation
records by selecting those investigators through the Cross-Reference field.
For instructions on configuring the Cross-Reference field type, see Configure the
Display and Functionality of a Field and Cross-Reference Field Options.
When you create a Cross-Reference field that forms an external relationship with
another application in the system, a Related Records field is automatically added to
the related application. Likewise, when you create an association between records
in the same application, a Related Records field is automatically created in the
application.
For external references, the Related Records field provides a mirror image of the
Cross-Reference field, meaning that, within an individual record in the related
application, you can see all records that have been cross-referenced to that record.
For example, if you have a Cross-Reference field within a Violations application
that is related to an Investigators application, users can select investigators for
individual violation records through the Cross-Reference field. Then, if users
access a record in the Investigators application, they can view all violation records
that have been cross-referenced to that particular investigator in the Related
Records field.

42 Chapter 2: Fields
 RSA Archer GRC Platform Applications

For more information on the Related Records field type, see Related Records Field.
A Cross-Reference field can be expressed to users in either a Grid or Single
Column display control. In a Grid control, multiple fields from the selected records
are displayed in the field. These fields are displayed in a sortable table. In a Single
Column control, only the key field of selected records are displayed in the field.
When users select record references through a Cross-Reference field using a Grid
or Single Column display control, a Record Lookup page is displayed that enables
them to select records from a list or to keyword search for specific records in the
related application.
As an application owner, you can configure the fields that are displayed for users
on the Record Lookup page, and you can create filter criteria to limit the number of
records users can select from. You can also define the minimum and maximum
number of related records a user can select.
When you create a Cross-Reference field that references a leveled application, you
have the option to reference one level or all levels of that application. If you select
one level, the Display Fields, Filters, and Sorting controls contain only the fields
from the selected level.
See the following topics for additional information about Cross-Reference fields:
Record Save Validation
Field Validation Configuration - Cross-Reference Field
Field Type Validation Rules
Reference Field Validation
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Record save validation is available for the following field types:

Chapter 2: Fields 43
 RSA Archer GRC Platform Applications

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Field Validation Configuration - Cross-Reference Field

The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections

Field validation is available for the following field types:

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

44 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Field Type Validation Rules

Three new field type validation rules are now applied for the minimum and
maximum selections for the following reference fields:
l Reference Related Field Minimum Selections
l Reference Related Field Maximum Selections
l Reference Related Field Required

The following field types are associated with these rules:

l Cross-references
l Related records

When validating the three new rules for the related record, the system only
validates records that were added to or removed from the reference field of the
original relationship. For example, a user in Application A creates a Cross-
Reference field, and then removes related record B1 in Application B. The only
record that is validated is B1, because it changed.

Chapter 2: Fields 45
 RSA Archer GRC Platform Applications

The following table provides more information about these rules.

46 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Rule Description

Minimum This rule validates that the removed or added relationships do not
Selections (rule violate the Minimum Selections rule for the related record when both
for a reference of the following apply:
related field)
l The user attempts to save a record with a reference field change.
l A Minimum Selections rule is enabled for the reference field in
the related application.

Example

Scenario A user creates a Cross-Reference field in Application

A.
The user sets the value in the Minimum Selections
field to 2 for the associated Related Record in
Application B.
Record B1 has two references and is related to
Record A1 and Record A2.
The user edits Record A1 and attempts to remove
Record B1 from the Cross-Reference field.

Results When the user attempts to save Record A1, a

message is displayed, indicating that the Minimum
Selections rule for B1 is violated. The violation
occurs because the removal of Record A1 causes the
number of records to fall below the Minimum
Selections value of 2.

Maximum This rule validates that the removed or added relationships do not
Selections (rule violate the Maximum Selections rule for the related record when both
for a reference of the following apply:
related field)
l The user attempts to save a record with a reference field change.
l A Maximum Selections rule is enabled for the reference field in
the related application.

Example

Chapter 2: Fields 47
 RSA Archer GRC Platform Applications

Rule Description

Scenario A user creates a Cross-Reference field in Application

A.
The user sets the value in the Maximum Selections
field to 2 for the associated Related Record field in
Application B.
Record B1 has two references and is related to
Record A1 and Record A2.
The user edits a third record, A3, and adds Record B1
to the Cross-Reference field.

Results When the user attempts to save Record A3, a

message is displayed, indicating that the Maximum
Selections rule for B1 is violated. The violation
occurs because adding Record A3 causes the number
of records to exceed the Maximum Selections value
of 2.

Required (rule This rule validates that the removed relationships do not violate the
for a reference- Required rule for the related record when both of the following
related field) apply:
l The user attempts to save a record with a reference field change.
l A Required rule is enabled for the reference field in the related
application.

Example

Scenario A user creates Application A with a cross-reference.

The user sets the associated Related Record field in
Application B to Required.
Record B1 is related to Record A1.
The user edits Record A1 and removes Record B1
from the cross-reference.

Results When the user attempts to save Record A1, a message

is displayed, indicating that the Required rule for
Record B1 is violated. The violation occurs because
the removal of Record A1 causes the field (which is
required) to have no data.

48 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Reference Field Validation

The relationship between a reference field and an original (published) record does
not count toward Minimum, Maximum, and Required validation when both of the
following apply:
l The reference field has workflow enabled.
l The original record has a copy enrolled into a workflow.

Relationships to records enrolled into a workflow without a copy are counted as

regular records.
Example

Scenario Set-up A user creates a Cross-reference field in Application A, which

has workflow enabled.
The user sets the Maximum Selections value to 2 for the
associated Related Record field in Application B.
Record B1 is related to original Records A1 and A2 in
Application A.

Scenario A
Scenario The user enrolls Record A2 into a workflow and
creates Copy A2C.

Results The Maximum Selections rule for Record B1 is

not violated because only the original Record
A1 and Copy A2C count against the maximum
selections.

Scenario B
Scenario The user removes Record B1 from the Cross-
Reference field A2C.
The user enrolls Record A3 into a workflow and
creates Copy A3C.
The user edits Copy A3C and adds Record B1 to
the Cross-Reference field.

Results Again, the Maximum Selections rule for Record

B1 is not violated because only the original
Record A1 and Copy A3C count against the
maximum selections.

Chapter 2: Fields 49
 RSA Archer GRC Platform Applications

Scenario C
Scenario The user edits Copy A2C again and adds Record
B1 to the Cross-Reference field.

Results The attempt to save Copy A2C fails because

there are now potentially three records to count
against the maximum selections: original Record
A1, Copy A3C, and Copy A2C.e

Cross-Reference Field Options

You can configure the display and functionality of a Cross-Reference field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the Cross-Reference field, see Cross-Reference Field.
The following table lists the options for the Cross-Reference field.

Options Action

Display Control Section

Grid Select this option to display a grid containing multiple

fields of data from the referenced record spanning the width
of the page.

Single Column Select this option to display the key field of the referenced
record in a single column format.

Options Section

Required Field Select this option to require users to supply a value for the
field when adding or editing a record in the application.
Required fields are indicated with an icon (selected in the
Appearance feature) to alert users that they must supply a
value. If this checkbox is not selected, users can skip this
field when adding or editing a record in the application.

50 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Options Action

Auditing Information Select this option to display auditing information next to the
field each time that its value is changed. The auditing
information includes only the name of the user who made
the change and the date and time of the change. If this
checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Lookup Select this option to allow users to access a Record Lookup

page to select exiting records from the related application.
Clear this checkbox if you only want to allow users to
create new records for cross-referencing, assuming they have
been granted appropriate record creation rights in the related
application. You must select this checkbox if you want the
Cross-Reference field to be available for selection in a
Multi-Reference field. For more information about
configuring a Multi-Reference field, see Multiple Reference
Display Control Field Options.

Add New If you selected the Grid display control, you can also select
Add New to allow users to add new records to the related
applications from a record in View mode. Users will not
have to open a record in Edit mode to create new related
records. If a user does not have rights to create records in the
related application, the link is not displayed for that user.
When a user creates a new related record from View mode,
that record will be selected in the Cross-Reference field just
as it would if it were created from Edit mode. For example,
if a user opens a Vendor record in View mode and creates a
record in the related Audits application by clicking Add
New in the Cross-Reference field, that new Audit record will
be selected in the Vendor record's Cross-Reference field,
even though the user did not open the Vendor record for

Chapter 2: Fields 51
 RSA Archer GRC Platform Applications

Options Action

editing.

Tree Display If you selected the Single Column display control, you can
also select Tree Display if your relationship application is a
leveled application and you want to display cross-referenced
records in a hierarchical format. The following figure shows
top-level record references flush with the left margin of the
field, and record references in subsequent data levels
indented.

Note: When records with the Cross-Reference field are

exported in CSV format, the Tree Display option is disabled
to allow the data to be re-imported into the application. All
other data export formats preserve the Cross-Reference tree
display for the field.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always
option is not selected, the field is validated only when the
value in that field has changed.

Disable Remove Select this option to disable the Remove button for records
displayed in a Cross-Reference field.

52 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Options Action

Record Lookup Configuration Section

Display Fields If you selected the Single Column or Grid display control,
you can define the fields of data from the relationship
application that should display in the Record Lookup page
for end users when they select related records in the Cross-
Reference field.

To select fields for display, click in the Display Fields

field and select the fields that you want to display from the
Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list will be
the left-to-right order of fields in the Record Lookup page.

Note: If the relationship application is a leveled application,

and you selected fields from two or more levels to be
displayed in the Cross-Reference field, you can only arrange
those fields on a level-by-level basis. You cannot intermix
fields from separate data levels.

Filters To set filters for the records to be displayed in the

field,complete the following steps:
1. In the Field to Evaluate column, select the field to
evaluate for one or more specific values.
You can create additional conditions by clicking Add
New.
2. In the Operator column, select the filter operator.
3. In the Value(s) column, select the values for the
condition.
4. If you have created more than one condition, you can
apply advanced logic to your search criteria.

Sorting If you selected the Grid or Single Column display control,

you can define the fields by which cross-referenced records
should be sorted within the Record Lookup page. For
example, in an "Investigators" Cross-Reference field, you
could sort the display of referenced records alphabetically by
investigator name.

Display Format Select how you want the cross-referenced records displayed
on the Record Lookup page:

Chapter 2: Fields 53
 RSA Archer GRC Platform Applications

Options Action

l Column-Hierarchical. Displays the records in a

columnar layout where fields are displayed across the
page from left to right, and the field values are presented
showing relationships.
l Column-Flat. Displays the records in a simple columnar
layout without any grouping of values.

Grid Display Properties Section

Record Lookup Select this option to apply the values selected in the Record
Lookup Configuration section to the corresponding
View/Edit Display control group fields.

Display Fields You can define the fields of data that display in the Cross-
Reference field grid of selected records. To select fields for
display, click in the Display Fields field and select the
field that you want to display from the Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list display
as the left-to-right order of fields in the Cross-Reference
Field table.

Note: If the relationship application is a leveled application,

and you selected fields from two or more levels to be
displayed in the Cross-Reference field, you can only arrange
those fields on a level-by-level basis. You cannot intermix
fields from separate data levels.

Sorting You can define the fields by which cross-referenced records

should be sorted within the grid of selected records. For
example, in an "Investigators" Cross-Reference field, you
could sort the display of referenced records alphabetically by
investigator name.

Configuration Section

54 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Options Action

Minimum and Specify the minimum and maximum number of records that
Maximum Selections users can select in the field.

Field Height If you selected the Single Column display control, you can
configure the height of the field in lines in the Field Height
field. This setting impacts the display of the field only when
users add or edit records in the application. For example, if
you set the field height to three lines, and a user makes four
selections in the field, a scroll bar is displayed.

Default Records If you selected the Grid display control, you can configure
Display the number of cross-referenced records that display within
the grid. If this option is selected, only the first X records are
displayed, where X is the selected value for the Default Grid
Display field. If the number of records exceeds the default
display number, a View All link is displayed. A user can
click this link to view all of the associated records.

Date Field
The Date field type accepts only a valid date entry and is displayed to users as a
field with a calendar icon displayed beside it. Users can either enter dates directly
in the field or click the Calendar to select a date from the dialog box.
For instructions on configuring the Date field type, see Configure the Display and
Functionality of a Field and Date Field Options.
When configuring the properties of a Date field, you can enable users to enter a
time of day to associate with the date, as shown below.

You can also restrict users from entering values in a Date field that are already
contained in other records within the application, making each Date field value
unique.
In addition to these basic field configuration options, the Date field type also
supports the following specialized options:
l Default Date Value. If this option is enabled, you can select a default value for
Date fields. The default date value is set when a record is created in the

Chapter 2: Fields 55
 RSA Archer GRC Platform Applications

application; the value is not affected by record edits. When configuring the
default value, you can select to display the date of record creation, a date that is
a specific number of days after the date of record creation, or a static, specific
date. You can also select to display no default value in the Date field.
l Calculated Field. If this option is enabled, you can specify a formula for
dynamically computing the field's value. For example, you could create the
following formula to populate the Date field with the current date: TODAY().
The calculated field would display as read-only for all application users, and its
value would be updated each time the field was recalculated.

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Unique
l System Minimum Value

Date Field Options

You can configure the display and functionality of a Date field on the Options tab of
the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the Date field, see Date Field.

56 Chapter 2: Fields
 RSA Archer GRC Platform Applications

The following table lists the options for the Date field.

Option Action

Display Control Section

Select the type of display control that you want to use for the
field:
l Text Box - Date Only
l Text Box - Date and Time
l Dropdown - Date Only
l Dropdown - Date and Time

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Chapter 2: Fields 57
 RSA Archer GRC Platform Applications

Option Action

Unique Field Select this option to prevent users from entering an identical value
in the field within two separate records. If a user attempts to save a
value in the field that has already been saved in the field for
another record, the user is prompted to enter a unique value.

Key Field Select this option if you want the field to serve as the key field for
the application. Only one field can serve as the key field for an
application. You can select the key field values in search results,
and users can click the values to open individual records. Once
saved, you can only clear this checkbox by selecting Key Field for
another field in the application. Also, when you select Key Field
for a field and save your changes, the Required Field, Search
Results, and Search Default Field checkboxes are automatically
selected.

Calculated Field Select this option to create a formula to dynamically compute a

value for this field. If you select this option, the field is read-only
for all users, and its value is populated by the system.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field
Display Options section.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Configuration Section

Default Value Default date values display in the Date field when a user adds a
new record in the application. The default date value is set on the
date of record creation; the value is not affected by record edits.
The following options are available:
l None. Select None if you do not want to place a default value
in the Date field.
l Current Date. Select Current Date to display the date of
record creation in the Date field.
l Future Date. Select Future Date to display a default date value
that is a specific number of days after the date of record
creation. Then enter the specific number of days in the field to
the right.

58 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

l Specific Date. Select Specific Date to display a static date as

the default value for the Date field, and enter the date in the
field to the right or click the Calendar icon to select the date
from a calendar dialog box.

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you must enter supporting information and select a display option.

Display Text Enter your supporting text in this field. For example, you can enter
a specific question related to values users enter in the field, such
as "When was the date of your last security audit?" This text is
always displayed, even if you select to hide the field name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Discussion Field
The Discussion field allows users to participate in discussion forums related to
specific records. When configuring this field type, you can select to create an
individual forum for each record created in an application or to link all records
within an application to one or more existing discussion forums created manually
through the Discussion Forums feature. Forums built through the Discussion field
type have all of the characteristics and properties of a regular discussion forum.
For instructions on configuring the Discussion field type, see Configure the Display
and Functionality of a Field and Discussion Field Options.
You can select from two options for the Discussion field:
l Forum Popup. When the Discussion field is configured to display as a Forum
Popup, the field generates a new discussion forum for each record created within
the application. The discussion forum displays in a pop-up window. By selecting
this option, you can capture comments and dialogue from a variety of users
centered on the content of a specific record. For example, if you have a record
concerning password requirements, users could access the forum to discuss
changes or additions to the requirements. A link to the record-specific forum is
displayed in both the view and edit modes of a record. This option also allows
you to specify administrators for the forum and configure edit options for end
users.
l Static Forum Link. The Static Forum Link option allows you to embed links to
existing discussion forums within each record in an application. End users cannot
add or edit links within the field. By including links to established discussion
forums, you can direct users to forums where they can participate in a large-

Chapter 2: Fields 59
 RSA Archer GRC Platform Applications

scale discussion relating to the entire application. Links for the selected
discussion forums display in both view and edit modes of every record within the
application.

Discussion Field Options

You can configure the display and functionality of a Discussion field on the Options
tab of the Manage Fields page.
For detailed instructions, see Configure a Field's Display and Functionality.
For more information on the Discussion field, see Discussion Field.

60 Chapter 2: Fields
 RSA Archer GRC Platform Applications

The following table lists the options for the Discussion field.

Option Action

Display Control Section

Note: Once you save the Discussion field, you cannot change the display control type.

Forum Popup Select this option to have the system automatically create a
discussion forum for each record that is created within the
application. This type of forum displays in a pop-up window, and
users can only access the forum when viewing or editing the
record. It is not displayed within the Discussion Forums feature.

Static Forum Link Select this option to include one or more read-only links to
existing discussion forums within every record of the application.

Configuration Section

Note: The options available in the Configuration section vary depending on whether
you selected the Forum Popup or a Static Forum Link display control.

Forum Popup If you selected the Forum Popup display control, you must define
the administrators for the forum and specify the edit options that
end users have within the forum:
l Edit Own Posts. Select this option to allow users to edit their
own posts within the forum.
l Edit All Posts. Select this option to allow users to edit all posts
within the forum.
l Forum Administrators. From the Available list, select the
users and groups to which you want to grant forum
administrator rights. As an application owner, you are listed by
default as a forum administrator. To revoke forum administrator
rights for a user or group, click to the right of the user or
group name in the Selected list.

Static Forum Link If you selected the Static Forum Link display control, you must
specify the forums to which you want to provide links.
Discussion Forums. From the Available list, select the discussion
forums that you want to include a link to within in every record of
the application. To remove a link to a discussion forum, click
to the right of the discussion forum name in the Selected list.

Chapter 2: Fields 61
 RSA Archer GRC Platform Applications

External Links Field

The External Links field type allows users to enter named links that reference web
pages, email addresses, and so on. To enter an external link, you must specify the
link protocol and the target URL. You can also specify link text (a name) for the
link, for example, "Google".
For instructions on configuring the External Links field type, see Configure the
Display and Functionality of a Field and External Links Field Options.
The following are supported link types:
l HTTP
l HTTPS
l FTP
l Mailto
l News
l Relative
l File

Each time that you enter a link in an External Links field and click Apply, the new
link is displayed in a list below the field. You can edit the properties of a list item
by clicking to the right of the link. The properties of that link are displayed in
the Link Manager and can be edited. In addition, you can delete a link in the list by
clicking to the right of the link.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections
l External Link Valid URL

62 Chapter 2: Fields
 RSA Archer GRC Platform Applications

External Links Field Options

You can configure the display and functionality of an External Links field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the External Links field, see External Links Field.
The following table lists the options for the External Links field.

Option Action

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field Display
Options section.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field has
changed.

Chapter 2: Fields 63
 RSA Archer GRC Platform Applications

Option Action

Configuration Section

Minimum Links Use these options to set the minimum or maximum number of links
and Maximum the user can select in the External Links field.
Links

Protocols Select the protocol types that a user can configure in the Protocols
field. The following options are available:
l HTTP
l HTTPS
l FTP
l Mailto
l News
l Relative
l File

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you must enter supporting information and select a display option.

Display Text Enter your supporting text in this field. For example, you can enter
a specific question related to values users enter in the field, such as
"When was the date of your last security audit?" This text is
always displayed, even if you select to hide the field name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

First Published Date Field

The First Published Date field type is automatically populated based on the date a
record is created. When configuring the properties of a First Published Date field,
you can select whether to display the contents of the field within individual records
and/or in the record header. You can also select to display time and user
information along with the date value.
For instructions on configuring the First Published Date field type, see Configure
the Display and Functionality of a Field and First Published Date Field Options.

First Published Date Field Options

You can configure the display and functionality of a First Published Date field on
the Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.

64 Chapter 2: Fields
 RSA Archer GRC Platform Applications

For more information on First Published Date fields, see First Published Date Field.
The following table lists the options for the First Published Date field.

Option Action

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Field Select this option to include the field by default in search results
for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Time Information Select this option to display time information (hours, minutes and
the AM or PM designation) along with the date value.

User Information Select this option to display the name of the user who published
the record along with the date value.

Header Display This checkbox is selected by default, allowing the First Published
Date field values to display in the page header of records. To
remove it from display, clear the Page Header Display checkbox.

History Log Field

The History Log field type enables users to track field-level changes for individual
records in an application. You can select to embed the history log in a record in grid
(table) format or include a link to a record history log, so users can view the history
log in a separate window.
For instructions on configuring the History Log field type, see Configure the
Display and Functionality of a Field and History Log Field Options.

Chapter 2: Fields 65
 RSA Archer GRC Platform Applications

When configuring the properties of a History Log field, you can select the fields
that are tracked by the history log. All field in an individual application can be
included in this list, except for the following field types:

l Cross-Application Status Tracking l Sub-Form

l Discussion l Tracking ID
l First Published Date l Voting
l Last Updated Date l Record Permissions configured with the
Inherited Permissions option
l Multiple Reference Display Control
l "Other Text" values associated with a
l Record Status
Values List field
l Related Records

In addition to selecting the fields to include in the history log, you can select to limit
the number of modifications that are displayed on the History Log page.
If a large number of users have rights to edit records in an application, it is possible
that the History Log for a record in that application could include thousands of
changes. If this is the case, you may choose to limit the number of modifications
displayed in the History Log to improve its load time.
The following list provides additional information about the History Log field type:
l Field permissions are enforced, allowing users to track only the history of fields
for which they have access.
l Prior to adding a History Log field to an application, the history of field-level
changes in that application is not tracked.
l Deleting a History Log field deletes the history associated with the field. This
data cannot be restored.
l Published changes and content review changes are tracked in the History Log.
l Copying a record does not copy the history of that record.

History Log Field Options

You can configure the display and functionality of a History Log field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on History Log fields, see History Log Field.
The following table lists the options for the History Log field.

66 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

Display Control Section

Select the type of display control that you want to use for the field
from the following options:
l Grid
l Link

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Chapter 2: Fields 67
 RSA Archer GRC Platform Applications

Option Action

Keyword Searching Select this option to allow users to keyword search into the
contents of the History Log field.

Configuration Section

Field Tracking You can configure the History Log field to track fields in one of
two ways:
l All. Select this option if you want the History Log to track all
fields in the application. In addition to all current fields, fields
added in the future will also be automatically added to the
tracked fields list if you select this option.
l Selected. To select one or more fields to track, click Select to
open the Select Fields dialog box and from the Available list,
select the fields that you want to include in the History Log
field's Watch list.

To remove a field from the Watch list, click to the right of the
field name in the Selected list. You must select at least one field
for the history log to track.
From the Selected list, determine whether a field's changes should
be displayed in Detailed, Record Version, or both formats by
selecting the appropriate checkbox. To adjust the display order of
the tracked fields, use the below the Selected list to move
the fields into the desired order. Click Apply. Each time a value is
added or modified in any of the fields in the Selected list, a new
entry is added to the record's history log that describes the change.

Image Field
The Image field type allows users to upload and display one or more image files.
You can set the display height and width for each image field. The system supports
a maximum value of 2000 x 2000 pixels. When an image does not match the defined
height or width, it is resized using a locked aspect ratio until both dimensions meet
the display criteria.
For instructions on configuring the Image Field field type, see Configure the
Display and Functionality of a Field and Image Field Options.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.

68 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Field Validation Configuration

The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections
l Maximum File Size

Image Field Options

You can configure the display and functionality of an Image field on the Options tab
of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Image fields, see Image Field.

Chapter 2: Fields 69
 RSA Archer GRC Platform Applications

The following table lists the options for the Image field.

70 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Field Select this option to include the field by default in search results
for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field has
changed.

Configuration Section

Minimum In these fields, select the maximum and minimum number of

Attachments and attachments you want to require for the field.
Maximum
Attachments

Display Width and Enter the width and height for images displayed in this field. These
Display Height dimensions are measured in pixels.

Maximum Size In the Maximum Size field, select the maximum size, up to 100
MB, that you want to allow for each file uploaded to the Image
field. This setting does not restrict the total size of all files
uploaded to the field.

Chapter 2: Fields 71
 RSA Archer GRC Platform Applications

IP Address Field
The IP Address field type enables users to store an IP address in either the IPv4 or
IPv6 format. The format is specified when you create the field and it cannot be
changed later. The IPv4 format is broken into four adjoining sub-fields, which must
contain a numeric value between 0 and 255. The IPv6 format is broken into eight
adjoining sub-fields and is displayed to the user using either the full syntax or the
shorthand syntax.
For instructions on configuring the IP Address field type, see Configure the Display
and Functionality of a Field and IP Address Field Options.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Unique

IP Address Field Options

You can configure the display and functionality of an IP Address field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on IP Address fields, see IP Address Field.

72 Chapter 2: Fields
 RSA Archer GRC Platform Applications

The following table lists the options for the IP Address field.

Option Action

Display Control Section

Select from the following options:

l IP Address Version 4 to use the IPv4 format
l IP Address Version 6 to use the IPv6 format.

Note: Once you save the field, you cannot change this option.

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Chapter 2: Fields 73
 RSA Archer GRC Platform Applications

Option Action

Unique Field Select this option to prevent users from entering an identical value
in the field within two separate records. If a user attempts to save a
value in the field that has already been saved in the field for
another record, the user is prompted to enter a unique value.

Key Field Select this option if you want the field to serve as the key field for
the application. Only one field can serve as the key field for an
application. You can select the key field values in search results,
and users can click the values to open individual records. Once
saved, you can only clear this checkbox by selecting the Key
Field checkbox for another field in the application. Also, when
you select the Key Field checkbox for a field and save your
changes, the Required Field, Search Results, and Search Default
Field checkboxes are automatically selected.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field
Display Options section.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you must enter supporting information and select a display option.

Display Text Enter your supporting text in this field. For example, you can enter
a specific question related to values users enter in the field, such
as "When was the date of your last security audit?" This text is
always displayed, even if you select to hide the field name.

74 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Configuration Section

Control If you selected IP Address Version 6, select a display syntax. This

option only affects how the address is displayed to the user when
viewing a record. It does not impact how the address is displayed
when adding or editing a record, nor does it change how the
address is stored in the database:
l Full. Displays the full syntax of the address to the user when
viewing records with this field.
l Short-Hand. Displays the shorthand syntax of the address to
the user when viewing records with this field.

Last Updated Date Field

The Last Updated Date field type is automatically populated each time changes are
saved to a record. When configuring the properties of a Last Updated Date field,
you can select whether to display the contents of the field within individual records
or in the record header. You can also select to display time and user information
along with the date value.
For instructions on configuring the Last Updated Date field type, see Configure the
Display and Functionality of a Field and Last Updated Date Field Options.

Last Updated Date Field Options

You can configure the display and functionality of a Last Updated Date field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Last Updated Date fields, see Last Updated Date Field.
The following table lists the options for the Last Updated Date field.

Chapter 2: Fields 75
 RSA Archer GRC Platform Applications

Option Action

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Field Select this option to include the field by default in search results
for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Time Information Select this option to display time information (hours, minutes and
the AM or PM designation) along with the date value.

User Information Select this option to display the name of the user who published
the record along with the date value.

Header Display This checkbox is selected by default, allowing the Last Updated
Date field values to display in the page header of records. To
remove it from display, clear the Page Header Display option.

Matrix Field
The Matrix field type provides the ability to display a two-dimensional array of
checkboxes, allowing users to plot or rank responses relative to two factors. For
example, you might create a matrix to assist in analyzing a broad set of
characteristics across your organization's physical assets. The columns of the
matrix might represent characteristics, such as maintenance burden, portability and
power consumption, while the rows might represent ranking levels, such as high,
medium, and low.
For instructions on configuring the Matrix field type, see Configure the Display and
Functionality of a Matrix Field.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.

76 Chapter 2: Fields
 RSA Archer GRC Platform Applications

The following validation rules apply to this field type:

l Required
l Minimum Selections
l Maximum Selections

Matrix Field Options

You can configure the display and functionality of a Matrix field on the Options tab
of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Matrix
Field.
For more information on Matrix fields, see Matrix Field.
The following table lists the options for the Matrix field.

Option Action

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not

Chapter 2: Fields 77
 RSA Archer GRC Platform Applications

Option Action

selected, the field is validated only when the value in that field
has changed.

Configuration Section

Minimum To specify the minimum and maximum number of values a user

Selections and can select in each row or column of the Matrix field, select the
Maximum number of values from the Minimum Value and Maximum Value
Selections lists. From the drop-down menus to the right of those fields, select
either Row or Column. For example, if you select 1 as the
minimum number of values that a user can select in each row and
2 as the maximum number of values that a user can select in each
row, a user can make no more than 2 selections in each row, but
he or she can make any number of selections in each column.

Minimum To specify the display of the minimum and maximum selections

Selections Axis by row or column, select the number of values from the Minimum
and Maximum Selections Axis and Maximum Selections Axis lists. For example,
Selections Axis if you select 15 from the Maximum Selections list and Row from
the Maximum Selections Axis list, the field is displayed with no
more than 15 rows.

Column Values If you selected to define custom column values for the Matrix field
List during the field creation process, enter a name, or category, for the
Matrix field's column values in the Column Values List field. This
name is not displayed in the field, but it is used for creating
individual column values.

Row Values List If you selected to define custom row values for the Matrix field
during the field creation process, enter a name, or category, for the
Matrix field's row values in the Row Values List field. This name
is not displayed in the field, but it is used for creating individual
row values.

Configure the Display and Functionality of a Matrix Field

You can configure the display and functionality of a Matrix field on the Options tab
of the Manage Fields page.
For more information on Matrix fields, see Matrix Field.

Before You Begin

Create a Field

78 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field Name column, click the field that you want to configure.
The Manage Fields page is displayed. This page allows you to specify the
properties of the field.
4. On the General Information tab, select from the following options:
l Column Values List. If you selected to use a global values list to populate
the Matrix field's column values during the field creation process, you can
select an alternate global values list from the Column Values List drop-
down menu.
l Row Values List. If you selected to use a global values list to populate the
Matrix field's row values during the field creation process, you can select an
alternate global values list from the Row Values List drop-down menu.

Important: If any records have been saved in the application with column or
row values from the current global values lists, changing these lists is not
recommended. If you change a global values list after records with value
selections from the previous list have been saved, the values from the previous
global values list are permanently lost and the Matrix field shows no selections.

5. Click the Options tab to access controls for configuring the field's display and
functionality.
6. Select options. For detailed information on options, see Matrix Field Options.
7. Click Apply.

Next Steps
Create Field-Level Help

Chapter 2: Fields 79
 RSA Archer GRC Platform Applications

Multiple Reference Display Control Field

The Multiple Reference Display Control (MRDC) field type allows users to view
and edit references to records in multiple applications in a single, unified location.
Using this field type, you can display Cross-Reference and Related Record field
data using a single control rather than displaying multiple Cross-Reference or
Related Records fields within the layout of a record.
For instructions on configuring the MRDC field type, see Configure the Display and
Functionality of a Field and Multiple Reference Display Control Field Options.
For example, you could have a Devices application with separate Cross-Reference
fields that link to the Facilities and Service-Level Agreements applications.
Through the MRDC field, users could select the record for the facility that houses
the device from the related Facilities application, and they can select the record for
the service-level agreement for the device from the related Service-Level
Agreements application. Both of these selections would be displayed within the
same field.
You can set this field to display a Single Reference, allowing users to select one
referenced application for display within the field, or to display Multiple
References, allowing users to select more than one reference for display within the
field.

Note: Once an MRDC field is saved with the Multiple References option selected,
the Single Reference option is no longer available. However, you can change the
setting from Single Reference to Multiple References.

For each Cross-Reference or Related Records field that you select to display within
an MRDC field, you can suppress the field from end-user functions. By selecting
the Suppress option, you can hide existing Cross-Reference or Related Records
fields from a record's layout, conserving record "real estate."
On the Layout tab of the Manage Applications page, suppressed fields remain on
the page layout. However, they are not displayed to end users.
An advanced option for the MRDC field type is the ability to reference the field in
a calculated field formula using the COUNT or ISEMPTY function. You can use
the COUNT function to return the number of referenced records within the field.
Using the ISEMPTY function, you can determine whether the MRDC field contains
selections.
The following formula would return the number of records that are referenced
within a Facility and Service Agreement Multi-Reference field:
COUNT([Facility and Service Agreement])
The following formula would return True if the Facility and Service Agreement
Multi-Reference field contained no selections:
IF(ISEMPTY([Facility and Service Agreement]), "True", "False")

80 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Multiple Reference Display Control Field Options

You can configure the display and functionality of a Multiple Reference Display
Control (MRDC) field on the Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Multiple Reference Display Control fields, see Multiple
Reference Display Control Field.

Note: For Cross-Reference and Related Records fields to be available for selection
in an MRDC field, those reference fields must be configured with the Lookup
option. For more information on how to configure these fields, see Configure the
Display and Functionality of a Field , Cross-Reference Field Options, and Related
Records Field Options.

The following table lists the options for the MRDC field.

Option Action

Options Section

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Required Select this option to make the field a required entry.

Chapter 2: Fields 81
 RSA Archer GRC Platform Applications

Option Action

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

82 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Configuration Section

Selected References Perform the following steps to configure the references that you
want to display in the MRDC field:

1. In the Selected References field, click to select the

existing Cross-Reference and Related Record fields that you
want to display in the MRDC field. Or, click Add New to
create a new Cross-Reference field. For more information, see
Cross-Reference Field Options.
2. To hide the original fields that you selected for inclusion in
the MRDC field, select Suppress for those fields.
As an administrator, you still can view the suppressed fields
on the Layout tab of the Manage Applications page, but the
individual fields are hidden from end users. If you do not
select the Suppress checkbox for a field and that field is
included on the page layout for the application, both the
original field and the MRDC field displays to end users,
causing duplication of data on the page.
3. Click OK.

Reference Type Select from the following options:

l Allow users to select only one reference. Select this option if
you want users to select related records from only one
application in the MRDC field. Users can select the application
that houses the records they want to reference, and they can
select multiple records from that application. However, they
cannot select related records from more than one application.
l Allow users to select any number of references. Select this
option if you want users to be able to select related records
from more than one application within the MRDC field. Users
can select the applications that house the records they want to
reference (by clicking the Add New link above the field to
select additional applications), and they can select multiple
records within those applications.

Note: If you select the MRDC option and save the field, you
cannot change the setting to Single Reference.

Chapter 2: Fields 83
 RSA Archer GRC Platform Applications

Numeric Field
The Numeric field type allows only numeric-value entries. Numeric fields can
accept both positive and negative values of any size. However, when configuring a
Numeric field, you can choose to apply minimum or maximum value constraints to
the field. You can also specify the number of decimal places permitted for the
value.
For instructions on configuring the Numeric field type, see Configure the Display
and Functionality of a Field and Numeric Field Options.
See the following topics for additional information about numeric fields:
l Record Save Validation
l Field Validation Configuration - Numeric Field
l Trending for a Numeric Field

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Record save validation is available for the following field types:

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Field Validation Configuration - Numeric Field

The minimum and maximum values are now validated for relationships between
field types.

84 Chapter 2: Fields
 RSA Archer GRC Platform Applications

The following validation rules apply to this field type:

l Required
l Unique
l Minimum Value
l Maximum Value
l Maximum Precision
l System Maximum Value
l System Minimum Value

Field validation is available for the following field types:

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Trending for a Numeric Field

You can enable or disable trending to track status changes for the value of a
Numeric field type. You must set a duration period when enabling trending for a
numeric field.

Numeric Field Options

You can configure the display and functionality of a Numeric field on the Options
tab of the Manage Fields page.

Chapter 2: Fields 85
 RSA Archer GRC Platform Applications

The following table lists the options for the Numeric field.

Option Action

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must enter a value. If this option is not
selected, users can skip this field when adding or editing a record
in the application.
Null values are not allowed when this option is selected. If this
option is not selected, null and zero values are plotted as 0 on a
Numeric trending chart.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes the name of the user who made the change and the date
and time of the change. If this option is not selected, auditing
information is not displayed with the field.

Search Results Select this option to make this field available for display in search
results. If this option is not selected, you cannot include this field
in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the Advanced Search page in the application.

Trending Select this option to enable trending for the field. After selecting
this option, specify the following:

86 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

Duration Select the duration for which you want the Platform
Type to retain trending data. The available values are
calculated in days as follows:

Days 1 day

Months 30 days

Quarters 90 days

Years 365 Days

By default, the value of this field is No Selection, but

you must select a Duration Type when the Trending
option is selected. If you click Apply without
changing the value, a warning message is displayed.
Click OK to return to the Options tab.

Duration Specify the number of days, months, quarters, or years

Amount for which the Platform retains trending data. Enter a
value in the Duration Amount field. If you decrease
the value of this field after a value has already been
entered, a warning message is displayed. Click OK to
continue.

Unique Field Select this option to prevent users from entering an identical value
in the field in two separate records. If a user attempts to save a
value in the field that has already been saved in the field of
another record, the user is prompted to enter a unique value.

Chapter 2: Fields 87
 RSA Archer GRC Platform Applications

Option Action

Key Field Select this option to designate the field as the key field for the
application. Only one field can be designated as the key field for
an application. You can select the key field values in search
results, and users can click the values to open individual records.
Once saved, you can only clear this option by selecting the Key
Field option for another field in the application. Also, when you
select the Key Field option for a field and save your changes, the
Required Field, Search Results, and Search Default Field options
are automatically selected.

Sum Field Select this option to provide a total of all values entered in the
field on the Search Results page for the application. When this
option is selected, an additional row is displayed at the bottom of
the Search Results page that provides a total value in the
Numeric Field column. The summation value represents a grand
total in all records displayed in the search results. Subtotals are not
shown per page.

Numeric Ranging Select this option to allow users to filter search results in the
application based on specific ranges of values in the Numeric
field. For more information on creating ranges, see Define Numeric
Ranges for a Numeric Field.

Format Select this option to format the value using thousand separators.

Calculated Field Select this option to create a formula to dynamically compute a

value for this field. If you select this option, the field is read-only
for all users, and its value is populated by the Platform.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this option, specify the display
text and layout for the field in the Advanced Field Display
Options section.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Configuration Section

Decimal Places Select the number of decimal places that you want to require for
values entered in the field. The largest value available for this
field is 6. If a user enters a value in the Numeric field with fewer
decimal places than the number you have required, the value is

88 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Option Action

padded with zeros.

For example, if you require 3 decimal places and a user enters a
value of "4.1" in the field, the value is displayed as "4.100" when
the record is saved. If a user enters a value in the field with more
decimal places than the number you have required, the user is not
permitted to save the record and is prompted to limit the number
of decimal places in the value to fit the field's requirements.

Negative Display Select how you want negative numbers to display. Options
include:
l (1234.56) font color = red; default option
l -1234.56 font color = red
l (1234.56) font color = black
l -1234.56 font color = black

Minimum and Enter the minimum and maximum values allowed in the field in
Maximum Values the Minimum Value and Maximum Value fields to require users to
enter values in the Numeric field that fit within a defined range,
for example, 1-100.

Prefix Enter text (up to 10 characters) to display in front of the numeric

value.

Suffix Enter the text (up to 10 characters) that you want to display after
the numeric value. For example, you could enter "miles" to label
the field value as a measurement of distance.

Increment By Select a value other than None to add an up or down arrow

control adjacent to the Numeric field that allows users to
increment or decrement the value entered in the field. Available
options are .01, .1, 1, 10, 100, 1000, or No Increment.

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you must enter supporting information and select a display option.

Display Text Enter your supporting text in this field. For example, you can enter
a specific question related to values users enter in the field, such
as "When was the date of your last security audit?" This text is
always displayed, even if you select to hide the field name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Chapter 2: Fields 89
 RSA Archer GRC Platform Applications

Related Topics
Configure the Display and Functionality of a Field
Numeric Field

Questionnaire Reference Field

Note: The Questionnaire Reference field type is available only if your organization
has licensed the Archer Risk Management, Vendor Management, Compliance
Management, or Audit Management solution.

The Questionnaire Reference field type enables you to see all questionnaire records
that are related to an application record. For example, if you are working with a
vendor record within a Vendor Profiles application, you can see the assessments
that are in progress or have been completed for that vendor.
For instructions on configuring the Questionnaire Reference field type, see
Configure the Display and Functionality of a Field and Questionnaire Reference
Field Options.
This field type is only available for applications that have been selected as the
target for one or more questionnaires. If the application is the target of multiple
questionnaires, you can select any number of those questionnaires to include in the
field.
You can also select the fields of information that you want to display in the
Questionnaire Reference field. Only the system-generated questionnaire fields are
available for selection.

Questionnaire Reference Field Options

Note: The Questionnaire Reference field type is available only if your organization
has licensed the Archer Risk Management, Vendor Management, Compliance
Management, or Audit Management solution.

You can configure the display and functionality of a Questionnaire Reference field
on the Options tab of the Manage Fields page. For detailed instructions, see
Configure the Display and Functionality of a Field.
For more information on Questionnaire Reference fields, see Questionnaire
Reference Field.

90 Chapter 2: Fields
 RSA Archer GRC Platform Applications

The following table lists the options for the Questionnaire Reference field.

Option Action

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Configuration Section

Questionnaire If the application is the target of multiple questionnaires, you can

select any number of those questionnaires to include in the
Questionnaire Reference field. To select questionnaires, click
and from the Available list, select the questionnaires to include.
Click OK.

Display Fields
Click to choose the system-generated questionnaire fields that
display in the Questionnaire Reference field. Select the fields that
you want to display from the Available list and click OK.
Questions and custom questionnaire fields are not available for
display in a Questionnaire Reference field. Only system-generated
questionnaire fields may be displayed.

Record Permissions Field

You may want to give a large number of users access to an application through their
access roles, but it may not be appropriate for those users to have access to every
record in the application. Using the Record Permissions field, you can control user
access at the record level. For example, if you have a Vendor Profiles application,
you can give all vendor relationship managers access at the application level, and
then you can use a Record Permissions field to ensure that vendor relationship
managers can only see records for the vendors they work with.
For instructions on configuring the Record Permissions field type, see Configure the
Display and Functionality of a Field and Record Permissions Field Options.
This field type provides three methods for granting record-level access to users and
groups: manual selection, inherited permissions, and automatic selection.

Chapter 2: Fields 91
 RSA Archer GRC Platform Applications

Manual Selection Method

If you configure a Record Permissions field to allow manual selection, users who
add or edit a record can select specific users or groups who are permitted to access
that record. You can display the field in any of the following interface controls:
l Drop-down
l Radio buttons
l Check boxes
l List box
l Values pop-up

If you elect to use radio buttons, users are restricted to making a single selection in
the field. By choosing one of the other available interface control types, you can
specify the minimum and maximum number of selections users are permitted to
make.
During the field configuration process, you must select at least one user or group to
display as an available selection in the Record Permissions field. The users and
groups from which you can choose are those that have been defined in the Access
Control feature. To populate the field with users and groups, you can:
l Define a list of specific users and groups to display as available selections in the
field.
l Select the All Users and All Groups options to display every user and group
within the system.
l Select the Record Creator option to include the user who is adding or editing the
record.
l Select the Default to Creator's Groups option for the record creator or for any
selected group to define that user or group as the default selection for the field.
l Restrict the list of groups that display as available selections in the field by
selecting the Auto Restrict Groups option. This option limits the groups that are
available for selection to only those groups for which the user is a member. For
example, suppose you select the Sales, Marketing and Management groups as
available selections in the field. If a user adds a record in the application and
that user is a member of only the Marketing group, the Marketing group is the
only group available to that user for selection in the Record Permissions field.

92 Chapter 2: Fields
 RSA Archer GRC Platform Applications

For each user or group that you define as an available selection in the Record
Permissions field, you can select the level of record access that should be granted
to that user or group. By default, all users and groups selected in a Record
Permissions field have Read access to their assigned records. However, you can
also grant Update and Delete privileges. You can also define rules that control the
level of permissions the selected users and groups will receive based on record
content. For example, if the value in the record's Status field is In Progress, the
users and groups selected in the Record Permissions field have read and update
rights to the record. But if the value in the Status field is Completed, the users have
only read rights.
Inherited Permissions Method
A Record Permissions field configured to inherit record permissions from related
levels or applications are displayed as a read-only field to end users. The value of
the field is automatically populated by one or more Record Permissions fields that
you define. This permission method allows end users to set permissions in one
record and have those permissions automatically apply to related records.
For example, suppose that you have a Vendor Profiles application that cross-
references your Contracts and Assessments applications. Vendor relationship
managers need access to records in all three applications for the vendors they work
with. To simplify the process of granting record permissions for these applications,
you can create a Record Permissions field that allows manual selection in the
parent Vendor Profiles application, and then you can create Record Permissions
fields in the child Contracts and Assessments applications that inherit permissions
from the related vendor profile. So when a user gains access to the ABC Company
vendor profile, that user automatically gains access to the contracts and
assessments related to ABC Company.
Inherited Record Permissions field values are recalculated each time one of the
following occurs:
l The configuration of a Record Permissions field is changed, and that field is
referenced by the inherited Record Permissions field. The recalculation occurs
only if the available users or groups are changed for a manual selection Record
Permissions field or if the rules are changed for an automatic selection Record
Permissions field.
l A Record Permissions field is deleted, and that Record Permissions field is
referenced by the inherited Record Permissions field.

Chapter 2: Fields 93
 RSA Archer GRC Platform Applications

Automatic Selection Method

A Record Permissions field configured to automatically assign record-level access
based on one or more rules is displayed as a read-only field to end users. When
configuring a field using this method, you must define one or more rules for
assigning record access based on data conditions within a record. For example, in a
Document Repository application, you could define a rule that states the following:
If the Document Status is Draft, assign full record-level access to the
Documentation group. You might also define a second rule that states the following:
If the Document Status is Final, assign read-only record access to the Everyone
group. Following these rules, the system would automatically grant appropriate
record-level access for all records in the Document Repository application based on
the value displayed in the Document Status field—Draft or Final.
When creating a rule for assigning record-level access, you must create one or
more conditions for rule fulfillment. A condition consists of a field to evaluate and
one or more values to watch for within that field. Continuing the Document
Repository example above, you might select the Document Status field to evaluate
for a value of Draft.
Once you have defined one or more conditions for rule fulfillment, you must select
the users and groups who have access to records in which the specified conditions
are met. When selecting users and groups, you can also specify whether those users
and groups have read-only access to their assigned records or whether they have
update and delete access.
A final step in configuring a Record Permissions field using the rule-driven
selection method is to select one or more default users or groups who have access
to records in which none of the rules are met. You can also specify whether those
users and groups have read-only access to their assigned records or whether they
have update and delete access.
When a Record Permissions field is configured to use the automatic selection
method, permissions are recalculated for individual records each time a value
changes that causes a new rule to prove True. In addition, record permissions are
recalculated for the entire application if any one of the following occurs:
l A new automatic selection Record Permissions field is created or activated
within the application.
l A permissions rule is added, deleted, or updated within an existing, active
Record Permissions field.
l An inactive automatic selection Record Permissions field is activated.
l A Record Permissions field that is configured with the manual selection method
is reconfigured to use the automatic selection method.

94 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections

Configure Manual Selection for a Record Permissions Field

If you select the Manual Selection option for a Record Permissions field, end users
are allowed to grant record-level permissions by selecting users and groups within
the field. As the application owner, you must define the list of users and groups
from which end users can select. You can also define rules that control the level of
permissions the selected users and groups receive based on record content.

Important: When converting from a User/Group List field to a Record Permissions

field, users are not automatically granted access to the record. You must remove
the users and groups from the promoted field, and then add them again to activate
record permissions for the newly promoted field.

Procedure
1. Select the application containing the Record Permissions field that you want to
update:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.
2. Click the Fields tab.
3. Click the Options tab.

Chapter 2: Fields 95
 RSA Archer GRC Platform Applications

4. In the Permissions section, select Manual.

5. Configure the Field Population Section:
a. In the Field Population control group, define the users and groups that you
want to be available for selection in the Record Permissions field. Click
Lookup to open the Available Users/Groups dialog box and select the
users according to the following options.

Option Action

Record Creator Select this option to include the user who is adding or
editing the record as an available selection in the field.

Individual Groups Expand the Groups and Users nodes and select the
and Users individual groups and users that you want to be available
for selection in the field.

All Groups Expand the Groups node and select All Groups. This
option populates the Record Permissions field with all
groups defined in the Access Control feature.

All Users Expand the Users node and select All Users. This option
populates the Record Permissions field with all users in
the system.

b. In the User/Groups list, define the level of access that you want each user
and group to have to a record if they are selected in the Record
Permissions field. By default, all users and groups selected in a Record
Permissions field have Read access to their assigned records. However,
you can also grant Update and Delete privileges by selecting those options
for each user and group.
c. In the User/Groups list, select the Default checkbox for the record creator
or for any selected group to define that user or group as the default selection
for the field. When users add new records, the default values are
automatically selected in the field.
d. (Optional) To include the sub-groups of a selected group in the list of
available values for the Record Permissions field, select the Cascade
option for the group in the User/Groups list.

96 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Note: If you select the Cascade option for a group that contains sub-groups,
those sub-groups are available for selection in the Record Permissions field.
When a user interacts with the Record Permissions field while adding or
editing a record, the user can select the parent-level group and/or individual
sub-groups nested beneath the parent group.
However, it is important to note that if a user selects only the parent group,
record access is not granted to members of sub-groups nested beneath that
parent group. Only individual users who are members of the selected parent
group have access to the record.

e. Select the Auto-Restrict Groups option to restrict the list of groups that
display as available selections in the field. This option limits the groups that
are available for selection to only those groups for which the user is a
member. For example, suppose you select the Sales, Marketing, and
Management groups as available selections in the field. If a user adds a
record in the application and that user is a member of only the Marketing
group, the Marketing group is the only group available to that user for
selection in the Record Permissions field.

Note: If you select the Default option for a group in the User/Groups list,
and then select the Auto-Restrict Groups check box, the default group is
only selected in the Record Permissions field for an individual record if the
user creating that record is a member of the group.

f. (Optional) To include groups for which a record creator is a member as

default selections in the field, select Default to Creator's Groups. Only
groups that have been defined as available selections for the field can be
selected by default. For example, if you select the IT group as an available
selection in a field and a user who is a member of the IT group creates a
new record in the application, the IT group is selected by default in the field.
However, if the user is also a member of the Policy Authors group but that
group has not been selected as an available value for the field, the Policy
Authors group is not included as a default selection.
6. To create rules that automatically change the level of access that the user or
group selected in the Record Permissions field has to the record based on
content within a field, complete the following steps:

Note: A rule consists of one or more data conditions to watch for within the
application’s records and specific permissions the users or groups selected in
the Record Permissions field should have if the specified conditions are met.

a. In the Rules section, click Add New.

The Manage Automatic Selection Rule window opens.
b. In the Rule Name field, enter a brief name for the rule that gives a general
idea of its purpose.

Chapter 2: Fields 97
 RSA Archer GRC Platform Applications

c. In the Description field, provide a brief description of the rule that explains
in more detail the configuration of the rule.
d. In the Permissions field, select the permissions that you want the selected
user or group to have when the specified conditions are met.
e. Perform the following steps to create one or more conditions.

Column Action

Field To Select the field to evaluate for one or more specific values.
Evaluate

Operator Select the filter operator.

Value(s) Select the values for the condition.

Note: To create additional conditions, click Add New.

If you have created more than one condition, you can apply advanced logic
to your search criteria.
7. Click Apply.

Note: You can create multiple rules for dynamically modifying rights based on
record content. If you configure multiple rules, the user is granted the highest
rights allowed by the rules. For example, if you have one rule that gives the
selected user read-only rights, and you have another rule that gives the selected
user read and update rights, the user would have read and update rights if both
rules prove true.

Next Steps
Create Field-Level Help

Configure Inherited Permissions for a Record Permissions Field

If you select the Inherited Permissions option for the Record Permissions field, the
field is displayed as read-only for end users, and the value of the field is
automatically populated with values from a Record Permissions field in a related
application or data level. When you select this option, you must select at least one
Record Permissions field in a related application or data level from which to inherit
permissions.

Important: Once you select the Inherited Permissions option for a Record
Permissions field, you cannot change the permission method. The options for
Manual Selection and Automatic Selection are disabled.

98 Chapter 2: Fields
 RSA Archer GRC Platform Applications

Note: Inherited Record Permissions fields cannot be tracked in a History Log field.
If a History Log field was configured to track the Record Permissions field before it
was changed to use inherited permissions, the Record Permissions field is removed
from the history log configuration, and all data for the field is deleted. Further
changes to the Record Permissions field's values are not tracked in the history log.

Procedure
1. Select the application containing the Record Permissions field that you want to
update:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.
2. Click the Fields tab.
3. Click the Options tab.
4. In the Permissions section, select Inherited.
5. In the Field Population section, from the Available list, select one or more
Record Permissions fields to display in the Selected list.
6. Click Apply.
If you have existing records in the application that you are managing, a process
is triggered to set permissions for those records.

Important: If you delete a parent-level record and you have child-level records
that inherit permissions from that parent, the permissions in the child-level
records are deleted.

Next Steps
Create Field-Level Help

Configure Automatic Selection for a Record Permissions Field

If you select the Automatic Selection option for the Record Permissions field, the
field is displayed as read only for end users, and the value of the field is
automatically populated based on one or more data conditions within each record.
When you select this option, you must also define one or more rules for assigning
record permissions and select default users and groups who should be granted
record permissions if none of the rules are met.

Important: Once you select the Automatic Selection option for a Record
Permissions field, you cannot change the permission method. The options for
Manual Selection and Inherited Permissions are disabled.

Chapter 2: Fields 99
 RSA Archer GRC Platform Applications

Procedure
1. Select the application containing the Record Permissions field that you want to
update:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.
2. Click the Fields tab.
3. Click the Options tab.
4. In the Permissions section, select Automatic.
5. To create rules that automatically change the level of access that the user or
group selected in the Record Permissions field has to the record based on
content within a field, complete the following steps:

Note: A rule consists of one or more data conditions to watch for within the
application’s records and specific permissions the users or groups selected in
the Record Permissions field should have if the specified conditions are met.

a. In the Rules section, click Add New.

The Manage Automatic Selection Rule window opens.
b. In the Rule Name field, enter a brief name for the rule that gives a general
idea of its purpose. Enter a brief description of the rule in the Description
field that explains in more detail the configuration of the rule.
c. Perform the following steps to create one or more conditions.

Column Action

Field To Evaluate Select the field to evaluate for one or more specific
values.

Operator Select the filter operator.

Value(s) Select the values for the condition.

Note: To create additional conditions, click Add New.

If you have created more than one condition, you can apply advanced logic
to your search criteria.

100 Chapter 2: Fields

 RSA Archer GRC Platform Applications

d. In the Users/Group Permissions section, define the users and groups that
you want to be available for selection in the Record Permissions field.
Click Lookup to open the Available Users/Groups dialog box and select
the users according to the following options.

Option Action

Record Creator Select to include the user who is adding or editing the
record as an available selection in the field.

Individual Groups Expand the Groups and Users nodes and select the
and Users individual groups and users that you want to be available
for selection in the field.

All Groups Expand the Groups node and select All Groups. This
option populates the Record Permissions field with all
groups defined in the Access Control feature.

All Users Expand the Users node and select All Users. This option
populates the Record Permissions field with all users in
the system.

e. In the Users/Groups list, define the level of access that each user and
group should have to a record if they are selected in the Record
Permissions field. By default, all users and groups selected in a Record
Permissions field have Read access to their assigned records. However, you
can also grant Update and Delete privileges by selecting those options for
each user and group.
f. From the Users/Groups list, select Default for the record creator or for any
selected group to define that user or group as the default selection for the
field. When users add new records, the default values are automatically
selected in the field.
g. (Optional) To include the sub-groups of a selected group in the list of
available values for the Record Permissions field, select Cascade for the
group in the Users/Groups list.

Note: If you select the Cascade option for a group that contains sub-groups,
those sub-groups are available for selection in the Record Permissions field.
When a user interacts with the Record Permissions field while adding or
editing a record, the user can select the parent-level group and/or individual
sub-groups nested beneath the parent group. However, it is important to note
that if a user selects only the parent group, record access is not granted to
members of sub-groups nested beneath that parent group. Only individual
users who are members of the selected parent group have access to the
record.

Chapter 2: Fields 101

 RSA Archer GRC Platform Applications

6. In the Default Users/Groups section, define one or more users and groups who
are granted record permissions by default if none of the rules that you specified
are met within a record. To define default users and groups, click Lookup to
open the Available Users/Groups dialog box and repeat the lookup steps from
above (step5d).
7. Click Apply.

Next Steps
Create Field-Level Help

Record Permissions Field Options

You can configure the display and functionality of a Record Permissions field on
the Options tab of the Define Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Record Permissions fields, see Record Permissions Field.
The following table lists the options for the Record Permissions field.

Option Action

Display Control Section

Select the type of display control that you want to use for the field
from the following options:
l Dropdown
l Radio Buttons
l Check Boxes
l Listbox
l Values Popup

Options Section

102 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field
Display Options section.

Note: Selecting the Advanced Field Display option automatically

sets the field to span columns on the page layout.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Chapter 2: Fields 103

 RSA Archer GRC Platform Applications

Option Action

Configuration Section

Minimum and If you selected the Check Boxes, Listbox, or Values Popup
Maximum options in the Display Control section, you can specify the
Selections minimum and maximum number of values that can be selected in
the field. Select the number of values in the Minimum Selections
and Maximum Selections fields.

Column Layout If you selected the Radio Buttons or Check Boxes display control
in the Display Control section, you can configure the number of
columns in the field by selecting the desired number of columns
from the Column Layout drop-down menu.

Field Height If you selected the Listbox option in the Display Control section,
you can specify the height of the field. Select the height, in pixels,
from the Field Height list.

Permissions Section

The options available in the Permissions section vary depending

on whether you configure the field to allow manual selection, to
inherit record permissions from related levels or applications, or to
use automatic selection. For more information on configuring each
permission type, see the following topics:
l Configure Manual Selection
l Configure Inherited Permissions
l Configure Automatic Selection

Record Status Field

The Record Status field type is automatically populated based on the current status
of the record and only contains one of two values: New or Updated.
For instructions on configuring the Record Status field type, see Configure the
Display and Functionality of a Field and Record Status Field Options.

Record Status Field Options

You can configure the display and functionality of a Record Status field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Record Status fields, see Record Status Field.
The following table lists the options for the Record Status field.

104 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Field Select this option to include the field by default in search results
for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Related Records Field

When you create a Cross-Reference field that forms an external relationship with
another application in the system, a Related Records field is automatically added to
the related application. Likewise, if you create a Cross-Reference field that forms
an internal application relationship, a Related Records field is automatically created
in the application where the Cross-Reference field resides.
For instructions on configuring the Related Records field type, see Configure the
Display and Functionality of a Field and Related Records Field Options.
The Related Records field is a mirror image of the Cross-Reference field, meaning
that it allows you to see all of the records that have been cross-referenced to a
particular record. For example, suppose that you have a Cross-Reference field in a
Trouble Tickets application that references records in a Technicians application.
Within a Trouble Tickets record, users can assign one or more technicians through
the Technicians Cross-Reference field. Users can then open any Technicians
record, and through the Related Records field, they can see each Trouble Tickets
record to which the technician was assigned.

Note: If you create a Cross-Reference field that forms an external relationship with
a leveled application, you have the option to reference a specific level or to
reference all levels. If you reference a specific level, a Related Records field is
created at the data level specified. If you reference all levels, a Related Records
field is created at each data level within the related application. In the case that
more data levels are subsequently created in the leveled application, a Related
Records field is added to each new level.

Chapter 2: Fields 105

 RSA Archer GRC Platform Applications

The Related Records field is not available for selection on the Add Field page.
Instead, it is automatically added to an application when the application is selected
for reference through a Cross-Reference field. When a Related Records field is
added to an application, the system displays it in the Available Fields list on the
Layout tab of the Manage Applications page. As an application owner, you must
move the Related Records field into the application layout before it is displayed to
end users. You can also rename the field and select fields from the related
application whose values you want to display in the Related Records field table.

Note: If a Related Records field is configured to display in an application's layout,

but a user does not have access to records in the related application, the Related
Records field is not displayed for that user.

Users that have Create permissions in the related application can add new records
in that application from the Related Records field by clicking Add New. The Cross-
Reference field value in the newly created record defaults to the record from which
the user clicked Add New. Continuing the previous example, if a user creates a
new Trouble Tickets record from the "Gloria Young" Technicians record, the
"Gloria Young" record is selected by default in the Technicians Cross-Reference
field within the new Trouble Tickets record.
If the Lookup feature is enabled for a Related Records field, users who have read
permissions in the related application can select records from a list or to keyword
search for specific records in the related application by clicking Lookup.
As an application owner, you can configure the fields that are displayed for users in
the Record Lookup page, and you can create filter criteria to limit the number of
records users can select from. You can also define the minimum and maximum
number of related records a user can select.
See the following topics for additional information about Related Records fields:
Record Save Validation
Field Validation Configuration - Related Records Field
Field Type Validation Rules
Reference Field Validation
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Record save validation is available for the following field types:

106 Chapter 2: Fields

 RSA Archer GRC Platform Applications

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Field Validation Configuration - Related Records

The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections

Field validation is available for the following field types:

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Chapter 2: Fields 107

 RSA Archer GRC Platform Applications

Field Type Validation Rules

Three new field type validation rules are now applied for the minimum and
maximum selections for the following reference fields:
l Reference Related Field Minimum Selections
l Reference Related Field Maximum Selections
l Reference Related Field Required

The following field types are associated with these rules:

l Cross-references
l Related records

When validating the three new rules for the related record, the system only
validates records that were added to or removed from the reference field of the
original relationship. For example, a user in Application A creates a Cross-
Reference field, and then removes related record B1 in Application B. The only
record that is validated is B1, because it changed.

108 Chapter 2: Fields

 RSA Archer GRC Platform Applications

The following table provides more information about these rules.

Chapter 2: Fields 109

 RSA Archer GRC Platform Applications

Rule Description

Minimum This rule validates that the removed or added relationships do not
Selections (rule violate the Minimum Selections rule for the related record when both
for a reference of the following apply:
related field)
l The user attempts to save a record with a reference field change.
l A Minimum Selections rule is enabled for the reference field in
the related application.

Example

Scenario A user creates a Cross-Reference field in Application

A.
The user sets the value in the Minimum Selections
field to 2 for the associated Related Record in
Application B.
Record B1 has two references and is related to
Record A1 and Record A2.
The user edits Record A1 and attempts to remove
Record B1 from the Cross-Reference field.

Results When the user attempts to save Record A1, a

message is displayed, indicating that the Minimum
Selections rule for B1 is violated. The violation
occurs because the removal of Record A1 causes the
number of records to fall below the Minimum
Selections value of 2.

Maximum This rule validates that the removed or added relationships do not
Selections (rule violate the Maximum Selections rule for the related record when both
for a reference of the following apply:
related field)
l The user attempts to save a record with a reference field change.
l A Maximum Selections rule is enabled for the reference field in
the related application.

Example

110 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Rule Description

Scenario A user creates a Cross-Reference field in Application

A.
The user sets the value in the Maximum Selections
field to 2 for the associated Related Record field in
Application B.
Record B1 has two references and is related to
Record A1 and Record A2.
The user edits a third record, A3, and adds Record B1
to the Cross-Reference field.

Results When the user attempts to save Record A3, a

message is displayed, indicating that the Maximum
Selections rule for B1 is violated. The violation
occurs because adding Record A3 causes the number
of records to exceed the Maximum Selections value
of 2.

Required (rule This rule validates that the removed relationships do not violate the
for a reference- Required rule for the related record when both of the following
related field) apply:
l The user attempts to save a record with a reference field change.
l A Required rule is enabled for the reference field in the related
application.

Example

Scenario A user creates Application A with a cross-reference.

The user sets the associated Related Record field in
Application B to Required.
Record B1 is related to Record A1.
The user edits Record A1 and removes Record B1
from the cross-reference.

Results When the user attempts to save Record A1, a message

is displayed, indicating that the Required rule for
Record B1 is violated. The violation occurs because
the removal of Record A1 causes the field (which is
required) to have no data.

Chapter 2: Fields 111

 RSA Archer GRC Platform Applications

Reference Field Validation

The relationship between a reference field and an original (published) record does
not count toward Minimum, Maximum, and Required validation when both of the
following apply:
l The reference field has workflow enabled.
l The original record has a copy enrolled into a workflow.

Relationships to records enrolled into a workflow without a copy are counted as

regular records.
Example

Scenario Set-up A user creates a Cross-reference field in Application A, which

has workflow enabled.
The user sets the Maximum Selections value to 2 for the
associated Related Record field in Application B.
Record B1 is related to original Records A1 and A2 in
Application A.

Scenario A
Scenario The user enrolls Record A2 into a workflow and
creates Copy A2C.

Results The Maximum Selections rule for Record B1 is

not violated because only the original Record
A1 and Copy A2C count against the maximum
selections.

Scenario B
Scenario The user removes Record B1 from the Cross-
Reference field A2C.
The user enrolls Record A3 into a workflow and
creates Copy A3C.
The user edits Copy A3C and adds Record B1 to
the Cross-Reference field.

Results Again, the Maximum Selections rule for Record

B1 is not violated because only the original
Record A1 and Copy A3C count against the
maximum selections.

112 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Scenario C
Scenario The user edits Copy A2C again and adds Record
B1 to the Cross-Reference field.

Results The attempt to save Copy A2C fails because

there are now potentially three records to count
against the maximum selections: original Record
A1, Copy A3C, and Copy A2C.e

Related Records Field Options

You can configure the display and functionality of a Related Records field on the
Manage Fields page.
For detailed instructions, Configure the Display and Functionality of a Field.
For more information on Related Records fields, see Related Records Field.
The following table lists the options for the Related Records field.

Options Action

Display Control Section

Grid Select this option to display a grid containing multiple

fields of data from the referenced record spanning the width
of the page.

Single Column Select this option to display the key field of the referenced
record in a single column format.

Options Section

Required Field Select this option to require users to supply a value for the
field when adding or editing a record in the application.
Required fields are indicated with an icon (selected in the
Appearance feature) to alert users that they must supply a
value. If this checkbox is not selected, users can skip this
field when adding or editing a record in the application.

Chapter 2: Fields 113

 RSA Archer GRC Platform Applications

Options Action

Auditing Information Select this option to display auditing information next to the
field each time that its value is changed. The auditing
information includes only the name of the user who made
the change and the date and time of the change. If this
checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Lookup Select this option to allow users to access a Record Lookup

page to select exiting records from the related application.
Clear this checkbox if you only want to allow users to
create new records for cross-referencing, assuming they have
been granted appropriate record creation rights in the related
application. You must select this checkbox if you want the
Related Record field to be available for selection in a Multi-
Reference field. For more information about configuring a
Multi-Reference field, see Multiple Reference Display
Control Field Options.

Add New If you selected the Grid display control, you can also select
Add New to allow users to add new records to the related
applications from a record in View mode. Users will not
have to open a record in Edit mode in order to create new
related records. If a user does not have rights to create
records in the related application, the link will not be
displayed for that user.
When a user creates a new related record from View mode,
that record will be selected in the Related Record field just
as it would if it were created from Edit mode. For example,
if a user opens a Vendor record in View mode and creates a
record in the related Audits application by clicking Add
New in the Related Record field, that new Audit record will
be selected in the Vendor record's Related Record field, even

114 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Options Action

though the user did not open the Vendor record for editing.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always
option is not selected, the field is validated only when the
value in that field has changed.

Disable Remove Select this option to disable the Remove button for records
displayed in a Related Records field.

Record Lookup Configuration Section

Chapter 2: Fields 115

 RSA Archer GRC Platform Applications

Options Action

Display Fields If you selected the Single Column or Grid display control,
you can define the fields of data from the relationship
application that should display in the Record Lookup page
for end users when they select related records in the Related
Record field.

To select fields for display, click in the Display Fields

field and select the fields that you want to display from the
Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list will be
the left-to-right order of fields in the Record Lookup page.

Note: If the relationship application is a leveled

application, and you selected fields from two or more
levels to be displayed in the Cross-Reference field, you
can only arrange those fields on a level-by-level basis.
You cannot intermix fields from separate data levels.

Filters To set filters for the records to be displayed in the

field,complete the following steps:
1. In the Field to Evaluate column, select the field to
evaluate for one or more specific values.
You can create additional conditions by clicking Add
New.
2. In the Operator column, select the filter operator.
3. In the Value(s) column, select the values for the
condition.
4. If you have created more than one condition, you can
apply advanced logic to your search criteria.

116 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Options Action

Sorting If you selected the Grid or Single Column display control,

you can define the fields by which cross-referenced records
should be sorted within the Record Lookup page. For
example, in an "Investigators" Related Record field, you
could sort the display of referenced records alphabetically by
investigator name.

Display Format Select how you want the cross-referenced records displayed
on the Record Lookup page:
l Column-Hierarchical. Displays the records in a
columnar layout where fields are displayed across the
page from left to right, and the field values are presented
showing relationships.
l Column-Flat. Displays the records in a simple columnar
layout without any grouping of values.

Grid Display Properties Section

Record Lookup Select this option to apply the values selected in the Record
Lookup Configuration section to the corresponding
View/Edit Display control group fields.

Display Fields You can define the fields of data that display in the Related
Record field grid of selected records. To select fields for
display, click in the Display Fields field and select the
field that you want to display from the Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list display
as the left-to-right order of fields in the Related Record Field
table.

Sorting Create one or more conditions according to the following

steps:
1. In the Order column, select the order in which you want
the results to be displayed.
You can create additional conditions by clicking Add
New.
2. In the Grouping column, select whether you want to
enable or disable sorting for the user.
3. If you have created more than one condition, you can
apply advanced logic to your search criteria.

Chapter 2: Fields 117

 RSA Archer GRC Platform Applications

Options Action

Configuration Section

Minimum and Specify the minimum and maximum number of records that
Maximum Selections users can select in the field.

Field Height If you selected the Single Column display control, you can
configure the height of the field in lines in the Field Height
field. This setting impacts the display of the field only when
users add or edit records in the application. As an example,
if you set the field height to three lines, and a user makes
four selections in the field, a scroll bar is displayed.

Default Records If you selected the Grid display control, you can configure
Display the number of cross-referenced records that display within
the grid. If this option is selected, only the first X records are
displayed, where X is the selected value for the Default Grid
Display field. If the number of records exceeds the default
display number, a View All link is displayed. A user can
click this link to view all of the associated records.

Sub-Form Field
The Sub-Form field type enables you to embed a predefined sub-form in an
application. Administrators can create sub-forms from the Manage Sub-Forms page
in Application Builder, and these sub-forms can be selected by any application
owner for inclusion in an application. Sub-forms collect data within individual
records and display the data in a scrollable grid. Each time a user adds or edits a
record in an application, the user can make an entry in the sub-form and view
entries that other users have made. For example, if an application contains a sub-
form designed to collect user comments, each user who accesses a record in the
application can submit a comment in the sub-form and view comments submitted by
other users.
To create a Sub-Form field within an application, you must first create the sub-form
that you want to include in the application on the Manage Sub-Forms page in the
Application Builder. Once you have created a sub-form, it is available for selection
on the Manage Sub-forms page.
When configuring the properties of a Sub-Form field, you must select the sub-form
that is displayed in the field from a list of all sub-forms available in the system. You
can also set a minimum and maximum number of entries the sub-form can contain
within an individual record, and you can determine which users cab edit or delete
entries made in that sub-form.
For instructions on configuring the Sub-Form field type, see Configure the Display
and Functionality of a Field and Sub-Form Field Options.

118 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections

Sub-Form Field Options

You can configure the display and functionality of a Sub-Form field on the Options
tab of the Manage Field page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Sub-Form fields, see Sub-Form Field.
The following table lists the options for the Sub-Form field.

Option Action

Options Section

Required Field Select this option to require users to supply a value for the
field when adding or editing a record in the application.
Required fields are indicated with an icon (selected in the
Appearance feature) to alert users that they must supply a
value. If this checkbox is not selected, users can skip this
field when adding or editing a record in the application.

Auditing Information Select this option to display auditing information next to the
field each time that its value is changed. The auditing
information includes only the name of the user who made
the change and the date and time of the change. If this
checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Chapter 2: Fields 119

 RSA Archer GRC Platform Applications

Option Action

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Add New Select this option to allow users to add new entries in the
Sub-Form field when they are looking at a record in View
mode. Users do not have to open the record in Edit mode to
create new sub-form entries. If a user does not have rights to
create entries in the Sub-Form field, the Add New link does
not display for that user.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always
option is not selected, the field is validated only when the
value in that field has changed.

Grid Display Properties Section

Display Fields You can define the fields of data that display in the Sub-
Form field grid of sub-form records. To select fields for
display, click in the Display Fields field and select the
fields that you want to display from the Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list display
as the left-to-right order of fields in the Sub-Form field table.

Sorting Create one or more conditions:

1. In the Order column, select the order in which you want
the results to be displayed.

Note: To create additional conditions, click Add New.

2. In the Grouping column, select whether you want to

enable or disable sorting for the user.

120 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Note: If you created more than one condition, you can apply
advanced logic to your search criteria.

Configuration Section

Minimum and Specify the minimum and maximum number of records that
Maximum Selections users can select in the field.

Field Edit Settings Select one of the following:

l Edit Own Records. Select this option to allow users to
edit or delete entries that they have made in the Sub-
Form field.
l Edit All Records. Select this option to allow application
users to edit or delete any entry in the Sub-Form field,
regardless of who made the entry.

Field Administrators To designate specific users and groups as Field

Administrators for the Sub-Form field, enabling them to edit
and delete any entry made in the field,, you must select
those users and groups. Click and from the Available
list, select the users and groups that you want to designate
as Field Administrators for the Sub-Form field.

Text Field
The Text field type accepts both alphabetic and numeric entries. It can be displayed
to users as either a one-line text field or a multi-line (scrolling) text area. If the
field is configured as a text area, you can specify the height (in lines) for the
control. In addition, a Text field configured with the text field display control (not
text area) can be configured to display to end users as a masked Text field,
allowing them to enter data in a defined format.
For instructions on configuring the Text field type, see Configure the Display and
Functionality of a Field and Text Field Options.
By default, entries in the Text field are not restricted. However, when configuring
this field type, you can choose to set a maximum character length for entries. In
addition, you can restrict users from entering a value in the Text field that is
identical to a value entered in another record within the application, thereby
ensuring that all values in the Text field are unique.

Chapter 2: Fields 121

 RSA Archer GRC Platform Applications

A Text field can also be configured as a calculated field. When this option is
enabled, you can specify a formula for dynamically computing the field's value. For
example, you could create the following formula to populate the Text field with the
value "High Risk" or "Low Risk" depending on another field's value within the
record:
IF([Exposure Rating] >=10, "High Risk", "Low Risk")
The calculated field would display as read-only for all application users, and its
value would be updated each time the field was recalculated.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Unique
l Maximum Characters
l Email Format

Text Field Options

You can configure the display and functionality of a Text field on the Options tab of
the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Text fields, see Text Field.

122 Chapter 2: Fields

 RSA Archer GRC Platform Applications

The following table lists the options for the Text field.

Option Action

Display Control Section

Select the type of display control that you want to use for the
field:
l Text Field
l Text Area

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Chapter 2: Fields 123

 RSA Archer GRC Platform Applications

Option Action

Unique Field Select this option to prevent users from entering an identical value
in the field within two separate records. If a user attempts to save a
value in the field that has already been saved in the field for
another record, the user is prompted to enter a unique value.

Key Field Select this option if you want the field to serve as the key field for
the application. Only one field can serve as the key field for an
application. You can select the key field values in search results,
and users can click the values to open individual records. Once
saved, you can only clear this checkbox by selecting the Key
Field checkbox for another field in the application. Also, when
you select the Key Field checkbox for a field and save your
changes, the Required Field, Search Results, and Search Default
Field checkboxes are automatically selected.

Calculated Field Select this option to create a formula to dynamically compute a

value for this field. If you select this option, the field is read-only
for all users, and its value is populated by the system.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field
Display Options section.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Configuration Section

124 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Maximum To restrict the number of characters a user can enter in the Text
Characters field, enter the maximum number of allowable characters in the
Maximum Characters field.

Note: If you use rich text formatting in a Text Area, the Platform
counts the HTML formatting tags embedded in the text as
characters. This may result in a warning message that the text
entered in the field exceeds the maximum number of characters. As
a result, set the Maximum Characters field to a value higher than
the number of characters that you expect to be entered in the field.

Input Mask If you selected the Text Field display control, you can configure
masked text fields to allow end users to enter data in defined
formats. From the Input Mask drop-down list, select one of the
following masks:
l SSN. Format = ###-##-####. The mask will be configured so
the entire SSN is confined to one field.
l Telephone. Format = ###-###-####. The mask will be
configured so the entire phone number is confined to one field.
l Zip Code. Format = #####.
l Zip+4. Format = #####-####.
l IP Address v4. Format = ###.###.###.###.
l IP Address v6 Full. Format =
####.####.####.####.####.####.####.####.
l Email Address. The mask will be configured to require the At
(@) sign.

Chapter 2: Fields 125

 RSA Archer GRC Platform Applications

Option Action

Field Height If you selected the Text Area display control in the Display
Control section, you can configure the height of the field in lines
by selecting the desired number of lines in the Field Height field.
If more values are available for selection in the field than the
number of lines you specified for the field height, a vertical scroll
bar will appear in the field to enable users to view all available
values.

Default Value To prepopulate your Text field with default text, enter the default
text in the Default Value text box. If you want this default text to
be removed once an end user selects the Text field in Edit mode,
select Remove the default text on mouse click.

Note: Default text with the Remove option enabled should be

used for only instructional and informational purposes. The text is
not saved with the record. If you want your default text to be
treated as a standard text field entry, do not select Remove the
default text on mouse click.

Advanced Field Display Options Section

Display Text Enter your supporting text in this field. For example, you can enter
a specific question related to values users enter in the field, such
as "When was the date of your last security audit?" This text is
always displayed, even if you select to hide the field name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Tracking ID Field
The Tracking ID field type is automatically populated with a value that uniquely
identifies a record. By default, the tracking ID is a numeric value; however, you
can also specify a static prefix and/or suffix string to be used in conjunction with
the system-generated tracking ID number. For example, if you specify "ABC-" for
the prefix and "-XYZ" for the suffix, the application could generate the following
tracking ID number: ABC-447632-XYZ.
For instructions on configuring the Tracking ID field type, see Configure the
Display and Functionality of a Field and Tracking ID Field Options.
This field has two configuration options:
l System ID. A sequential tracking ID that is generated based on the number of
records in all applications in the system.

126 Chapter 2: Fields

 RSA Archer GRC Platform Applications

l Application ID. A sequential tracking ID that is generated based on the number

of records in the application. If you select this option, the tracking ID values for
individual records is based on the order in which they were added. For example,
if you have two applications, each with this option enabled, and add four records,
two for each application, the tracking ID values represent the order in which a
record was added to the individual application, not the order in which it was
added to the Platform, as shown in the following figure.

With this option, it is possible for records in separate applications to have

matching tracking ID values.

If you select this option for Tracking ID fields in leveled applications, the
tracking ID value is based on the order the record was added within the context
of the entire application, not a specific level. For example, if you were to add a
record to the top-level application, add a record to the second-level and then add
another record to the top-level application, the records in the top level have
tracking ID values of 1 and 3 respectively. The record in the second-level
application has a tracking ID value of 2, as shown in the following figure.

Chapter 2: Fields 127

 RSA Archer GRC Platform Applications

If you select this option for Tracking ID fields in sub-forms, the tracking ID
value is based relative to the individual Sub-Form field. For example if you have
one sub-form that is referenced by Sub-Form fields from separate applications,
each Sub-Form field within an application generates its own series of tracking
ID values, as shown in the following figure.

Tracking ID Field Options

You can configure the display and functionality of a Tracking ID field on the
Options tab of the Manage Field page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the Tracking ID field, see Tracking ID Field.
The following table lists the options for the Tracking ID field.

Option Action

Options Section

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

128 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Key Field Select this option if you want the field to serve as the key field for
the application. Only one field can serve as the key field for an
application. You can select the key field values in search results,
and users can click the values to open individual records. Once
saved, you can only clear this checkbox by selecting the Key
Field checkbox for another field in the application. Also, when
you select the Key Field checkbox for a field and save your
changes, the Required Field, Search Results, and Search Default
Field checkboxes are automatically selected.

Configuration Section

System ID Select this option if you want the tracking ID to be generated

based on the number of records in all applications within the
system.

Application ID Select this option if you want the tracking ID to be generated

based on the number of records within the application.

Important: You can change the tracking ID type later; however,

the keyword search index for all records in the application must
then be rebuilt. During the index rebuild, keyword search results
may be inaccurate, and frequent index rebuilds can impact system
performance. For more information on rebuilding the keyword
search index, see "Rebuild All Indexes" in the RSA Archer Control
Panel Guide.

Prefix Enter a prefix that you want to display before the system-
generated tracking ID. For example, if you enter "ABC" in this
field, the tracking ID value for a record could be "ABC123456."

Suffix Enter a suffix that you want to display after the system-generated
tracking ID. For example, if you enter "XYZ" in this field, the
tracking ID value for a record could be "123456XYZ."

User/Groups List Field

The User/Groups List field type is a specialized values list field that allows users to
select users or groups.
For instructions on configuring the User/Groups List field type, see Configure the
Display and Functionality of a Field and User/Group List Field Options.

Chapter 2: Fields 129

 RSA Archer GRC Platform Applications

This field type can be expressed using any of the following interface controls:
l Drop-down
l Radio buttons
l Checkboxes
l Listbox
l Values pop-up

If you select to use radio buttons when configuring a User/Groups List field, users
are restricted to making a single selection in the field. By choosing one of the other
available interface control types, you can specify the minimum and maximum
number of selections users are permitted to make in the field.
During the field configuration process, you must select at least one user or group to
display in the values list for the User/Groups List field. The users and groups from
which you can choose are those that have been defined in the Access Control
feature. To populate the field with users and groups, you can:
l Define a list of specific users and groups to display as available selections in the
field.
l Select the All Users and All Groups options to display every user and group
within the system.
l Select the Record Creator option to include the user who is adding or editing the
record as an available selection in the field.
l Select the Default to Creator's Groups option for the record creator or for any
selected group to define that user or group as the default selection for the field.
l Restrict the list of groups that display as available selections in the field by
selecting the Auto Restrict Groups option. This option limits the groups that are
available for selection to only those groups for which the user is a member. For
example, suppose that you select the Sales, Marketing, and Management groups
as available selections in the field. If a user adds a record in the application and
that user is a member of only the Marketing group, the Marketing group is the
only group available to that user for selection in the User/Groups List field.

Note: You can convert a User/Groups List field to a Record Permissions field to
limit record access to only those users or groups selected in the field. For
instructions on making this conversion, see Convert a User/Groups List Field to a
Record Permissions Field.

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.

130 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Field Validation Configuration

The minimum and maximum values are now validated for relationships between
field types.
The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections

User/Groups List Field Options

You can configure the display and functionality of a User/Groups List field on the
Options tab of the Manage Field page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the User/Groups List field, see User/Groups List Field.
The following table lists the options for the User/Groups List field.

Option Action

Display Control Section

Select the type of display control that you want to use for
the field:
l Dropdown
l Radio Buttons
l Check Boxes
l Listbox
l Values Popup

Options Section

Chapter 2: Fields 131

 RSA Archer GRC Platform Applications

Option Action

Required Field Select this option to require users to supply a value for the
field when adding or editing a record in the application.
Required fields are indicated with an icon (selected in the
Appearance feature) to alert users that they must supply a
value. If this checkbox is not selected, users can skip this
field when adding or editing a record in the application.

Auditing Information Select this option to display auditing information next to the
field each time that its value is changed. The auditing
information includes only the name of the user who made
the change and the date and time of the change. If this
checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Advanced Field Select this option to add descriptive text and alter the
Display standard display of the field. After selecting this checkbox,
specify the display text and layout for the field in the
Advanced Field Display Options section.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always
option is not selected, the field is validated only when the
value in that field has changed.

Configuration Section

Column Layout If you selected the Radio Buttons or Check Boxes display
control in the Display Control section, you can configure
the number of columns in the field by selecting the desired
number of columns from the Column Layout drop-down
menu.

132 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Field Height If you selected the Listbox display control in the Display
Control section, you can configure the height of the field in
lines by selecting the desired number of lines in the Field
Height field. If more values are available for selection in the
field than the number of lines you specified for the field
height, a vertical scroll bar will appear in the field to enable
users to view all available values.

Minimum and If you selected the Dropdown, Check Boxes, Listbox, or

Maximum Selections Values Popup display control in the Display Control
section, you can specify the minimum and maximum number
of selections that can be selected in the field. Enter the
desired number of values in the Minimum Selections and
Maximum Selections fields.

Advanced Field Display Options Section

Display Text Enter your supporting text in this field. For example, you
can enter a specific question related to values users enter in
the field, such as "When was the date of your last security
audit?" This text is always displayed, even if you select to
hide the field name.

Layout Select whether to display or hide the field name and whether
to display the values horizontally or vertically. See the
examples provided in the Preview field.

Field Population Section

To define users and groups, click Lookup and from the

Available list, select the users and groups that should be
available for selection in the field based on the following
options:
l Record Creator. Select this option to include the user
who is adding or editing the record as an available
selection in the field.
l Individual Groups and Users. Expand the Groups and
Users nodes and select the individual groups and users
that you want to be available for selection in the field.
l All Groups. Expand the Groups node and select All
Groups. this option populates the User/Groups List field
with all groups defined in the Access Control feature.
l All Users. Expand the Users node and select All Users.

Chapter 2: Fields 133

 RSA Archer GRC Platform Applications

Option Action

This option populates the User/Groups List field with all

users in the system.

Default Selection To configure default selections, select the Default checkbox

in the User/Groups list for any selected group to define that
user or groups as the default selection for the field. When
users add new records, the default values are automatically
selected in the field.

Cascade Selection To apply group selections to sub-groups, select Cascade in

the User/Groups list for any selected group to include the
sub-groups of a selected group in the list of available values
for the User/Groups List field.

Note: If you select the Cascade option for a group that

contains sub-groups, those sub-groups will be available for
selection in the User/Groups List field. When a user interacts
with the User/Groups List field while adding or editing a
record, the user can select the parent-level group and/or
individual sub-groups nested beneath the parent group.
However, it is important to note that if a user selects only
the parent group, sub-groups nested beneath that parent
group are not included in the selection. Only individual
users who are members of the selected parent group are
included in the selection.

Auto Restrict Groups Select this option to restrict the list of groups that display as
available selections in the field. This option limits the
groups that are available for selection to only those groups
for which the user is a member. For example, suppose that
you select the Sales, Marketing, and Management groups as
available selections in the field. If a user adds a record in the
application and that user is a member of only the Marketing
group, the Marketing group will be the only group available
to that user of selection in the User/Groups List field.

Note: If you select the Default option for a group in the

Selected list and then select Auto-Restrict Groups, the
default group is only selected in the User/Groups List field
for an individual record if the user creating that record is a
member of the group.

Default to Creator's To include groups for which a record creator is a member as

Groups default selections in the field, select Default to Creator's
Groups. Only groups that have been defined as available
selections for the field can be selected by default.

134 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Values List Field

The Values List field type provides users with a list of predetermined values from
which to choose.
For instructions on configuring the Values List field type, see the following topics:
l Configure the Display and Functionality of a Field
l Field-Specific Values List Field Options
l Global Values List Field Options

This field type can be expressed using one of several interface control types:
l Drop-down
l Radio buttons
l Checkboxes
l Listbox
l Values pop-up

If you select to use radio buttons when configuring a Values List field, users are
restricted to making a single selection in the field. If you choose one of the other
control types for the field, you can specify the minimum and maximum number of
selections users are permitted to make in the field.
During the configuration process, you can populate a Values List field with either a
custom or a global values list. If you choose to use a custom values list, you must
define the values for the field.Custom values lists cannot be used to populate any
other Values List field. If you choose to use a global values list, you can populate
the field with an existing global values list in the system.

Note: You can convert an existing field-specific values list to a global values list,
which will enable you to reuse the list when creating other Values List fields.

Users who have rights to add or edit global and field-specific values lists can add or
edit values in a values list by clicking Edit below or next to the field in a content
record.
An advanced option for the Values List field type is the ability to define it as a
calculated field. When this option is enabled, you can specify a formula for
dynamically computing the field's value. For example, you could create the
following formula to populate the Values List field with the value High or Low
depending on another field's value within the record:
IF([Risk Rating]>=10, ValueOf (“High”), ValueOf (“Low”))
The calculated field would display as "read-only" for all application users, and its
value would be updated each time the field was recalculated.
See the following topics for additional information about numeric fields:

Chapter 2: Fields 135

 RSA Archer GRC Platform Applications

l Record Save Validation

l Field Validation Configuration - Values List
l Trending for a Values List Field

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Record save validation is available for the following field types:

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Field Validation Configuration - Values List

The following validation rules apply to this field type:
l Required
l Minimum Selections
l Maximum Selections
l Values List Other Text

Field validation is available for the following field types:

l Attachment l Numeric

l Cross- l Matrix (row or

Reference column)

136 Chapter 2: Fields

 RSA Archer GRC Platform Applications

l Date l Record Permissions

l External Links l Related Record

l Image l Sub-Form

l IP Address l Text

l User/Group l Voting
List

l Values List

Trending for a Values List Field

You can enable or disable trending to track status changes for the value of a Values
List field type. You must set a duration period when enabling trending for a Values
List field.

Field-Specific Values List Field Options

You can configure the display and functionality of a Field-Specific Values List field
on the Options tab of the Manage Fields page.
The following table lists the options for the Field-Specific Values List field.

Option Action

Display Control Section

Control Select the type of display control that you want to use for the
field:
l Dropdown
l Radio Buttons
l Check Boxes
l Listbox
l Values Popup

Options Section

Chapter 2: Fields 137

 RSA Archer GRC Platform Applications

Option Action

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required
fields are indicated with an icon (selected in the Appearance
feature) to alert users that they must enter a value. If this option is
not selected, users can skip this field when adding or editing a
record in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes the name of the user who made the change and the date
and time of the change. If this option is not selected, auditing
information is not displayed with the field.

Search Results Select this option to make this field available for display in search
results. If this option is not selected, you cannot include this field
in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar of the Search Results page and remove the
field from the Fields to Display section of the Advanced Search
page in the application.

Trending Select this option to enable trending for the field. After selecting
this option, specify the following:

138 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Duration Select the duration for which you want the Platform
Type to retain trending data. The available values are
calculated in days as follows:

Days 1 day

Months 30 days

Quarters 90 days

Years 365 Days

By default, the value of this field is No Selection, but

you must select a Duration Type when the Trending
option is selected. If you click Apply without
changing the value, a warning message is displayed.
Click OK to return to the Options tab.

Duration Specify the number of days, months, quarters, or years

Amount for which the Platform retains trending data. Enter a
value in the Duration Amount field. If you decrease
the value of this field after a value has already been
entered, a warning message is displayed. Click OK to
continue.

Description Links Select this option to display the selected value for the field as a
hyperlink when users view records in the application. Users can
click the linked value to read a description of that value.

Calculated Field Select this option to create a formula to dynamically compute a

value for this field. If you select this option, the field is read-only
for all users, and its value is populated by the Platform.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this option, specify the display
text and layout for the field in the Advanced Field Display
Options section.

Chapter 2: Fields 139

 RSA Archer GRC Platform Applications

Option Action

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Configuration Section

Minimum and If you selected the Radio Buttons, Check Boxes, Listbox, or
Maximum Values Popup display control in the Display Control section, you
Selections can specify the minimum and maximum number of values that can
be selected in the field. Select the desired number of values in the
Minimum Selections and Maximum Selections fields.

Column Layout If you selected the Radio Buttons, Check Boxes, or Listbox
display control in the Display Control section, you can configure
the number of columns in the field by selecting the desired
number of columns from the Column Layout menu.

Field Height If you selected the Listbox display control in the Display Control
section, you can configure the height of the field in lines by
selecting the desired number of lines in the Field Height field. If
more values are available for selection in the field than the
number of lines you specified for the field height, a vertical scroll
bar will appear in the field to enable users to view all available
values.

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you can specify the display text and layout options.

Display Text Enter your supporting text in this field. For example, you can
enter a specific question related to values users enter in the field,
such as "When was the date of your last security audit?" This text
is always displayed, even if you select to hide the field name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Related Topics
Configure the Display and Functionality of a Field
Global Values List Field

140 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Global Values List Field Options

You can configure the display and functionality of a Global Values List field on the
Options tab of the Manage Fields page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on Values List fields, see Values List Field.
The following table lists the options for the Global Values List field.

Option Action

Display Control Section

Select the type of display control that you want to use for the
field:
l Dropdown
l Radio Buttons
l Check Boxes
l Listbox
l Values Popup

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Chapter 2: Fields 141

 RSA Archer GRC Platform Applications

Option Action

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

Trending Select this option to enable trending for the field. After selecting
this option, specify the following:

Duration Select the duration for which you want the Platform
Type to retain trending data. The available values are
calculated in days as follows:

Days 1 day

Months 30 days

Quarters 90 days

Years 365 Days

By default, the value of this field is No Selection, but

you must select a Duration Type when the Trending
option is selected. If you click Apply without
changing the value, a warning message is displayed.
Click OK to return to the Options tab.

Duration Specify the number of days, months, quarters, or years

Amount for which the Platform retains trending data. Enter a
value in the Duration Amount field. If you decrease
the value of this field after a value has already been
entered, a warning message is displayed. Click OK to
continue.

Description Links Select this option to display the selected value for the field as a
hyperlink when users view records in the application. Users can
click the linked value to read a description of the value from a
pop-up window.

142 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Option Action

Calculated Field Select this option to create a formula to dynamically compute a

value for this field. After selecting this checkbox, you can define a
calculated formula in the Calculations Properties section. You can
also specify when to recalculate the field and how to handle
errors.

Advanced Field Select this option to add descriptive text and alter the standard
Display display of the field. After selecting this checkbox, specify the
display text and layout for the field in the Advanced Field
Display Options section.

Validate Always Select this option to validate the field when any field has changed
when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field
has changed.

Configuration Section

Minimum and If you selected the Dropdown, Check Boxes, Listbox, or Values
Maximum Popup display control in the Display Control section, you can
Selections specify the minimum and maximum number of values that can be
selected in the field. Select the desired number of values in the
Minimum Selections and Maximum Selections fields.

Column Layout If you selected the Radio Buttons or Check Boxes display control
in the Display Control section, you can configure the number of
columns in the field by selecting the desired number of columns
from the Column Layout drop-down menu.

Field Height If you selected the Listbox display control in the Display Control
section, you can configure the height of the field in lines by
selecting the desired number of lines in the Field Height field. If
more values are available for selection in the field than the number
of lines you specified for the field height, a vertical scroll bar will
display in the field to enable users to view all available values.

Advanced Field Display Options Section – If you selected the Advanced Field Display
option, you must enter supporting information and select a display option.

Chapter 2: Fields 143

 RSA Archer GRC Platform Applications

Option Action

Display Text Enter your supporting text in this field. For example, you can enter
a specific question related to that values that users enter in the
field, such as "When was the date of your last security audit?"
This text is always displayed, even if you select to hide the field
name.

Layout Select whether to display or hide the field name and whether to
display the values horizontally or vertically. See the examples
provided in the Preview field.

Calculation Properties Section – If you selected the Calculated Field option, you can
define a formula, specify when to recalculate, and specify how to handle errors.

Voting Field
The Voting field type allows users to rank a record in two ways. A Total Votes
tally allows users to vote for or against a content record. Each vote is assigned a
weight as determined by the field administrator. The field shows the total votes for
the record. An Average Votes tally allows user to rate the record based on a range
of 1 to 5. All votes are averaged to determine the overall rating, which is reflected
in the field.
By configuring voting reset rules, field administrators can determine when the votes
in the Voting field should be reset, if at all. Both field options provide the ability for
a defined set of users. You can allow Field Administrators to view a detailed report
when each user voted on the content along with the rating provided. This field
provides access to the Voting Field Detail report. This report lists the user, email
address, date, and rating for the field.
For instructions on configuring the Voting field type, see Configure the Display and
Functionality of a Field and Voting Field Options.
Record Save Validation
The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.
Field Validation Configuration
The minimum and maximum values are now validated for relationships between
field types.
The Voting Field Value validation rule applies to this field type.

144 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Voting Field Options

You can configure the display and functionality of a Voting field on the Options tab
of the Manage Field page.
For detailed instructions, see Configure the Display and Functionality of a Field.
For more information on the Voting field, see Voting Field.
The following table lists the options for the Voting field.

Option Action

Options Section

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always
option is not selected, the field is validated only when the
value in that field has changed.

Configuration Section

Vote Tally In the Vote Tally field, select whether the results should
display a total number of votes cast or an average of the
ratings provided by end users.

Vote Weight In the Vote Weight field, select the numeric value for how
much each vote is worth. For example, if the Vote Weight is
"10" and ten users have submitted a vote, the total value
displayed would be "100."

Chapter 2: Fields 145

 RSA Archer GRC Platform Applications

Option Action

Field Administrators To designate specific users and groups as Field

Administrators for the Voting field, you must select those
users and groups. Click , and from the Available list,
select the users and groups that you want to designate as
Field Administrators for the Voting field. You can allow
Field Administrators to view a detailed report when each
user voted on the content along with the rating provided.
This field provides access to the Voting Field Detail report.
This report lists the user, email address, date and rating for
the field.

Voting Reset Rules Section

Select from the following options:

1. In the Field To Evaluate column, select the field to
evaluate for one or more specific values.

Note: To create additional conditions, click Add New.

2. In the Operator column, select the filter operator.

3. In the Value(s) column, select the values for the
condition.
If you have created more than one condition, you can
apply advanced logic to your search criteria.

Create Field-Level Help

You can create field-level Help that is displayed with a field in the user interface.
By incorporating field-level Help, you can provide additional guidelines and
instructions to ensure end users enter appropriate information in the field. This Help
text can be displayed for users when they add, edit and view records in the
application where the field resides. You can configure field-level Help to display
above or below the field, as a tool tip (mouseover), or in a pop-up window that
users can open by clicking .

Note: You can also create field-level Help using text boxes in an application's
layout. Text boxes enable you to provide instructions or additional information that
are displayed above, below or beside a field when users add, edit or view records in
an application. For guidance on creating text boxes, see Add Text Boxes to an
Application's Layout.

Before You Begin

Create a Field

146 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field column, click the field that you want to configure.
4. Click the Help Text tab.
5. In the Help Text field, enter instructional and descriptive text for the field.
Consider the following general guidelines when writing field-level Help:
l Use short, concise instructions that direct the user to take a specific action.
For example, "Enter your name" is preferable to "This field is used to enter
your name."
l Use complete sentences whenever possible.
l Avoid jargon (unless terms are critical and are familiar to your users).
l Consider the technical aptitude of your audience and author your help text at
a corresponding level.
l Use “you” and “your” as if you are speaking directly to the user.
l Consider posing Help text in the form of a question, for example, "What is
your level of interest?"

Chapter 2: Fields 147

 RSA Archer GRC Platform Applications

6. In the View Display Options and Edit Display Options sections, select one of
the following options for displaying your Help text for View and Edit modes.

Display Option Example

Above: Display field Help above

the control in edit and view
modes.

Below: Display field Help below

the control in edit and view
modes.

Tooltip: Display field Help as a

tool tip (mouseover) on the
control name in edit and view
modes.

Icon: Display a Help icon beside

the control in edit and view
modes. Clicking this icon displays
the field Help in a pop-up dialog
box. The application
automatically determines the size
of the window based on the
number of characters in the Help
text.

Note: If you choose to display field Help in Edit mode, the Help is displayed for
users when they add or edit a record in the application where the field resides.
If you choose to display field Help in View mode, the Help is displayed for
users when they view a saved record in the application where the field resides.
If you choose to display field Help in both Edit and View modes, the Help is
displayed for users when they add, edit or view a record in the application
where the field resides.

7. Click Apply.

Next Steps
Assign Access Rights to a Field

148 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Assign Access Rights to a Field

You can configure fields as either public or private. Public fields are available to all
end users, but for private fields, you can select specific users and groups to assign
access rights. If a certain field is configured as private, users who do not have
rights to the field cannot view it when adding, editing, or viewing records in the
application.

Before You Begin

l Create a Field
l Update the General Properties of a Field
l Configure the Display and Functionality of a Field
l Create Field-Level Help

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field column, click the field that you want to configure.
4. Click the Access tab.
5. Select whether you want the field to be Public (available to all application
users) or Private (available to only select users and groups).

Chapter 2: Fields 149

 RSA Archer GRC Platform Applications

6. If you selected the Private option, assign rights to the field according to the
following instructions.

Option Action

Grant or Revoke Field From the Available list, select the users or groups that
Access you want to assign field access. Your selection is
displayed in the Selected list. To revoke access to the
field, click to the right of the user or group name in
the Selected list.

Note: To search for a specific name, enter the name in

the Find field and (if applicable) select the type from the
adjacent list. Click Search. The results of your search are
displayed in the Search Results node in the Available
list.

Define Access as Full or To grant full access rights (read and edit) for the field to
Read Only a user or group in the Selected list, select the Full
Access checkbox to the right of the user or group name.
To limit access to a read-only status, clear the Full
Access checkbox.

Extend Access Rights to To extend access rights to the sub-groups of a selected

Sub-Groups group, select Cascade.

7. Click Save.

Define Numeric Ranges for a Numeric Field

When configuring a Numeric field, you can select to display a filter option on the
Advanced Search page that allows users to search the field based on ranges of
values. To define numeric ranges for a Numeric field, you must first enable the
Numeric Ranging option for the field. Then you can create named ranges that will
be available as filter criteria for the field. For each named range that you create,
you must define a beginning and ending value. For example, a range named "High"
might contain the values 8 through 10.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

150 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab and in the Field Name column, click the numeric field.
The Manage Fields page is displayed.
3. Click the Options tab and select Numeric Ranging.
4. Click Save in the toolbar to return to the Fields tab of the Manage Applications
page.
5. In the Field Type column for your Numeric field, click the Numeric Ranges
link.
6. Create the number of numeric ranges for the field:
a. To add a new numeric range, click Add New.
b. To edit the properties of an existing range, click the range in the Ranges list
to display its properties in the fields to the right.
c. In the Name field, enter the name of the range.
d. In the Beginning Value and Ending Value fields, enter the values that
define the range.
These fields accept only numeric values.
e. Click Apply.
f. Add additional numeric ranges, if desired.
7. Click Save.

Convert a User/Groups List Field to a Record Permissions Field

You can convert a User/Groups List field to a Record Permissions field to limit
record access to only those users or groups selected in the field. The Record
Permissions field is populated with the users and groups configured for the
User/Groups List field. The Record Permissions field also is configured to use the
manual selection method, meaning that end users are able to interact with the field
to assign record permissions.
For information on other selection methods that you can use for the Record
Permissions field, see Record Permissions Field.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.

Chapter 2: Fields 151

 RSA Archer GRC Platform Applications

c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field column, click the field that you want to configure.
The Manage Field page is displayed.
4. On the General tab, click Promote to Record Permissions Field.
The User/Groups List field changes to a Record Permissions field, and the field
is populated with the users and groups that were configured for the User/Groups
List field.

Important: When converting from a User/Group List field to a Record

Permissions field, users are not automatically granted access to the record. You
must remove the users and groups from the promoted field, and then add them
again to activate record permissions for the newly promoted field.

5. Click Save.

Convert a Field-Specific Values List to a Global Values List

Because field-specific lists are specific to the field in which they are created, they
cannot be reused in other Values List fields. However, to reuse a field-specific
values list, you can convert the field-specific values list to a global values list,
making it available for use in any Values List, Cross-Application Status Tracking,
or Matrix field.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field column, click the field that you want to configure.
The Manage Field page is displayed.
4. On the General tab, in the Action field, click the Promote to Global Values
List link.

152 Chapter 2: Fields

 RSA Archer GRC Platform Applications

5. Click Save.

Define Field-Specific Values for a Matrix Field

A Matrix field allows you to display a two-dimensional array of checkboxes,
allowing users to plot or rank responses relative to the two factors posed by the
dimensions. During the field creation process, you can select to populate a Matrix
field's column and row values with global values lists or to create custom column
and row values. If you select to create field-specific values, you can define those
values from the Fields tab on the Manage Applications page. Field-specific column
and row values are considered local to the Matrix field because you cannot reuse
these values for other fields.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

If you selected to define custom values for your Matrix field during the field
creation process, the Column Values and Row Values links are displayed in the
Field Type column.

Note: If you selected to use global values lists to populate the Matrix field's
column and row values, the Column Values and Row Values links are not
displayed on the Fields tab of the Manage Applications page.

3. In the Field Type column, click Column Values to open the Manage Global
Values List page.
This page provides controls for naming and arranging column values.
4. To add a new value, click Add New in the Values control group.
5. To edit the properties of an existing value, in the Structure list of the Values
control group, click the name.
6. In the Text Value field, enter the value as you want it to display in the values
list. Enter a description in the Description field.
7. To make the value available for selection by the user, select Active. If you do
not want users to be allowed to select the value, clear the Active checkbox.

Chapter 2: Fields 153

 RSA Archer GRC Platform Applications

Inactive values are not available for selection, but existing usages of the value
are preserved.
8. Click Save in the page toolbar to save the value and return to the Manage Fields
page.
9. In the Field Type column , click Row Values to open the Manage Field -
Specific Values List page.
10. Repeat steps 4-8 above to create row values for the Matrix field.
11. Click to return to the Manage Applications page.

Delete a Field
Complete this task to delete a field.

Procedure
1. From the Administration workspace, navigate to Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.
3. Click the Fields tab.
This tab displays all existing fields in the application along with controls for
adding, editing and deleting fields.
4. Click the row and view the description of the field that you want to delete.

5. Click for that field.

A Warning dialog box opens.

Note: Some fields in RSA Archer applications may be locked, allowing

administrators limited access. If no is displayed, that field is locked and
cannot be deleted.

6. Click OK.

Note: If trending is enabled for the field, all trending data associated with the
field is deleted. An asynchronous cleanup job that runs once per day removes
both expired trended data and any trended data for fields that the user has
disabled trending.

Configuring Trending
Trending is a method of data tracking that enables you to track status changes for a
Numeric or Values List field when trending is enabled. The trending data allows
you to monitor a specified field over time so that you can make informed business
decisions.

154 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Trending charts allow you to observe patterns in the trending data over a specified
period. The chart reflects a plot point for each time a field value is saved. (For
more information, see Viewing a Trending Chart in a Record.) When a field is
enabled for trending, the Platform captures trending data for the specified field and
retains the data for the specified duration period.
An administrator can perform any of the following tasks related to trending:
l Add a trending chart to an application layout
l Enable trending for a field
l Disable trending on a trended field
l Delete a field

Trending charts can be included in a package for migrating from one instance to
another. Certain conditions apply when packaging trending chart objects. You can
also map trending chart objects in Mapping Analyzer.

Trending Examples
The following examples demonstrate the behavior of trending functionality.
Example A: You might create a trending chart called "Safety Incidents" to track
the number of safety incidents that occur at a facility before safety policies are
instituted. If the duration period was specified as one year (365 days),you might
view the trending chart and observe that the number of safety incidents at the
facility has decreased during the one year duration period. You might conclude that
the safety policies are working.
Example B: To expand on Example A, suppose the duration period is changed from
one year to one month. The trending chart contains one year of data at the time the
specified duration period is changed. The next day, the trending data shows only the
one-month period once an asynchronous job runs. This once-daily cleanup job
removes both expired trended data and any trended data for fields that you have
disabled trending.
Example C: You might not update a trending-enabled field until the duration period
elapses. When the update takes place after the duration period ends, the chart
reflects data for a longer period than specified in the duration period. Trended data
is not removed until an asynchronous job runs or the trending-enabled field is
deleted.

Enable Trending for a Field

Complete this task to enable trending for a Numeric or Values List field.

Procedure
1. From the Administration workspace, navigate to the Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.

Chapter 2: Fields 155

 RSA Archer GRC Platform Applications

3. On the Fields tab, select the Numeric or Values List field for which you want
to enable trending.
4. Select the Enable trending options for this field option.
The Duration Type and Duration Amount options are displayed.
5. From Duration Type, select the duration for which you want the Platform to
retain trending data.
6. In Duration Amount, enter a numerical value that specifies the number of
days, months, quarters, or years for which the Platform retains trending data.
7. Click Save or Apply.

Disable Trending on a Trended Field

Complete this task to disable trending on a trended Numeric or Values List field.

Procedure
1. From the Administration workspace, navigate to Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.
3. On the Fields tab, select the trended field for which you want to disable
trending.
4. Clear the Enable trending options for this field checkbox.
5. Click Save.
A warning message is displayed, indicating that existing trending data will be
purged and trending report filters will be affected.
6. Click OK to continue.

156 Chapter 2: Fields

 RSA Archer GRC Platform Applications

Chapter 3: Application Layouts

Customizing the Layout of an Application

From the Layout tab on the Manage Applications page, you can control the layout of
fields within an application, and you can add tabs, sections, supporting text and
custom controls to create an intuitive interface for users as they add and edit
records in the application. This tab also provides a drag-and-drop control for
organizing page elements in multiple columns, which enables you to make effective
use of larger monitors and greater screen resolution.
Other important features on the Layout tab include:
l By removing a field from the application layout, you can hide the field from end-
user view without deactivating or deleting the field. This can be especially useful
with calculated fields that you want to calculate in the background without
displaying to end users.
l You can define which tabbed grouping of fields will be the default tab to display
when users add or edit records in the application.
l You can provide page-level and field-level help using text boxes, which you can
place anywhere in the layout.
l Page shading options enable you to further customize the look of individual
applications.

Icons provide a visual to the type of field. The following table describes the icons
that might be displayed in the field bar of a field. Required fields are denoted with
an asterisk (*).

Icon Description

Key field. Denotes the field is a fey field.

Private field. Denotes the field is private field.

Calculated field. Denotes the field is a calculated field.

Grid (Table field type). Denotes the field is a table field type.

Chapter 3: Application Layouts 157

 RSA Archer GRC Platform Applications

You can perform the following tasks to customize the layout of an application:
l Create Tabbed Groupings of Fields in an Application
l Add a Field to an Application
l Add Sections to an Application's Layout
l Manage the Visibility Properties of a Field in an Application
l Add Text Boxes to an Application's Layout
l Add Placeholders to an Application's Layout
l Add Custom Objects to an Application's Layout
l Arrange Elements in an Application's Layout

Create Tabbed Groupings of Fields in an Application

You can arrange fields, tabs, and tab sets to create an easy-to-use interface for
users as they add and edit records in the application. Tab sets are a grouping tool
for related tabs. Tabs are a grouping tool for related fields, and by arranging fields
on tabs—especially in applications with a large number of fields—you can help
users quickly find the fields they need to access.

Note: If a user does not have access to any of the fields on a tab, the tab is not
displayed when the user adds or edits records within the application. Using data
driven events, tabs can be dynamically shown or hidden based on the current state
of content, including nested tabs. When a data driven event hides all sections on a
tab, the tab is also hidden.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Layout tab.

3. Do one of the following:
l For the application, continue to the next step.
l For a leveled application, select the data level from the Level list in the left
pane that contains the layout that you want to manage. The fields and other
page elements for that level are displayed.

158 Chapter 3: Application Layouts

 RSA Archer GRC Platform Applications

4. Do one of the following:

Chapter 3: Application Layouts 159

 RSA Archer GRC Platform Applications

Add New Tab Set Add Tab to Tab Set Add Fields to a Tab

a. Expand the Add New a. Click the New tab in a. Add a section to the
Layout Object in the the tab set that you tab.
left pane. added.
b. Drag and drop the
b. Click Add Tab Set b. In the Tab Name fields on to the Layout
and drag it into the field, enter a name for page to add fields.
layout area. The Tab the tab
c. Arrange the fields
Set Name dialog box
c. To display a tab by until they are
is displayed.
default when users displayed in the
c. In the Tab Set Name open the application, correct order.
field, enter a name for select Display this tab For more information
the tab set. by default when users on creating fields, see
first access the page Create a Field.
d. From the Height list,
select one of the d. Click OK.
following options:
Note: The default tab
l To use default is displayed first for
height settings for users when they add
the tabs in the tab or edit records in the
set, select All from application. It does
the Height list and not have to be the left-
click OK. most tab. If a user does
l To select the height not have access to any
in pixels for the of the fields on the
tabs in the tab set, default tab, the default
select the value and tab is not displayed
click OK. and the tab with the
application key field
is displayed instead as
the default.

e. Drag and drop the tab To delete a tab, click the

on to the Layout tab arrow to the right of the
to arrange tab sets on tab and select Delete Tab.
the page:
Important: To delete a
l In the layout
section, click the tab or tab set, you first
tab set that you must remove all tabs,
want to move and sections, fields, and
drag it to its new objects contained in the
location.
tab or tab set.
l Arrange the tab sets
until they are
displayed in the

160 Chapter 3: Application Layouts

 RSA Archer GRC Platform Applications

Add New Tab Set Add Tab to Tab Set Add Fields to a Tab

correct order.
To delete a tab set, click
the arrow to the right of
the title that you want to
delete and select Delete
Tab Set.

5. Click Apply.

Add Sections to an Application's Layout

You can create sections, or headings, within an application’s page layout. Sections
are tools for grouping related fields together. For example, you might create a
section called “Contact Information” to group together information about a contact's
phone, fax, and email.

Note: If a user does not have access to any of the fields within a section, the
section is not displayed when the user adds, edits, or views records within the
application.

The Layout tab provides a convenient drag-and-drop interface for creating and
arranging sections. When you create a new section, you must enter a name and
define if and how it is displayed to end users.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Layout tab.

3. Select Add New Layout Object in the left pane.
4. Click and drag the Add Section option to the layout area.
When you release your mouse, the Section Description dialog box opens,
allowing you to define the section’s properties.
5. In the Section Name field, enter the heading that you want to display in the
layout.

Chapter 3: Application Layouts 161

 RSA Archer GRC Platform Applications

6. In the Default Visibility field, select Expanded or Collapsed depending on

whether you want the section to be expanded or collapsed by default.
7. (Optional) To add an information panel to provide your end users with additional
details about the section, select Panel Text and enter the text that you want to
display.
8. (Optional) To add additional Help text to provide your end users with detailed
instructions and background information about the section, select Help Text and
enter the text that you want to display.
You can customize your text and add dynamic elements, like images and Flash
animation, using the options available in the Rich Text Editor toolbar.
9. Click OK to close the Section Description dialog box.
10. Click Apply.

Manage the Visibility Properties of a Field in an Application

When creating sections within an application's layout on the Layout tab of the
Manage Applications page, certain fields are displayed as their own section within
the layout. Fields that display as their own section allow end users to expand or
collapse the field when adding or editing records. By adjusting the visibility
properties of these fields, you can define whether the field should be expanded or
collapsed by default. In addition, using the Data Driven Events feature, you can
create events to dynamically hide or show these fields based on conditions within a
record.
The following field types can be defined as sections:
l Attachment field
l Sub-Form field
l Cross-Reference field using the grid display control
l Related Records field using the grid display control
l History Log field using the grid display control

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

162 Chapter 3: Application Layouts

 RSA Archer GRC Platform Applications

2. Click the Layout tab.

3. Click the drop-down arrow for the field that you want to configure as its own
section and select Edit Display Properties.
4. In the Visibility section, select whether to have the field expanded or collapsed
by default.
5. Click OK.
6. Click Apply.

Add Text Boxes to an Application's Layout

You can create text boxes within an application’s page layout. Text boxes are fixed
text areas that you can use to provide guidance or additional information that users
may need to successfully interact with the application’s fields.
The Layout tab provides a convenient drag-and-drop interface for creating and
arranging text boxes.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Layout tab.

3. If you are working in a leveled application, select the data level that contains
the layout that you want to manage from the Level drop-down menu above the
Available Fields list.
The fields and other page elements for that level are displayed in the layout area
and in the Available Fields list.
4. Select Add New Layout Object and click and drag the Add Text Box option to
the layout area.
When you release your mouse, the New Text Box dialog box opens, allowing
you to define the text box properties.
5. In the Text Box Name field, enter a name for the text box.
This name is displayed on the Layout tab of the Manage Applications page, but
it is not displayed for end users when they add, edit, or view records within the
application.

Chapter 3: Application Layouts 163

 RSA Archer GRC Platform Applications

6. In the Text field, enter the text that you want to display within the text box
when it is displayed for users as they add, edit, or view records within the
application.
For example, you could provide instructions, definitions of new terms or
background information to help users understand a particular process.
The following figure shows a text box arranged among fields in a record.

7. Select from the following options for displaying the text box:
l Edit Mode. Display the text box when editing a record.
l View Mode. Display the text box when viewing a record.
8. Click OK.
9. Click Save.

Add Placeholders to an Application's Layout

You can create placeholders within a application’s page layout. The purpose of a
placeholder is to force other controls to a specific location on the page.
Placeholders are essentially blank text areas that you can add to the layout to create
space between other page elements, such as fields, sections, text boxes and custom
controls.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

164 Chapter 3: Application Layouts

 RSA Archer GRC Platform Applications

2. Click the Layout tab.

3. If you are working in a leveled application, from the Level list in the left pane,
select the data level that contains the layout that you want to manage.
The fields and other page elements for that level are displayed in the layout
area.
4. From the Available Fields list, select Add New Layout Object and click and
drag the Add Placeholder option to the layout area.
When you release your mouse, the placeholder is displayed in the application
layout.
5. Click Apply.

Add Custom Objects to an Application's Layout

You can create custom objects within an application’s page layout. Custom objects
enable you to enter code you have written to create buttons or other objects. For
example, you could create Next and Previous buttons using JavaScript code that a
user could click to move from tab to tab when adding or editing records in the
application.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Layout tab.

3. If you are working in a leveled application, from the Level list in the left pane,
select the data level that contains the layout you want to manage.
The fields and other page elements for that level are displayed in the layout area
and in the Available Fields list.
4. Expand the Add New Layout Object list and click and drag the Add Custom
Object option to the layout area.
When you release your mouse, the New Custom Object dialog box is displayed,
enabling you to define the object properties.

Chapter 3: Application Layouts 165

 RSA Archer GRC Platform Applications

5. In the Name field, enter a name for the custom object.

This name is displayed on the Layout tab of the Manage Applications page, but
it is not displayed for users when they add, edit or view records within the
application.
6. In the Description field, enter a description for the object.
7. In the Code field, enter or paste the HTML or JavaScript code for the object.
8. In the Display section, select one of the following modes for the object to be
displayed as users add and edit records in the application:
l Edit Mode. Display the custom object when editing a record.
l View Mode. Display the custom object when viewing a record.
l Both. Display the custom object when viewing or editing a record.
9. Click OK.
10. Click Apply.

Arrange Elements in an Application Layout

Complete this task to arrange elements in an application layout.

Procedure
1. From the Administration workspace, navigate to Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.
3. Click the Layout tab.
4. If you are working in a leveled application, from the Level list in the left pane,
select the data level that contains the layout you want to manage.
The fields and other page elements for that level are displayed in the layout area
and in the Available Fields list.
5. To drag a field into the application layout, click the field in the Available Fields
list and drag it to the correct position in the layout.

Note: For questionnaires, the Review Date and Submit Date fields must be on
the layout to be updated by a data driven event Set Date action. In addition, the
Set Date actions for setting the review date and setting the submit date are
created in the applicable DDE rules for Set Review Date and Set Submit Date.
By default, the Review Date and Submit Date fields are in the General
Information section.

6. To add a tab set, section, text box, placeholder, custom object, or trending chart
to the application page layout, click the page element under the Add New
Layout Object list, and drag it to the correct position.

166 Chapter 3: Application Layouts

 RSA Archer GRC Platform Applications

7. To move a single element, click the element and drag it to the correct location.
When you release your mouse, the element locks into place.
8. If you are working in a multi-tab layout and you want to move an element from
one tab to another, click and drag the element to the tab and position you want to
move it to.
9. If you are working in a two-column layout and you want a field, text box,
placeholder, custom object, or trending chart to span across columns, click the
drop-down arrow to the right of the element name and select from the following
spanning options:
l Select Edit Span Properties to open the Span Properties dialog box, and
select one of the following options from the Column Span section.

Option Description

Do not span columns The element consumes only one column of space.

Span two columns The element always spans across the columns. If you
change the application column settings to two
columns, the element then spans two columns.

l Select one of the following options from the Row Span section.

Option Description

Do not span rows The element consumes only one row of space.

Span The element consumes the number of rows you select

from the Rows spin box.

10. To remove a field, section, text box, placeholder, custom object, or trending
chart from the application page layout, click the element and drag it to the
Available Fields list.
The element is not deleted; however, users cannot see it when they add, edit, or
view records in the application.

Note: Leaving a field in the Available Fields list, rather than arranging it in the
application page layout, can be useful when you want the field to remain active,
but you do not want the user to have the ability to view the field. For example,
you may have a system field that is referenced in a formula for a calculated
field. It would be important for the field to remain active so the system can
continue to populate the value of the field and use those values in calculations,
but you might want to hide the field from view for end users.

Chapter 3: Application Layouts 167

 RSA Archer GRC Platform Applications

11. To permanently delete a tab set, section, text box, placeholder, custom object,
or trending chart from the application page layout, click the drop-down arrow
for the element in the page layout and click Delete [element name].

Note: To delete a tab set, you first must delete the fields and tabs in the tab set.

Add a Trending Chart to an Application Layout

Complete this task to add a trending chart to an application layout.

Procedure
1. From the Administration workspace, navigate to Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.
3. Click the Layout tab.
4. Select Add New Layout Object in the left pane.
5. Click and drag the Add Trending Chart option to the layout area.
6. In the Name field, enter the heading that you want to display in the layout.
7. From the Trending Field list, select the trending-enabled field for which to
display chart data.
8. (Optional) To display the chart name as the title, select Show Title.
9. Click OK to close the Trending Chart Description dialog box.
10. Click Apply.

168 Chapter 3: Application Layouts

 RSA Archer GRC Platform Applications

Chapter 4: Reports

Application Reports
You can access reports by clicking on the Manage Applications page.
The following table describes the reports available for each application in the
Platform.

Report Description

Application Cal- Shows the configuration, including the formula, for each cal-
culation Summary culated field in the application.

Application Custom Lists the custom objects and their associated content in the
Object Summary application.

Application Data- Lists the data driven events in the application, including the
Driven Events Sum- description, action type, and status.
mary

Application Detail Provides detailed information about each field in the

application, including field ID, description, Help text, field
help options, field type, control type, selected configuration
options, access, and so on. It also contains notification and
content review information.

Application Field Shows the configuration of each field within the application.
Detail

Application Shows the notification templates associated with the

Notification Detail application and the configuration for each, including the
assigned users and groups.

Application Private Provides a summary of the access control rights for private
Fields fields in the application. It contains all private fields that give
a user or group full access, cascade, or read-only privileges.

Application Record Shows the record permissions configurations in the application

Permissions Summary for manual selection (including rule name and description, if
applicable), inherited permissions, and automatic selection.

Application Summary Lists all field types in the application. It includes a count of
by Field Type each field type and the total number of standard and calculated
fields.

Chapter 4: Reports 169

 RSA Archer GRC Platform Applications

Report Description

Application Values Lists the values and configuration for each Values List field in
List Summary the application.

Page Hits Provides information about the number of times application

pages have been accessed by different users during a given
time frame. Pages are grouped in this report by application. The
report shows the number of times each page has been accessed,
and it also contains the total percentage of all page hits in the
system and each application's portion of that total.

Record View Detail Provides details of the date and time users accessed a particular
application record.

Record View Summary Provides a summary of the content records that have been
accessed by all users during a given time frame. It also shows
the number of content records in each application and the num-
ber of times a record has been accessed in each application. In
addition, the report contains the total percentage of all content
hits in the system and each application's portion of that total.

170 Chapter 4: Reports

RSA Archer GRC Platform 5.4
Calculations
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Calculations

Contents

Preface 9
About this Guide 9
Building Formulas 9
Executing Calculations 9
Resolving Dependencies 10
Essential Terminology 10
Product Documentation 11
Support and Service 12
Chapter 1: Calculations 15
Calculations Process Overview 15
Immediately Applied Calculations 15
Asynchronous Job Calculations 16
Calculation Properties 16
Formula Builder 16
Recalculation and Error Handling Rules 16
Define the Calculation Properties 17
Recalculation Conditions 18
Recalculations in View Mode 19
Recalculations in Edit Mode 19
Calculated Field Formula 21
Other Recalculation Conditions 22
Recalculation Scheduling 23
Schedule a Recalculation 24
Execute an On-Demand Recalculation 24
Force Content Recalculation 25
Chapter 2: Calculation Execution 27
Execute Calculations 27
Special Considerations 27
Dependencies Resolution 28
Syntax Rules 28
References in Formulas 28
Values List Value References 29
Cross-Application References 30
Leveled Application References 30
Sub-Form References 31
Chapter 3: Formula Builder 33
Calculated Fields 33
Create a Calculated Field 34
Formula Builder 35
Build a Formula for a Calculated Field 35
Define the Execution Order for Multiple Calculated Fields 37
Field References within Calculated Field Formulas 38
Functions and Operators for Calculated Field Formulas 39
Functions 40

3
 RSA Archer GRC Platform Calculations

Operators 40
Date Functions 41
DATEADD Function 42
DATEDIF Function 43
DATEFORMAT Function 45
DATETIMEVALUE Function 48
DAY Function 49
HOUR Function 50
MINUTE Function 50
MONTH Function 51
MONTHNAME Function 52
NOW Function 52
QUARTER Function 53
TODAY Function 54
WEEKDAY Function 54
WEEKNUMBER Function 55
YEAR Function 56
Financial Functions 57
DB Function 57
DDB Function 61
FV Function 63
IPMT Function 65
IRR Function 67
ISPMT Function 69
MIRR Function 70
NPER Function 71
NPV Function 73
PMT Function 75
PPMT Function 76
PV Function 78
QUARTILE Function 80
RATE Function 81
SLN Function 83
SYD Function 84
VDB Function 84
Logical Functions 86
AND Function 86
IF Function 87
NOT Function 88
OR Function 89
Math Functions 90
ABS Function 91
ACOS Function 91
ACOSH Function 92
ASIN Function 92
ASINH Function 93
ATAN Function 93
ATAN2 Function 94
ATANH Function 95
COMBIN Function 95
COS Function 96

4
RSA Archer GRC Platform Calculations

COSH Function 97
DEGREES Function 97
EVEN Function 98
EXP Function 98
FACT Function 99
FLOOR Function 100
INT Function 100
LN Function 101
LOG Function 101
LOG10 Function 102
MOD Function 102
ODD Function 103
PI Function 104
POWER Function 104
PRODUCT Function 105
QUOTIENT Function 106
RADIANS Function 107
RAND Function 107
ROUND Function 107
ROUNDDOWN Function 108
ROUNDUP Function 109
SIGN Function 110
SIN Function 111
SINH Function 111
SQRT Function 112
SUM Function 113
SUMIF Function 114
SUMX2MY2 Function 125
TAN Function 126
TANH Function 126
TRUNC Function 127
Statistics Functions 128
AVEDEV Function 129
AVERAGE Function 130
AVERAGEA Function 131
BINOMDIST Function 132
CHIDIST Function 133
CHIINV Function 134
CONFIDENCE Function 135
CORREL Function 136
COUNT Function 137
COUNTA Function 138
COUNTBLANK Function 140
COUNTIF Function 141
COVAR Function 144
CRITBINOM Function 145
DEVSQ Function 146
EXPONDIST Function 147
FDIST Function 148
FINV Function 149
FISHER Function 150

5
 RSA Archer GRC Platform Calculations

FISHERINV Function 151

FORECAST Function 152
GAMMADIST Function 152
GAMMAINV Function 155
GAMMALN Function 156
GEOMEAN Function 156
HARMEAN Function 157
HYPGEOMDIST Function 158
INTERCEPT Function 160
KURT Function 161
LARGE Function 162
LOGINV Function 162
LOGNORMDIST Function 163
MAX Function 164
MAXA Function 165
MEDIAN Function 166
MIN Function 168
MINA Function 169
MODE Function 169
NEGBINOMDIST Function 171
NORMDIST Function 172
PEARSON Function 173
PERCENTILE Function 174
PERCENTRANK Function 174
PERMUT Function 176
POISSON Function 177
PROB Function 177
RANK Function 179
RSQ Function 180
SKEW Function 181
SLOPE Function 182
SMALL Function 183
STANDARDIZE Function 184
STDEV Function 184
STDEVA Function 185
STDEVP Function 186
STDEVPA Function 187
STEYX Function 189
SUM Function 189
SUMIF Function 190
SUMPRODUCT Function 201
SUMSQ Function 202
SUMX2PY2 Function 202
SUMX2MY2 Function 203
SUMXMY2 Function 204
TRIMMEAN Function 205
VAR Function 205
VARA Function 206
VARP Function 207
VARPA Function 208
WEIBULL Function 209

6
RSA Archer GRC Platform Calculations

ZTEST Function 209

System Functions 210
CONTAINS Function 211
CONTENTID Function 214
GETGROUPS Function 215
GETUSERS Function 217
GROUP Function 218
ISCORRECT Function 222
ISEMPTY Function 223
ISNUMBER Function 224
MOSTRECENTVALUE Function 225
NOVALUE Function 225
OTHERTEXT Function 226
REF Function 227
SELECTEDVALUENUMBER Function 228
TRACKINGID Function 230
USER Function 231
USERFIRSTNAME Function 238
USERLASTNAME Function 239
USERMIDDLENAME Function 240
VALUEOF Function 241
WEIGHTEDSCORE Function 242
WEIGHTING Function 243
Text Functions 244
CONCATENATE Function 244
FIND Function 245
LEFT Function 246
LEN Function 247
LOWER Function 247
MASKEDTEXT Function 248
NUMBERFORMAT Function 249
PROPER Function 250
RIGHT Function 251
SUBSTRING Function 252
TRIM Function 253
UPPER Function 253
Chapter 4: Best Practices 255
Calculations Best Practices 255
Calculated Field Use Cases 255
ID Generation 255
Scoring 256
Date Countdown 256
Circular References 256
Always Recalculate Flag 258
Complex/Nested Formulas 259
Common Mistakes 260
DATE 260
ROUND 260
STRING 261
VALUEOF 261

7
 RSA Archer GRC Platform Calculations

Chapter 5: Troubleshooting 263

Calculations Troubleshooting Tips 263
Deciphering Error Messages 263
Common Error Messages 263

8
 RSA Archer GRC Platform Calculations

Preface

About this Guide

The Calculations feature within the Platform enables administrators to specify a
formula for dynamically computing a value for a Numeric, Text, Date, or Values
List field. The Platform provides a library of functions and operators that
administrators can select when building a formula for a calculated field, and the
formula for one calculated field can be made dependent on the results of other
calculations. Calculated field formulas can also reference field values in other
applications, enabling powerful cross-module calculations.
The Calculations feature removes the need for tedious and potentially error-prone
manual calculation procedures. Calculated fields can be used to produce weighted
risk scores for risk assessments, to display the number of days remaining before a
critical deadline, or to develop complex workflow processes using a series of "if-
then" statements to direct the flow of data, among many other customized uses. For
more information on the behavior of a calculated field and how calculation errors
are handled, see Recalculation and Error Handling Rules.

Building Formulas
The Formula Builder provides direct access to the full power of the calculation
engine. Less experienced users can leverage the build-and-learn nature of the
interface, allowing them to review a listing of functions and operators and the
ability to quickly determine what fields are available to use within the calculation
syntax. Power users can use direct formula entry, name-based field referencing and
a familiar function and operator library. For more information on constructing
calculated field formulas, see Build a Formula for a Calculated Field.

Executing Calculations
Calculations execute when a record is saved or applied. The Platform determines
whether changes in the record warrant a recalculation of the record's calculated
fields. If the update to the record does not impact a specific calculated field, the
Platform does not recalculate the value of that field. This evaluation optimizes
system performance and eliminates unnecessary calculations. The Platform
administrators have the option, though, to recalculate a specific field within an
application, even if the changes within the record do not lead to an updated
calculated value.

Preface 9
 RSA Archer GRC Platform Calculations

If no changes are committed to a record, calculated values within that record are
not updated. At times, though, business requirements may dictate that date-sensitive
formulas be recalculated on a daily basis. To meet this need, the Platform offers a
recalculation scheduler. Once a Platform application has been placed on a
recalculation schedule, the system automatically refreshes the values of all
calculated fields each day at the specified time. For information on managing
recalculation schedules, see Schedule Recalculations.

Resolving Dependencies
One of the most powerful facets of working with calculations is the ability to
reference one or more calculated fields within another calculated field formula. For
example, a "final score" value might be computed by summing the values of several
calculated "section score" fields. In such a scenario, there are inherent calculation
dependencies. Each of the section score values must be computed before the final
score can be computed. To address scenarios like this, an interactive list interface
is provided to allow administrators to configure the necessary order for performing
calculations. Once the field calculation order is established for an application, field
dependencies simply manage themselves. For more information on resolving
dependencies within calculations, see Define the Execution Order for Multiple
Calculated Fields.
You can perform the following tasks to manage calculations:
l Create a Calculated Field
l Build a Formula for a Calculated Field
l Define the Calculation Properties
l Define the Execution Order for Multiple Calculated Fields
l Execute Calculations
l Schedule Recalculations
l Execute an On-Demand Recalculation

Essential Terminology
It is important to understand the following terms when working with calculated
fields.

10 Preface
 RSA Archer GRC Platform Calculations

Term Definition

Always (calculate) A property of a calculated field that specifies that the field is
always recalculated whenever content changes.

Asynchronous A process that runs independently in the background. Most

calculations are queued for re-calculation in an asynchronous
job instead of inline on content save. Content is updated when
the job runs instead of immediately.

Calculate Immediately The means to update a calculated field inline while viewing or
editing a record that has a calculated field.

Execution The means of calculating the value of a calculated field.

Calculations can be executed inline or asynchronously.

Formula Builder A built-in formula editor that contains a library of functions and
operators. Use this tool to create formulas for calculated fields.

Marked Content Any content that has an outstanding calculation that needs to
be recalculated. This content is ‘marked’ for recalculation.

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Preface 11
 RSA Archer GRC Platform Calculations

Guide Description

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference
Guide
Provides IT managers and programmers with a list of
the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.

12 Preface
 RSA Archer GRC Platform Calculations

The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC

initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 13
 RSA Archer GRC Platform Calculations

Chapter 1: Calculations

Calculations Process Overview

Formulas of calculated fields are recalculated whenever there is a change in the
content of a field, related field, or sub-form. Calculations may occur immediately or
asynchronously as a queued or scheduled job. Immediate calculations are triggered
by a user saving a record that is either 'marked' or changing a field that is used by a
calculated field in the same level. Queued asynchronous jobs run based on the
number of jobs in the job queue. Scheduled asynchronous jobs run at a specified
time regardless of any current activity on the record.
'Marked' content is changed to an‘unmarked’ status when a user saves that content.
The following scenarios trigger calculations.

Scenario 1 Edit a record by changing a field that is tied to a calculated field in an

application.
Save the record.
Any calculated field dependent on that change is recalculated
immediately.

Scenario 2 Edit a record that has a dependent field in a related application.

Drill into a cross-reference application.
Change the dependent field in a related record.
Save the record.
Recalculations for the dependent fields are queued in an asynchronous
job that is processed based on the number of jobs in the job queue.

Immediately Applied Calculations

An immediately applied calculation can be performed in a cross-referenced
application one level away. For example, Application A is dependent on a
calculated field in Application B. Application B has a cross-reference relationship
with Application A. When a record is updated in Application B, its related record in
Application A can be recalculated immediately when the user returns to
Application A and clicks Apply or Save.
Related records are updated when a user initiates the recalculation or the
recalculation is updated through an asynchronous job. When updated by the user,
the Last Updated field contains the identification of the user who updated the
record. When updated by an asynchronous job, the Last Updated field is not
updated.

Chapter 1: Calculations 15
 RSA Archer GRC Platform Calculations

Asynchronous Job Calculations

Calculations are queued in an asynchronous job in various ways. Content affected
by the change is flagged as ‘marked’ content.
The following is a list of the ways asynchronous jobs are queued:
l Change the formula of a calculated field, and select Yes to recalculate the field.
l Change the weight of a question field.
l Change the order of calculations.
l Change the Recalculation option of a calculated field, and select Yes to
recalculate the field.
l Change the Error Handling option of a calculated field, and select Yes to
recalculate the field.
l Change the input mask on a text field that is referenced by a calculated field.
l Change the numeric attribute of a value in a Values List field that is referenced
by a calculated field.
l Change the Other text attribute of a value in a Values List field that is
referenced by a calculated field.
l Change the Correctness attribute of a value in a Questions Values List field that
is referenced by a calculated field.

Calculation Properties
The calculated field properties include the formula, and recalculation and error
handling rules.

Formula Builder
The Formula Builder provides direct access to the full power of the calculation
engine. Less experienced users can leverage the build-and-learn nature of the
interface. They can review a listing of functions and operators to determine quickly
what fields are available to use in the calculation syntax. More experienced users
can use direct formula entry, name-based field referencing, and a familiar function
and operator library.
Formula Builder is accessed from the Add Formula link in the Calculation
Properties section of the Manage Field: [New Field] page.

Recalculation and Error Handling Rules

The following table shows the rules that determine the behavior of a calculated
field and how calculation errors are handled.

16 Chapter 1: Calculations
 RSA Archer GRC Platform Calculations

Rule Description

Recalculation Determines when a field is recalculated As Needed or Always.

As Needed. Formulas are recalculated when a dependent field in the
formula changes.
Always. Formulas are recalculated every time content is saved even
though a field is not referenced in the formula. Formulas that contain
NOW ( ) and TODAY ( ) functions, or user first name, last name, and
middle name (Editor) parameters are recalculated regardless of content
change.

Error Handling Determines what happens when a calculation error occurs. This rule
has the following options:
Display Error. The word Error is displayed as a link when a
calculation error occurs. Users with the appropriate access privileges
can click the link to open the Calculation Error page where the error
is explained.
Use No Value. An empty value is saved in the field when a
calculation error occurs.
Use Specific. A specific value is saved in the field when a
calculation error occurs.

Define the Calculation Properties

You can govern the frequency of calculations and how error messages are
communicated to end users. By managing the properties of a calculation you can
minimize unnecessary system activity. If an update to a record does not impact a
specific calculated field, Archer does not recalculate the value of that field. This
evaluation optimizes system performance and eliminates unnecessary calculations.
Archer administrators have the option, though, to recalculate a specific field(s)
within an application, even if the changes within the record will not lead to an
updated calculated value.

Procedure
1. Select the component that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click the link (Manage Applications, Manage Questionnaires, or Manage
Sub-Forms) for the type of component that you want to manage.
d. Click the application, questionnaire, or sub-form.

Note: If you cannot select the name, you do not have access rights to it.

Chapter 1: Calculations 17
 RSA Archer GRC Platform Calculations

2. Click the Fields tab and click the field that you want to define as a calculated
field. This must be a Date, Numeric, Text, or Values List field.
3. Click the Options tab.
4. Locate the Calculation Properties section. (If this section does not display,
verify that Calculated Field is selected in the Options section.)
5. In the Recalculation field, select from the following options:
l As Needed. Formulas are recalculated when a dependent field in the formula
changes.
l Always. Formulas are recalculated every time content is saved even though
a field is not referenced in the formula. Formulas that contain NOW ( ) and
TODAY ( ) functions, or user first name, last name, and middle name
(Editor) parameters are recalculated regardless of content change.
6. In the Error Handling field, select from the following options:
l Display Error. The word Error is displayed as a link when a calculation
error occurs. Users with the appropriate access privileges can click the link
to open the Calculation Error page where the error is explained.
l Use No Value. An empty value is saved in the field when a calculation error
occurs.
l Use Specific. A specific value is saved in the field when a calculation error
occurs.
7. Click Save.

Recalculation Conditions
Calculated fields can be recalculated in View or Edit mode. To initiate an
immediate recalculation, a user must have update permissions to the record. When
initiated from either mode, only the content that is 'marked’ is recalculated.
Content changes may result in outstanding calculations in a related level or
application.
The recalculation can be initiated when content is actually changed or for content
that has a status of ‘marked’ for recalculation. All calculated fields are recalculated
immediately within the current content. All related content affected by the change
is 'marked' and queued for recalculations in an asynchronous job. When save or
apply updates calculated fields and there are no other user changes, notification are
not sent.
When 'marked' content is calculated asynchronously, only the fields associated with
the executed job are calculated. Notifications are never sent. Notifications are only
sent when a user saves a record.
Calculated fields are only recalculated based on changes made directly in a data
feed, data import, web API, or scheduled recalculation jobs.

18 Chapter 1: Calculations
 RSA Archer GRC Platform Calculations

Recalculations in View Mode

When in View mode, a message is displayed stating that the content may not be
current. The Recalculate button is available.

Example 1: Cross-Referenced Field Updated

Scenario Calculated field is [Total Risk] in Application A. [Risk] is a cross-

referenced field. [Controls] is a level in the cross-reference multi-level
application and [Severity Rating] is a field in the Controls data level.
SUM(REF([Risk], [Severity Rating], [Controls]))

Action 1 User edits [Severity Rating] in Application B.

[Severity] = 12.
User changes value of [Risk] to 11 and clicks Save.
Content of [Total Risk] is ‘marked’ for recalculation.

Action 2 User with Read and Update permissions returns to Application A in

View mode and clicks Recalculate.

Action 3 User saves record in Application B.

Results [Total Risk] is recalculated immediately, and the updated value is

displayed.
[Total Risk]=23

Recalculations in Edit Mode

When in Edit mode, the Recalculate button is not available. The recalculation is
initiated from the Apply or Save button. The Apply button returns the same results
as the Recalculate button in View mode.

Chapter 1: Calculations 19
 RSA Archer GRC Platform Calculations

Example 1: Cross-Referenced Field Updated

Scenario Calculated field is [Total Risk] in Application A. [Risk] is a cross-

referenced field. [Controls] is a level in the cross-reference multi-level
application and [Severity Rating] is a field in the Controls data level.
SUM(REF([Risk], [Severity Rating], [Controls]))

Action 1 User drills into [Severity Rating] in Application B.

[Severity] = 12.
User changes value of [Risk] to 11 and clicks Save.
Content of [Total Risk] is ‘marked’ for recalculation.

Action 2 User with Read and Update permissions returns to Application A in Edit
mode and clicks Save.

Action 3 User saves record in Application B.

Results [Total Risk] is recalculated immediately, and the updated value is

displayed.
[Total Risk]=23

Example 2: Calculated Field Updated by Data Feed

Scenario Application A has three fields Risk, Criticality, and Severity. Rating is a
related record in Application B.
[Total Risk] is dependent on the value of [Criticality].
SUM(REF([Risk], [Criticality]))
[Severity] is dependent on [Rating].
IF([Rating]=10, VALUEOF ([Severity],"High"),VALUEOF ([Severity],
"Low")

Action 1 User changes the value of Critically in Application B and clicks Save.

Results Related content in Application A is 'marked'.

20 Chapter 1: Calculations
 RSA Archer GRC Platform Calculations

Action 2 Data feed updates [Rating] in Application A to a value of 10. Severity is

calculated upon content save initiated by the data feed.

Results [Total Risk] is not recalculated.

[Rating] is updated during the data feed.
[Severity] is changed to High.

Action 3 User view records and clicks Recalculate.

Results [Total Risk] is recalculated immediately.

Calculated Field Formula

When you changes the formula of a calculated field and schedules the recalculation
in an asynchronous job, the content affected by this change has a status of ‘marked’
for recalculation.
When this condition exists, the following occurs:
l The asynchronous job is queued with all fields ‘marked’ for recalculation.
l The content is ‘marked’ for recalculation and can be recalculated immediately in
View or Edit mode.
l Any calculated field in the same level with the content status of ‘marked’ is
reset and is no longer ‘marked’ for recalculation.

Example 1: Asynchronous Job Queued

Scenario There are four fields: Risk, Criticality, Controls, and Rating.
Risk is dependent on the value of Criticality.
SUM([Risk], [Criticality]).
Field Controls is dependent on the value of Rating.
IF(CONTAINS[Rating] “10”, RANK(REF([Controls] “5”)))

Action 1 Administrator updates both formulas of the calculated fields and

schedules an asynchronous job to recalculate the fields.

Results Formulas are updated in the applications.

[Risk] and [Controls] are ‘marked’ for recalculation.

Chapter 1: Calculations 21
 RSA Archer GRC Platform Calculations

Action 2 User with Read and Update permissions views the record in View
mode.
User notices message that content is not up to date and clicks
Recalculate.

Results [Risk] is recalculated immediately, and the updated value is displayed.

[Controls] is recalculated immediately, and the updated value is
displayed.

When you changes the formula of a calculated field but does not schedule the
recalculation in an asynchronous job, the contents in this application affected by this
change is not ‘marked’. When this condition exists, the content status is updated by
a user saving the change or by the asynchronous job.
However, if you changes one or more fields and only schedules an asynchronous
job for one of the fields, all fields ‘marked’ for recalculation are included in the
asynchronous job.

Example 2: Asynchronous Job Not Queued

Scenario There are four fields: Risk, Criticality, Controls, and Rating. Risk is
dependent on the value of Criticality. SUM([Risk], [Criticality]). Field
Controls is dependent on the value of Rating. IF(CONTAINS[Rating]
“10”, RANK(REF([Controls] “5”)))

Action 1 Administrator updates both formulas of the calculated fields and does not
schedule an asynchronous job to recalculate the fields.

Results Formulas are updated in the applications. [Risk] and [Controls] are not
‘marked’ for recalculation.

Action 2 User with Read and Update permissions views the record in View mode.
User is not notified that content is not up to date.

Results Contents of [Risk] and [Controls] are not updated.

Other Recalculation Conditions

Other conditions may also trigger a recalculation condition.
Full Module Calculations. All fields for all content are queued for recalculation
but are not ‘marked’.
Scheduled Recalculations. Content status remains unmarked and the calculation is
updated by an asynchronous job. Only the fields that are set to Always and formulas
with NOW( ) and TODAY( ) functions are recalculated.

22 Chapter 1: Calculations
 RSA Archer GRC Platform Calculations

Related Content. When a user, job engine, data feed, or Web API makes a change
to a field that affects changes in a related module, the following occurs:
l An asynchronous job is scheduled to recalculate all affected content one level
away of the related module, for example related record in current application or
cross-referenced application in related record.
l All affected content in the related module (one level away) is ‘marked’ for
recalculation.

Recalculation Scheduling
When scheduling recalculations for an application, those recalculations will impact
all records within the application, including records currently opened (locked) for
editing. When scheduling recalculations for a sub-form, those recalculations will
impact all records in the sub-form across all applications in which the sub-form is
embedded. If an application contains both a sub-form and a calculated field whose
value is dependent on a field within the sub-form, records in the application will
also recalculate when sub-form-level records recalculate. This is only true,
however, for application records in which a user has made at least one entry in the
embedded sub-form.
Note the following additional information about recalculations in calculated fields:
l In addition to scheduled recalculations, field recalculations are performed for a
record each time a user clicks Save or Apply for the record.
l Performing a search does not trigger a recalculation of field values.
l Scheduled recalculations are written directly to the database and are not
interpreted by the application as true “record save” events and are not captured
in the History Log field.
l Scheduled recalculations do not trigger notifications.
l Field-value changes stemming from a scheduled recalculation are not reflected
in the audit information displayed alongside a field.
l Each time that you create or edit a calculated field, the system searches for
NOW and TODAY in all of the application's or sub-form's formulas. If the
system can no longer locate either of these functions, any previously configured
recalculation schedule are automatically disabled for the application or sub-form.
l Fields with the As Needed option selected for recalculations are only
recalculated if the value will be changed.
l In multi-level applications, recalculation schedules are level-specific.

In addition to a scheduled recalculation, you can also execute an on-demand

recalculation. For more information on performing an immediate recalculation, see
Execute an On-Demand Recalculation.

Chapter 1: Calculations 23
 RSA Archer GRC Platform Calculations

Schedule a Recalculation
You can configure a batch recalculation schedule for an application or sub-form
using the Recalculation Schedule function. Records containing date information
may need to be updated on a scheduled basis, even if no other changes are being
saved to the record. By using the recalculation schedule option, you can ensure that
your date-based information is kept current. This option is available only if your
application or sub-form contains at least one calculated field that uses the TODAY
or NOW functions.

Procedure
1. Navigate to the Manage Applications page:
a. Click the Administration workspace.
b. On the Navigation Menu, click Application Builder.
2. Click Manage Applications, Manage Questionnaires, or Manage Sub-Forms
depending on the type of component that you want to manage.
3. Click the application, questionnaire, or sub-form that you want to update.

Note: If you cannot select the name, you do not have access rights to it.

4. Click the Calculations tab.

5. In the Recalculation Schedule section, select Recalculations.

Note: If your application or sub-form does not contain at least one calculated
field that uses the TODAY or NOW functions, you cannot access the
Recalculation Schedule dialog box. Scheduled recalculations are necessary only
if you need to evaluate content within the context of the passage of time.

6. In the Interval field, enter the frequency, in days, for how often you want to
execute a recalculation.
For example, if you entered "7", the application would recalculate every seven
days.
7. In the Begin Time field, enter the time of day that you want to execute the
recalculation.
8. In the Time Zone field, select the time zone to reference for determining the
Begin Time value.
9. Click Save.

Execute an On-Demand Recalculation

You can execute an on-demand recalculation, in addition to scheduling a
recalculation.

24 Chapter 1: Calculations
 RSA Archer GRC Platform Calculations

Important: Be careful when selecting this option as all calculated fields in all
records within the application, level (for leveled applications), or sub-form will be
recalculated, even fields that have been selected with the As Needed option at the
field level. This may impact system performance.

For more information on recalculating values, see Schedule Recalculations.

Note: When you are viewing a record of an application of which you are the
assigned owner or an administrator, you can recalculate all calculated fields within
the records. For more information, see Force Content Recalculation.

Procedure
1. Navigate to the Manage Applications page:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder.
2. Click the link (Manage Applications, Manage Questionnaires, or Manage
Sub-Forms) for the type of component that you want to manage.
3. Click the application, questionnaire, or sub-form that you want to update.

Note: If you cannot select the name, you do not have access rights to it.

4. Click the Calculations tab.

5. Locate the On-Demand Recalculation section.
6. Click Launch Full Recalculation.
A Warning dialog box opens.
7. Click Yes to confirm the recalculation.

Force Content Recalculation

Normally, calculated fields only are updated when a record changes. However,
application owners and system administrators can force a recalculation of all
calculated fields in a record using .
The Recalculate feature is available in:
l A record that is in View mode.
l A cross-reference record that is opened in View mode from another record.
l A sub-form record that is opened in View mode from another record.

Chapter 1: Calculations 25
 RSA Archer GRC Platform Calculations

The following are restrictions to the Recalculate feature:

l The recalculate option only is available for the application owner and
administrators. If you do not see on a record in View mode, you are not the
application owner or an administrator.
l When the recalculation is performed, the Platform only performs the
recalculation on the current record. The recalculation is not performed on cross-
reference or sub-form fields within the record.
l For the recalculate option to be available within a cross-reference record that is
in View mode, you must be either the cross-reference application owner or an
administrator.
l For the recalculate option to be available within a sub-form record that is in
View mode, you must be either the sub-form owner or an administrator.
l You cannot perform a recalculation on archived records.

Procedure
1. View an existing record.

2. Click in the page toolbar.

The Platform recalculates the content immediately, and after it completes the
recalculation, it saves the content of the record.

Note: As a result of the save, no notifications, generating findings, workflow, or

publishing events occur doing the recalculation.

26 Chapter 1: Calculations
 RSA Archer GRC Platform Calculations

Chapter 2: Calculation Execution

Execute Calculations
Calculations are executed either through administrative or user functions. A formula
executed from an administrative function runs in an asynchronous job. This job can
be queued to run during normal processing or scheduled to run at a specific time. A
formula executed from a user function is triggered from the Recalculate button in
View mode, or the Apply or Save button in Edit mode.

Function Action Execution

Administrative Calculations Administrator updates a formula of a calculated

queued in an field and queues an asynchronous job. This job
asynchronous job runs during normal processing based on the
number of jobs in the queue.

Calculations 1. Administrator schedules an asynchronous

scheduled in an job to run a full module recalculation. The
asynchronous job job is queued with all fields in the module
for calculation.
2. Administrator schedules an asynchronous
job for recalculation to run at a specified
time. When job runs, all formulas with
NOW ( ) and TODAY ( ) functions and
any calculated fields set to Always
recalculate are calculated.

User Calculations User clicks the Recalculate button in View

recalculated inline mode. Content ‘marked’ for recalculation is
recalculated.

Calculations User clicks the Apply button in Edit mode

recalculated inline without making a change. Content ‘marked’ for
recalculation is recalculated.
User clicks the Save button in Edit mode after
making a change. Content is saved and
‘marked’ content is recalculated.

Special Considerations
Formulas of calculated fields are allowed unrestricted access to data in all private
fields, regardless of the access rights configured for those fields.

Chapter 2: Calculation Execution 27

 RSA Archer GRC Platform Calculations

Notifications are not sent if changes only affect a calculated field on Apply or
Save. If content changes are made to other fields, notifications are sent.
Changes must be detected and recognized for notifications to be sent. For example,
suppose Field A is a numeric field with the value of 5. A user changes this field to
a value of 10, and then back to a value of 5, and then saves. In this case, the
notification is not sent because the actual value of the field did not change. The
original and ending field value is 5.
Calculations are executed in the order that they are defined. Calculations that are
dependent on other calculations may not produce the intended results if they are not
correctly sequenced. Consider the calculation order to ensure correct calculations.
The calculation order can be rearranged.

Dependencies Resolution
One of the most powerful facets of working with calculations is the ability to
reference one or more calculated fields in another calculated field formula.
For example, a final score value might be computed by summing the values of
several calculated section score fields.
In this example, there are inherent calculation dependencies. Each of the section
score values must be computed before the final score can be computed.
Administrators can specify the order in which calculations are performing. After
the field calculation order is established for an application, field dependencies
simply manage themselves.

Syntax Rules
The formula syntax is vital to creating efficient and effective formulas. Formula
Builder includes a library of functions and operators. Each function includes a full
description and proper syntax.

References in Formulas
References in formulas can be fields in an application, sub-form, or questionnaire.
Fields can reside in the current application or in cross-referenced applications. A
calculated field can reference fields in the current application, in a sub-form
embedded in the application, or in a related application. A calculated field for a
sub-form can reference fields in the sub-form or in a related application.

28 Chapter 2: Calculation Execution

 RSA Archer GRC Platform Calculations

Values List Value References

A formula can contain specific values from Values List fields in a calculated field
of an application or sub-form. These field-value references are dynamically
maintained by the Platform, meaning that if a value is modified in a values list and
that value has been referenced in a formula, the Platform automatically updates the
value in the formula so that it remains a valid field-value reference. For example, if
the value Important is changed to Urgent in a global or field-specific values list, any
formula that references the value Important is updated to reference the value
Urgent instead.
To reference a Values List value in a formula, use the VALUEOF function and
surround the value name in quotes, as shown in the following example:
IF(CONTAINS(EXACT, VALUEOF([Risk Rating], "High")),"Yes","No")
This formula evaluates the Risk Rating field, which is a Values List field, for the
presence of the value High. If this value is found, the calculated field is populated
with Yes. If not, it is populated with No.
In addition to monitoring a Values List field for the presence of a specific value, the
VALUEOF function can dynamically set a Values List field selection based on
other conditions in a record.

Example: Dependent on Value in a Values List

Formula IF(CONTAINS(ANY, [Location], VALUEOF([Location], "New York")),

(VALUEOF[Area],"Local", (VALUEOF[Area],"Global"))

Results This formula evaluates the Location field for the presence of the value New
York.
If the value is present and selected, the value Local is selected in the
calculated Values List field.
If the value New York is not found, the calculated field is populated with
the value Global.

If the Values List values in a calculated field formula have associated numeric
values, those numeric values can be referenced using the
SELECTEDVALUENUMBER function. Use this function to create a formula that
produces an average of the numeric values selected in the field.

Chapter 2: Calculation Execution 29

 RSA Archer GRC Platform Calculations

Example: Average of Numeric Values in Selected Field

Scenario Suppose the Affected Departments field has the values Accounting, IT, and
Sales and those text values are assigned the numeric values 10, 8, and 6,
respectively.

Formula AVERAGE(SELECTEDVALUENUMBER([Affected Departments]))

Results If the values Accounting and IT are selected in the Affected Departments
field, this formula populates the calculated field with the value 9.

Cross-Application References
Calculated fields in an application, questionnaire, or sub-form can be referenced in
related applications or questionnaires, resulting in cross-application calculations.
The following figure shows the fields that are available for cross referencing in a
formula.

The syntax for a formula containing a cross reference is:

REF([Cross-Reference Field Name], [Field Name])
The following is a formula that references a field from a related application:
IF(CONTAINS(REF([Risk Assessments], [Overall Risk Exposure]),VALUEOF((REF
([Risk Assessments], [Overall Risk Exposure]),"High")),"No","Yes")
This formula evaluates the Overall Risk Exposure field in the Risk Assessments
cross-reference field for the value High. If the value is found, the calculated field is
populated with the value No. Otherwise, the field is populated with the value Yes.

Leveled Application References

Calculated fields in a leveled application use the REF function to reference fields in
an associated or dependent level. The formula looks like this:
REF([Cross-Reference Field Name], [Field Name], [Data Level Name]).

30 Chapter 2: Calculation Execution

 RSA Archer GRC Platform Calculations

The following example shows a formula for references of a field from a related
leveled application:

Example: Formula in a Leveled Application

Formula AVERAGE(REF([Response Measures], [Severity Rating], [Responses]))

Results This formula averages the values of the Severity Rating field for
related records in the Responses data level of the related application.
Suppose there are three records related to the associated record with
values of 2, 9, and 4 in the Severity Rating field in the Responses data
level.
The calculation for this formula returns a value of 5.

Sub-Form References
A calculated field of a sub-form can reference fields in the sub-form or in a related
application. Calculated fields in a sub-form cannot reference fields in its parent
application.
When a field in a related application is changed, sub-form records are queued for
recalculation in an asynchronous job.
The following field types can be used in a formula for creating a calculated field in
a sub-form:

l Cross-Reference l Record Status

l Date l Text
l First Published Date l Tracking ID
l Last Updated Date l User Group
l Numeric l Values List

Chapter 2: Calculation Execution 31

 RSA Archer GRC Platform Calculations

Chapter 3: Formula Builder

Calculated Fields
A calculated field is not an additional field type, but a configuration option for
existing field types within the Platform. Calculations can be created for fields in
any application, questionnaire or sub-form for which you have been assigned
ownership rights. Platform administrators can calculate the values of the following
field types:
l Text
l Numeric
l Date
l Values List

Note: Calculated fields are read only for all application users. The value of a
calculated field is populated by the system.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
Platform database. As a result, dates and times in calculations are returned in
GMT.

When creating a calculated field, you can build a formula for the field using a
library of functions and operators provided by the Platform. The following is an
example of a formula for determining the number of days between the date a record
was last updated and the date of a critical deadline:
DATEDIF([Last Updated Date],[Project Deadline])
Other examples of how your organization may use this feature include the
following:
l Creating custom tracking IDs
l Comparing the values of two fields
l Performing a calculation to be used in the calculation of another field
l Displaying the number of days remaining prior to a due date
l Performing complex risk calculations based on the results of values in other
fields
l Calculating custom threat and severity ratings

Chapter 3: Formula Builder 33

 RSA Archer GRC Platform Calculations

The calculation formula is managed and configured for each individual field within
that field's Define fields page. This topic explains how to define a Date, Numeric,
Text, or Values List field as a calculated field and provides links to sub-topics for
configuring calculated field properties.

Create a Calculated Field

You can define a Text, Numeric, Date, or Values List field as a calculated field
which enables you to specify a formula for dynamically computing a value for the
field.

Procedure
1. Select the component that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click the link (Manage Applications, Manage Questionnaires, or Manage
Sub-Forms) for the type of component that you want to manage.
d. Click the application, questionnaire, or sub-form.

Note: If you cannot select the name, you do not have access rights to it.

2. Click the Fields tab and click the field that you want to define as a calculated
field. This must be a Date, Numeric, Text, or Values List field.
3. Click the Options tab.
4. In the Options section, select Calculated Field.
The Calculation Properties section is displayed.

Important: If you select Calculated Field and save this change for a field in
which user-entered values have already been entered, all values written to that
field are deleted across all records in the application and are replaced with
calculated values. Conversely, if you clear the Calculated Field checkbox for a
field in which calculated values have already been saved, those calculated
values are retained in the database.

Next Steps
Build a Formula for a Calculated Field

34 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Builder
The Formula Builder enables you to select fields whose values you want to
reference in the formula. For example, you could produce a formula that references
a Risk Rating field within an application or sub-form and multiplies that field's
value by 1.5 to produce a weighted risk score. For more information on referencing
fields in a formula, see Field References within Calculated Field Formulas.
Note the following when creating or modifying a formula for a calculated field:
l If a formula previously defined for a calculated field is altered, upon save the
user is prompted whether to recalculate the field.
l Values List fields that are configured to allow multiple selections can only be
referenced in formulas with the ISEMPTY, CONTAINS, and COUNT
functions. If a formula uses functions other than ISEMPTY, CONTAINS, or
COUNT to reference a multi-select Values List field with a Maximum Value
setting greater than 1, the formula fails validation.
l If a comparison operator (=, <, >, <=, >=, <>) references a Values List field
configured to allow multiple selections, the formula fails validation.
l Formulas for calculated fields that reside in a sub-form only are permitted to
reference other fields within the same sub-form. Calculated fields in a sub-form
cannot reference fields that reside in the parent application.
l Calculated-field formulas are allowed unrestricted access to data in all private
fields, regardless of the access rights configured for those fields.

Build a Formula for a Calculated Field

You can build a formula for a calculated field that dynamically computes the field's
value within individual records. The Formula Builder provides a library of
functions, for example, IF, ROUND, AVERAGE, and operators, for example, +, -,
<=, and so on, that you can use to build a formula. For each function and operator,
the Formula Builder also offers a description and examples for use.

Procedure
1. Select the component that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click the link (Manage Applications, Manage Questionnaires, or Manage
Sub-Forms) for the type of component that you want to manage.
d. Click the application, questionnaire, or sub-form.

Note: If you cannot select the name, you do not have access rights to it.

Chapter 3: Formula Builder 35

 RSA Archer GRC Platform Calculations

2. Click the Fields tab and click the field that you want to define as a calculated
field. This must be a Date, Numeric, Text, or Values List field.
3. Click the Options tab.
4. In the Calculation Properties section, click Add Formula.
The Formula Builder page is displayed. (If the Calculation Properties section
does not display, verify that Calculated Field is selected in the Options section.)
See Formula Builder.

Note: You also can edit a formula directly in the Formula field without opening
Formula Builder.

5. Scroll down to display the Help section and under Functions & Operators,
locate the functions and operators that you want to use in the calculated field
formula.
When you click a function in this list, the Description field displays a
description of the function, the proper syntax for using the function in a formula,
descriptions of each parameter in the syntax, and examples of the function in
use. When you click an operator in the list, the Description field displays a
description of the operator and an example of the operator in use.
6. In the Formula field at the top of the page, enter the functions and operators
that you want to include in the formula, using the syntax provided in the
Description field.
You can nest functions to create more complex formulas. In the following
example, the MAX function is nested within the IF function:
IF(MAX([Field 1],[Field 2])<12, "Minor", "Urgent")
This formula would determine the maximum value between Field 1 and Field 2
for a record, and if the maximum value is less than 12, the formula would return
the value Minor in the calculated field. If the maximum value is greater than or
equal to 12, the formula would return the value Urgent in the calculated field.
7. To include a field reference as a parameter for the formula, click the field in the
Available Fields list.
The field is added to your formula, and the field name is surrounded by
brackets, for example, [Field Name]. For a list of field types that you can
reference in a formula, see Field References within Calculated Field Formulas.
When a field is referenced in a formula, the value in that field is used to
compute the calculated field value in each record. For example, if you use the
DATEDIF function in your formula and reference the Last Updated Date and
Deadline fields within an application, the formula would produce a value of 15
days in the calculated field for a record if the Last Updated Date value for that
record is 1/1/2005 and the Deadline value is 1/15/2005.

36 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

8. To include a field-value reference from a Values List field as a parameter for

the formula, expand the appropriate field node in the Available Fields list and
select the value.
The value is added to your formula within the "VALUEOF" function.

Note: If you select a field value to reference in your formula and that value is
later modified within the values list, the field-value reference in your formula is
automatically updated to reflect the modified value.

9. When you finish creating the formula, click Validate in the top-right corner of
the Formula Builder.
If the validation process encounters an error in the formula, a message displays
that describes the error or alerts you that the formula contains an unknown error.

Important: The validation process only identifies one error at a time, even if the
formula contains multiple errors. If you get an error message, correct the error
and click Validate again. If you get another error message, correct that error as
well. Continue this process until the formula passes the validation process.

10. Click OK.

11. Click Save.

Next Steps
Define the Calculation Properties

Define the Execution Order for Multiple Calculated Fields

If you are working with an application or sub-form that contains multiple calculated
fields and the formula for one calculated field is dependent on the result of another
calculated field, you must specify the order in which the calculated fields will be
computed. The Field Calculation Order section, which is accessible from the
Calculations tab, is provided for this task.

Note: When a new calculated field is added to an application, questionnaire or sub-

form, it displays at the bottom of the list in the Field Calculation Order listing.

Procedure
1. Click the Administration workspace.
2. In the Navigation Menu, click Application Builder.
A menu of Application Builder pages is displayed.
3. Click the link (Manage Applications, Manage Questionnaires, or Manage
Sub-Forms) for the type of component that you want to manage.

Chapter 3: Formula Builder 37

 RSA Archer GRC Platform Calculations

4. Click the application, questionnaire, or sub-form that you want to update.

Note: If you cannot select the name, you do not have access rights to it.

5. Click the Calculations tab.

6. Locate the Field Calculation Order section.
7. Click the field that you want to move up or down in the calculation list and use
the below the list to move the field to the desired location. Repeat this
step with the remaining fields until they display in the order in which you want
them to be calculated.
8. Click Save.

Field References within Calculated Field Formulas

You can create calculated fields in applications, questionnaires, and sub-forms. If
you are creating a calculated field for an application, you can design the field's
formula to reference fields that reside within the application, within a sub-form
embedded in the application, or within a related application. If you are creating a
calculated field for a sub-form, you can design the field's formula to reference
fields that reside within the sub-form or within a related application.
By referencing fields and field values in a calculated field formula, you can
produce calculated values that are based on other conditions within the application,
questionnaire, or sub-form. For example, see the following formula:
IF(CONTAINS(ANY, [Location], VALUEOF("New York")),"Yes","No")
Within individual records, this formula will produce the value "Yes" or "No" in the
calculated field depending on whether the value "New York" has been selected in
the "Location" field. If the value "New York" has been selected, the calculated
field will display the value "Yes." If the value "New York" has not been selected,
the calculated field will display the value "No."
If you are creating a calculated field within an application or questionnaire, you can
reference the following field types in a formula:
l Cross-Reference
l Date (with or without time information)
l First Published Date (with or without time information)
l Last Updated Date (with or without time information)
l Multiple Reference Display Control
l Numeric
l Record Permissions
l Record Status

38 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

l Related Records
l Sub-Form
l Text
l Tracking ID
l User/Groups List
l Values List

If you are creating a calculated field within a sub-form, you can reference the
following field types in a formula:
l Cross-Reference
l Date (with or without time information)
l First Published Date (with or without time information)
l Last Updated Date (with or without time information)
l Multiple Reference Display Control
l Numeric
l Record Status
l Related Records
l Text
l Tracking ID
l Values List

Note: You cannot reference some of these field types with all of the functions
available for calculated fields. For example, Math and Statistical functions, such as
ROUND, SUM, and AVERAGE, can only reference Numeric fields. The
DATEDIF and DATEFORMAT functions can only reference Date fields, and the
SUBSTRING function can only reference Text fields. For more information on the
types of fields that you can reference with various functions, see Functions and
Operators for Calculated Field Formulas.

Functions and Operators for Calculated Field Formulas

The Formula Builder provides a library of functions and operators that you can use
to build a formula.

Chapter 3: Formula Builder 39

 RSA Archer GRC Platform Calculations

Functions
The Formula Builder for calculated fields offers a library of functions divided into
categories. By clicking a category, you can see the functions that it contains, along
with a description of each function. To view a more detailed function description
that includes syntax requirements, parameter descriptions, and examples, you can
click the desired function. The functions are:
l Date Functions
l Financial Functions
l Logical Functions
l Math Functions
l Statistics Functions
l System Functions
l Text Functions

Operators
The Formula Builder also offers a library of operators divided into categories. By
clicking a category, you can see the operators that it contains along with a
description of each operator.
Arithmetic:

Operator Description

+ Addition (3 + 3)

- Subtraction (5 - 2)
Negation (-4)

* Multiplication (2 * 3)

/ Division (3 / 2)

^ Exponentiation (3 ^ 2)

40 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Comparison:

Operator Description

= Equal to (3 = 3)

> Greater than (3 > 2)

< Less than (2 < 3)

>= Greater than or equal to

(3 >= 3)

<= Less than or equal to (3

<= 3)

<> Not equal to (3 <> 2)

Text Concatenation:

Operator Description

& Concatenate, or join, two

or more text strings to
produce a single piece of
text, for example, "text"
& "string".

Note: If a field included in an addition, subtraction, multiplication, division or

comparison operation is empty or null, the value "0" (zero) is used for the field
value. The following formula is an exception to this rule:

IF([Sample Field] = 0, "TRUE","FALSE")

In this formula, the Sample Field is not populated with the value "0" if the field is
empty or null. Instead, this formula returns FALSE when the Sample Field is empty
or null.

Date Functions
Date functions allow you to produce dynamic values through the management and
manipulation of date information. Available functions within this category include:
l DATEADD Function
l DATEDIF Function

Chapter 3: Formula Builder 41

 RSA Archer GRC Platform Calculations

l DATEFORMAT Function
l DATETIMEVALUE Function
l DAY Function
l HOUR Function
l MINUTE Function
l MONTH Function
l MONTHNAME Function
l NOW Function
l QUARTER Function
l TODAY Function
l WEEKDAY Function
l WEEKNUMBER Function
l YEAR Function

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

DATEADD Function
The DATEADD function increases or decreases a date/time value by a given
number of date/time units, such as days, hours or minutes.

Important: DATEADD always considers time, even if the referenced Date field is
not configured to show time information. If a literal date string is supplied that does
not contain time, midnight will be assumed.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Date with time

Syntax: DATEADD(datetime_unit, increment, datetime)
In the above syntax, parameters in bold are required.

42 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

datetime_unit The date/time part that should be used as the interval for
increasing or decreasing the datetime parameter’s value. This
parameter can be entered as DAY, HOUR or MINUTE.

increment The number of date/time units that should be added to the

datetime parameter’s value. This parameter must be formatted as a
positive or negative integer greater than or equal to 1. (Decimal
places are not supported.) If a positive number is provided, the
function adds the specified number of date/time units to the
datetime parameter’s value. If a negative number is provided, the
function performs a subtraction.

datetime The date/time value that should be increased or decreased by the

specified number of date/time units. This parameter should be
formatted as a Date-field reference, for example, [field name].

Examples:

Formula Result

DATEADD(DAY, 10, [First Published]) 8/20/2010 7:21 AM

where the value of First Published is 8/10/2010 7:21
AM

DATEADD(HOUR, 6, [First Published]) 8/10/2010 1:21 PM

where the value of First Published is 8/10/2010 7:21
AM

DATEADD(MINUTE, 30, [First Published]) 8/10/2010 7:51 AM

where the value of First Published is 8/10/2010 7:21
AM

DATEDIF Function
The DATEDIF function calculates the number of days between two dates.

Important: DATEDIF always considers time in the comparison, even if the

referenced Date field is not configured to show time information. If a literal date
string is supplied that does not contain time, midnight will be assumed.

Chapter 3: Formula Builder 43

 RSA Archer GRC Platform Calculations

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: DATEDIF(start_date, end_date, datetime_unit)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

start_date The starting date of the period. This date can be entered as a
hard-coded value, for example, 10/21/2010, or as a Date-field
reference, for example, [date field name]. If a hard-coded value is
supplied, it must be wrapped in the DATETIMEVALUE
function. If time is supplied to DATETIMEVALUE in a date
string, it must be in 24-hour clock format, for example, 14:25
represents 2:45 PM.

end_date The ending date of the period. This date can be entered as a
hard-coded value (for example, 10/21/2004) or as a Date-field
reference (for example, [date field name]). If a hard-coded value is
supplied, it must be wrapped in the DATETIMEVALUE
function. If time is supplied to DATETIMEVALUE in a date
string, it must be in 24-hour clock format, for example, 14:25
represents 2:45 PM.

datetime_unit The granularity of the time information to be returned. This

parameter can be entered as DAY, HOUR or MINUTE. If the
datetime_unit parameter is omitted, DAY will be assumed. If
DAY is specified, the difference will be calculated based on 24
hour periods, rather than the day portion of the date value.

44 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

DATEDIF(DATETIMEVALUE("10/21/2010"), [First 36
Published])
where the value in the First Published field for the
record is 11/26/2010.

DATEDIF([First Published], [Last Updated], DAY) 0

where the value in the First Published field for the
record is 11/26/2010 11:59 PM and the value in the
Last Updated field is 11/27/2010 12:01 AM.

Note: In this example, the day difference is zero (0)

because the two dates are not 24 hours apart.

DATEDIF([First Published], [Last Updated], HOUR) 50

where the value in the First Published field for the
record is 10/1/2010 8:05 AM and the value in the
Last Updated field is 10/3/2010 10:32 AM.

DATEDIF([First Published], [Last Updated], 147

MINUTE)
where the value in the First Published field for the
record is 10/1/2010 8:05 AM and the value in the
Last Updated field is 10/1/2010 10:32 AM.

DATEFORMAT Function
The DATEFORMAT function returns the supplied date in the format specified by
the date "mask."

Important: DATEFORMAT always permits full date and time formatting for the
given Date field, even if that field is not configured to display time information.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Text

Syntax: DATEFORMAT(date, date_mask)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 45

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

date The starting date of the period. This date can be entered as a
hard-coded value, for example, 10/21/2010) or as a Date-field
reference, for example, [field name].

date_mask The mask used for formatting the returned date. The date_mask
parameter must be enclosed in quotes.
Date masks used with the DATEFORMAT function can contain
any combination of the "date part" masks. See Date Part
Descriptions.

The following table provides examples of possible date part combinations.

Date Mask Return Example

M-d-yy h:mm tt 8-2-10 9:30 AM

MM.dd.yyyy 08.02.2010

MMMM d, yyyy August 2, 2010 09:30

HH:mm

yyyy-MM-dd 2010-08-02

MMddyy 080210

The following separator characters are supported for date masks:

l space
l forward slash (/)
l hyphen (-)
l period (.)
l comma (,)
l colon (:)

Examples:

46 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

DATEFORMAT([First Published], "M/d/yyyy h:mm 8/20/2010 7:21 AM

tt")
where the date-time value of First Published is
8/2010 7:21 AM.

DATEFORMAT([Last Updated], "M/d/yyyy 12/19/2010 14:51

HH:mm")
where the date-time value of Last Updated is
12/19/2010 2:51 PM.

DATEFORMAT(NOW(), "h:mm tt") 5:12 AM

where the date-time value of NOW( ) is 8/6/2010
5:12 AM.

DATEFORMAT([Start], "hh:mm t") 06:48 P

where the date-time value of Start is 9/19/2010 6:48
PM.

DATEFORMAT([Stop], "H") 19
where the date-time value of Stop is 4/8/2010 7:00
PM.

DATEFORMAT([Logged], "m") 57
where the date-time value of Logged is 12/29/2010
3:57 PM.

Date Part Descriptions

Date Part Return Example

M Displays the month as a number without a leading zero (Example: 1)

MM Displays the month as a number with a leading zero (Example: 01)

MMMM Displays the month as a full month name (Example: January)

d Displays the day as a number without a leading zero (Example: 5)

dd Displays the day as a number with a leading zero (Example: 05)

Chapter 3: Formula Builder 47

 RSA Archer GRC Platform Calculations

Date Part Return Example

dddd Displays the day as a full name (Example: Monday)

yy Displays the year as a two-digit number (Example: 06)

yyyy Displays the year as a four-digit number (Example: 2006)

h Displays the hour as a one-digit or two-digit number based on a 12-hour

clock format (Example: 9)

hh Displays the hour as a two digit number (with a leading a leading zero, if
necessary) based on a 12-hour clock format (Example: 09)

H Displays the hour as a one-digit or two-digit number based on a 24-hour

clock format (Example: 13)

HH Displays the hour as a two-digit number based on a 24-hour clock format

(Example: 13)

m Displays the minute as a number without leading zeros (Example: 5)

mm Displays the minute as a number with leading zeros (Example: 05)

t Displays the one-letter AM/PM designator appropriate for the given time,
regardless of whether the time is based on a 12-hour or 24-hour clock.
(Example: 1:00 P for 12-hour clock; 13:00 P for 24-hour clock)

tt Displays the two-letter AM/PM designator appropriate for the given time,
regardless of whether the time is based on a 12-hour or 24-hour clock.
(Example: 1:00 PM for 12-hour clock; 13:00 PM for 24-hour clock)

DATETIMEVALUE Function
The DATETIMEVALUE function converts a literal date/time string to a serial
number. The serial number represents the number of whole and partial days that
have elapsed since January 1, 1900.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Number (serial number representing date and time)

Syntax: DATETIMEVALUE(datetime_string)
This function only accepts dates in the US format (MM/DD/YYYY). In the above
syntax, parameters in bold are required.

48 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

datetime_string The literal date/time string value to be converted. This cannot be

a field reference.

Examples:

Formula Result

DATETIMEVALUE("10/02/2010") 40453

DATETIMEVALUE("10/02/2010 01:50") 40453.08

DAY Function
The DAY function returns an integer between 1 and 31, which represents the day of
the month for the specified date value.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: DAY(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the day of the

month. This parameter should be formatted as a Date-field
reference, for example, [field name].

Example:

Formula Result

DAY([Logged]) 13
where the value in the Logged field is 7/13/2010
10:45 AM.

Chapter 3: Formula Builder 49

 RSA Archer GRC Platform Calculations

HOUR Function
The HOUR function returns an integer between 0 and 23, which represents the hour
of the day for the specified date value. Formula validation will fail for this function
if the Time Information option is not enabled for the Date field referenced in the
date parameter.
Return Type: Numeric
Syntax: HOUR(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the hour of the

day. This parameter should be formatted as a Date-field reference,
for example, [field name].

Example:

Formula Result

HOUR([Logged]) 14
where the value in the Logged field is 7/13/2006
2:45 PM.

MINUTE Function
The MINUTE function returns an integer between 0 and 59, which represents the
minute of the hour for the specified date value. Formula validation will fail for this
function if the Time Information option is not enabled for the Date field referenced
in the date parameter.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: MINUTE(date)
In the above syntax, parameters in bold are required.

50 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the minute of the

hour. This parameter should be formatted as a Date-field
reference, for example, [field name].

Examples:

Formula Result

MINUTE([Logged]) 45
where the value in the Logged field is 7/13/2006
2:45 PM.

MINUTE([Patch Date]) 0
where the Patch Date field is a Date field that is not
configured to accept time entry.

MONTH Function
The MONTH function returns an integer between 1 and 12, which represents the
month of the year for the specified date value.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: MONTH(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the month of the

year. This parameter should be formatted as a Date-field
reference, for example, [field name].

Example:

Chapter 3: Formula Builder 51

 RSA Archer GRC Platform Calculations

Formula Result

MONTH([Logged]) 7
where the value in the Logged field is 7/13/2010
2:45 PM.

MONTHNAME Function
The MONTHNAME function returns the name of the month for the supplied date
value. The return value is the full name, not an abbreviation.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: MONTHNAME(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the month of the

year. This parameter should be formatted as a Date-field
reference, for example, [field name].

Example:

Formula Result

MONTHNAME([Due Date]) July

where the value in the Due Date field is 7/13/2010
2:45 PM.

NOW Function
The NOW function returns the current date/time. Each time a record is
recalculated, the calculated field displays an updated date/time value. The full
timestamp is stored for the calculated Date field even if the field is not configured
to display time. If the Time Information option is later enabled for the field, the time
will be displayed as it was originally computed.
Internally, the NOW function returns a serial number that represents the number of
whole and partial days that have elapsed since January 1, 1900. From the user
perspective, the value returned by the NOW function displays differently depending
on the type of field to which the value will be returned.

52 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Varies based upon the type of field receiving the return value. See
the examples below.
Syntax: NOW( )
This function does not have any parameters.
Examples:
For these examples, assume that the current date and time is October 2, 2010 at
1:46 a.m.

Field Type Formula Result

Numeric NOW( ) 40453.073611111

Date NOW( ) 10/02/2010 1:46 AM

Text DATEFORMAT(NOW( ),"M/d/yyyy h:mm tt") 10/02/2010 1:46 AM

QUARTER Function
The QUARTER function returns an integer between 1 and 4, which represents the
calendar quarter in which the specified date value falls.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: QUARTER(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the calendar

quarter. This parameter should be formatted as a Date-field
reference, for example, [field name].

Example:

Chapter 3: Formula Builder 53

 RSA Archer GRC Platform Calculations

Formula Result

QUARTER([Due Date]) 4
where the value in the Due Date field is 12/15/2010
8:00 PM.

TODAY Function
The TODAY function returns the date value for the current date. Each time a
record is recalculated, the calculated field will display an updated date.
Internally, the TODAY function returns a serial number that represents the number
of whole days that have elapsed since January 1, 1900. From the user perspective,
the value returned by the TODAY function will display differently depending on the
type of field to which the value will be returned.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Varies based upon the type of field receiving the return value. See
the examples below.
Syntax: TODAY( )
This function does not have any parameters.
Examples:
For these examples, assume that the current date and time is October 2, 2010 at
1:46 a.m.

Field Type Formula Result

Numeric TODAY( ) 40453

Date TODAY( ) 10/02/2010

Text DATEFORMAT(TODAY( ),"M/d/yyyy") 10/02/2010

WEEKDAY Function
The WEEKDAY function returns the day of the week for the supplied date value.
The return value is the full name, not an abbreviation.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

54 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Return Type: Text

Syntax: WEEKDAY(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the day of the

week. This parameter should be formatted as a Date-field
reference, for example, [field name].

Example:

Formula Result

WEEKDAY([Due Date]) Wednesday

where the value in the Due Date field is 12/15/2010
8:00 p.m.

WEEKNUMBER Function
The WEEKNUMBER function returns a number that indicates the week in which a
given date falls for a calendar year beginning on January 1.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: WEEKNUMBER(date, week_start)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date value to be evaluated in determining the day of the

week. This parameter should be formatted as a Date-field
reference, for example, [field name].

week_start Accepts the keyword SUNDAY or MONDAY to specify

whether weeks should be treated as beginning on Sunday or on
Monday.
If no value is passed for this parameter, SUNDAY will be
assumed.

Chapter 3: Formula Builder 55

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

WEEKNUMBER([Due Date]) 38
where the value in the Due Date field is 9/14/2008
(a Sunday).

WEEKNUMBER ([Due Date], SUNDAY) 38

where the value in the Due Date field is 9/14/2008
(a Sunday).

WEEKNUMBER ([Due Date], MONDAY) 37

where the value in the Due Date field is 9/14/2008
(a Sunday).

YEAR Function
The YEAR function returns the year corresponding to a date.

Important: Dates and times are converted to Greenwich Mean Time (GMT) in the
RSA Archer database. As a result, dates and times in calculations are returned in
GMT.

Return Type: Numeric

Syntax: YEAR(date)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

date The date of the year that you want to find. This parameter can be
entered as a hard-coded date value, for example, 1/2/2010 or as a
date-field reference, for example, [date field name].

Example:

Formula Result

YEAR([First Published]) 2010

where the value in the First Published field is
11/26/2010.

56 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Financial Functions
Financial functions allow you to execute common calculations associated with the
financial industry. Available functions within this category include:
l DB Function
l DDB Function
l FV Function
l IPMT Function
l IRR Function
l ISPMT Function
l MIRR Function
l NPER Function
l NPV Function
l PMT Function
l PPMT Function
l PV Function
l QUARTILE Function
l RATE Function
l SLN Function
l SYD Function
l VDB Function

DB Function
The DB function returns the depreciation of an asset for a specified period using the
fixed-declining balance method.
Return Type: Numeric
Syntax: DB(cost,salvage,life,period,month)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 57

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

cost The initial cost of the asset.

salvage The value at the end of the depreciation (sometimes called the
salvage value of the asset).

life The number of periods over which the asset is being depreciated
(sometimes called the useful life of the asset).

period The period for which you want to calculate the depreciation.
Period must use the same units as life.

month The number of months in the first year. If month is omitted, it is

assumed to be 12.

Examples:

58 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in first year, with only 7

in Years],[Period in Years],[Month]) months calculated (186,083.33)
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 1, and the value in the
Month field is 7.

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in second year (259,639.42)

in Years],[Period in Years],[Month])
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 2, and the value in the
Month field is 7.

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in third year (176,814.44)

in Years],[Period in Years],[Month])
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 3, and the value in the
Month field is 7.

Chapter 3: Formula Builder 59

 RSA Archer GRC Platform Calculations

Formula Result

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in fourth year (120,410.64)

in Years],[Period in Years],[Month])
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 4, and the value in the
Month field is 7.

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in fifth year (81,999.64)

in Years],[Period in Years],[Month])
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 5, and the value in the
Month field is 7.

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in sixth year (55,841.76)

in Years],[Period in Years],[Month])
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 6, and the value in the
Month field is 7.

DB([Initial Cost],[Salvage Value],[Lifetime Depreciation in seventh year, with only 5

in Years],[Period in Years],[Month]) months calculated (15,845.10)
where the value in the Initial Cost field is
1,000,000, the value in the Salvage Value
field is 100,000, the value in the Lifetime
in Years field is 6, the value in the Period
in Years field is 7, and the value in the
Month field is 7.

60 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

DDB Function
The DDB function returns the depreciation of an asset for a specified period using
the double-declining balance method or some other method that you specify. The
double-declining balance method computes depreciation at an accelerated rate.
Depreciation is highest in the first period and decreases in successive periods.
DDB uses the following formula to calculate depreciation for a period:
Min( (cost - total depreciation from prior periods) * (factor/life), (cost - salvage -
total depreciation from prior periods) )
Use the VDB function to switch to the straight-line depreciation method when
depreciation is greater than the declining balance calculation.
Return Type: Numeric. The results are rounded to two decimal places.
Syntax: DDB(cost,salvage,life,period,factor)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

cost The initial cost of the asset. Must be a positive number.

salvage The value at the end of the depreciation (sometimes called the
salvage value of the asset). This value can be 0. Must be a
positive number.

life The number of periods over which the asset is being depreciated
(sometimes called the useful life of the asset). Must be a positive
number.

period The period for which you want to calculate the depreciation.
Period must use the same units as life. Must be a positive
number.

factor The rate at which the balance declines. If factor is omitted, it is

assumed to be 2 (the double-declining balance method). Change
factor if you do not want to use the double-declining balance
method. Must be a positive number.

Chapter 3: Formula Builder 61

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

DB([Initial Cost],[Salvage Value],[Lifetime First day's depreciation. Archer

in Years],[Period in Years]) automatically assumes that factor is 2.
(1.32)
where the value in the Initial Cost field is
2400, the value in the Salvage Value field
is 300, the value in the Lifetime in Years
field is 10, and the value in the Period in
Years field is 1.

DB([Initial Cost],[Salvage Value],[Lifetime First month's depreciation (40.00)

in Months],[Period in Months],[Factor])
where the value in the Initial Cost field is
2400, the value in the Salvage Value field
is 300, the value in the Lifetime in Years
field is 120, the value in the Period in
Years field is 1, and the value in the Factor
field is 2.

DB([Initial Cost],[Salvage Value],[Lifetime First year's depreciation (480.00)

in Years],[Period in Years],[Factor])
where the value in the Initial Cost field is
2400, the value in the Salvage Value field
is 300, the value in the Lifetime in Years
field is 10, the value in the Period in Years
field is 1, and the value in the Factor field
is 2.

DB([Initial Cost],[Salvage Value],[Lifetime Second year's depreciation using a factor

in Years],[Period in Years],[Factor]) of 1.5 instead of the double-declining
balance method (306.00)
where the value in the Initial Cost field is
2400, the value in the Salvage Value field
is 300, the value in the Lifetime in Years
field is 10, the value in the Period in Years
field is 2, and the value in the Factor field
is 1.5.

DB([Initial Cost],[Salvage Value],[Lifetime Tenth year's depreciation. Archer

in Years],[Period in Years]) automatically assumes that factor is 2
(22.12)
where the value in the Initial Cost field is
2400, the value in the Salvage Value field
is 300, the value in the Lifetime in Years
field is 10, and the value in the Period in
Years field is 10.

62 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

FV Function
The FV function returns the future value of an investment based on periodic,
constant payments and a constant interest rate.
Return Type: Numeric
Syntax: FV(rate,nper,pmt,pv,type)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

rate The interest rate per period.

nper The total number of payment periods in an annuity.

pmt The payment made each period; it cannot change over the life of
the annuity. Typically, pmt contains principal and interest but no
other fees or taxes. If pmt is omitted, you must include the pv
argument.

pv The present value, or the lump-sum amount that a series of future

payments is worth right now. If pv is omitted, it is assumed to be
0 (zero), and you must include the pmt argument.

type The number 0 or 1 and indicates when payments are due. If type
is omitted, it is assumed to be 0.
l Set type equal to 0 if payments are due at the end of the
period.
l Set type equal to 1 if payments are due at the beginning of
the period.

Note: Be consistent about the units that you use for specifying rate and nper. If you
make monthly payments on a four-year loan at 12 percent annual interest, use
12%/12 for rate and 4*12 for nper. If you make annual payments on the same loan,
use 12% for rate and 4 for nper.

For all of the arguments, cash you pay out, such as deposits to savings, is
represented by negative numbers; cash you receive, such as dividend checks, is
represented by positive numbers.

Chapter 3: Formula Builder 63

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

FV([Annual Rate],[Number of Payments], Future value of an investment with the

[Payment Amount],[Present Value], given terms (2581.40)
[Payment Due Indicator])
where the value in the Annual Rate field is
.06/12, the value in the Number of
Payments field is 10, the value in the
Payment Amount field is -200, the value in
the Present Value field is -500, and the
value in the Payment Due Indicator field is
1.

Note: The annual interest rate is divided by

12 because it is compounded monthly.

FV([Annual Rate],[Number of Payments], Future value of an investment with the

[Payment Amount]) given terms (12,682.50)
where the value in the Annual Rate field is
.12/12, the value in the Number of
Payments field is 12, and the value in the
Payment Amount field is
-1000.

Note: The annual interest rate is divided by

12 because it is compounded monthly.

FV([Annual Rate],[Number of Payments], Future value of an investment with the

[Payment Amount], ,[Payment Due given terms (82,846.25)
Indicator])
where the value in the Annual Rate field is
.11/12, the value in the Number of
Payments field is 35, the value in the
Payment Amount field is -2000, and the
value in the Payment Due Indicator field is
1.

Note: The annual interest rate is divided by

12 because it is compounded monthly.

FV([Annual Rate],[Number of Payments], Future value of an investment with the

[Payment Amount],[Present Value], above terms (2301.40)
[Payment Due Indicator])

64 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

where the value in the Annual Rate field is

.06/12, the value in the Number of
Payments field is 12, the value in the
Payment Amount field is -100, the value in
the Present Value field is -1000, and the
value in the Payment Due Indicator field is
1.

Note: The annual interest rate is divided by

12 because it is compounded monthly.

IPMT Function
The IPMT function returns the interest payment for a given period for an investment
based on periodic, constant payments, and a constant interest rate.
Return Type: Numeric
Syntax: IPMT(rate,per,nper,pv,fv,type)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

rate The interest rate per period.

per The period for which you want to find the interest and must be
in the range 1 to nper.

nper The total number of payment periods in an annuity.

Note: For all of the arguments, cash you pay out, such as
deposits to savings, is represented by negative numbers; cash you
receive, such as dividend checks, is represented by positive
numbers.

Chapter 3: Formula Builder 65

 RSA Archer GRC Platform Calculations

Parameter Description

pv The present value, or the lump-sum amount that a series of future

payments is worth right now.

Note: For all of the arguments, cash you pay out, such as
deposits to savings, is represented by negative numbers; cash you
receive, such as dividend checks, is represented by positive
numbers.

fv The future value, or a cash balance you want to attain after the
last payment is made. If fv is omitted, it is assumed to be 0 (the
future value of a loan, for example, is 0).

type The number 0 or 1 and indicates when payments are due. If type
is omitted, it is assumed to be 0.
l Set type equal to 0 if payments are due at the end of the
period.
l Set type equal to 1 if payments are due at the beginning of
the period.

Note: Make sure that you are consistent about the units that you use for specifying
rate and nper. If you make monthly payments on a four-year loan at 12 percent
annual interest, use 12%/12 for rate and 4*12 for nper. If you make annual
payments on the same loan, use 12% for rate and 4 for nper.

Examples:

66 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

IPMT([Rate],[Period],[Years of Loan], Interest due in the first month for a loan

[Present Value]) with the terms given (-66.67)
where the value in the Rate field is .10/12,
the value in the Period field is 1, the value
in the Years of Loan field is 3*12, and the
value in the Present Value field is 8000.

Note: The interest rate is divided by 12 to

get a monthly rate. The years the money is
paid out is multiplied by 12 to get the
number of payments.

IPMT([Rate],[Period],[Years of Loan], Interest due in the last year for a loan with
[Present Value]) the terms given, where payments are made
yearly (-292.45)
where the value in the Rate field is .10, the
value in the Period field is 3, the value in
the Years of Loan field is 3, and the value
in the Present Value field is 8000.

IRR Function
The IRR function returns the internal rate of return for a series of cash flows
represented by the numbers in values. These cash flows do not have to be even, as
they would be for an annuity. However, the cash flows must occur at regular
intervals, such as monthly or annually. The internal rate of return is the interest rate
received for an investment consisting of payments (negative values) and income
(positive values) that occur at regular periods.
Return Type: Numeric
Syntax: IRR(values,guess)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 67

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

values A reference (using the REF function) to fields that contain

numbers for which you want to calculate the internal rate of
return. Note the following:
l Values must contain at least one positive value and one
negative value to calculate the internal rate of return.
l IRR uses the order of values to interpret the order of cash
flows. Be sure to enter your payment and income values in
the sequence you want.
l If a reference field contains text, logical values, or empty
cells, those values are ignored.

guess A number that you guess is close to the result of IRR. Note the
following:
l Archer uses an iterative technique for calculating IRR.
Starting with guess, IRR cycles through the calculation until
the result is accurate within 0.00001 percent. If IRR cannot
find a result that works after 20 tries, an error value is
returned.
l In most cases you do not need to provide guess for the IRR
calculation. If guess is omitted, it is assumed to be 0.1 (10
percent).
l If the result is not close to what you expected, try again with
a different value for guess.

Note: IRR is closely related to NPV, the net present value function. The rate of
return calculated by IRR is the interest rate corresponding to a 0 (zero) net present
value. The following formula demonstrates how NPV and IRR are related:
NPV(IRR(B1:B6),B1:B6)
equals 3.60E-08 [Within the accuracy of the IRR calculation, the value 3.60E-08 is
effectively 0 (zero).]

Examples:

68 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

IRR([REF([Related Yearly Results],[Net Investment's internal rate of return after

Income])) five years (-2%).
where Related Yearly Results is a cross-
reference field to another application. The
other application has a field called Net
Income which contains the values -70,000,
12,000, 15,000, 18,000, 21,000 and 26,000.

IRR([REF([Related Yearly Results],[Net To calculate the internal rate of return

Income]),[Guess]) after two years, you need to include a
guess (-44%).
where Related Yearly Results is a cross-
reference field to another application. The
other application has a field called Net
Income which contains the values -70,000,
12,000 and 15,000, and the value in the
Guess field is 0.10.

ISPMT Function
The ISPMT function calculates the interest paid during a specific period of an
investment. This function is provided for compatibility with Lotus 1-2-3.
For additional information about financial functions, see PV Function.
Return Type: Numeric
Syntax: ISPMT(rate,per,nper,pv)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

rate The interest rate for the investment.

per The period for which you want to find the interest and must be
in the range 1 to nper.

nper The total number of payment periods in an annuity.

Make sure that you are consistent about the units that you use
for specifying rate and nper. If you make monthly payments on a
four-year loan at an annual interest rate of 12 percent, use
12%/12 for rate and 4*12 for nper. If you make annual payments
on the same loan, use 12% for rate and 4 for nper.

Chapter 3: Formula Builder 69

 RSA Archer GRC Platform Calculations

Parameter Description

pv The present value of the investment. For a loan, pv is the loan

amount.

Note: The cash that you pay out, such as deposits to savings or
other withdrawals, is represented by negative numbers; the cash
that you receive, such as dividend checks and other deposits, is
represented by positive numbers.

Examples:

Formula Result

ISPMT([Rate],[Period],[Number of Years], Interest paid for the first monthly payment

[Loan Amount]) of a loan with the given terms (-64814.8)
where the value in the Rate field is
0.10/12, the value in the Period field is 1,
the value in the Number of Years field is
3*12, and the value in the Loan Amount
field is 8,000,000.

Note: The interest rate is divided by 12 to

get a monthly rate. The years the money is
paid out is multiplied by 12 to get the
number of payments.

ISPMT([Rate],[Period],[Number of Years], Interest paid in the first year of a loan

[Loan Amount]) with the given terms (-533333)
where the value in the Rate field is 0.10,
the value in the Period field is 1, the value
in the Number of Years field is 3, and the
value in the Loan Amount field is
8,000,000.

MIRR Function
The MIRR function returns the modified internal rate of return for a series of
periodic cash flows. MIRR considers both the cost of the investment and the
interest received on reinvestment of cash. MIRR uses the order of values to
interpret the order of cash flows. Be sure to enter your payment and income values
in the sequence that you want and with the correct signs (positive values for cash
received, negative values for cash paid).
Return Type: Numeric
Syntax: MIRR(values,finance_rate,reinvest_rate)

70 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

values A reference (using the REF function) to fields that contain

numbers. These numbers represent a series of payments (negative
values) and income (positive values) occurring at regular periods.
Note that:
l Values must contain at least one positive value and one
negative value to calculate the modified internal rate of
return. Otherwise, MIRR returns an error value.
l If a reference argument contains text, logical values, or empty
cells, those values are ignored; however, cells with the value
zero are included.

finance_rate The interest rate that you pay on the money used in the cash
flows.

reinvest_rate The interest rate that you receive on the cash flows as you
reinvest them.

Example:

Formula Result

MIRR(REF([Related Results],0.10,0.12)) Investment's modified rate of return after

five years (13%)
where Related Yearly Results is a cross-
reference field to another application. The
other application has a field called Net
Income which contains the values -
120,000, 39,000, 30,000, 21,000, 37,000
and 46,000.

NPER Function
The NPER function returns the number of periods for an investment based on
periodic, constant payments and a constant interest rate.
For a more complete description of the arguments in NPER and for more
information about annuity functions, see PV Function.
Return Type: Numeric
Syntax: NPER(rate, pmt, pv, fv, type)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 71

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

rate The interest rate per period.

pmt The payment made each period; it cannot change over the life of
the annuity. Typically, pmt contains principal and interest but no
other fees or taxes.

pv The present value, or the lump-sum amount that a series of future

payments is worth right now.

fv The future value, or a cash balance that you want to attain after
the last payment is made. If fv is omitted, it is assumed to be 0
(the future value of a loan, for example, is 0).

type The number 0 or 1 and indicates when payments are due.

l Set type equal to 0 or omitted if payments are due at the end
of the period.
l Set type equal to 1 if payments are due at the beginning of
the period.

Examples:

72 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

NPER([Rate],[Payment],[Present Value], Periods for the investment with the given

[Future Value],[Payment Due]) terms (60)
where the value in the Rate field is
0.12/12, the value in the Payment field is -
100, the value in the Present Value field is
-1000, the value in the Future Value field
is 10000, and the value in the Payment
Due field is 1.

NPER([Rate],[Payment],[Present Value], Periods for the investment with the given

[Future Value]) terms, except payments are made at the
beginning of the period (60)
where the value in the Rate field is
0.12/12, the value in the Payment field is -
100, the value in the Present Value field is
-1000, and the value in the Future Value
field is 10000.

NPER([Rate],[Payment],[Present Value]) Periods for the investment with the given

terms, except with a future value of 0 (-
where the value in the Rate field is
9.578)
0.12/12, the value in the Payment field is -
100, and the value in the Present Value
field is -1000.

NPV Function
The NPV function calculates the net present value of an investment using a
discount rate and a series of future payments (negative values) and income (positive
values).
The NPV investment begins one period before the date of the value1 cash flow and
ends with the last cash flow in the list. The NPV calculation is based on future cash
flows. If your first cash flow occurs at the beginning of the first period, the first
value must be added to the NPV result, not included in the values arguments.
NPV is similar to the PV function (present value). The primary difference between
PV and NPV is that PV allows cash flows to begin either at the end or at the
beginning of the period. Unlike the variable NPV cash flow values, PV cash flows
must be constant throughout the investment. For information about annuities and
financial functions, see PV Function.
NPV is also related to the IRR function (internal rate of return). IRR is the rate for
which NPV equals zero: NPV(IRR(...), ...) = 0. See IRR Function.
Return Type: Numeric
Syntax: NPV(rate,value1,value2, ...)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 73

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

rate The rate of discount over the length of one period.

value1,value2,... 1 to 254 arguments representing the payments and income. Note

that:
l Value1, value2, ... must be equally spaced in time and occur
at the end of each period.
l NPV uses the order of value1, value2, ... to interpret the order
of cash flows. Be sure to enter your payment and income
values in the correct sequence.
l Arguments that are numbers, empty cells, logical values, or
text representations of numbers are counted; arguments that
are error values or text that cannot be translated into numbers
are ignored.
l If an argument is a reference, only numbers in that reference
are counted. Empty cells, logical values, or text in the
reference are ignored.

Examples:

Formula Result

NPV([Rate],[Values]) Net present value of this investment

where the value in the Rate field is 0.10
and the values in the Values field are -
10,000, 3,000, 4,200 and 6,800.
(1,188.44)
In this example, you include the initial
$10,000 cost as one of the values, because
the payment occurs at the end of the first
period.

NPV([Rate],[Values]) + (-40,000) Net present value of this investment

where the value in the Rate field is 0.08
and the values in the Values field are
8,000, 9,200, 10,000, 12,000 and 14,500.
(1,922.06)
In this example, you do not include the
initial $40,000 cost as one of the values,
because the payment occurs at the
beginning of the first period.

NPV([Rate],[Values],-9,000) + (-40,000) Net present value of this investment, with

where the value in the Rate field is 0.08
and the values in the Values field are
8,000, 9,200, 10,000, 12,000 and 14,500.
a loss in the sixth year of 9000 (-3,749.47)
In this example, you do not include the
initial $40,000 cost as one of the values,
because the payment occurs at the
beginning of the first period.

74 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

PMT Function
The PMT function calculates the payment for a loan based on constant payments
and a constant interest rate. The payment returned by PMT includes principal and
interest but no taxes, reserve payments, or fees sometimes associated with loans.

Note: To find the total amount paid over the duration of the loan, multiply the
returned PMT value by nper.

Return Type: Numeric

Syntax: PMT(rate,nper,pv,fv,type)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

rate The interest rate for the loan.

nper The total number of payment periods for the loan.

pv The present value, or the total amount that a series of future

payments is worth now; also known as the principal.

fv The future value, or a cash balance you want to attain after the
last payment is made. If fv is omitted, it is assumed to be 0
(zero), that is, the future value of a loan is 0.

type The number 0 or 1 and indicates when payments are due. If type
is omitted, it is assumed to be 0.
l Set type equal to 0 or omitted if payments are due at the end
of the period.
l Set type equal to 1 if payments are due at the beginning of
the period.

Note: Make sure that you are consistent about the units you use for specifying rate
and nper. If you make monthly payments on a four-year loan at an annual interest
rate of 12 percent, use 12%/12 for rate and 4*12 for nper. If you make annual
payments on the same loan, use 12 percent for rate and 4 for nper.

Examples:

Chapter 3: Formula Builder 75

 RSA Archer GRC Platform Calculations

Formula Result

PMT([Rate],[Number of Payments],[Amount Monthly payment for a loan with the

of Loan]) given terms (-1,037.03)
where the value in the Rate field is
0.08/12, the value in the Number of
Payments field is 10, and the value in the
Amount of Loan field is 10000.

PMT([Rate],[Number of Payments],[Amount Monthly payment for a loan with the

of Loan],[Future Value],1) given terms, except payments are due at
the beginning of the period (-1,030.16)
where the value in the Rate field is
0.08/12, the value in the Number of
Payments field is 10, the value in the
Amount of Loan field is 10000, and the
value in the Future Value field is 0.

PMT([Rate],[Years to Save],[Present Value], Amount to save each month to have

[Goal Amount])
where the value in the Rate field is
0.06/12, the value in the Years to Save
field is 18*12, the value in the Present
Value field is 0, and the value in the Goal
Amount field is 50000.
50,000 at the end of 18 years (-129.08)
Note: The interest rate is divided by 12 to
get a monthly rate. The number of years
the money is paid out is multiplied by 12
to get the number of payments.

PPMT Function
The PPMT function returns the payment on the principal for a given period for an
investment based on periodic, constant payments and a constant interest rate.
Return Type: Numeric
Syntax: PPMT(rate,per,nper,pv,fv,type)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

rate The interest rate for the period.

per Specifies the period and must be in the range 1 to nper.

nper The total number of payment periods in an annuity.

76 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

pv The present value— the total amount that a series of future

payments is worth now.

fv The future value, or a cash balance you want to attain after the
last payment is made. If fv is omitted, it is assumed to be 0
(zero), that is, the future value of a loan is 0.

type The number 0 or 1 and indicates when payments are due. If type
is omitted, it is assumed to be 0.
l Set type equal to 0 or omitted if payments are due at the end
of the period.
l Set type equal to 1 if payments are due at the beginning of
the period.

Note: Make sure that you are consistent about the units that you use for specifying
rate and nper. If you make monthly payments on a four-year loan at an annual
interest rate of 12 percent, use 12%/12 for rate and 4*12 for nper. If you make
annual payments on the same loan, use 12% for rate and 4 for nper.

Examples:

Formula Result

PPMT([Rate],[Period],[Number of Years of Payment on principle for the first month of

Loan],[Amount of Loan])
where the value in the Rate field is
0.10/12, the value in the Period field is 1,
the value in the Number of Years of Loan
field is 2*12, and the value in the Amount
of Loan field is 2000.
loan (-75.62)
Note: The interest rate is divided by 12 to
get a monthly rate. The number of years
the money is paid out is multiplied by 12
to get the number of payments.

PPMT([Rate],[Period],[Number of Years of Principal payment for the last year of the

Loan],[Amount of Loan]) loan with the given terms (-27,598.05)
where the value in the Rate field is 0.08,
the value in the Period field is 10, the
value in the Number of Years of Loan field
is 10, and the value in the Amount of Loan
field is 200,000.

Chapter 3: Formula Builder 77

 RSA Archer GRC Platform Calculations

PV Function
The PV function returns the present value of an investment. The present value is the
total amount that a series of future payments is worth now. For example, when you
borrow money, the loan amount is the present value to the lender.

Note: Make sure that you are consistent about the units you use for specifying rate
and nper. If you make monthly payments on a four-year loan at 12 percent annual
interest, use 12%/12 for rate and 4*12 for nper. If you make annual payments on the
same loan, use 12% for rate and 4 for nper.

The following functions apply to annuities:

l FV
l IPMT
l PMT
l PPMT
l PV
l RATE

An annuity is a series of constant cash payments made over a continuous period.

For example, a car loan or a mortgage is an annuity. For more information, see the
description for each annuity function.
In annuity functions, cash you pay out, such as a deposit to savings, is represented
by a negative number; cash you receive, such as a dividend check, is represented by
a positive number. For example, a $1,000 deposit to the bank would be represented
by the argument -1000 if you are the depositor and by the argument 1000 if you are
the bank.
Return Type: Numeric
Syntax: PV(rate,nper,pmt,fv,type)
In the above syntax, parameters in bold are required.

78 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

rate The interest rate per period. For example, if you obtain an
automobile loan at a 10 percent annual interest rate and make
monthly payments, your interest rate per month is 10%/12, or
0.83%. You would enter 10%/12, or 0.83%, or 0.0083, into the
formula as the rate.

nper The total number of payment periods in an annuity. For example,

if you get a four-year car loan and make monthly payments, your
loan has 4*12 (or 48) periods. You would enter 48 into the
formula for nper.

pmt The payment made each period and cannot change over the life
of the annuity. Typically, pmt includes principal and interest but
no other fees or taxes. For example, the monthly payments on a
$10,000, four-year car loan at 12 percent are $263.33. You
would enter -263.33 into the formula as the pmt. If pmt is omit-
ted, you must include the fv argument.

fv The future value, or a cash balance you want to attain after the
last payment is made. If fv is omitted, it is assumed to be 0 (the
future value of a loan, for example, is 0). For example, if you
want to save $50,000 to pay for a special project in 18 years,
then $50,000 is the future value. You could then make a
conservative guess at an interest rate and determine how much
you must save each month. If fv is omitted, you must include the
pmt argument.

type The number 0 or 1 and indicates when payments are due. If type
is omitted, it is assumed to be 0.
l Set type equal to 0 or omitted if payments are due at the end
of the period.
l Set type equal to 1 if payments are due at the beginning of
the period.

Example:

Chapter 3: Formula Builder 79

 RSA Archer GRC Platform Calculations

Formula Result

PV([Rate],[Years Money Will Pay],
[Payment], ,0)
where the value in the Rate field is
0.08/12, the value in the Years Money Will
Pay field is 20*12, and the value in the
Payment field is 500.
Present value of an annuity with the terms
above (-59,777.15).
The result is negative because it represents
money that you would pay, an outgoing
cash flow. If you are asked to pay (60,000)
for the annuity, you would determine this
would not be a good investment because
the present value of the annuity
(59,777.15) is less than what you are
asked to pay.

Note: The interest rate is divided by 12 to

get a monthly rate. The years the money is
paid out is multiplied by 12 to get the
number of payments.

QUARTILE Function
The QUARTILE function returns the quartile of a data set. Quartiles often are used
in sales and survey data to divide populations into groups. For example, you can use
QUARTILE to find the top 25 percent of incomes in a population.
Return Type: Numeric
Syntax: QUARTILE(range,quart)
In the above syntax, parameters in bold are required.

80 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

range The reference to a range of numeric values for which you want
the quartile value.

Note: If this parameter is empty, QUARTILE returns an error.

quart Indicates which value to return.

l If quart equals 0, QUARTILE returns Minimum value.
l If quart equals 1, QUARTILE returns First quartile (25th
percentile).
l If quart equals 2, QUARTILE returns Median value (50th
percentile).
l If quart equals 3, QUARTILE returns Third quartile (75th
percentile).
l If quart equals 4, QUARTILE returns Maximum value.

Note: If quart is not an integer, it is truncated. If quart < 0 or if

quart > 4, QUARTILE returns an error. MIN, MEDIAN, and
MAX return the same value as QUARTILE when quart is equal
to 0 (zero), 2, and 4, respectively.

Example:

Formula Result

QUARTILE( REF( [Data Set], [Values]), 1) First quartile (25th percentile) of the data

given (3.5)
where Data Set is a cross-reference field
and the values in the Values field are 1, 2,
4, 7, 8, 9, 10 and 12.

RATE Function
The RATE function returns the interest rate per period of an annuity. RATE is
calculated by iteration and can have zero or more solutions. If the successive
results of RATE do not converge to within 0.0000001 after 20 iterations, RATE
returns an error.
Return Type: Numeric
Syntax: RATE(nper,pmt,pv,fv,type,guess)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 81

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

nper The total number of payment periods in an annuity.

Note: Make sure that you are consistent about the units you use
for specifying guess and nper. If you make monthly payments on
a four-year loan at 12 percent annual interest, use 12%/12 for
guess and 4*12 for nper. If you make annual payments on the
same loan, use 12% for guess and 4 for nper.

pmt The payment made each period and cannot change over the life
of the annuity. Typically, pmt includes principal and interest but
no other fees or taxes. If pmt is omitted, you must include the fv
argument.

pv The present value — the total amount that a series of future

payments is worth now.

fv The future value, or a cash balance you want to attain after the
last payment is made. If fv is omitted, it is assumed to be 0 (the
future value of a loan, for example, is 0).

type The number 0 or 1 and indicates when payments are due. If type
is omitted, it is assumed to be 0.
l Set type equal to 0 or omitted if payments are due at the end
of the period.
l Set type equal to 1 if payments are due at the beginning of
the period.

guess Your guess for what the rate will be.

If you omit guess, it is assumed to be 10 percent.
If RATE does not converge, try different values for guess. RATE
usually converges if guess is between 0 and 1.

Note: Make sure that you are consistent about the units that you
use for specifying guess and nper. If you make monthly payments
on a four-year loan at 12 percent annual interest, use 12%/12 for
guess and 4*12 for nper. If you make annual payments on the
same loan, use 12% for guess and 4 for nper.

Examples:

82 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

RATE([Years of Loan],[Monthly Payment], Monthly rate of the loan with the given
[Amount of Loan]) terms (1%)
where the value in the Years of Loan field
is 4*12, the value in the Monthly Payment
field is -200, and the value in the Amount
of Loan field is 8000.

RATE([Years of Loan],[Monthly Payment], Annual rate of the loan with the given
[Amount of Loan])*12 terms (0.09241767 or 9.24%)
where the value in the Years of Loan field
is 4*12, the value in the Monthly Payment
field is -200, and the value in the Amount
of Loan field is 8000.

SLN Function
The SLN function returns the straight-line depreciation of an asset for one period.
Return Type: Numeric
Syntax: SLN(cost,salvage,life)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

cost The initial cost of the asset.

salvage The value at the end of the depreciation (sometimes called the
salvage value of the asset).

life The number of periods over which the asset is depreciated

(sometimes called the useful life of the asset).

Example:

Formula Result

SLN([Cost],[Salvage Value],[Years of The depreciation allowance for each year

Useful Life]) (2,250)
where the value in the Cost field is 30,000,
the value in the Salvage Value field is
7,500, and the value in the Years of Useful
Life field is 10.

Chapter 3: Formula Builder 83

 RSA Archer GRC Platform Calculations

SYD Function
The SYD function returns the sum-of-years' digits depreciation of an asset for a
specified period.
Return Type: Numeric
Syntax: SYD(cost,salvage,life,per)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

cost The initial cost of the asset.

salvage The value at the end of the depreciation (sometimes called the
salvage value of the asset).

life The number of periods over which the asset is depreciated

(sometimes called the useful life of the asset).

per The period and must use the same units as life.

Examples:

Formula Result

SYD([Initial Cost],[Salvage Value], Yearly depreciation allowance for the first

[Lifespan in Years],1) year (4,090.91)
where the value in the Initial Cost field is
30,000, the value in the Salvage Value
field is 7,500, and the value in the Lifespan
in Years field is 10.

SYD([Initial Cost],[Salvage Value], Yearly depreciation allowance for the

[Lifespan in Years],10) tenth year (409.09)
where the value in the Initial Cost field is
30,000, the value in the Salvage Value
field is 7,500, and the value in the Lifespan
in Years field is 10.

VDB Function
The VDB function returns the variable declining balance of an asset for a specified
period, including partial periods. This function uses the double-declining balance
method, or another method if you specify.
Return Type: Numeric

84 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Syntax: VDB(cost,salvage,life,start_period,end_period,factor,no_switch)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

cost The initial cost of the asset.

salvage The value at the end of the depreciation (sometimes called the
salvage value of the asset).

life The number of periods over which the asset is depreciated

(sometimes called the useful life of the asset).

start_period The starting period for which you want to calculate the
depreciation.

Note: The start_period must have the same units as the life
parameter.

end_period The ending period for which you want to calculate the
depreciation.

Note: The end_period must have the same units as the life
parameter.

factor The rate at which the balance declines. If no factor is specified,

the function will assume a value of 2 (the double-declining
balance method).

no_switch A logical value specifying whether to switch to straight-line

depreciation when depreciation is greater than the declining
balance calculation.
If the value is "TRUE" the function will not switch to straight-
line depreciation. If the value is "FALSE" the function will
switch to straight-line depreciation when the depreciation is
greater than the declining balance calculation.

Examples:

Chapter 3: Formula Builder 85

 RSA Archer GRC Platform Calculations

Formula Result

VDB([Cost],[Salvage Value],[Years of 6000

Useful Life],0,1)
This is the first year's depreciation.
where the value in the Cost field is 30,000,
the value in the Salvage Value field is
7,500, and the value in the Years of Useful
Life field is 10.

VDB([Cost],[Salvage Value],[Years of 3840

Useful Life],2,3)
This is the depreciation between years two
where the value in the Cost field is 30,000, and three.
the value in the Salvage Value field is
7,500, and the value in the Years of Useful
Life field is 10.

Logical Functions
Logical functions allow you to evaluate an expression and return a specific result.
Available functions within this category include:
l AND Function
l IF Function
l NOT Function
l OR Function

AND Function
The AND function evaluates logical conditions. If all of its conditions are TRUE,
the function will return TRUE. If one or more of its conditions is FALSE, the
function will return FALSE. The AND function must be used in conjunction with an
IF function.
Return Type: TRUE or FALSE
Syntax: AND(logical1, logical2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

logical1, logical2, Conditions that can be evaluated to TRUE or FALSE. This

and so on condition can be written with any comparison operator (=, <, >,
<=, >=, <>). An example of how this parameter might be
formatted is [Field 1]>20.

86 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

IF(AND([Age] > 1, [Age] < 50)) TRUE

where the value in the Age field is 35.

IF(AND([Severity] = 10, [Impact] > 7)) FALSE

where the value in the Severity field is 10
and the value in the Impact field is 3.

IF Function
The IF function evaluates a logical condition, and if the condition is TRUE, one
value is returned. If the condition is FALSE, another value is returned. The IF
function can also be nested to construct more elaborate tests, as shown in the
following example:
IF([Rating]>15,"A", IF([Rating]>10,"B", IF([Rating]>5," C")))
For more information on nesting IF functions, see the fourth example in the
"Examples" section below.
Return Type: Text, numeric, date or a Values List field selection, depending on
the type of data supplied for the value_if_true and value_if_false parameters
Syntax: IF(logical_test, value_if_true, value_if_false)
In the above syntax, parameters in bold are required.

Parameter Description

logical_ Any condition that can be evaluated to TRUE or FALSE. This condition
test can be written with any comparison operator (=, <, >, <=, >=, <>). An
example of how this parameter might be formatted is [Field 1]>20.

value_if_ The value that is returned if the logical_test parameter is TRUE. This
true parameter can be formatted as a text string, such as "High Risk", or as a
Values List field selection, such as VALUEOF("Urgent"). The parameter
can also be formatted as another formula, such as SUM([Field 1],[Field 2]).

value_if_ The value that is returned if the logical_test parameter is FALSE. This
false parameter can be formatted as a text string, such as "Low Risk", or as a
Values List field selection, such as VALUEOF("Not Urgent"). The
parameter can also be formatted as another formula, such as SUM([Field 1],
[Field 3]). If this parameter is omitted from the formula and the logical_test
parameter evaluates to FALSE, the calculated field will return empty (no
value).

Examples:

Chapter 3: Formula Builder 87

 RSA Archer GRC Platform Calculations

Formula Result

IF([Days Since Last Virus Scan] > 1, "High High risk

risk", "Low risk")
where the value in the Days Since Last
Virus Scan field is 3.

IF([Rating] = 10, "Follow up") The field will return empty.

where the value in the Rating field is 7.

IF([Severity] >= 10, VALUEOF("Urgent"), Urgent

VALUEOF("Not Urgent"))
where the value in the Severity field is 10.

IF([Rating] > 15, "A", IF([Rating] > 10, "B", B

IF([Rating] > 5, "C")))
where the value in the Rating field is 12.

Note: In this example of nested IF

statements, the second IF statement serves
as the value_if_false parameter to the first
IF statement, and the third IF statement
serves as the value_if_false parameter to the
second IF statement. Because the value of
the Rating field in this example is 12, the
first IF statement does not prove TRUE, so
the second IF statement is evaluated and, in
this case, proves TRUE. If the value of the
Rating field were 8, the second IF
statement would also prove FALSE, and
the third IF statement would be evaluated.

NOT Function
The NOT function evaluates a logical condition. If the condition is TRUE, the
function returns the value of FALSE. If the condition is FALSE, the function returns
the value of TRUE. Use the NOT function when you want to ensure that a value is
not equal to one particular value.
Return Type: TRUE or FALSE
Syntax: NOT(logical_test)
In the above syntax, parameters in bold are required.

88 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

logical_test Any condition that can be evaluated to TRUE or FALSE. This

condition can be written with any comparison operator (=, <, >,
<=, >=, <>). An example of how this parameter might be
formatted is [Field 1]>20.

Examples:

Formula Result

NOT([Rating] = 10) FALSE

where the value in the Rating field is 10.

NOT([Number of Clients in Attendance] > TRUE

20)
where the value in the Number of Clients
in Attendance field is 12.

OR Function
The OR function evaluates logical conditions. If any of the condition evaluates to
TRUE, the function returns the value of TRUE. If none of conditions evaluate to
TRUE, the function returns the value of FALSE.
Return Type: TRUE or FALSE
Syntax: OR(logical1, logical2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

logical1, logical2, Conditions that can be evaluated to TRUE or FALSE. This

and so on condition can be written with any comparison operator (=, <, >,
<=, >=, <>). An example of how this parameter might be
formatted is [Field 1]>20.

Examples:

Chapter 3: Formula Builder 89

 RSA Archer GRC Platform Calculations

Formula Result

OR([Risk] = 4, [Criticality] = 7) True (because one of the two parameters

evaluated TRUE)
where the value in the Risk field is 4 and
the value in the Criticality field is 2.

OR([Risk] = 4, [Criticality] = 7) False (because both of the parameters

evaluated FALSE)
where the value in the Risk field is 9 and
the value in the Criticality field is 5.

Math Functions
Math functions allow you to to manipulate numeric values through a variety of
options. Available functions within this category include:
l ABS Function l ODD Function
l ACOS Function l PI Function
l ACOSH Function l POWER Function
l ASIN Function l PRODUCT Function
l ASINH Function l QUOTIENT Function
l ATAN Function l RADIANS Function
l ATAN2 Function l RAND Function
l ATANH Function l ROUND Function
l COMBIN Function l ROUNDDOWN Function
l COS Function l ROUNDUP Function
l COSH Function l SIGN Function
l DEGREES Function l SIN Function
l EVEN Function l SINH Function
l EXP Function l SQRT Function
l FACT Function l SUM Function
l FLOOR Function l SUMIF Function
l INT Function l SUMX2MY2 Function
l LN Function l TAN Function
l LOG Function l TANH Function
l LOG10 Function l TRUNC Function
l MOD Function

90 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

ABS Function
The ABS function returns the absolute value of a number. The absolute value of a
number is the distance of a number from zero.
Return Type: Numeric
Syntax: ABS(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The number for which you want to return the absolute value.

Examples:

Formula Result

ABS(-8) 8

ABS([Yearly Profit]) 1234

where Yearly Profit is a Numeric field with
a value of -1234.

ACOS Function
The ACOS function returns the arccosine (inverse cosine) of an angle. The returned
value is expressed in radians.
Return Type: Numeric
Syntax: ACOS(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

Number The cosine of the angle for which you want to determine the
arccosine. The value for this parameter must be between -1 and 1.

Examples:

Chapter 3: Formula Builder 91

 RSA Archer GRC Platform Calculations

Formula Result

ACOS(.5) 1.047198

ACOS([Angle Cosine]) .785398

where Angle Cosine is a Numeric field
with a value of .707107.

ACOSH Function
The ACOSH function returns the inverse hyperbolic cosine of a number.
Return Type: Numeric
Syntax: ACOSH(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

Number The number for which you want to determine the inverse
hyperbolic cosine. The value for this parameter must be greater
than or equal to 1.

Examples:

Formula Result

ACOSH(1) 0

ACOSH([Number]) 2.292432
where Number is a Numeric field with a
value of 5.

ASIN Function
The ASIN function returns the arcsine (inverse sine) of an angle. The returned
value is expressed in radians.
Return Type: Numeric
Syntax: ASIN(number)
In the above syntax, parameters in bold are required.

92 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

Number The sine of the angle for which you want to determine the
arcsine. The value for this parameter must be between -1 and 1.

Examples:

Formula Result

ASIN(.5) .523599

ASIN([Angle Sine]) 1.570796

where Angle Sine is a Numeric field with a
value of 1.

ASINH Function
The ASINH function returns the inverse hyperbolic sine of a number.
Return Type: Numeric
Syntax: ASINH(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

Number The number for which you want to determine the inverse
hyperbolic sine. The value for this parameter must be greater than
or equal to 1.

Examples:

Formula Result

ASINH(1) .881374

ASINH([Number]) 2.312438
where Number is a Numeric field with a
value of 5.

ATAN Function
The ATAN function returns the arctangent (inverse tangent) of an angle. The
returned value is expressed in radians.

Chapter 3: Formula Builder 93

 RSA Archer GRC Platform Calculations

Return Type: Numeric

Syntax: ATAN(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

Number The tangent of the angle for which you want to determine the
arctangent.

Examples:

Formula Result

ATAN(.5) .463648

ATAN([Angle Tangent]) .785398

where Angle Tangent is a Numeric field
with a value of 1.

ATAN2 Function
The ATAN2 function returns the arctangent (inverse tangent) of a specified set of
x/y coordinates. The returned value is expressed in radians.
Return Type: Numeric
Syntax: ATAN2(x_number, y_number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x_number The x coordinate of a point.

y_number The y coordinate of a point.

Examples:

Formula Result

ATAN2(2,2) .785398

ATAN2([X Point],[Y Point]) 1.373401

where X Point and Y Point are Numeric
fields with values of 1 and 5, respectively.

94 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

ATANH Function
The ATANH function returns the inverse hyperbolic tangent of a number.
Return Type: Numeric
Syntax: ATANH(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

Number The number for which you want to determine the inverse
hyperbolic tangent. The value for this parameter must be between
-1 and 1.

Examples:

Formula Result

ATANH(.5) .549306

ATANH([Number]) -.25541
where Number is a Numeric field with a
value of
-.25.

COMBIN Function
The COMBIN function returns the number of combinations for a given number of
items. Use COMBIN to determine the total possible number of groups for a given
number of items.

Note: A combination is any set or subset of items, regardless of their internal order.
Combinations are distinct from permutations, for which the internal order is
significant.

Return Type: Numeric

Syntax: COMBIN(number,number_chosen)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 95

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number The number of items. Numeric arguments are truncated to

integers.

Note: If nonnumeric, if number < 0 or if number < number_

chosen, COMBIN returns an error.

number_chosen The number of items in each combination. Numeric arguments

are truncated to integers.

Note: If nonnumeric, if number_chosen < 0 or if number <

number_chosen, COMBIN returns an error.

Example:

Formula Result

COMBIN([Candidates],[Team Size]) 28
where the value in the Candidates field is 8
and the value in the Team Size field is 2.

COS Function
The COS function returns the cosine of the given angle.
Return Type: Numeric
Syntax: COS(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The angle in radians for which you want the cosine.

Note: If the angle is in degrees, either multiply the angle by PI()

/180 or use the RADIANS function to convert the angle to
radians.

Examples:

96 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

=COS(1.047) Cosine of 1.047 radians (0.500171)

=COS(60*PI()/180) Cosine of 60 degrees (0.5)

=COS(RADIANS(60)) Cosine of 60 degrees (0.5)

COSH Function
The COSH function returns the hyperbolic cosine of a number.
Return Type: Numeric
Syntax: COSH(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number Any real number for which you want to find the hyperbolic
cosine.

Examples:

Formula Result

COSH(4) Hyperbolic cosine of 4 (27.30823)

=COSH(EXP(1)) Hyperbolic cosine of the base of the

natural logarithm (7.610125)

DEGREES Function
The DEGREES function converts radians into degrees.
Return Type: Numeric
Syntax: DEGREES(angle)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

angle The angle, in radians, that you want to convert.

Example:

Chapter 3: Formula Builder 97

 RSA Archer GRC Platform Calculations

Formula Result

DEGREES(PI()) Degrees of pi radians (180)

EVEN Function
The EVEN function returns the number rounded up to the nearest even integer. You
can use this function for processing items that come in twos. For example, a
packing crate accepts rows of one or two items. The crate is full when the number
of items, rounded up to the nearest two, matches the crate's capacity.
Return Type: Numeric
Syntax: EVEN(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The value to round. If number is non-numeric, EVEN returns an

error. Regardless of the sign of number, a value is rounded up
when adjusted away from zero. If number is an even integer, no
rounding occurs.

Examples:

Formula Result

EVEN(1.5) Rounds 1.5 up to the nearest even integer

(2)

EVEN(3) Rounds 3 up to the nearest even integer

(4)

EVEN(2) Rounds 2 up to the nearest even integer

(2)

EVEN(-1) Rounds -1 up to the nearest even integer (-

2)

EXP Function
The EXP function returns e raised to the power of number. The constant e equals
2.71828182845904, the base of the natural logarithm.
Return Type: Numeric
Syntax: EXP(number)
In the above syntax, parameters in bold are required.

98 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number The exponent applied to the base e. To calculate powers of other

bases, use the exponentiation operator (^). EXP is the inverse of
LN, the natural logarithm of number.

Examples:

Formula Result

EXP(1) Approximate value of e (2.718282)

EXP(2) Base of the natural logarithm e raised to

the power of 2 (7.389056)

FACT Function
The FACT function returns the factorial of a number. The factorial of a number is
equal to 1*2*3*...* number.
Return Type: Numeric
Syntax: FACT(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The non-negative number for which you want the factorial. If
number is not an integer, it is truncated.

Examples:

Formula Result

FACT(5) Factorial of 5, or 1*2*3*4*5 (120)

FACT(1.9) Factorial of the integer of 1.9 (1)

FACT(0) Factorial of 0 (1)

FACT(-1) Negative numbers return an error.

FACT(1) Factorial of 1 (1)

Chapter 3: Formula Builder 99

 RSA Archer GRC Platform Calculations

FLOOR Function
The FLOOR function rounds a number down toward zero, to the nearest multiple of
significance.
Return Type: Numeric
Syntax: FLOOR(number, significance)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The number that you want to round down to the nearest integer.
This parameter can be formatted as a Numeric-field reference, for
example, [field name]), or as another formula that results in a
numeric value, such as SUM([field 1],[field 2]) where field 1 and
field 2 are Numeric fields.

significance The multiple to which you want to round.

Examples:

Formula Result

FLOOR([Score], 1) 2
where the value in the Score field is 2.5.

FLOOR(SUM([Risk], [Criticality]), 5) 15
where the sum of the values in the Risk
and Criticality fields is 17.10.

INT Function
The INT function rounds a number down to the nearest integer.
Return Type: Numeric
Syntax: INT(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The real number you want to round down to an integer.

Examples:

100 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

INT(8.9) Rounds 8.9 down (8)

INT(-8.9) Rounds -8.9 down (-9)

LN Function
The LN function returns the natural logarithm of a number. Natural logarithms are
based on the constant e (2.71828182845904).
Return Type: Numeric
Syntax: LN(number)
In the above syntax, parameters in bold are required.

Parameter Description

number The positive real number for which you want the natural logarithm. LN is
the inverse of the EXP function.

Examples:

Formula Result

LN(86) Natural logarithm of 86 (4.454347)

LN(2.7182818) Natural logarithm of the value of the

constant e (1)

LN(EXP(3)) Natural logarithm of e raised to the power

of 3 (3)

LOG Function
The LOG function returns the logarithm of a number to the base that you specify.
Return Type: Numeric
Syntax: LOG(number,base)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The positive real number for which you want the logarithm.

base The base of the logarithm. If base is omitted, it is assumed to be

10.

Chapter 3: Formula Builder 101

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

LOG(10) Logarithm of 10 (1)

LOG(8, 2) Logarithm of 8 with base 2 (3)

LOG(86, 2.7182818) Logarithm of 86 with base e (4.454347)

LOG10 Function
The LOG10 function returns the base-10 logarithm of a number.
Return Type: Numeric
Syntax: LOG10(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The positive real number for which you want the base-10
logarithm.

Examples:

Formula Result

LOG10(86) Base-10 logarithm of 86 (1.934498451)

LOG10(10) Base-10 logarithm of 10 (1)

LOG10(1E5) Base-10 logarithm of 1E5 (5)

LOG10(10^5) Base-10 logarithm of 10^5 (5)

MOD Function
The MOD function returns the remainder after number is divided by divisor. The
result has the same sign as divisor.
Return Type: Numeric
Syntax: MOD(number,divisor)
In the above syntax, parameters in bold are required.

102 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number The number for which you want to find the remainder.

divisor The number by which you want to divide the number.

Note: If divisor is 0, MOD returns an error.

Examples:

Formula Result

MOD(3,2) Remainder of 3/2 (1)

MOD(-3, 2) Remainder of -3/2. The sign is the same as

divisor (1).

MOD(3, -2) Remainder of 3/-2. The sign is the same as

divisor (-1).

MOD(-3, -2) Remainder of -3/-2. The sign is the same

as divisor (-1).

ODD Function
The ODD function returns number rounded up to the nearest odd integer.
Return Type: Numeric
Syntax: ODD(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The value to round.

Note: If number is non-numeric, ODD returns an error. Regardless

of the sign of number, a value is rounded up when adjusted away
from zero. If number is an odd integer, no rounding occurs.

Examples:

Chapter 3: Formula Builder 103

 RSA Archer GRC Platform Calculations

Formula Result

ODD(1.5) Rounds 1.5 up to the nearest odd integer

(3)

ODD(3) Rounds 3 up to the nearest odd integer (3)

ODD(2) Rounds 2 up to the nearest odd integer (3)

ODD(-1) Rounds -1 up to the nearest odd integer (-

1)

ODD(-2) Rounds -2 up to the nearest odd integer (-

3)

PI Function
The PI function returns the number 3.14159265358979, the mathematical constant
pi, accurate to 15 digits.
Return Type: Numeric
Syntax: PI()
This function does not have any parameters.
Examples:

Formula Result

PI() Pi (3.14159265358979)

PI()/2 Pi/2 (1.570796327)

PI()*(3^2) Area of a circle, with the radius given

(28.27433388)

POWER Function
The POWER function returns the result of a number raised to a power.

Note: The "^" operator can be used instead of POWER to indicate to what power
the base number is to be raised, such as in 5^2.

Return Type: Numeric

Syntax: POWER(number,power)
In the above syntax, parameters in bold are required.

104 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number The base number. It can be any real number.

power The exponent to which the base number is raised.

Examples:

Formula Result

POWER(5,2) 5 squared (25)

POWER(98.6,3.2) 98.6 raised to the power of 3.2 (2401077)

POWER(4,5/4) 4 raised to the power of 5/4 (5.656854)

PRODUCT Function
The PRODUCT function multiplies all the numbers given as arguments and returns
the product. The PRODUCT function is useful when you need to multiply many
fields together.
Return Type: Numeric
Syntax: PRODUCT(number1,number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1 The number or range that you want to multiply.

Note: If an argument is a reference, only numbers in the reference

are multiplied. Empty fields, logical values, and text in the
reference are ignored.

number2,... Additional numbers or ranges that you want to multiply, up to a

maximum of 255 arguments.

Examples:

Chapter 3: Formula Builder 105

 RSA Archer GRC Platform Calculations

Formula Result

PRODUCT( REF( [Data Set], [Values])) 2250

where Data Set is a cross-reference field
and the values in the Values field are 5, 15,
and 30.

PRODUCT( REF( [Data Set], [Values]),2) 4500

where Data Set is a cross-reference field
and the values in the Values field are 5, 15,
and 30.

QUOTIENT Function
The QUOTIENT function returns the integer portion of a division by discarding the
remainder.
Return Type: Numeric
Syntax: QUOTIENT(numerator, denominator)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

numerator The number representing the dividend for a division operation.

denominator The number representing the divisor for a division operation.

Examples:

Formula Result

QUOTIENT (42, 5) 8
where 42 / 5 = 8.4.

QUOTIENT (11.5, 2.15) 5

where 11.5 / 2.15 = 5.348837209.

QUOTIENT (-33, 4.08) -8

where -33 / 4.08 = -8.088235294.

QUOTIENT ([Rating], [Rank]) 15

where the value of Rating is 92.68, the
value of Rank is 6, and [Rating] / [Rank] =
15.44666667.

106 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

RADIANS Function
The RADIANS function converts degrees to radians.
Return Type: Numeric
Syntax: RADIANS(angle)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

angle An angle in degrees that you want to convert.

Example:

Formula Result

RADIANS(270) 270 degrees as radians (4.712389 or 3π/2

radians)

RAND Function
The RAND function returns an evenly distributed random real number greater than
or equal to 0 and less than 1. A new random real number is returned every time the
worksheet is calculated.
To generate a random real number between a and b, use:
RAND()*(b-a)+a
Return Type: Numeric
Syntax: RAND()
This function does not have any parameters.
Examples:

Formula Result

RAND() A random number between 0 and 1

(varies).

RAND()*100 A random number greater than or equal to

0 but less than 100 (varies).

ROUND Function
The ROUND function rounds a number to a specified number of digits.
Return Type: Numeric

Chapter 3: Formula Builder 107

 RSA Archer GRC Platform Calculations

Syntax: ROUND(number, num_digits)

In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The number that you want to round. This parameter can be
formatted as a Numeric-field reference, for example, [field name],
or as another formula that results in a numeric value, such as
SUM([field 1],[field 2]) where field 1 and field 2 are Numeric
fields.

num_digits Specifies the number of digits to which you want to round the
number. If the num_digits parameter is greater than 0 (zero), the
number is rounded to the specified number of decimal places. If
the num_digits parameter is equal to 0, the number is rounded to
the nearest integer. If the num_digits parameter is less than 0, the
number is rounded to the left of the decimal point to the
specified number of decimal places. For example, if the num_
digits parameter is -1 and the number is 101.5, the number would
be rounded to 100.

Examples:

Formula Result

ROUND([Score], 0) 23
where the value in the Score field is
23.357.

ROUND(SUM ([Risk], [Criticality]), 2) 17.10

where the value in the Risk field is 12.725
and the value in the Criticality field is
4.351.

ROUNDDOWN Function
The ROUNDDOWN function rounds a number down, toward zero.
ROUNDDOWN behaves like ROUND, except that it always rounds a number
down.
Return Type: Numeric
Syntax: ROUNDDOWN(number,num_digits)
In the above syntax, parameters in bold are required.

108 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number Any real number that you want rounded down.

num_digits The number of digits to which you want to round the number.

Note: If num_digits is greater than 0 (zero), the number is

rounded down to the specified number of decimal places. If
num_digits is 0, the number is rounded down to the nearest
integer. If num_digits is less than 0, the number is rounded down
to the left of the decimal point.

Examples:

Formula Result

ROUNDDOWN(3.2,0) Rounds 3.2 down to zero decimal places

(3)

ROUNDDOWN(76.9,0) Rounds 76.9 down to zero decimal places

(76)

ROUNDDOWN( 3.14159,3) Rounds 3.14159 down to three decimal

places (3.141)

ROUNDDOWN(-3.14159,1) Rounds -3.14159 down to one decimal

place
(-3.1)

ROUNDDOWN(31415.92654,-2) Rounds 31415.92654 down to 2 decimal

places to the left of the decimal (31400)

ROUNDUP Function
The ROUNDUP function rounds a number up, away from 0 (zero). ROUNDUP
behaves like ROUND, except that it always rounds a number up.
Return Type: Numeric
Syntax: ROUNDUP(number,num_digits)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 109

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number Any real number that you want rounded up.

num_digits The number of digits to which you want to round the number.

Note: If num_digits is greater than 0 (zero), the number is

rounded up to the specified number of decimal places. If num_
digits is 0, the number is rounded up to the nearest integer. If
num_digits is less than 0, the number is rounded up to the left of
the decimal point.

Examples:

Formula Result

ROUNDUP(3.2,0) Rounds 3.2 up to zero decimal places (4)

ROUNDUP(76.9,0) Rounds 76.9 up to zero decimal places

(77)

ROUNDUP(3.14159, 3) Rounds 3.14159 up to three decimal

places (3.142)

ROUNDUP(-3.14159, 1) Rounds -3.14159 up to one decimal place

(-3.2)

ROUNDUP(31415.92654, -2) Rounds 31415.92654 up to 2 decimal

places to the left of the decimal (31500)

SIGN Function
The SIGN function determines the sign of a number. Returns 1 if the number is
positive, zero (0) if the number is 0, and -1 if the number is negative.
Return Type: Numeric
Syntax: SIGN(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number Any real number.

Examples:

110 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SIGN(10) Sign of a positive number (1)

SIGN(4-4) Sign of zero (0)

SIGN(-0.00001) Sign of a negative number (-1)

SIN Function
The SIN function returns the sine of a given angle.
Return Type: Numeric
Syntax: SIN(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The angle in radians for which you want the sine.

Note: If your argument is in degrees, multiply it by PI()/180 or

use the RADIANS function to convert it to radians.

Examples:

Formula Result

SIN(PI()) Sine of pi radians (0, approximately)

SIN(PI()/2) Sine of pi/2 radians (1)

SIN(30*PI()/180) Sine of 30 degrees (0.5)

SIN(RADIANS(30)) Sine of 30 degrees (0.5)

SINH Function
The SINH function returns the hyperbolic sine of a number.
Return Type: Numeric
Syntax: SINH(number)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 111

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number Any real number.

Examples:

Formula Result

SINH(1) Hyperbolic sine of 1 (1.175201194)

SINH(-1) Hyperbolic sine of -1 (-1.175201194)

You can use the hyperbolic sine function to approximate a cumulative probability
distribution. Suppose a laboratory test value varies between 0 and 10 seconds. An
empirical analysis of the collected history of experiments shows that the probability
of obtaining a result, x, of less than t seconds is approximated by the following
equation:
P(x<t) = 2.868 * SINH(0.0342 * t), where 0<t<10
To calculate the probability of obtaining a result of less than 1.03 seconds,
substitute 1.03 for t.

Formula Result

2.868*SINH(0.0342*1.03) Probability of obtaining a result of less

than 1.03 seconds (0.101049063).
You can expect this result to occur about
101 times for every 1000 experiments.

SQRT Function
The SQRT function returns a positive square root.
Return Type: Numeric
Syntax: SQRT(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The number for which you want the square root.

Note: If number is negative, SQRT returns an error.

Example:

112 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SQRT(16) Square root of 16 (4)

SUM Function
The SUM function adds all of the numbers in the specified parameters. If the SUM
function references a multi-selection values list, it can be used with the
SELECTED function to return the sum of the numeric values for each of the
currently selected items.
Return Type: Numeric
Syntax: SUM(number1, number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1, number2, Parameters for which you want the total value. These parameters
and so on can be entered as hard-coded values, for example, 2, or Numeric-
field references, for example, [field name]. Referenced fields can
reside within the application or within Sub-Form, Cross-
Reference, or Related Records fields.

Examples:

Formula Result

SUM(3, [Risk]) 15
where the value in the Risk field is 12.

SUM([Risk], [Criticality]) 19
where the value in the Risk field is 12 and
the value in the Criticality field is 7.

SUM(REF([Orders],[Price])) 202.94
where the value in the Price field within
the Orders sub-form are 120.00, 50.19, and
32.75.

SUM(SELECTEDVALUENUMBER([Key 25
Factors]))
where Key Factors is a multi-selection
Values List field and the numeric values of
the current selections are 3, 8, 4, and 10.

Chapter 3: Formula Builder 113

 RSA Archer GRC Platform Calculations

SUMIF Function
The SUMIF function sums the values of a specified Numeric field across all
records in a Sub-Form, Cross-Reference, or Related Records field that contain a
specific value in a given field. For example, you can return the sum of all Price
field values across all cross-referenced records in which the Status field is set to
“Shipped.”
Return Type: Numeric
Syntax: SUMIF(eval_field_ref, criterion, sum_field_ref)
In the above syntax, parameters in bold are required.

114 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Chapter 3: Formula Builder 115

 RSA Archer GRC Platform Calculations

Parameter Description

eval_field_ref The reference to the field against which the criterion will be
evaluated.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

criterion The test that will be performed against eval_field_ref to

determine whether a given record will be qualified for the sum
operation. The criterion can involve Values List, User/Groups
List, and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values Lists. If eval_field_ref is a Values List field, enclose
the criterion value in VALUEOF or supply it as a quoted
literal string, for example, "Dallas".
l User/Groups List and Record Permissions Fields. If eval_
field_ref is a User/Groups List or Record Permissions field,
enclose the criterion value in USER or GROUP (as
appropriate for the criterion).
l Text, Numeric, or Date Fields. If eval_field_ref is a Text,
Numeric, or Date field, the criterion must be enclosed in
quotes, for example, ">56", and the criterion can involve any
of the supported comparison operators (=, <, >, <=, >=, <>).

Note: The evaluation will always result in no matches if there is

a space between the operator and the test value. For example, if
the intent is to sum a given Numeric field across all sub-form
records where a another given field contains a numeric value
greater than 56, a space cannot appear in the formula between
the ">" and the "56"

If a function is used in the criterion, the function must be

concatenated to the comparison operator. For example, the proper
criterion syntax for specifying "greater than today" would be:
">"&TODAY( )
The criterion parameter supports the use of literal dates or a date
value derived from the TODAY function. If a literal date string is
specified, it must be wrapped in a DATETIMEVALUE function.

sum_field_ref The reference to a Numeric field that will be summed across all
qualified records.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

116 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Examples:

Chapter 3: Formula Builder 117

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Cases], [Status]), VALUEOF 832

(REF([Cases], [Status]), "Open"),REF
([Cases], [Time Spent]))
where:
l The name of the Cross-Reference field is
Cases.
l The Status Values List field contains the
values to be evaluated.
l The criterion for matching on the Status
field is the selection “Open”.
l Time Spent is a Numeric field
containing the numeric values to be
summed.
l The sum of Time Spent across all
“Open” cases is 832 minutes.

118 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Items], [Line Item Cost]), 2378.10

">5.99",REF([Items], [Line Total]))
where:
l The name of the Sub-Form field is Items.
l The Line Item Cost Numeric field in the
related sub-form contains the data to be
evaluated.
l The criterion for matching on Line Item
Cost is values greater than 5.99.
l Line Total is a Numeric field containing
the numeric values to be summed.
l The sum of Line Total across all sub-
form records where Line Item Cost is
greater than 5.99 is 2378.10.

SUMIF(REF([Properties], [Sale Price]), 2654887

">=150000")
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Price Numeric field in the
related application contains the data to
be evaluated.
l The criterion for matching on Sale Price
is values greater than or equal to
150000.
l The sum of Sale Price across all related
records where Line Item Cost is greater
than or equal to 150000 is 1654887.

Note: In this example, the sum_field_ref is

not passed to SUMIF. As a result, the
system will use Sale Price for evaluation
purposes and for summing.

Chapter 3: Formula Builder 119

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Properties], [Sale Date]), 1299000

">="&DATETIMEVALUE
("7/1/2008"),REF([Properties], [Sale Price]))
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Date field in the related
application contains the data to be
evaluated.
l The criterion for matching on Sale Date
is dates greater than or equal to
7/1/2008.
l Sale Price is a Numeric field containing
the numeric values to be summed.
l The sum of Sale Price across all related
records where Sales Date is greater than
or equal to 7/1/2008 is 1299000.

120 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

eval_field_ref The reference to the field against which the criterion will be
evaluated.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

criterion The test that will be performed against eval_field_ref to

determine whether a given record will be qualified for the sum
operation. The criterion can involve Values List, User/Groups
List, and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values Lists. If eval_field_ref is a Values List field, enclose
the criterion value in VALUEOF or supply it as a quoted
literal string, for example, "Dallas".
l User/Groups List and Record Permissions Fields. If eval_
field_ref is a User/Groups List or Record Permissions field,
enclose the criterion value in USER or GROUP (as
appropriate for the criterion).
l Text, Numeric, or Date Fields. If eval_field_ref is a Text,
Numeric, or Date field, the criterion must be enclosed in
quotes, for example, ">56", and the criterion can involve any
of the supported comparison operators (=, <, >, <=, >=, <>).

Note: The evaluation will always result in no matches if there is

a space between the operator and the test value. For example, if
the intent is to sum a given Numeric field across all sub-form
records where a another given field contains a numeric value
greater than 56, a space cannot appear in the formula between
the ">" and the "56"

If a function is used in the criterion, the function must be

concatenated to the comparison operator. For example, the proper
criterion syntax for specifying "greater than today" would be:
">"&TODAY( )
The criterion parameter supports the use of literal dates or a date
value derived from the TODAY function. If a literal date string is
specified, it must be wrapped in a DATETIMEVALUE function.

sum_field_ref The reference to a Numeric field that will be summed across all
qualified records.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

Chapter 3: Formula Builder 121

 RSA Archer GRC Platform Calculations

Examples:

122 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Cases], [Status]), VALUEOF 832

(REF([Cases], [Status]), "Open"),REF
([Cases], [Time Spent]))
where:
l The name of the Cross-Reference field is
Cases.
l The Status Values List field contains the
values to be evaluated.
l The criterion for matching on the Status
field is the selection “Open”.
l Time Spent is a Numeric field
containing the numeric values to be
summed.
l The sum of Time Spent across all
“Open” cases is 832 minutes.

Chapter 3: Formula Builder 123

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Items], [Line Item Cost]), 2378.10

">5.99",REF([Items], [Line Total]))
where:
l The name of the Sub-Form field is Items.
l The Line Item Cost Numeric field in the
related sub-form contains the data to be
evaluated.
l The criterion for matching on Line Item
Cost is values greater than 5.99.
l Line Total is a Numeric field containing
the numeric values to be summed.
l The sum of Line Total across all sub-
form records where Line Item Cost is
greater than 5.99 is 2378.10.

SUMIF(REF([Properties], [Sale Price]), 2654887

">=150000")
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Price Numeric field in the
related application contains the data to
be evaluated.
l The criterion for matching on Sale Price
is values greater than or equal to
150000.
l The sum of Sale Price across all related
records where Line Item Cost is greater
than or equal to 150000 is 1654887.

Note: In this example, the sum_field_ref is

not passed to SUMIF. As a result, the
system will use Sale Price for evaluation
purposes and for summing.

124 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Properties], [Sale Date]), 1299000

">="&DATETIMEVALUE
("7/1/2008"),REF([Properties], [Sale Price]))
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Date field in the related
application contains the data to be
evaluated.
l The criterion for matching on Sale Date
is dates greater than or equal to
7/1/2008.
l Sale Price is a Numeric field containing
the numeric values to be summed.
l The sum of Sale Price across all related
records where Sales Date is greater than
or equal to 7/1/2008 is 1299000.

SUMX2MY2 Function
The SUMX2MY2 function returns the sum of the difference of squares of
corresponding values in two sets of fields.
Return Type: Numeric
Syntax: SUMX2MY2(values_x,values_y)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values_x The first range of values.

values_y The second range of values.

Note: The arguments should be either numbers, names, or references that contain
numbers. If a reference argument contains text, logical values, or empty cells, those
values are ignored; however, fields with the value zero are included. If values_x
and values_y have a different number of values, SUMX2MY2 returns an error.

Example:

Chapter 3: Formula Builder 125

 RSA Archer GRC Platform Calculations

Formula Result

SUMX2MY2(REF([Data Set], Sum of the difference of squares of the

[Values1]),REF([Data Set],[Values2])) two sets of values given (-55)
where Data Set is a cross-reference field,
the values in the Values1 field are 2, 3, 9,
1, 8, 7 and 5 and the values in the Values2
field are 6, 5, 11, 7, 5, 4 and 4.

TAN Function
The TAN function returns the tangent of the given angle.
Return Type: Numeric
Syntax: TAN(number)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The angle in radians for which you want the tangent.

Note: If your argument is in degrees, multiply it by PI()/180 or

use the RADIANS function to convert it to radians.

Examples:

Formula Result

TAN(0.785) Tangent of 0.785 radians (0.99920)

TAN(45*PI()/180) Tangent of 45 degrees (1)

TAN(RADIANS(45)) Tangent of 45 degrees (1)

TANH Function
The TANH function returns the hyperbolic tangent of a number.
Return Type: Numeric
Syntax: TANH(number)
In the above syntax, parameters in bold are required.

126 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number Any real number.

Examples:

Formula Result

TANH(-2) Hyperbolic tangent of -2 (-0.96403)

TANH(0) Hyperbolic tangent of 0 (0)

TANH(0.5) Hyperbolic tangent of 0.5 (0.462117)

TRUNC Function
The TRUNC function truncates a number to an integer by removing the fractional
part of the number.
Return Type: Numeric
Syntax: TRUNC(number, num_digits)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The number that you want to truncate. This parameter can be
formatted as a Numeric-field reference, for example, [field name],
or as another formula that results in a numeric value, such as
SUM([field 1],[field 2]) where field 1 and field 2 are Numeric
fields.

num_digits Specifies the precision of the truncation. This parameter is

typically omitted; however, you can include this parameter to
truncate a number at a specific decimal place.

Examples:

Chapter 3: Formula Builder 127

 RSA Archer GRC Platform Calculations

Formula Result

TRUNC([Score]) 3
where the value in the Score field is 3.427.

TRUNC([Score], 1) 3.4
where the value in the Score field is 3.427.

IF(TRUNC([Ship Date-Time]) = TODAY( ), Shipped Today

“Shipped Today”, “Not Shipped Today”)
In this example, the Ship Date-Time field is
a Date field set to capture date and time
information. Date fields technically contain
a serial number representing the literal date
and time. Serial numbers are based on the
number of days a date is past January 1,
1900. For example, if the Ship Date-Time
field has a value of 9/3/2010 3:17 PM, the
value that will be returned for use by the
enclosed TRUNC function will be the
serial number 40424.6368055556.
The TODAY function also returns a serial
number, but includes only the date portion
of the serial; the time portion (which falls
to the right of the decimal in the serial
number) will be omitted. In this example,
TRUNC is being used to trim the time
portion of the serial contained in the Ship
Date-Time field. This allows the two dates
to be compared without considering the
time portion of the Ship Date-Time field.

Statistics Functions
Statistics functions allow you to analyze information through the use of many
common statistical options. Available functions within this category include:
l AVEDEV Function l MIN Function
l AVERAGE Function l MINA Function
l AVERAGEA Function l MODE Function
l BINOMDIST Function l NEGBINOMDIST Function
l CHIDIST Function l NORMDIST Function
l CHIINV Function l PEARSON Function

128 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

l CONFIDENCE Function l PERCENTILE Function

l CORREL Function l PERCENTRANK Function
l COUNT Function l PERMUT Function
l COUNTA Function l POISSON Function
l COUNTBLANK Function l PROB Function
l COUNTIF Function l RANK Function
l COVAR Function l RSQ Function
l CRITBINOM Function l SKEW Function
l DEVSQ Function l SLOPE Function
l EXPONDIST Function l SMALL Function
l FDIST Function l STANDARDIZE Function
l FINV Function l STDEV Function
l FISHER Function l STDEVA Function
l FISHERINV Function l STDEVP Function
l FORECAST Function l STDEVPA Function
l GAMMADIST Function l STEYX Function
l GAMMAINV Function l SUM Function
l GAMMALN Function l SUMIF Function
l GEOMEAN Function l SUMPRODUCT Function
l HARMEAN Function l SUMSQ Function
l HYPGEOMDIST Function l SUMX2PY2 Function
l INTERCEPT Function l SUMXMY2 Function
l KURT Function l TRIMMEAN Function
l LARGE Function l VAR Function
l LOGINV Function l VARA Function
l LOGNORMDIST Function l VARP Function
l MAX Function l VARPA Function
l MAXA Function l WEIBULL Function
l MEDIAN Function l ZTEST Function

AVEDEV Function
The AVEDEV function returns the average deviation of a set of values from their
mean.
Return Type: Numeric
Syntax: AVEDEV(number1, number2,...)

Chapter 3: Formula Builder 129

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

number1, number2, Numbers for which you want to determine the average deviation.
and so on You can format these parameters as hard-coded numeric values,
for example, 30, Numeric-field references, for example, [field
name], or as another formula that results in a numeric value, such
as SUM([field 1],[field 2]) where field 1 and field 2 are Numeric
fields.

Note: If a field contains no value (is empty), that value will be

ignored and not included in the final computation of the
calculation. Values of 0, however, are included in the
calculation.

Examples:

Formula Result

AVEDEV[Risk], [Criticality], 2.666667

[Availability])
where the value in the Risk field is 5, the
value in the Criticality field is 7, and the
value in the Availability field is 12.

AVEDEV([Risk], [Criticality], 30, 10) 8.5

where the value in the Risk field is 5 and
the value in the Criticality field is 7.

AVERAGE Function
The AVERAGE function returns the average (arithmetic mean) value in a set of
values.
Return Type: Numeric
Syntax: AVERAGE(number1, number2,...)
In the above syntax, parameters in bold are required.

130 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number1, number2, Numbers that you want to average. You can format these
and so on parameters as hard-coded numeric values, for example, 30,
Numeric-field references, for example, [field name], or as another
formula that results in a numeric value, such as SUM([field 1],
[field 2]) where field 1 and field 2 are Numeric fields.

Examples:

Formula Result

AVERAGE([Risk], [Criticality], 8
[Availability])
where the value in the Risk field is 5, the
value in the Criticality field is 7, and the
value in the Availability field is 12.

AVERAGE([Risk], [Criticality], 30) 14

where the value in the Risk field is 5 and
the value in the Criticality field is 7

AVERAGEA Function
The AVERAGEA function returns the average deviation of a set of values from
their mean and includes text representation of numbers or logical values.
Return Type: Numeric
Syntax: AVERAGEA(number1, number2,...)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 131

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number1, number2, Numbers for which you want to determine the average deviation.
and so on You can format these parameters as hard-coded numeric values,
for example, 30, Numeric-field references, for example, [field
name], or as another formula that results in a numeric value, such
as SUM([field 1],[field 2]) where field 1 and field 2 are Numeric
fields.

Note: If a field contains no value (is empty) that value will be

ignored and not included in the final computation of the
calculation. Values of 0, however, are included in the
calculation.

Note: Fields that contain the text "TRUE" will be evaluated as

"1". Fields that contain the text "FALSE" will be evaluated as "0"
(zero).

Examples:

Formula Result

AVERAGEA[Risk], [Criticality], [Offshore 4.333333

Facilities])
where the value in the Risk field is 5, the
value in the Criticality field is 7, and the
value in the Offshore Facilities field is
"TRUE",

AVERAGEA([Risk], [Criticality], 30, 10.5

[Offshore Facilities])
where the value in the Risk field is 5, the
value in the Criticality field is 7, and the
value in the Offshore Facilities field is
"FALSE",

BINOMDIST Function
The BINOMDIST function returns the individual term binomial distribution
probability. Use BINOMDIST in problems with a fixed number of tests or trials,
when the outcomes of any trial are only success or failure, when trials are
independent, and when the probability of success is constant throughout the
experiment. For example, BINOMDIST can calculate the probability that two of
the next three babies born are male.
Return Type: Numeric

132 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Syntax: BINOMDIST(number_s,trials,probability_s,cumulative)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number_s The number of successes in trials. Truncated to an integer.

Note: If non-numeric, if number_s < 0, or if number_s > trials,

BINOMDIST returns an error.

trials The number of independent trials. Truncated to an integer.

Note: If non-numeric, BINOMDIST returns an error.

probability_s The probability of success on each trial.

Note: If non-numeric, if probability_s < 0, or if probability_s > 1,

BINOMDIST returns an error.

cumulative A logical value that determines the form of the function. If

cumulative is TRUE, then BINOMDIST returns the cumulative
distribution function, which is the probability that there are at
most number_s successes; if FALSE, it returns the probability
mass function, which is the probability that there are number_s
successes.

Example:

Formula Result

BINOMDIST([Successes], [Trials], 0.205078

[Probability], FALSE)
where the value in the Successes field is 6,
the value in the Trials field is 10, and the
value in the Probability field is 0.5.

CHIDIST Function
The CHIDIST function returns the one-tailed probability of the chi-squared
distribution. The χ2 distribution is associated with a χ2 test. Use the χ2 test to
compare observed and expected values. For example, a genetic experiment might
hypothesize that the next generation of plants will exhibit a certain set of colors. By
comparing the observed results with the expected ones, you can decide whether
your original hypothesis is valid. CHIDIST is calculated as CHIDIST = P(X>x),
where X is a χ2 random variable.

Chapter 3: Formula Builder 133

 RSA Archer GRC Platform Calculations

Return Type: Numeric

Syntax: CHIDIST(x,degrees_freedom)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The value at which you want to evaluate the distribution.

Note: If nonnumeric or if x is negative, CHIDIST returns an error.

degrees_freedom The number of degrees of freedom.

Note: If non-numeric, CHIDIST returns an error. If degrees_

freedom is not an integer, it is truncated. If degrees_freedom < 1
or degrees_freedom > 10^10, CHIDIST returns an error.

Example:

Formula Result

CHIDIST(18.307, 10) 0.050001

CHIINV Function
The CHIINV function returns the inverse of the one-tailed probability of the chi-
squared distribution. If probability = CHIDIST(x,...), then CHIINV(probability,...) =
x. Use this function to compare observed results with expected ones to decide
whether your original hypothesis is valid.

Note: Given a value for probability, CHIINV seeks that value x such that CHIDIST
(x, degrees_freedom) = probability. Therefore, precision of CHIINV depends on
precision of CHIDIST. CHIINV uses an iterative search technique. If the search
has not converged after 100 iterations, the function returns the #N/A error value.

Return Type: Numeric

Syntax: CHIINV(probability,degrees_freedom)
In the above syntax, parameters in bold are required.

134 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

probability A probability associated with the chi-squared distribution.

Note: If nonnumeric, if probability < 0, or if probability > 1,

CHIINV returns an error.

degrees_freedom The number of degrees of freedom.

Note: If nonnumeric, if degrees_freedom < 1, or if degrees_

freedom > 10^10, CHIINV returns an error. If degrees_freedom is
not an integer, it is truncated.

Example:

Formula Result

CHIINV(0.50001, 10) 18.3069735

CONFIDENCE Function
The CONFIDENCE function returns a value that you can use to construct a
confidence interval for a population mean. The confidence interval is a range of
values. Your sample mean, x, is at the center of this range and the range is x ±
CONFIDENCE. For example, if x is the sample mean of delivery times for
products ordered through the mail, x ± CONFIDENCE is a range of population
means. For any population mean, μ0, in this range, the probability of obtaining a
sample mean further from μ0 than x is greater than alpha; for any population mean,
μ0, not in this range, the probability of obtaining a sample mean further from μ0
than x is less than alpha. In other words, assume that we use x, standard_dev, and
size to construct a two-tailed test at significance level alpha of the hypothesis that
the population mean is μ0. Then we will not reject that hypothesis if μ0 is in the
confidence interval and will reject that hypothesis if μ0 is not in the confidence
interval. The confidence interval does not allow us to infer that there is probability 1
– alpha that our next package will take a delivery time that is in the confidence
interval.
Return Type: Numeric
Syntax: CONFIDENCE(alpha,standard_dev,size)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 135

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

alpha The significance level used to compute the confidence level. The
confidence level equals 100*(1 - alpha)%, or in other words, an
alpha of 0.05 indicates a 95 percent confidence level.

Note: If non-numeric, if alpha ≤ 0, or if alpha ≥ 1,

CONFIDENCE returns an error.

standard_dev The population standard deviation for the data range and is
assumed to be known.

Note: If nonnumeric or if standard_dev ≤ 0, CONFIDENCE

returns an error.

size The sample size.

Note: If nonnumeric or if size < 1, CONFIDENCE returns an

error. If size is not an integer, it is truncated.

Example:

Formula Result

CONFIDENCE([Significance], [Standard 0.692952

Deviation], [Sample Size])
where the value in the Significance field is
0.05, the value in the Standard Deviation
field is 2.5, and the value in the Sample
Size field is 50.

CORREL Function
The CORREL function returns the correlation coefficient of two sets of fields. Use
the correlation coefficient to determine the relationship between two properties. For
example, you can examine the relationship between a location's inside temperature
and outside temperature.
Return Type: Numeric
Syntax: CORREL(values1,values2)
In the above syntax, parameters in bold are required.

136 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

values1 A set of fields.

values2 A second set of fields.

Note: If a reference argument contains text, logical values or is empty, those values
are ignored; however, the value zero is included. If values1 and values2 have a
different number of data points, CORREL returns an error. If either values1 or
values2 is empty, or if s (the standard deviation) of their values equals zero,
CORREL returns an error.

Example:

Formula Result

CORREL(REF([Facilities],[Inside 0.400075
Temperature]), REF([Facilities],[Outside
Temperature]))
where Facilities is a cross-reference field,
the values in the Inside Temperature field
are 75, 72, and 77 and the values in the
Outside Temperature field are 98, 88, and
91.

COUNT Function
The COUNT function counts the number of fields that contain numbers, and counts
numbers within the list of arguments. Use the COUNT function to get the number
of entries in a number field that is in a range of numbers.
Note that:
l Arguments that are numbers, dates, or a text representation of numbers, for
example, a number enclosed in quotation marks, such as "1", are counted.
l Logical values and text representations of numbers that you type directly into the
list of arguments are counted.
l Arguments that are error values or text that cannot be translated into numbers are
not counted.
l If an argument is a reference, only numbers in that reference are counted. Empty
fields, logical values, text, or error values in the reference are not counted.
l To count logical values, text, or error values, use the COUNTA function.

Chapter 3: Formula Builder 137

 RSA Archer GRC Platform Calculations

l To count only numbers that meet certain criteria, use the COUNTIF function or
the COUNTIFS function.

Return Type: Numeric

Syntax: COUNT(value1, value2, ...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1 The first item, cell reference, or range within which you want to
count numbers.

value2, ... Up to 255 additional items, cell references, or ranges within

which you want to count numbers.

Examples:

Formula Result

COUNT(Sales, 12/8/2008, , 19, 22.24, Counts the number of fields that contain
TRUE, #DIV/0) numbers (3)

COUNT(19, 22.24, TRUE, #DIV/0) Counts the number of fields that contain
numbers (2)

COUNTA Function
The COUNTA function returns any one of the following values:
l The number of items currently selected in a multi-select Values List or Cross-
Reference field
l The number of rows (entries) present in a Sub-Form field
l The number of non-null values for a field within a sub-form across all rows in
the Sub-Form field
l The number of non-null values for a given field within a cross-referenced
application across all rows (selections) in a Cross-Reference field

Although supported, referencing a field other than a Values List, Cross-Reference,

or Sub-Form field with the COUNTA function is of little use because the return
value will always be either 1 or 0. (If the field has a value, 1 is returned. If the field
is empty, 0 is returned.) However, with Values List and Cross-Reference fields that
are configured to allow multiple selections and with Sub-Form fields with multiple
entries, the COUNTA function counts the number of selections or entries within
those fields.

138 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Note: To confidently count the number of rows present in a Sub-Form field, the
formula must reference the Sub-Form field itself rather than referencing a field
within the sub-form. Likewise, to count the number of rows present in a Cross-
Reference field, the formula must reference that Cross-Reference field and not a
field in the related application.

Return Type: Numeric

Syntax: COUNTA(field_ref)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A reference to a field in the application, for example,[Order

Detail], a field in a child sub-form, for example, REF([Order
Detail], [Back Order Date]), or a field in a cross-referenced
application, for example, REF([Order Detail], [Vendor Name]).

Examples:

Formula Result

COUNTA([Order Detail]) 12
where Order Detail is a Sub-Form field in
the application and the associated sub-form
currently has 12 rows (entries).

COUNTA([Order Detail]) 0
where Order Detail is a Sub-Form field in
the application and the associated sub-form
currently has no (0) rows.

COUNTA([Affected Departments]) 8
where Affected Departments is a Values
List field in the application and 8 items are
currently selected in the list.

Chapter 3: Formula Builder 139

 RSA Archer GRC Platform Calculations

Formula Result

COUNTA([Related Projects]) 3
where Related Projects is a Cross-Reference
field in the application and 3 records from
the related application are currently
selected in the field.

COUNTA(REF([Order Detail], [Color])) 6

where Order Detail is a Sub-Form field in
the application, Color is a non-required
field residing in the associated sub-form
and Color is null in 3 out of the 9 sub-form
rows (entries).

COUNT(REF([Related Projects], [Project 2

Manager]))
where Related Projects is a Cross-Reference
field in the application, Project Manager is
a non-required field residing in the related
application and Project Manager is null in
1 of 3 Cross-Reference field rows.

COUNTBLANK Function
The COUNTBLANK function counts empty fields in a specified range of fields.
Fields with formulas that return "" (empty text) are also counted. Fields with zero
values are not counted.
Return Type: Numeric
Syntax: COUNTBLANK(field_ref)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref The range from which you want to count the blank fields.

Example:

140 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

COUNTBLANK([Range]) 4
where the values in the Range field are
empty, 6, empty, 4, empty, =IF(1>0,"",""),
27, and 34.

COUNTIF Function
The COUNTIF function counts the number of records in a Sub-Form, Cross-
Reference, or Related Records field that contain a specific value in a given field.
For example, you can count the number of cross-referenced records that have the
value of "Open" in the Status field.
Return Type: Numeric
Syntax: COUNTIF(field_ref, criterion)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 141

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

field_ref The reference to the field that is contained within a Sub-Form,

Cross-Reference, or Related Records field.

criterion The test that will be performed against the referenced child field
to determine whether that field’s values will be included in the
count. The criterion can involve Values List, User/Groups List,
and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values List Fields. If COUNTIF is being performed against a
Values List field, the criterion value should be enclosed in
VALUEOF or supplied as a quoted literal string, for example,
"Dallas").
l User/Groups List and Record Permissions Fields. If
COUNTIF is being performed against a User/Groups List or
Record Permissions field, the criterion value should be
enclosed in USER or GROUP (as appropriate for the
criterion).
l Text, Date, or Numeric Fields. If COUNTIF is being
performed against a Text, Date, or Numeric field, the criterion
must be enclosed in quotes, for example, ">56", and the
criterion can involve any of the supported comparison
operators (=, <, >, <=, >=, <>).

Note: The COUNTIF function always returns zero (0) matches

if there is a space between the operator and the test value. For
example, if the intent is to count the number of sub-form
records where a given field contains a numeric value greater
than 56, a space cannot appear in the formula between the ">"
and the "56".

If a function is used in the criterion, the function must be

concatenated to the comparison operator. For example, the proper
criterion syntax for specifying "greater than today" would be:
">"&TODAY( ).
The criterion parameter supports the use of literal dates or a date
value derived from the TODAY function. If a literal date string is
specified, it must be wrapped in a DATETIMEVALUE function.

Examples:

142 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

COUNTIF(REF([Cases], [Status]), 15
VALUEOF(REF([Cases], [Status]), "Open"))
where the name of the Cross-Reference
field is Cases, the name of the referenced
Values List field in the related application
is Status, and the number of cross-
referenced records where the value "Open"
is selected in the Status field is 15.

COUNTIF(GETGROUPS(REF([Cases], 27
[Business Owner])), GROUP(NAME,
"Finance"))
where the name of the Cross-Reference
field is Cases, the name of the referenced
Record Permissions field in the related
application is Business Owner, and the
number of cross-referenced records where
the group named "Finance" is selected in
the Business Owner field is 27.

COUNTIF(GETUSERS(REF([Cases], 32
[Business Owner])), USER(NAME,
"Lawson, Tracy"))
where the name of the Cross-Reference
field is Cases, the name of the referenced
User/Groups List field in the related
application is Business Owner, and the
number of cross-referenced records where
the user "Lawson, Tracy" is selected in the
Business Owner field is 32.

Chapter 3: Formula Builder 143

 RSA Archer GRC Platform Calculations

Formula Result

COUNTIF(REF([Items], [Price]), ">5.99") 4

where the name of the parent Sub-Form
field is Items, the name of the child field in
the Sub-Form is Price, and there are 4
records in the sub form with a Price greater
than 5.99.

COUNTIF(REF([Patches], [Patch Date]), 6

TODAY( ))
where the name of the parent Cross-
Reference field is Patches, the name of the
field in the cross-referenced application is
Patch Date, and there are 6 cross-referenced
records where Patch Date equals today’s
date.

COUNTIF(REF([Patches], [Patch Date]), 8

"<"&TODAY( ))
where the name of the parent Cross-
Reference field is Patches, the name of the
field in the cross-referenced application is
Patch Date, and there are 8 cross-referenced
records where Patch Date is less than
today’s date. In this example, the criterion
is being formed by concatenating the "less
than" operator (<) to the TODAY function.

COUNTIF(REF([Orders], [Order Date]), 5

">="&DATETIMEVALUE("7/23/2008"))
where the name of the parent Sub-Form
field is Orders, Order Date is a Date field
residing in the sub-form, and there are 5
Order Date values greater than or equal to
7/23/2008.

COVAR Function
The COVAR function returns covariance, the average of the products of deviations
for each data point pair. Use covariance to determine the relationship between two
data sets. For example, you can examine whether greater income accompanies
greater levels of education.
Return Type: Numeric
Syntax: COVAR(values1, values2)

144 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

values1 The first set of integers.

values2 The second set of integers.

Note: The arguments must either be numbers or be names or references that contain
numbers. If a reference argument contains text, logical values or empty fields, those
values are ignored; however, fields with the value zero are included. If values1 and
values2 have different numbers of data points, COVAR returns an error. If either
set is empty, COVAR returns an error.

Example:

Formula Result

COVAR(REF([Data Set],[Values1]), REF Covariance, the average of the products of

([Data Set],[Values2])) deviations for each data point pair given
(5.2)
where Data Set is a cross-reference field,
the values in Values1 are 3, 2, 4, 5, and 6
and the values in Values2 are 9, 7, 12, 15,
and 17.

CRITBINOM Function
The CRITBINOM function returns the smallest value for which the cumulative
binomial distribution is greater than or equal to a criterion value. Use this function
for quality assurance applications. For example, use CRITBINOM to determine the
greatest number of defective parts that are allowed to come off an assembly line
run without rejecting the entire lot.
Return Type: Numeric
Syntax: CRITBINOM(trials,probability_s,alpha)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 145

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

trials The number of Bernoulli trials.

Note: If any argument is non-numeric or if trials < 0,

CRITBINOM returns an error. If trials is not an integer, it is
truncated.

probability_s The probability of a success on each trial.

Note: If any argument is non-numeric, if probability_s is < 0, or

if probability_s > 1, CRITBINOM returns an error.

alpha The criterion value.

Note: If any argument is nonnumeric, if alpha < 0, or if alpha >

1, CRITBINOM returns an error.

Example:

Formula Result

CRITBINOM([Trials],[Probability of Smallest value for which the cumulative

Success],[Criterion]) binomial distribution is greater than or
equal to a criterion value (4).
where the value in the Trials field is 6, the
value in the Probability of Success field is
0.5, and the value in the Criterion field is
0.75.

DEVSQ Function
The DEVSQ function returns the sum of squares of deviations of data points from
their sample mean.
Return Type: Numeric
Syntax: DEVSQ(number1, number2,...)
In the above syntax, parameters in bold are required.

146 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number1, number2,... 1 to 255 arguments for which you want to calculate the sum of
squared deviations. You can also use a reference to a set of fields
instead of arguments separated by commas. Arguments can either
be numbers or names, or references that contain numbers. Logical
values and text representations of numbers that you type directly
into the list of arguments are counted. If a reference argument
contains text, logical values, or empty cells, those values are
ignored; however, fields with the value zero are included.
Arguments that are error values or text that cannot be translated
into numbers cause errors.

Example:

Formula Result

DEVSQ(REF([Data Set],[Values1])) Sum of squares of deviations of data given

from their sample mean (48).
where Data Set is a cross-reference field
and the values in the Values1 field are 4, 5,
8, 7, 11, 4, and 3.

EXPONDIST Function
The EXPONDIST function returns the exponential distribution. Use EXPONDIST
to model the time between events, such as how long an automated bank teller takes
to deliver cash. For example, you can use EXPONDIST to determine the
probability that the process takes at most 1 minute.
Return Type: Numeric
Syntax: EXPONDIST(x,lambda,cumulative)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 147

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

x The value of the function.

Note: If x or lambda is nonnumeric, or if x < 0, EXPONDIST

returns an error.

lambda The parameter value.

Note: If x or lambda is nonnumeric or if lambda ≤ 0,

EXPONDIST returns an error.

cumulative A logical value that indicates which form of the exponential

function to provide. If cumulative is TRUE, EXPONDIST returns
the cumulative distribution function; if FALSE, it returns the
probability density function.

Examples:

Formula Result

EXPONDIST([Function Value],[Parameter Cumulative exponential distribution

Value],TRUE) function (0.864665)
where the value in the Function Value field
is 0.2 and the value in the Parameter Value
field is 10.

EXPONDIST([Function Value],[Parameter Probability exponential distribution

Value],FALSE) function (1.353353)
where the value in the Function Value field
is 0.2 and the value in the Parameter Value
field is 10.

FDIST Function
The FDIST function returns the F probability distribution. You can use this function
to determine whether two data sets have different degrees of diversity. For
example, you can examine the test scores of men and women entering high school
and determine if the variability in the females is different from that found in the
males. FDIST is calculated as FDIST=P( F>x ), where F is a random variable that
has an F distribution with degrees_freedom1 and degrees_freedom2 degrees of
freedom.
Return Type: Numeric
Syntax: FDIST(x,degrees_freedom1,degrees_freedom2)

148 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

x The value at which to evaluate the function.

Note: If x is negative, FDIST returns an error.

degrees_freedom1 The numerator degrees of freedom.

Note: If degrees_freedom1 or degrees_freedom2 is not an integer,

it is truncated. If degrees_freedom1 < 1, if degrees_freedom1 ≥
10^10, if degrees_freedom2 < 1, or if degrees_freedom2 ≥ 10^10,
FDIST returns an error.

degrees_freedom2 The denominator degrees of freedom.

Note: If degrees_freedom1 or degrees_freedom2 is not an integer,

it is truncated. If degrees_freedom1 < 1, if degrees_freedom1 ≥
10^10, if degrees_freedom2 < 1, or if degrees_freedom2 ≥ 10^10,
FDIST returns an error.

Example:

Formula Result

FDIST(15.20686486,[Numerator Degrees of F probability distribution for the terms

Freedom],[Denominator Degrees of (0.01)
Freedom])
where the value in the Numerator Degrees
of Freedom field is 6 and the value in the
Denominator Degrees of Freedom field is 4.

FINV Function
The FINV function returns inverse of the F probability distribution. If p = FDIST
(x,...), then FINV(p,...) = x.
The F distribution can be used in an F-test that compares the degree of variability in
two data sets. For example, you can analyze income distributions in the United
States and Canada to determine whether the two countries have a similar degree of
income diversity.
FINV can be used to return critical values from the F distribution. For example, the
output of an ANOVA calculation often includes data for the F statistic, F
probability, and F critical value at the 0.05 significance level. To return the critical
value of F, use the significance level as the probability argument to FINV.

Chapter 3: Formula Builder 149

 RSA Archer GRC Platform Calculations

Given a value for probability, FINV seeks that value x such that FDIST(x, degrees_
freedom1, degrees_freedom2) = probability. Thus, precision of FINV depends on
precision of FDIST. FINV uses an iterative search technique. If the search has not
converged after 100 iterations, the function returns the #N/A error value.
Return Type: Numeric
Syntax: FINV(probability,degrees_freedom1,degrees_freedom2)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

probability A probability associated with the F cumulative distribution.

Note: If probability < 0 or probability > 1, FINV returns an error.

degrees_freedom1 The numerator degrees of freedom.

Note: If degrees_freedom1 < 1 or degrees_freedom1 ≥ 10^10,

FINV returns an error. If degrees_freedom1 or degrees_freedom2
is not an integer, it is truncated.

degrees_freedom2 The denominator degrees of freedom.

Note: If degrees_freedom2 < 1 or degrees_freedom2 ≥ 10^10,

FINV returns an error. If degrees_freedom1 or degrees_freedom2
is not an integer, it is truncated.

Example:

Formula Result

FINV([Probability],[Numerator Degrees of Inverse of the F probability distribution

Freedom],[Denominator Degrees of for the terms (15.20686486)
Freedom])
where the value in the Probability field is
0.01, the value in the Numerator Degrees of
Freedom field is 6, and the value in the
Denominator Degrees of Freedom field is 4.

FISHER Function
The FISHER function returns the Fisher transformation at x. This transformation
produces a function that is normally distributed rather than skewed. Use this
function to perform hypothesis testing on the correlation coefficient.
Return Type: Numeric

150 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Syntax: FISHER(x)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x A numeric value for which you want the transformation.

Note: If x is nonnumeric, if x ≤ -1, or if x ≥ 1, FISHER returns an

error.

Example:

Formula Result

FISHER(0.75) Fisher transformation at 0.75 (0.972955)

FISHERINV Function
The FISHERINV function returns the inverse of the Fisher transformation. Use this
transformation when analyzing correlations between ranges or sets of fields. If y =
FISHER(x), then FISHERINV(y) = x.
Return Type: Numeric
Syntax: FISHERINV(y)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

y The value for which you want to perform the inverse of the
transformation.

Note: If y is nonnumeric, FISHERINV returns an error.

Example:

Formula Result

FISHERINV(0.972955) Fisher transformation at 0.972955 (0.75)

Chapter 3: Formula Builder 151

 RSA Archer GRC Platform Calculations

FORECAST Function
The FORECAST function calculates, or predicts, a future value using existing
values. The predicted value is a y-value for a given x-value. The known values are
existing x-values and y-values, and the new value is predicted using linear
regression. You can use this function to predict future sales, inventory
requirements, or consumer trends.
Return Type: Numeric
Syntax: FORECAST(x,known_y's,known_x's)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The data point for which you want to predict a value.

Note: If x is nonnumeric, FORECAST returns an error.

known_y's The dependent set of data.

Note: If known_y's and known_x's are empty or contain a

different number of data points, FORECAST returns an error.

known_x's The independent set of data.

Note: If the variance of known_x's equals zero, FORECAST

returns an error. If known_y's and known_x's are empty or
contain a different number of data points, FORECAST returns an
error.

Example:

Formula Result

FORECAST(30, REF([Data Set],[Known Predicts a value for y given an x value of

Y]), REF([Data Set],[Known X])) 30 (10.60725)
where Data Set is a cross-reference field,
the values in the Known Y field are 6, 7, 9,
15, and 21 and the values in the Known X
field are 20, 28, 31, 38, and 40.

GAMMADIST Function
The GAMMADIST function returns the gamma distribution. You can use this
function to study variables that may have a skewed distribution. The gamma
distribution is commonly used in queuing analysis.

152 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Return Type: Numeric

Syntax: GAMMADIST(x,alpha,beta,cumulative)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The value at which you want to evaluate the distribution.

Note: If x < 0 or if nonnumeric, GAMMADIST returns an error.

alpha A parameter to the distribution.

Note: If nonnumeric, if alpha ≤ 0 or if beta ≤ 0, GAMMADIST

returns an error. When alpha is a positive integer, GAMMADIST
is also known as the Erlang distribution.

beta A parameter to the distribution. If beta = 1, GAMMADIST

returns the standard gamma distribution.

Note: If alpha ≤ 0 or if beta ≤ 0 or if nonnumeric, GAMMADIST

returns an error.

cumulative A logical value that determines the form of the function. If

cumulative is TRUE, GAMMADIST returns the cumulative
distribution function; if FALSE, it returns the probability density
function.

Note: For a positive integer n, when alpha = n/2, beta = 2, and

cumulative = TRUE, GAMMADIST returns (1 - CHIDIST(x))
with n degrees of freedom.

Chapter 3: Formula Builder 153

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

GAMMADIST([Value to Evaluate Probability gamma distribution with the

Distribution],[Alpha],[Beta],FALSE) terms given (.03263913)
where the value in the Value to Evaluate
Distribution field is 10.00001131, the
value in the Alpha field is 9, and the value
in the Beta field is 2.

GAMMADIST([Value to Evaluate Cumulative gamma distribution with the

Distribution],[Alpha],[Beta],TRUE) terms given (0.068094)
where the value in the Value to Evaluate
Distribution field is 10.00001131, the
value in the Alpha field is 9, and the value
in the Beta field is 2.

Parameter Description

x The value at which you want to evaluate the distribution.

Note: If x < 0 or if nonnumeric, GAMMADIST returns an error.

alpha A parameter to the distribution.

Note: If nonnumeric, if alpha ≤ 0 or if beta ≤ 0, GAMMADIST

returns an error. When alpha is a positive integer, GAMMADIST
is also known as the Erlang distribution.

beta A parameter to the distribution. If beta = 1, GAMMADIST

returns the standard gamma distribution.

Note: If alpha ≤ 0 or if beta ≤ 0 or if nonnumeric, GAMMADIST

returns an error.

cumulative A logical value that determines the form of the function. If

cumulative is TRUE, GAMMADIST returns the cumulative
distribution function; if FALSE, it returns the probability density
function.

Note: For a positive integer n, when alpha = n/2, beta = 2, and

cumulative = TRUE, GAMMADIST returns (1 - CHIDIST(x))
with n degrees of freedom.

154 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

GAMMADIST([Value to Evaluate Probability gamma distribution with the

Distribution],[Alpha],[Beta],FALSE) terms given (.03263913)
where the value in the Value to Evaluate
Distribution field is 10.00001131, the
value in the Alpha field is 9, and the value
in the Beta field is 2.

GAMMADIST([Value to Evaluate Cumulative gamma distribution with the

Distribution],[Alpha],[Beta],TRUE) terms given (0.068094)
where the value in the Value to Evaluate
Distribution field is 10.00001131, the
value in the Alpha field is 9, and the value
in the Beta field is 2.

GAMMAINV Function
The GAMMAINV function returns the gamma cumulative distribution. If p =
GAMMADIST(x,...), then GAMMAINV(p,...) = x.
Return Type: Numeric
Syntax: GAMMAINV(probability,alpha,beta)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

probability The probability associated with the gamma distribution.

Note: If probability < 0 or probability > 1, GAMMAINV returns

an error.

alpha A parameter to the distribution.

Note: : If alpha ≤ 0 or if beta ≤ 0, GAMMAINV returns an error.

beta A parameter to the distribution. If beta = 1, GAMMAINV returns

the standard gamma distribution.

Note: If alpha ≤ 0 or if beta ≤ 0, GAMMAINV returns an error.

Note: If any argument is text, GAMMAINV returns the #VALUE! error value.

Chapter 3: Formula Builder 155

 RSA Archer GRC Platform Calculations

Given a value for probability, GAMMAINV seeks that value x such that
GAMMADIST(x, alpha, beta, TRUE) = probability. Therefore, precision of
GAMMAINV depends on precision of GAMMADIST. GAMMAINV uses an
iterative search technique. If the search has not converged after 100 iterations, the
function returns an error.
Example:

Formula Result

GAMMAINV([Probability],[Alpha],[Beta] Inverse of the gamma cumulative

distribution for the terms given
where the value in the Probability field is
(10.00001131)
0.068094, the value in the Alpha field is 9,
and the value in the Beta field is 2.

GAMMALN Function
The GAMMALN function returns the natural logarithm of the gamma function, Γ
(x).
Return Type: Numeric
Syntax: GAMMALN(x)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The value for which you want to calculate GAMMALN.

Note: If x is nonnumeric or if x ≤ 0, GAMMALN returns an

error. The number e raised to the GAMMALN(i) power, where i
is an integer, returns the same result as (i - 1)!.

Example:

Formula Result

GAMMALN(4) Natural logarithm of the gamma function

at 4 (1.791759)

GEOMEAN Function
The GEOMEAN function returns the geometric mean of a set of positive data. For
example, you can use GEOMEAN to calculate average growth rate given
compound interest with variable rates.
Return Type: Numeric

156 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Syntax: GEOMEAN(number1,number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1,number2,... 1 to 255 arguments for which you want to calculate the mean.

Note: Arguments can be numbers, names, or references that

contain numbers. Logical values and text representations of
numbers that you type directly into the list of arguments are
counted. If a reference argument contains text, logical values, or
empty fields, those values are ignored; however, fields with the
value zero are included. Arguments that are error values or text
that cannot be translated into numbers cause errors. If any data
point ≤ 0, GEOMEAN returns an error.

Example:

Formula Result

GEOMEAN(REF([Data Set],[Values]) Geometric mean of the data set given

(5.476987)
where Data Set is a cross-reference field
and the values in the Values field are 4, 5,
8, 7, 11, 4, and 3.

HARMEAN Function
The HARMEAN function returns the harmonic mean of a data set. The harmonic
mean is the reciprocal of the arithmetic mean of reciprocals.
Return Type: Numeric
Syntax: HARMEAN(number1, number2,...)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 157

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number1, number2,... 1 to 255 arguments for which you want to calculate the mean.

Note: The harmonic mean is always less than the geometric

mean, which is always less than the arithmetic mean. Arguments
can either be numbers, names, or references that contain numbers.
Logical values and text representations of numbers that you type
directly into the list of arguments are counted. If a reference
argument contains text, logical values, or empty fields, those
values are ignored; however, fields with the value zero are
included. Arguments that are error values or text that cannot be
translated into numbers cause errors. If any data point ≤ 0,
HARMEAN returns an error.

Example:

Formula Result

HARMEAN(REF([Data Set],[Values]) Harmonic mean of the data set given

(5.028376)
where Data Set is a cross-reference field
and the values in the Values field are 4, 5,
8, 7, 11, 4, and 3.

HYPGEOMDIST Function
The HYPGEOMDIST function returns the hypergeometric distribution.
HYPGEOMDIST returns the probability of a given number of sample successes,
given the sample size, population successes, and population size. Use
HYPGEOMDIST for problems with a finite population, where each observation is
either a success or a failure, and where each subset of a given size is chosen with
equal likelihood.
Return Type: Numeric
Syntax: HYPGEOMDIST(sample_s,number_sample,population_s,number_
population)
In the above syntax, parameters in bold are required.

158 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

sample_s The number of successes in the sample.

Note: If sample_s < 0 or sample_s is greater than the lesser of

number_sample or population_s, HYPGEOMDIST returns an
error. If sample_s is less than the larger of 0 or (number_sample -
number_population + population_s), HYPGEOMDIST returns an
error.

number_sample The size of the sample.

Note: If number_sample ≤ 0 or number_sample > number_

population, HYPGEOMDIST returns an error.

population_s The number of successes in the population.

Note: If population_s ≤ 0 or population_s > number_population,

HYPGEOMDIST returns an error.

number_population The population size.

Note: If number_population ≤ 0, HYPGEOMDIST returns an

error.

Note: All arguments are truncated to integers. If any argument is nonnumeric,

HYPGEOMDIST returns an error.

Example:

Formula Result

HYPGEOMDIST([Number of Caramels in Hypergeometric distribution for sample

Sample],[Sample Size],[Total Number of and population given (0.363261)
Caramels],[Total Chocolates])
where a sampler of chocolates contains 20
pieces. Eight pieces are caramels, and the
remaining 12 are nuts. If a person selects 4
pieces at random, the HYPGEOMDIST
function returns the probability that exactly
1 piece is a caramel. The value in the
Number of Caramels in Sample field is 1,
the value in the Sample Size field is 4, the
value in the Total Number of Caramels
field is 8, and the value in the Total
Chocolates field is 20.

Chapter 3: Formula Builder 159

 RSA Archer GRC Platform Calculations

INTERCEPT Function
The INTERCEPT function calculates the point at which a line will intersect the y-
axis by using existing x-values and y-values. The intercept point is based on a best-
fit regression line plotted through the known x-values and known y-values. Use the
INTERCEPT function when you want to determine the value of the dependent
variable when the independent variable is 0 (zero). For example, you can use the
INTERCEPT function to predict a metal's electrical resistance at 0° C when your
data points were taken at room temperature and higher.
Return Type: Numeric
Syntax: INTERCEPT(known_y's,known_x's)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

known_y's The dependent set of observations or data.

Note: If known_y's and known_x's contain a different number of

data points or contain no data points, INTERCEPT returns an
error.

known_x's The independent set of observations or data.

Note: If known_y's and known_x's contain a different number of

data points or contain no data points, INTERCEPT returns an
error.

Note: The arguments must be either numbers, names, or references that contain
numbers. If a reference argument contains text, logical values, or empty fields,
those values are ignored; however, fields with the value zero are included.

The underlying algorithm used in the INTERCEPT and SLOPE functions is

different than the underlying algorithm used in the LINEST function. The difference
between these algorithms can lead to different results when data is undetermined
and collinear. For example, if the data points of the known_y's argument are 0 and
the data points of the known_x's argument are 1:
l INTERCEPT and SLOPE return an error. The INTERCEPT and SLOPE
algorithm is designed to look for one and only one answer, and in this case there
can be more than one answer.
l LINEST returns a value of 0. The LINEST algorithm is designed to return
reasonable results for collinear data, and in this case at least one answer can be
found.

Example:

160 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

INTERCEPT(REF([Data Set],[Y Axis]),REF Point at which a line will intersect the y-

([Data Set],[X Axis])) axis by using the x-values and y-values
given (0.0483871)
where Data Set is a cross-reference field,
the values in the Y Axis field are 2, 3, 9, 1,
and 8, and the values in the X Axis field
are 6, 5, 11, 7, and 5.

KURT Function
The KURT function returns the kurtosis of a data set. Kurtosis characterizes the
relative peakedness or flatness of a distribution compared with the normal
distribution. Positive kurtosis indicates a relatively peaked distribution. Negative
kurtosis indicates a relatively flat distribution.
Return Type: Numeric
Syntax: KURT(number1,number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1,number2,... 1 to 255 arguments for which you want to calculate kurtosis.

Arguments can either be numbers, names, or references that
contain numbers. Logical values and text representations of
numbers that you type directly into the list of arguments are
counted. If a reference argument contains text, logical values, or
empty cells, those values are ignored; however, fields with the
value zero are included. Arguments that are error values or text
that cannot be translated into numbers cause errors.

Note: If there are fewer than four data points, or if the standard
deviation of the sample equals zero, KURT returns an error.

Example:

Formula Result

KURT(REF([Data Set],[Values])) Kurtosis of the data set (-0.1518)

where Data Set is a cross-reference field
and the values in the Values field are 3, 4,
5, 2, 3, 4, 5, 6, 4, and 7.

Chapter 3: Formula Builder 161

 RSA Archer GRC Platform Calculations

LARGE Function
The LARGE function returns the k-th largest value in a data set. You can use this
function to select a value based on its relative standing. For example, you can use
LARGE to return the highest, runner-up, or third-place score.
Return Type: Numeric
Syntax: LARGE(values,k)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values The set of fields for which you want to determine the k-th largest
value.

Note: If the set of fields is empty, LARGE returns an error.

k The position (from the largest) in the set of data to return.

Note: If k ≤ 0 or if k is greater than the number of data points,

LARGE returns an error.

Note: If n is the number of data points in a range, then LARGE(values,1) returns

the largest value, and LARGE(values,n) returns the smallest value.

Examples:

Formula Result

LARGE(REF([Data Set],[Values]),3) 3rd largest number in the numbers given

(5)
where Data Set is a cross-reference field
and the values in the Values field are 3, 5,
3, 5, 4, 4, 2, 4, 6, and 7.

LARGE(REF([Data Set],[Values]),7) 7th largest number in the numbers given

(4)
where Data Set is a cross-reference field
and the values in the Values field are 3, 5,
3, 5, 4, 4, 2, 4, 6, and 7.

LOGINV Function
The LOGINV function returns the inverse of the lognormal cumulative distribution
function of x, where ln(x) is normally distributed with parameters mean and
standard_dev. If p = LOGNORMDIST(x,...) then LOGINV(p,...) = x. Use the
lognormal distribution to analyze logarithmically transformed data.

162 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Return Type: Numeric

Syntax: LOGINV(probability,mean,standard_dev)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

probability A probability associated with the lognormal distribution.

Note: If probability < 0 or probability > 1 or if any argument is

nonnumeric, LOGINV returns an error.

mean The mean of ln(x).

Note: If any argument is nonnumeric, LOGINV returns an error.

standard_dev The standard deviation of ln(x).

Note: If standard_dev <= 0 or if any argument is nonnumeric,

LOGINV returns an error.

Example:

Formula Result

LOGINV(0.039084,3.5,1.2) Inverse of the lognormal cumulative

distribution function for the terms given
(4.000014)

LOGNORMDIST Function
The LOGNORMDIST function returns the cumulative lognormal distribution of x,
where ln(x) is normally distributed with parameters mean and standard_dev. Use
this function to analyze data that has been logarithmically transformed.
Return Type: Numeric
Syntax: LOGNORMDIST(x,mean,standard_dev)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 163

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

x The value at which to evaluate the function.

Note: If x ≤ 0, if standard_dev ≤ 0, or if any argument is

nonnumeric, LOGNORMDIST returns an error.

mean The mean of ln(x).

Note: If any argument is nonnumeric, LOGNORMDIST returns

an error.

standard_dev The standard deviation of ln(x).

Note: If x ≤ 0, if standard_dev ≤ 0 or if any argument is

nonnumeric, LOGNORMDIST returns an error.

Example:

Formula Result

LOGNORMDIST(4,3.5,1.2) Cumulative lognormal distribution at 4

with the terms given (0.039084)

MAX Function
The MAX function returns the largest value in a set of values.
Return Type: Numeric
Syntax: MAX(value1, value2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1, value2, and Values for which you want to find a maximum value. Only
so on Numeric and Date fields can be evaluated.

Note: When evaluating a Date field, MAX will return a serial

number that represents the largest date (furthest from January 1,
1900); the function will not return a date string.

Examples:

164 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

MAX([Risk], [Criticality], [Availability]) 12

where the value in the Risk field is 5, the
value in the Criticality field is 7, and the
value in the Availability field is 12.

MAX(REF([Orders], [Price])) 746.99

where the greatest value in the Price field
across all the rows in the Orders Sub-Form
field is 746.99.

MAXA Function
The MAXA function returns the largest value in a list of arguments. Unlike the
MAX function, the MAXA function is not restricted to working with only Date and
Numeric fields.
Return Type: Numeric
Syntax: MAXA(value1, value2,...)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 165

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

value1, value2,... 1 to 255 values for which you want to find the largest value.
Note that:
l Arguments can be the following: numbers; names or
references that contain numbers; text representations of
numbers; or logical values, such as TRUE and FALSE, in a
reference.
l Logical values and text representations of numbers that you
type directly into the list of arguments are counted.
l If an argument is a reference, only values in that reference are
used. Empty fields and text values in the reference are
ignored.
l Arguments that are error values or text that cannot be
translated into numbers cause errors.
l Arguments that contain TRUE evaluate as 1; arguments that
contain text or FALSE evaluate as 0 (zero).
l If the arguments contain no values, MAXA returns 0 (zero).
l If you do not want to include logical values and text
representations of numbers in a reference as part of the
calculation, use the MAX function.

Example:

Formula Result

MAXA(REF([Data Set],[Values])) Largest of the numbers given. TRUE

evaluates to 1 (1)
where Data Set is a cross-reference field
and the values in the Values field are 0,
0.2, 0.5, 0.4 and TRUE.

MEDIAN Function
The MEDIAN function returns the median of the given numbers. The median is the
number in the middle of a set of numbers.
Return Type: Numeric
Syntax: MEDIAN(number1, number2,...)
In the above syntax, parameters in bold are required.

166 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

number1, number2,... 1 to 255 numbers for which you want the median. Note that:
l If there is an even number of numbers in the set, MEDIAN
calculates the average of the two numbers in the middle. See
the second formula in the example.
l Arguments can be numbers, names or references that contain
numbers.
l Logical values and text representations of numbers that you
type directly into the list of arguments are counted.
l If a reference argument contains text, logical values, or empty
fields, those values are ignored; however, fields with the
value zero are included.
l Arguments that are error values or text that cannot be
translated into numbers cause errors.

The MEDIAN function measures central tendency, which is the

location of the center of a group of numbers in a statistical
distribution. The three most common measures of central
tendency are:
l Average. The arithmetic mean, and is calculated by adding a
group of numbers and then dividing by the count of those
numbers. For example, the average of 2, 3, 3, 5, 7, and 10 is
30 divided by 6, which is 5.
l Median. The middle number of a group of numbers; that is,
half the numbers have values that are greater than the median,
and half the numbers have values that are less than the
median. For example, the median of 2, 3, 3, 5, 7, and 10 is 4.
l Mode. The most frequently occurring number in a group of
numbers. For example, the mode of 2, 3, 3, 5, 7, and 10 is 3.

For a symmetrical distribution of a group of numbers, these three

measures of central tendency are all the same. For a skewed
distribution of a group of numbers, they can be different.

Examples:

Chapter 3: Formula Builder 167

 RSA Archer GRC Platform Calculations

Formula Result

MEDIAN(REF([Data Set],[Values])) Median of the 5 numbers in the list given

(3)
where Data Set is a cross-reference field
and the values in the Values field are 1, 2,
3, 4, and 5.

MEDIAN(REF([Data Set],[Values])) Median of all the numbers given, or the

average of 3 and 4 (3.5)
where Data Set is a cross-reference field
and the values in the Values field are 1, 2,
3, 4, 5, and 6.

MIN Function
The MIN function returns the smallest value in a set of values.
Return Type: Numeric
Syntax: MIN(value1, value2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1, value2, and Values for which you want to find a minimum value. Only
so on Numeric and Date fields can be evaluated.

Note: When evaluating a Date field, MIN will return a serial

number that represents the smallest date (closest to January 1,
1900); the function will not return a date string.

Examples:

Formula Result

MIN([Risk], [Criticality], [Availability]) 5

where the value in the Risk field is 5, the
value in the Criticality field is 7, and the
value in the Availability field is 12.

MIN(REF([Orders], [Price])) 10.62

where the smallest value in the Price field
across all the rows in the Orders Sub-Form
field is 10.62.

168 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

MINA Function
The MINA function returns the smallest value in the list of arguments.
Return Type: Numeric
Syntax: MINA(value1, value2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1, value2,... 1 to 255 values for which you want to find the smallest value.
Note that:
l Arguments can be numbers; names or references that contain
numbers; text representations of numbers; or logical values,
such as TRUE and FALSE, in a reference.
l If an argument is a reference, only values in that reference are
used. Empty fields and text values in the reference are
ignored.
l Arguments that contain TRUE evaluate as 1; arguments that
contain text or FALSE evaluate as 0 (zero).
l Arguments that are error values or text that cannot be
translated into numbers cause errors.
l If the arguments contain no values, MINA returns 0.
l If you do not want to include logical values and text
representations of numbers in a reference as part of the
calculation, use the MIN function.

Example:

Formula Result

MINA(REF([Data Set],[Values])) Smallest of the numbers given. FALSE

evaluates to 0 (0)
where Data Set is a cross-reference field
and the values in the Values field are
FALSE, 0.2, 0.5, 0.4, and 0.8.

MODE Function
The MODE function returns the most frequently occurring, or repetitive, value in a
set of data.
Return Type: Numeric
Syntax: MODE(number1,number2,...)

Chapter 3: Formula Builder 169

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

number1,number2,... 1 to 255 arguments for which you want to calculate the mode.
Arguments can be numbers, names, or references that contain
numbers.
If a reference argument contains text, logical values, or empty
fields, those values are ignored; however, fields with the
value zero are included.
Arguments that are error values or text that cannot be
translated into numbers cause errors.
If the data set contains no duplicate data points, MODE
returns an error.
The MODE function measures central tendency, which is the
location of the center of a group of numbers in a statistical
distribution. The three most common measures of central
tendency are:
l Average. The arithmetic mean, and is calculated by adding
a group of numbers and then dividing by the count of
those numbers. For example, the average of 2, 3, 3, 5, 7,
and 10 is 30 divided by 6, which is 5.
l Median. The middle number of a group of numbers; that
is, half the numbers have values that are greater than the
median, and half the numbers have values that are less than
the median. For example, the median of 2, 3, 3, 5, 7, and
10 is 4.
l Mode. The most frequently occurring number in a group of
numbers. For example, the mode of 2, 3, 3, 5, 7, and 10 is
3.

For a symmetrical distribution of a group of numbers, these

three measures of central tendency are all the same. For a
skewed distribution of a group of numbers, they can be
different.

Example:

Formula Result

MODE(REF([Data Set],[Values])) Mode, or most frequently occurring

number given (4)
where Data Set is a cross-reference field
and the values in the Values field are 5.6,
4, 4, 3, 2, and 4.

170 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

NEGBINOMDIST Function
The NEGBINOMDIST function returns the negative binomial distribution.
NEGBINOMDIST returns the probability that there will be number_f failures
before the number_s-th success, when the constant probability of a success is
probability_s. This function is similar to the binomial distribution, except that the
number of successes is fixed, and the number of trials is variable. Like the
binomial, trials are assumed to be independent.
For example, you need to find 10 people with excellent reflexes, and you know the
probability that a candidate has these qualifications is 0.3. NEGBINOMDIST
calculates the probability that you will interview a certain number of unqualified
candidates before finding all 10 qualified candidates.
Return Type: Numeric
Syntax: NEGBINOMDIST(number_f,number_s,probability_s)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number_f The number of failures.

Note: If number_f < 0 or number_s < 1, NEGBINOMDIST

returns an error. Number_f and number_s are truncated to
integers. If any argument is nonnumeric, NEGBINOMDIST
returns an error.

number_s The threshold number of successes.

Note: Number_f and number_s are truncated to integers. If any

argument is nonnumeric, NEGBINOMDIST returns an error.

probability_s The probability of a success.

Note: If probability_s < 0, if probability > 1, or if any argument

is nonnumeric, NEGBINOMDIST returns an error.

Example:

Formula Result

NEGBINOMDIST(10,5,0.25) Negative binomial distribution for the

terms given (0.055049)

Chapter 3: Formula Builder 171

 RSA Archer GRC Platform Calculations

NORMDIST Function
The NORMDIST function returns the normal distribution for the specified mean
and standard deviation. This function has a very wide range of applications in
statistics, including hypothesis testing.
Return Type: Numeric
Syntax: NORMDIST(x,mean,standard_dev,cumulative)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The value for which you want the distribution.

mean The arithmetic mean of the distribution.

Note: If mean = 0, standard_dev = 1, and cumulative = TRUE,

NORMDIST returns the standard normal distribution,
NORMSDIST. If mean or standard_dev is nonnumeric,
NORMDIST returns an error.

standard_dev The standard deviation of the distribution.

Note: If standard_dev ≤ 0, NORMDIST returns an error. If mean

= 0, standard_dev = 1, and cumulative = TRUE, NORMDIST
returns the standard normal distribution, NORMSDIST. If mean
or standard_dev is nonnumeric, NORMDIST returns an error.

cumulative A logical value that determines the form of the function. If

cumulative is TRUE, NORMDIST returns the cumulative
distribution function; if FALSE, it returns the probability mass
function.

Note: When cumulative = TRUE, the formula is the integral from

negative infinity to x of the given formula. If mean = 0,
standard_dev = 1, and cumulative = TRUE, NORMDIST returns
the standard normal distribution, NORMSDIST.

Examples:

Formula Result

NORMDIST(42,40,1.5,TRUE) Cumulative distribution function for the

terms given (0.908789)

NORMDIST(42,40,1.5,FALSE) Probability mass function for the terms

given (0.10934005)

172 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

PEARSON Function
The PEARSON function returns the Pearson product moment correlation
coefficient, r, a dimensionless index that ranges from -1.0 to 1.0 inclusive and
reflects the extent of a linear relationship between two data sets.
Return Type: Numeric
Syntax: PEARSON(values1,values2)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values1 A set of independent values.

Note: The arguments must be numbers, names or references that

contain numbers. If a reference argument contains text, logical
values, or empty fields, those values are ignored; however, fields
with the value zero are included. If values1 and values2 are
empty or have a different number of data points, PEARSON
returns an error.

values2 A set of dependent values.

Note: The arguments must be numbers, names or references that

contain numbers. If a reference argument contains text, logical
values, or empty fields, those values are ignored; however, fields
with the value zero are included. If values1 and values2 are
empty or have a different number of data points, PEARSON
returns an error.

Example:

Formula Result

PEARSON( REF([Data Set],[Independent Pearson product moment correlation

Values]), REF([Data Set],[Dependent coefficient for the data sets given
Values])) (0.699379)
where Data Set is a cross-reference field,
the values in the Independent Values field
are 9, 7, 5, 3, and 1 and the values in the
Dependent Values field are 10, 6, 1, 5, and
3.

Chapter 3: Formula Builder 173

 RSA Archer GRC Platform Calculations

PERCENTILE Function
The PERCENTILE function returns the k-th percentile of values in a range. You
can use this function to establish a threshold of acceptance. For example, you can
decide to examine candidates who score above the 90th percentile.
Return Type: Numeric
Syntax: PERCENTILE(values,k)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values The set of fields that defines relative standing.

Note: If the set is empty or contains more than 8,191 data points,
PERCENTILE returns an error.

k The percentile value in the range 0..1, inclusive.

Note: If k is nonnumeric, if k is < 0 or if k > 1, PERCENTILE

returns an error. If k is not a multiple of 1/(n - 1), PERCENTILE
interpolates to determine the value at the k-th percentile.

Example:

Formula Result

PERCENTILE(REF([Data Set],[Values]),0.3) 30th percentile of the list given (1.9)

where Data Set is a cross-reference field
and the values in the Values field are 1, 3,
2, and 4.

PERCENTRANK Function
The PERCENTRANK function returns the rank of a value in a data set as a
percentage of the data set. This function can be used to evaluate the relative
standing of a value within a data set. For example, you can use PERCENTRANK
to evaluate the standing of an aptitude test score among all scores for the test.
Return Type: Numeric
Syntax: PERCENTRANK(values,x,significance)
In the above syntax, parameters in bold are required.

174 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

values The reference to a set of fields with numeric values that defines
relative standing.

Note: If the set is empty, PERCENTRANK returns an error.

x The value for which you want to know the rank.

Note: If x does not match one of the values in the field,

PERCENTRANK interpolates to return the correct percentage
rank.

significance An optional value that identifies the number of significant digits

for the returned percentage value. If omitted, PERCENTRANK
uses three digits (0.xxx).

Note: If significance < 1, PERCENTRANK returns an error.

Examples:

Formula Result

PERCENTRANK(REF([Data Set], Percent rank of 2 in the list given (0.333,

[Values]),2) because 3 values in the set are smaller
than 2, and 6 are larger than 2; 3/(3+6)
where Data Set is a cross-reference field
=0.333)
and the values in the Values field are 13,
12, 11, 8, 4, 3, 2, 1, 1, and 1.

PERCENTRANK(REF([Data Set], Percent rank of 4 in the list given (0.555)

[Values]),4)
where Data Set is a cross-reference field
and the values in the Values field are 13,
12, 11, 8, 4, 3, 2, 1, 1, and 1.

PERCENTRANK(REF([Data Set], Percent rank of 8 in the list given (0.666)

[Values]),8)
where Data Set is a cross-reference field
and the values in the Values field are 13,
12, 11, 8, 4, 3, 2, 1, 1, and 1.

PERCENTRANK(REF([Data Set], Percent rank of 5 in the list given (0.583,

[Values]),5) one-quarter of the way between the
PERCENTRANK of 4 and the
where Data Set is a cross-reference field

Chapter 3: Formula Builder 175

 RSA Archer GRC Platform Calculations

Formula Result

and the values in the Values field are 13, PERCENTRANK of 8)

12, 11, 8, 4, 3, 2, 1, 1, and 1.

PERMUT Function
The PERMUT function returns the number of permutations for a given number of
objects that can be selected from number objects. A permutation is any set or subset
of objects or events where internal order is significant. Permutations are different
from combinations, for which the internal order is not significant. Use this function
for lottery-style probability calculations.
Return Type: Numeric
Syntax: PERMUT(number,number_chosen)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number An integer that describes the number of objects.

Note: Both arguments are truncated to integers. If number or

number_chosen is nonnumeric, if number ≤ 0 or if number_
chosen < 0, or if number < number_chosen, PERMUT returns an
error.

number_chosen An integer that describes the number of objects in each

permutation.

Note: Both arguments are truncated to integers. If number or

number_chosen is nonnumeric, if number ≤ 0 or if number_
chosen < 0 or if number < number_chosen, PERMUT returns an
error.

Example:
Suppose that you want to calculate the odds of selecting a winning lottery number.
Each lottery number contains three numbers, each of which can be between 0
(zero) and 99, inclusive. The following function calculates the number of possible
permutations.

Formula Result

PERMUT(100,3) Permutations possible for the terms given

(970200)

176 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

POISSON Function
The POISSON function returns the Poisson distribution. A common application of
the Poisson distribution is predicting the number of events over a specific time, such
as the number of cars arriving at a toll plaza in 1 minute.
Return Type: Numeric
Syntax: POISSON(x,mean,cumulative)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The number of events.

Note: If x is not an integer, it is truncated. If x or mean is non-

numeric, or if x < 0, POISSON returns an error.

mean The expected numeric value.

Note: If mean < 0, POISSON returns an error.

cumulative A logical value that determines the form of the probability

distribution returned. If cumulative is TRUE, POISSON returns
the cumulative Poisson probability that the number of random
events occurring will be between zero and x inclusive; if FALSE,
it returns the Poisson probability mass function that the number
of events occurring will be exactly x.

Examples:

Formula Result

POISSON(2,5,TRUE) Cumulative Poisson probability with the

terms given (0.124652)

POISSON(2,5,FALSE) Poisson probability mass function with the

terms given (0.084224)

PROB Function
The PROB function returns the probability that values in a range are between two
limits. If upper_limit is not supplied, returns the probability that values in x_range
are equal to lower_limit.
Return Type: Numeric
Syntax: PROB(x_range,prob_range,lower_limit,upper_limit)

Chapter 3: Formula Builder 177

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

x_range The range of numeric values of x with which there are associated
probabilities.

Note: If x_range and prob_range contain a different number of

data points, PROB returns an error.

prob_range A set of probabilities associated with values in x_range.

Note: If any value in prob_range ≤ 0 or if any value in prob_

range > 1, PROB returns an error. If the sum of the values in
prob_range is not equal to 1, PROB returns an error. If x_range
and prob_range contain a different number of data points, PROB
returns an error.

lower_limit The lower bound on the value for which you want a probability.

upper_limit The optional upper bound on the value for which you want a
probability.

Note: If upper_limit is omitted, PROB returns the probability of

being equal to lower_limit.

Examples:

Formula Result

PROB([X Range],[Set of Probabilities], Probability that x is 2 (0.1)

[Lower Limit])
where the values in the X Range field are
0, 1, 2, and 3, the values in the Set of
Probabilities field are 0.2, 0.3, 0.1, and 0.4,
and the value in the Lower Limit field is 2.

PROB([X Range],[Set of Probabilities], Probability that x is between 1 and 3 (0.8)

[Lower Limit],[Upper Limit])
where the values in the X Range field are
0, 1, 2, and 3, the values in the Set of
Probabilities field are 0.2, 0.3, 0.1, and 0.4,
the value in the Lower Limit field is 1, and
the value in the Upper Limit field is 3.

178 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

RANK Function
The RANK function returns the rank of a number in a list of numbers. The rank of a
number is its size relative to other values in a list. (If you were to sort the list, the
rank of the number would be its position.)
RANK gives duplicate numbers the same rank. However, the presence of duplicate
numbers affects the ranks of subsequent numbers. For example, in a list of integers
sorted in ascending order, if the number 10 appears twice and has a rank of 5, then
11 would have a rank of 7 (no number would have a rank of 6).
For some purposes, you might want to use a definition of rank that takes ties into
account. In the previous example, you would want a revised rank of 5.5 for the
number 10. This can be done by adding the following correction factor to the value
returned by RANK. This correction factor is appropriate both for the case where
rank is computed in descending order (order = 0 or omitted) or ascending order
(order = nonzero value).
Correction factor for tied ranks = [COUNT(ref) + 1 – RANK(number, ref, 0) –
RANK(number, ref, 1)] / 2.
Return Type: Numeric
Syntax: RANK(number,values,order)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number The number whose rank you want to find.

values A reference to a list of numbers. Nonnumeric values are ignored.

order A number specifying how to rank number.

l If order is 0 (zero) or omitted, Archer ranks number as if
values were a list sorted in descending order.
l If order is any non-zero value, Archer ranks number as if
values were a list sorted in ascending order.

Examples:

Chapter 3: Formula Builder 179

 RSA Archer GRC Platform Calculations

Formula Result

RANK(3.5,REF([Data Set],[Values]),1) Rank of 3.5 in the list given (3)

where Data Set is a cross-reference field
and the values in the Values field are 7,
3.5, 3.5, 1, and 2.
Note: The correction factor is (5 + 1 – 2 –
3)/2 = 0.5 and the revised rank that takes
ties into account is 3 + 0.5 = 3.5. If
number occurs only once in ref, the
correction factor will be 0, since RANK
would not have to be adjusted for a tie.

RANK(7,REF([Data Set],[Values]),1) Rank of 7 in the list given (5)

where Data Set is a cross-reference field
and the values in the Values field are 7,
3.5, 3.5, 1, and 2.

RSQ Function
The RSQ function returns the square of the Pearson product moment correlation
coefficient through data points in known_y's and known_x's. For more information,
see PEARSON Function. The r-squared value can be interpreted as the proportion
of the variance in y attributable to the variance in x. Note that:
l Arguments can either be numbers, names, or references that contain numbers.
l Logical values and text representations of numbers that you type directly into the
list of arguments are counted.
l If a reference argument contains text, logical values, or empty fields, those
values are ignored; however, fields with the value zero are included.
l Arguments that are error values or text that cannot be translated into numbers
cause errors.

Return Type: Numeric

Syntax: RSQ(known_y's,known_x's)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

known_y's A set of data points.

known_x's A set of data points.

180 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Note: If known_y's and known_x's are empty or have a different number of data
points, RSQ returns an error. If known_y's and known_x's contain only 1 data point,
RSQ returns an error.

Example:

Formula Result

RSQ(REF([Data Set],[Known Y]),REF Square of the Pearson product moment

([Data Set],[Known X])) correlation coefficient through data points
given (0.05795)
where Data Set is a cross-reference field,
the values in the Known Y field are 2, 3, 9,
1, 8, 7, and 5, and the values in the Known
X field are 6, 5, 11, 7, 5, 4, and 4.

SKEW Function
The SKEW function returns the skewness of a distribution. Skewness characterizes
the degree of asymmetry of a distribution around its mean. Positive skewness
indicates a distribution with an asymmetric tail extending toward more positive
values. Negative skewness indicates a distribution with an asymmetric tail
extending toward more negative values.
Return Type: Numeric
Syntax: SKEW(number1,number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1,number2,... 1 to 255 arguments for which you want to calculate skewness.

Note: Arguments can be numbers, names, or references that

contain numbers. Logical values and text representations of
numbers that you type directly into the list of arguments are
counted. If a reference argument contains text, logical values, or
empty fields, those values are ignored; however, fields with the
value zero are included. Arguments that are error values or text
that cannot be translated into numbers cause errors. If there are
fewer than three data points, or the sample standard deviation is
zero, SKEW returns an error.

Example:

Chapter 3: Formula Builder 181

 RSA Archer GRC Platform Calculations

Formula Result

SKEW(REF([Data Set],[Values])) Skewness of a distribution of the data set

given (0.359543)
where Data Set is a cross-reference field
and the values in the Values field are 3, 4,
5, 2, 3, 4, 5, 6, 4, and 7.

SLOPE Function
The SLOPE function returns the slope of the linear regression line through data
points in known_y's and known_x's. The slope is the vertical distance divided by the
horizontal distance between any two points on the line, which is the rate of change
along the regression line.
The underlying algorithm used in the SLOPE and INTERCEPT functions is
different than the underlying algorithm used in the LINEST function. The difference
between these algorithms can lead to different results when data is undetermined
and collinear. For example, if the data points of the known_y's argument are 0 and
the data points of the known_x's argument are 1, then:
l SLOPE and INTERCEPT return errors. The SLOPE and INTERCEPT algorithm
is designed to look for one and only one answer, and in this case there can be
more than one answer.
l LINEST returns a value of 0. The LINEST algorithm is designed to return
reasonable results for collinear data, and in this case at least one answer can be
found.

Return Type: Numeric

Syntax: SLOPE(known_y's,known_x's)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

known_y's A set of numeric dependent data points.

known_x's The set of independent data points.

Note: The arguments must be numbers, names, or references that contain numbers.
If a reference argument contains text, logical values, or empty fields, those values
are ignored; however, fields with the value zero are included. If known_y's and
known_x's are empty or have a different number of data points, SLOPE returns an
error.

Example:

182 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SLOPE(REF([Data Set],[Known Y]),REF Slope of the linear regression line through

([Data Set],[Known X])) the data points given (0.305556)
where Data Set is a cross-reference field,
the values in the Known Y field are 2, 3, 9,
1, 8, 7, and 5, and the values in the Known
X field are 6, 5, 11, 7, 5, 4, and 4.

SMALL Function
The SMALL function returns the k-th smallest value in a data set. Use this function
to return values with a particular relative standing in a data set. If n is the number
of data points in the values field, SMALL(values,1) equals the smallest value and
SMALL(values,n) equals the largest value.
Return Type: Numeric
Syntax: SMALL(values,k)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values A set of numeric data for which you want to determine the k-th
smallest value.

Note: If the set is empty, SMALL returns an error.

k The position (from the smallest) in the set of fields to return.

Note: If k ≤ 0 or if k exceeds the number of data points, SMALL

returns an error.

Examples:

Chapter 3: Formula Builder 183

 RSA Archer GRC Platform Calculations

Formula Result

SMALL(REF([Data Set],[Values]),4) 4th smallest number in the set of fields (4)

where Data Set is a cross-reference field
and the values in the Values field are 3, 4,
5, 2, 3, 4, 6, 4, and 7.

SMALL(REF([Data Set],[Values]),2) 2nd smallest number in the set of fields (3)

where Data Set is a cross-reference field
and the values in the Values field are 1, 4,
8, 3, 7, 12, 54, 8, and 23.

STANDARDIZE Function
The STANDARDIZE function returns a normalized value from a distribution
characterized by mean and standard_dev.
Return Type: Numeric
Syntax: STANDARDIZE(x,mean,standard_dev)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The value that you want to normalize.

mean The arithmetic mean of the distribution.

standard_dev The standard deviation of the distribution.

Example:

Formula Result

STANDARDIZE(42,40,1.5) Normalized value of 42 for the terms

given (1.333333)

STDEV Function
The STDEV function estimates standard deviation based on a sample. The standard
deviation is a measure of how widely values are dispersed from the average value
(the mean).
STDEV assumes that its arguments are a sample of the population. If your data
represents the entire population, compute the standard deviation using STDEVP.

184 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The standard deviation is calculated using the "n-1" method. To include logical
values and text representations of numbers in a reference as part of the calculation,
use the STDEVA function.
Return Type: Numeric
Syntax: STDEV(number1,number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1,number2,... 1 to 255 number arguments corresponding to a sample of a

population. You can also use a reference to a set of fields instead
of arguments separated by commas.

Note: Arguments can be numbers, names, or references that

contain numbers. Logical values and text representations of
numbers that you type directly into the list of arguments are
counted. If an argument is a reference, only numbers in that
reference are counted. Empty fields, logical values, text, or error
values in the reference are ignored. Arguments that are error
values or text that cannot be translated into numbers cause errors.

Example:
Suppose 10 tools stamped from the same machine during a production run are
collected as a random sample and measured for breaking strength.

Formula Result

STDEV(REF([Data Set],[Breaking Standard deviation of breaking strength

Strength])) (27.46391572)
where Data Set is a cross-reference field
and the values in the Breaking Strength
field are 1345, 1301, 1368, 1322, 1310,
1370, 1318, 1350, 1303, and 1299.

STDEVA Function
The STDEVA function estimates standard deviation based on a sample. The
standard deviation is a measure of how widely values are dispersed from the
average value (the mean). The standard deviation is calculated using the "n-1"
method.
STDEVA assumes that its arguments are a sample of the population. If your data
represents the entire population, you must compute the standard deviation using
STDEVPA.

Chapter 3: Formula Builder 185

 RSA Archer GRC Platform Calculations

If you do not want to include logical values and text representations of numbers in a
reference as part of the calculation, use the STDEV Function.
Return Type: Numeric
Syntax: STDEVA(value1,value2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1,value2,... 1 to 255 values corresponding to a sample of a population. You

can also use a reference to a set of fields instead of arguments
separated by commas.

Note: Arguments can be the following: numbers; names, or

references that contain numbers; text representations of numbers;
or logical values, such as TRUE and FALSE, in a reference.
Arguments that contain TRUE evaluate as 1; arguments that
contain text or FALSE evaluate as 0 (zero). If an argument is a
reference, only values in that reference are used. Empty cells and
text values in the reference are ignored. Arguments that are error
values or text that cannot be translated into numbers cause errors.

Example:
Suppose 10 tools stamped from the same machine during a production run are
collected as a random sample and measured for breaking strength.

Formula Result

STDEVA(REF([Data Set],[Breaking Standard deviation of breaking strength

Strength])) for all the tools (27.46391572)
where Data Set is a cross-reference field
and the values in the Breaking Strength
field are 1345, 1301, 1368, 1322, 1310,
1370, 1318, 1350, 1303, and 1299.

STDEVP Function
The STDEVP function calculates standard deviation based on the entire population
given as arguments. The standard deviation is a measure of how widely values are
dispersed from the average value (the mean).
STDEVP assumes that its arguments are the entire population. If your data
represents a sample of the population, compute the standard deviation using
STDEV.
For large sample sizes, STDEV and STDEVP return approximately equal values.

186 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The standard deviation is calculated using the "n" method.

To include logical values and text representations of numbers in a reference as part
of the calculation, use the STDEVPA Function.
Return Type: Numeric
Syntax: STDEVP(number1,number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1,number2,... 1 to 255 number arguments corresponding to a population. You

can also use a reference to a set of fields instead of arguments
separated by commas.

Note: Arguments can be numbers, names, or references that

contain numbers. Logical values, and text representations of
numbers that you type directly into the list of arguments are
counted. If an argument is a reference, only numbers in that
reference are counted. Empty fields, logical values, text, or error
values in the reference are ignored. Arguments that are error
values or text that cannot be translated into numbers cause errors.

Example:
Suppose 10 tools stamped from the same machine during a production run are
collected as a random sample and measured for breaking strength.

Formula Result

STDEVP(REF([Data Set],[Breaking Standard deviation of breaking strength,

Strength])) assuming only 10 tools are produced
(26.05455814)
where Data Set is a cross-reference field
and the values in the Breaking Strength
field are 1345, 1301, 1368, 1322, 1310,
1370, 1318, 1350, 1303, and 1299.

STDEVPA Function
The STDEVPA function calculates standard deviation based on the entire
population given as arguments, including text and logical values. The standard
deviation is a measure of how widely values are dispersed from the average value
(the mean).
STDEVPA assumes that its arguments are the entire population. If your data
represents a sample of the population, you must compute the standard deviation by
using STDEVA.

Chapter 3: Formula Builder 187

 RSA Archer GRC Platform Calculations

For large sample sizes, STDEVA and STDEVPA return approximately equal
values.
If you do not want to include logical values and text representations of numbers in a
reference as part of the calculation, use the STDEVP Function.
The standard deviation is calculated using the "n" method.
Return Type: Numeric
Syntax: STDEVPA(value1,value2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1,value2,... 1 to 255 values corresponding to a population. You can also use

a reference to a set of fields instead of arguments separated by
commas.

Note: Arguments can be the following: numbers; names or

references that contain numbers; text representations of numbers;
or logical values, such as TRUE and FALSE, in a reference. Text
representations of numbers that you type directly into the list of
arguments are counted. Arguments that contain TRUE evaluate
as 1; arguments that contain text or FALSE evaluate as 0 (zero).
If an argument is a reference, only values in that reference are
used. Empty fields and text values in the reference are ignored.
Arguments that are error values or text that cannot be translated
into numbers cause errors.

Example:
Suppose 10 tools stamped from the same machine during a production run are
collected as a random sample and measured for breaking strength.

Formula Result

STDEVPA(REF([Data Set],[Breaking Standard deviation of breaking strength,

Strength])) assuming only 10 tools are produced
(26.05455814)
where Data Set is a cross-reference field
and the values in the Breaking Strength
field are 1345, 1301, 1368, 1322, 1310,
1370, 1318, 1350, 1303, and 1299.

188 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

STEYX Function
The STEYX function returns the standard error of the predicted y-value for each x
in the regression. The standard error is a measure of the amount of error in the
prediction of y for an individual x.
Return Type: Numeric
Syntax: STEYX(known_y's,known_x's)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

known y's A set of dependent data points.

known x's A set of independent data points.

Note: Arguments can be numbers, names or references that contain numbers.

Logical values and text representations of numbers that you type directly into the
list of arguments are counted. If a reference argument contains text, logical values,
or empty fields, those values are ignored; however, fields with the value zero are
included. Arguments that are error values or text that cannot be translated into
numbers cause errors. If known_y's and known_x's have a different number of data
points, STEYX returns an error. If known_y's and known_x's are empty or have less
than three data points, STEYX returns an error.

Example:

Formula Result

STEYX(REF([Data Set],[Dependent Data]), Standard error of the predicted y-value for

REF([Data Set],[Independent Data])) each x in the regression (3.305719)
where Data Set is a cross-reference field,
the values in the Dependent Data field are
2, 3, 9, 1, 8, 7, and 5, and the values in the
Independent Data field are 6, 5, 11, 7, 5, 4,
and 4.

SUM Function
The SUM function adds all of the numbers in the specified parameters. If the SUM
function references a multi-selection values list, it can be used with the
SELECTED function to return the sum of the numeric values for each of the
currently selected items.
Return Type: Numeric
Syntax: SUM(number1, number2,...)

Chapter 3: Formula Builder 189

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

number1, number2, Parameters for which you want the total value. These parameters
and so on can be entered as hard-coded values, for example, 2, or Numeric-
field references, for example, [field name]. Referenced fields can
reside within the application or within Sub-Form, Cross-
Reference, or Related Records fields.

Examples:

Formula Result

SUM(3, [Risk]) 15
where the value in the Risk field is 12.

SUM([Risk], [Criticality]) 19
where the value in the Risk field is 12 and
the value in the Criticality field is 7.

SUM(REF([Orders],[Price])) 202.94
where the value in the Price field within
the Orders sub-form are 120.00, 50.19, and
32.75.

SUM(SELECTEDVALUENUMBER([Key 25
Factors]))
where Key Factors is a multi-selection
Values List field and the numeric values of
the current selections are 3, 8, 4, and 10.

SUMIF Function
The SUMIF function sums the values of a specified Numeric field across all
records in a Sub-Form, Cross-Reference, or Related Records field that contain a
specific value in a given field. For example, you can return the sum of all Price
field values across all cross-referenced records in which the Status field is set to
“Shipped.”
Return Type: Numeric
Syntax: SUMIF(eval_field_ref, criterion, sum_field_ref)
In the above syntax, parameters in bold are required.

190 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Chapter 3: Formula Builder 191

 RSA Archer GRC Platform Calculations

Parameter Description

eval_field_ref The reference to the field against which the criterion will be
evaluated.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

criterion The test that will be performed against eval_field_ref to

determine whether a given record will be qualified for the sum
operation. The criterion can involve Values List, User/Groups
List, and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values Lists. If eval_field_ref is a Values List field, enclose
the criterion value in VALUEOF or supply it as a quoted
literal string, for example, "Dallas".
l User/Groups List and Record Permissions Fields. If eval_
field_ref is a User/Groups List or Record Permissions field,
enclose the criterion value in USER or GROUP (as
appropriate for the criterion).
l Text, Numeric, or Date Fields. If eval_field_ref is a Text,
Numeric, or Date field, the criterion must be enclosed in
quotes, for example, ">56", and the criterion can involve any
of the supported comparison operators (=, <, >, <=, >=, <>).

Note: The evaluation will always result in no matches if there is

a space between the operator and the test value. For example, if
the intent is to sum a given Numeric field across all sub-form
records where a another given field contains a numeric value
greater than 56, a space cannot appear in the formula between
the ">" and the "56"

If a function is used in the criterion, the function must be

concatenated to the comparison operator. For example, the proper
criterion syntax for specifying "greater than today" would be:
">"&TODAY( )
The criterion parameter supports the use of literal dates or a date
value derived from the TODAY function. If a literal date string is
specified, it must be wrapped in a DATETIMEVALUE function.

sum_field_ref The reference to a Numeric field that will be summed across all
qualified records.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

192 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Examples:

Chapter 3: Formula Builder 193

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Cases], [Status]), VALUEOF 832

(REF([Cases], [Status]), "Open"),REF
([Cases], [Time Spent]))
where:
l The name of the Cross-Reference field is
Cases.
l The Status Values List field contains the
values to be evaluated.
l The criterion for matching on the Status
field is the selection “Open”.
l Time Spent is a Numeric field
containing the numeric values to be
summed.
l The sum of Time Spent across all
“Open” cases is 832 minutes.

194 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Items], [Line Item Cost]), 2378.10

">5.99",REF([Items], [Line Total]))
where:
l The name of the Sub-Form field is Items.
l The Line Item Cost Numeric field in the
related sub-form contains the data to be
evaluated.
l The criterion for matching on Line Item
Cost is values greater than 5.99.
l Line Total is a Numeric field containing
the numeric values to be summed.
l The sum of Line Total across all sub-
form records where Line Item Cost is
greater than 5.99 is 2378.10.

SUMIF(REF([Properties], [Sale Price]), 2654887

">=150000")
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Price Numeric field in the
related application contains the data to
be evaluated.
l The criterion for matching on Sale Price
is values greater than or equal to
150000.
l The sum of Sale Price across all related
records where Line Item Cost is greater
than or equal to 150000 is 1654887.

Note: In this example, the sum_field_ref is

not passed to SUMIF. As a result, the
system will use Sale Price for evaluation
purposes and for summing.

Chapter 3: Formula Builder 195

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Properties], [Sale Date]), 1299000

">="&DATETIMEVALUE
("7/1/2008"),REF([Properties], [Sale Price]))
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Date field in the related
application contains the data to be
evaluated.
l The criterion for matching on Sale Date
is dates greater than or equal to
7/1/2008.
l Sale Price is a Numeric field containing
the numeric values to be summed.
l The sum of Sale Price across all related
records where Sales Date is greater than
or equal to 7/1/2008 is 1299000.

196 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

eval_field_ref The reference to the field against which the criterion will be
evaluated.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

criterion The test that will be performed against eval_field_ref to

determine whether a given record will be qualified for the sum
operation. The criterion can involve Values List, User/Groups
List, and Record Permissions fields as well as fields containing
numeric, text, and date type values.
l Values Lists. If eval_field_ref is a Values List field, enclose
the criterion value in VALUEOF or supply it as a quoted
literal string, for example, "Dallas".
l User/Groups List and Record Permissions Fields. If eval_
field_ref is a User/Groups List or Record Permissions field,
enclose the criterion value in USER or GROUP (as
appropriate for the criterion).
l Text, Numeric, or Date Fields. If eval_field_ref is a Text,
Numeric, or Date field, the criterion must be enclosed in
quotes, for example, ">56", and the criterion can involve any
of the supported comparison operators (=, <, >, <=, >=, <>).

Note: The evaluation will always result in no matches if there is

a space between the operator and the test value. For example, if
the intent is to sum a given Numeric field across all sub-form
records where a another given field contains a numeric value
greater than 56, a space cannot appear in the formula between
the ">" and the "56"

If a function is used in the criterion, the function must be

concatenated to the comparison operator. For example, the proper
criterion syntax for specifying "greater than today" would be:
">"&TODAY( )
The criterion parameter supports the use of literal dates or a date
value derived from the TODAY function. If a literal date string is
specified, it must be wrapped in a DATETIMEVALUE function.

sum_field_ref The reference to a Numeric field that will be summed across all
qualified records.

Note: If sum_field_ref is not passed to SUMIF, eval_field_ref

will also act as the field to sum.

Chapter 3: Formula Builder 197

 RSA Archer GRC Platform Calculations

Examples:

198 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Cases], [Status]), VALUEOF 832

(REF([Cases], [Status]), "Open"),REF
([Cases], [Time Spent]))
where:
l The name of the Cross-Reference field is
Cases.
l The Status Values List field contains the
values to be evaluated.
l The criterion for matching on the Status
field is the selection “Open”.
l Time Spent is a Numeric field
containing the numeric values to be
summed.
l The sum of Time Spent across all
“Open” cases is 832 minutes.

Chapter 3: Formula Builder 199

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Items], [Line Item Cost]), 2378.10

">5.99",REF([Items], [Line Total]))
where:
l The name of the Sub-Form field is Items.
l The Line Item Cost Numeric field in the
related sub-form contains the data to be
evaluated.
l The criterion for matching on Line Item
Cost is values greater than 5.99.
l Line Total is a Numeric field containing
the numeric values to be summed.
l The sum of Line Total across all sub-
form records where Line Item Cost is
greater than 5.99 is 2378.10.

SUMIF(REF([Properties], [Sale Price]), 2654887

">=150000")
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Price Numeric field in the
related application contains the data to
be evaluated.
l The criterion for matching on Sale Price
is values greater than or equal to
150000.
l The sum of Sale Price across all related
records where Line Item Cost is greater
than or equal to 150000 is 1654887.

Note: In this example, the sum_field_ref is

not passed to SUMIF. As a result, the
system will use Sale Price for evaluation
purposes and for summing.

200 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUMIF(REF([Properties], [Sale Date]), 1299000

">="&DATETIMEVALUE
("7/1/2008"),REF([Properties], [Sale Price]))
where:
l The name of the Cross-Reference field is
Properties.
l The Sale Date field in the related
application contains the data to be
evaluated.
l The criterion for matching on Sale Date
is dates greater than or equal to
7/1/2008.
l Sale Price is a Numeric field containing
the numeric values to be summed.
l The sum of Sale Price across all related
records where Sales Date is greater than
or equal to 7/1/2008 is 1299000.

SUMPRODUCT Function
The SUMPRODUCT function multiplies corresponding components in the given
sets of fields, and returns the sum of those products.
Return Type: Numeric
Syntax: SUMPRODUCT(values1,values2,values3, ...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values1, values2, 2 to 255 sets of values whose components you want to multiply
values3, ... and then add.

Note: The respective arguments must have the same dimensions.

If they do not, SUMPRODUCT returns an error. SUMPRODUCT
treats field entries that are not numeric as if they were zeros.

Example:

Chapter 3: Formula Builder 201

 RSA Archer GRC Platform Calculations

Formula Result

SUMPRODUCT(REF([Data Set], Multiplies all the components of the two

[Values1]),REF([Data Set],[Values2])) arrays and then adds the products — that
is, 3*2 + 4*7 + 8*6 + 6*7 + 1*5 + 9*3.
where Data Set is a cross-reference field
(156)
and the values in the Values1 field are 3, 4,
8, 6, 1, and 9, and the values in the
Values2 field are 2, 7, 6, 7, 5, and 3.

SUMSQ Function
The SUMSQ function returns the sum of the squares of the arguments.
Return Type: Numeric
Syntax: SUMSQ(number1,number2, ...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1, number2, 1 to 255 arguments for which you want the sum of the squares.
... You can also use a reference to an array instead of arguments
separated by commas.

Note: Arguments can be numbers, names, or references that

contain numbers. Numbers, logical values, and text
representations of numbers that you type directly into the list of
arguments are counted. If an argument is a reference, only
numbers in that reference are counted. Empty cells, logical
values, text, or error values are ignored. Arguments that are error
values or text that cannot be translated into numbers cause errors.

Example:

Formula Result

SUMSQ(3,4) Sum of the squares of 3 and 4 (25)

SUMX2PY2 Function
The SUMX2PY2 function returns the sum of the sum of squares of corresponding
values in two sets of fields. The sum of the sum of squares is a common term in
many statistical calculations.
Return Type: Numeric
Syntax: SUMX2PY2(values_x,values_y)

202 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

values_x The first set of fields.

values_y The second set of fields.

Note: The arguments should be numbers, names, or references that contain

numbers. If a reference argument contains text, logical values, or empty cells, those
values are ignored; however, fields with the value zero are included. If values_x
and values_y have a different number of values, SUMX2PY2 returns an error.

Example:

Formula Result

SUMX2PY2(REF([Data Set],[Values1]), Sum of the sum of squares of the two sets

REF([Data Set],[Values2])) of fields given (521)
where Data Set is a cross-reference field,
the values in the Values1 field are 2, 3, 9,
1, 8, 7 and 5 and the values in the Values2
field are 6, 5, 11, 7, 5, 4, and 4.

SUMX2MY2 Function
The SUMX2MY2 function returns the sum of the difference of squares of
corresponding values in two sets of fields.
Return Type: Numeric
Syntax: SUMX2MY2(values_x,values_y)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values_x The first range of values.

values_y The second range of values.

Note: The arguments should be either numbers, names, or references that contain
numbers. If a reference argument contains text, logical values, or empty cells, those
values are ignored; however, fields with the value zero are included. If values_x
and values_y have a different number of values, SUMX2MY2 returns an error.

Chapter 3: Formula Builder 203

 RSA Archer GRC Platform Calculations

Example:

Formula Result

SUMX2MY2(REF([Data Set], Sum of the difference of squares of the

[Values1]),REF([Data Set],[Values2])) two sets of values given (-55)
where Data Set is a cross-reference field,
the values in the Values1 field are 2, 3, 9,
1, 8, 7 and 5 and the values in the Values2
field are 6, 5, 11, 7, 5, 4 and 4.

SUMXMY2 Function
The SUMXMY2 function returns the sum of squares of differences of
corresponding values in two sets of fields.
Return Type: Numeric
Syntax: SUMXMY2(values_x,values_y)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values_x The first set of fields.

values_y The second set of fields.

Note: The arguments should be numbers, names, or references that contain

numbers. If a reference argument contains text, logical values, or empty cells, those
values are ignored; however, fields with the value zero are included. If values_x
and values_y have a different number of values, SUMXMY2 returns an error.

Examples:

Formula Result

SUMXMY2(REF([Data Set],[Values1]), Sum of squares of differences of the two

REF([Data Set],[Values2])) arrays given (79)
where Data Set is a cross-reference field,
the values in the Values1 field are 2, 3, 9,
1, 8, 7, and 5, and the values in the
Values2 field are 6, 5, 11, 7, 5, 4, and 4.

SUMXMY2({2, 3, 9, 1, 8, 7, 5}, {6, 5, 11, Sum of squares of differences of the two

7, 5, 4, 4}) arrays constants (79)

204 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

TRIMMEAN Function
The TRIMMEAN function returns the mean of the interior of a set of data. The
value is derived by determining the mean of a series of values and excluding a
percentage of the top and bottom values from the data set. This function can be used
to eliminate outliers when determining the mean.
Return Type: Numeric
Syntax: TRIMMEAN(values,percent)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

values A set of values.

percent This is the percent of data points to exclude when determining

the mean. For example, if the percent parameter is .2 and the
number of values in the data series is 100, 20 data points will be
excluded when determining the mean (100 x .2 = 20). Within the
excluded data points for this example, the calculation will
exclude the 10 highest values and the 10 lowest values.

Note: This function rounds the number of excluded data points

down to the nearest multiple of 2. For example, if the percent is
.1 and the number of data points is 30, the number of excluded
data points should be 3. However, since this returns an odd
number, TRIMMEAN will round this number down to 2 and
exclude the highest value and the lowest value in the data series.

Example:

Formula Result

TRIMMEAN(REF([Facilities],[Risk
Rating]), .2)
where Facilities is a cross-reference field
and the values in the Risk Rating field are
35, 50, 52, 60, 68, 75, 79, 82, 86, and 100.
69
The values 45 and 92 were thrown out
(since 20% of the values were to be
excluded) and the function found the
mean of the remaining values.

VAR Function
The VAR function estimates the variance based on a sample of numbers. This
function can compute the variance for up to 255 different values.
Return Type: Numeric
Syntax: VAR(number1, number2,...)

Chapter 3: Formula Builder 205

 RSA Archer GRC Platform Calculations

In the above syntax, parameters in bold are required.

The following table describes the parameters of the function.

Parameter Description

number1, number2, Parameters for which you want to find the variance. These
... parameters can be entered as hard-coded values, for example, 2,
or Numeric-field references, for example, [field name]. Referenced
fields can reside within the application or within Sub-Form,
Cross-Reference, or Related Records fields.

Note: This function assumes the numbers represent a sample from

the overall population. If your data set represents the entire
population, you must compute the variance using VARP.

Example:

Formula Result

VAR(REF([Facilities],[Risk Rating])) 382.4556

where the parent record is related to 10
Facilities records and the values in the Risk
Rating field are 35, 50, 52, 60, 68, 75, 79,
82, 86, and 100.

VARA Function
The VARA function estimates the variance based on a sample of numbers, text, or
logical values (TRUE or FALSE).
Return Type: Numeric
Syntax: VARA(value1, value2,...)
In the above syntax, parameters in bold are required.

206 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

value1,value2, and Parameters for which you want to find the variance. These
so on parameters can be entered as hard-coded values, for example, 2,
or field references, for example, [field name]. Referenced fields
can reside within the application or within Sub-Form, Cross-
Reference, or Related Records fields. If logical values (TRUE or
FALSE) are used, they are evaluated as 1 and 0, respectively.

Note: This function assumes the numbers represents a sample

from the overall population. If your data set represents the entire
population, you must compute the variance using VARPA.

Example:

Formula Result

VAR([Offshore Facilities],[Risk Rating], 30.33333

[Customer Data]))
where the value of the Offshore Facilities
field is "True", the value of the Risk
Rating field is "10", and the value of the
Customer Data field is "False".

VARP Function
The VARP function estimates the variance based on the entire population. This
function can compute the variance for up to 255 different values.
Return Type: Numeric
Syntax: VARP(number1, number2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

number1, number2, Parameters for which you want to find the variance. These
... parameters can be entered as hard-coded values, for example, 2,
or Numeric-field references, for example, [field name]. Referenced
fields can reside within the application or within Sub-Form,
Cross-Reference, or Related Records fields.

Note: This function assumes that the numbers represent the entire
population. If your data set represents a sample population, you
must compute the variance using VAR.

Chapter 3: Formula Builder 207

 RSA Archer GRC Platform Calculations

Example:

Formula Result

VARP(REF([Facilities],[Risk Rating])) 344.21

where the parent record is related to 10
Facilities records and the values in the Risk
Rating field are 35, 50, 52, 60, 68, 75, 79,
82, 86, and 100.

VARPA Function
The VARPA function estimates the variance based on a total population of
numbers, text or logical values (TRUE or FALSE).
Return Type: Numeric
Syntax: VARPA(value1, value2,...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value1,value2, ... Parameters for which you want to find the variance. These
parameters can be entered as hard-coded values, for example, 2,
or field references, for example, [field name]. Referenced fields
can reside within the application or within Sub-Form, Cross-
Reference, or Related Records fields. If logical values (TRUE or
FALSE) are used, they are evaluated as 1 and 0, respectively.

Note: This function assumes the numbers represent the entire

population. If your data set represents a sample population, you
must compute the variance using VARA.

Example:

Formula Result

VARPA([Offshore Facilities],[Risk Rating], 20.22222

[Customer Data]))
where the value of the Offshore Facilities
field is "True", the value of the Risk Rating
field is "10", and the value of the Customer
Data field is "False".

208 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

WEIBULL Function
The WEIBULL function returns the Weibull distribution. You can use this
distribution in reliability analysis.
Return Type: Numeric
Syntax: WEIBULL(x,alpha,beta,cumulative)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

x The value of the function.

Note: If x is nonnumeric or if x < 0, WEIBULL returns an error.

alpha A parameter value for the distribution.

Note: If alpha ≤ 0, WEIBULL returns an error.

beta The other parameter value for the distribution.

Note: If beta ≤ 0, WEIBULL returns an error.

cumulative A logical value that indicates which form of the function to

provide. If cumulative is TRUE, WEIBULL returns the
cumulative distribution function; if FALSE, it returns the
probability density function.

Examples:

Formula Result

WEIBULL(210,40,200,TRUE) .999124

WEIBULL(210,40,200,FALSE) .001175

ZTEST Function
The ZTEST function returns the one-tailed probability value of a z-test. The
function returns the probability that the sample mean would be greater than the
average of observations in the data set.
Return Type: Numeric
Syntax: ZTEST(values,test,sigma)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 209

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

values A range of values.

Note: If a reference argument contains text, logical values, or

empty fields, those values are ignored; however, fields with the
value zero are included.

test The value to test.

sigma The population standard deviation. If this value is not provided,

the sample standard deviation is used.

Example:

Formula Result

ZTEST(REF([Facilities],[Risk Rating]),85) .99580

where Facilities is a cross-reference field
and the values in the Risk Rating field are
35, 50, 52, 60, 68, 75, 79, 82, 86, and 100.

System Functions
System functions allow you to work with Archer-specific variables and options to
produce dynamic results. Available functions within this category include:
l CONTAINS Function l REF Function
l CONTENTID Function l SELECTEDVALUENUMBER Function
l GETGROUPS Function l TRACKINGID Function
l GETUSERS Function l USER Function
l GROUP Function l USERFIRSTNAME Function
l ISCORRECT Function l USERLASTNAME Function
l ISEMPTY Function l USERMIDDLENAME Function
l ISNUMBER Function l VALUEOF Function
l MOSTRECENTVALUE l WEIGHTEDSCORE Function
Function
l WEIGHTING Function
l NOVALUE Function
l OTHERTEXT Function

210 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

CONTAINS Function
The CONTAINS function is used to determine if any value within a list of values
matches the value stored in a given field. If one of the values matches the field
value, the function evaluates to TRUE and one value is returned. If there is no
match between the list of values and the field value, the function evaluates to
FALSE and another value is returned. The CONTAINS function must be used in
conjunction with an IF function.
Although done infrequently, the CONTAINS function may be used to test whether
the string value of a given Text field is equal to any one of a list of given string
values. When a Text field is targeted, the string value in the field will be compared
to the given test strings. Matching will be based on complete strings only. The
function will not find a match based on a substring. For example, if the target Text
field contains the value “Confiscated laptop”, CONTAINS will not find a match for
a test string of “laptop”.
Return Type: TRUE or FALSE
Syntax: IF(CONTAINS(eval_type, field_ref, value1, value2...),value_if_
true,value_if_false)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 211

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

212 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

eval_type One of the following evaluation type keywords:

l ANY. Specifies that the targeted field must contain at least
one of the given selections.
l EXACT. Specifies that the targeted function must contain
each of the given selections and only those selections
l ALL. Specifies that the target field must, at a minimum,
contain each of the given selections. When using ALL,
CONTAINS will still return TRUE even if there are selections
in the field in addition to the ones specified.

Note: When targeting a Text field, CONTAINS will return

TRUE if one or more of the supplied test strings match the string
value of the Text field. The behavior of EXACT and ALL is the
same when targeting a text field. When using EXACT or ALL
against a Text field, only one test string should be specified
because a Text field can have only one value.

Chapter 3: Formula Builder 213

 RSA Archer GRC Platform Calculations

Parameter Description

field_ref A reference to a field, for example, [field name].The reference

must be a Values List, User/Groups List, Record Permissions, or
Text field.

value1, value 2, ... Any one the following:

l One or more string values supplied as a potential match for
the values selected in the targeted list field. (When evaluating
the selections in a Values List field, the test string values
should be enclosed in a VALUEOF function.)
l One or more references to additional Values List, User/Groups
List, or Record Permissions fields. At runtime, the system will
extract the list of selections in the supplied fields and treat
those values as strings (or user/group IDs) to be tested against
the selections in the targeted field.

Note: When referencing multiple fields to obtain test values,

all fields must be of the same type and that type must match
the type of the target field. When referencing a User/Groups
List or Record Permissions field to obtain test values, the field
reference must be wrapped in either the GETUSERS or
GETGROUPS function to provide the proper context for
retrieving the selections. Selections in User/Groups List and
Record Permissions fields will be returned as IDs, while
selections in a Values List field will be returned as strings.

l A combination of both literal values and field references. At

runtime, the system will extract the list of selections for any
referenced field and, conceptually, marry those selections to
the literal values provided to form a single list of selections to
test against the target field.

CONTENTID Function
The CONTENTID function returns a content record ID that uniquely identifies the
current record within the context of the current application or sub-form. Content IDs
are generated sequentially, beginning with the number 1.
Return Type: Numeric
Syntax: CONTENTID( )
This function does not have any parameters.
Example:

214 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

[Type Code] & "-" & TRACKINGID( ) & "- WORM-678904-34

" & CONTENTID( )
where the value in the Type Code field is
WORM, the system-wide tracking ID is
678904 and the application-specific
tracking ID is 34.

GETGROUPS Function
The GETGROUPS function returns a list of group IDs for the groups currently
selected in a specified User/Groups List or Record Permissions field. The list of
group IDs can then be evaluated by another function. For example, GETGROUPS
might be used inside a CONTAINS function to determine whether a given group is
contained in the list of groups retrieved from a specified User/Groups List field.
Return Type: Numeric
Syntax: GETGROUPS(field_ref)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A User/Groups List or Record Permissions field.

Examples:

Chapter 3: Formula Builder 215

 RSA Archer GRC Platform Calculations

Formula Result

IF(CONTAINS(ANY, GETGROUPS Yes

([Team]), GROUP(NAME, "Training",
"Support", "IT")), "Yes”, “No”)
where the group "Training” (which is
referenced by name here but converted to
an ID at runtime) matches the ID of a group
returned from the a User/Groups List field
named Team.

IF(ISEMPTY(GETGROUPS([Reviewers]), Not Empty – One or more groups selected

"Empty - No groups selected", "Not Empty
- One or more groups selected")
where one or more groups are currently
selected in the Reviewers Record
Permissions field.
In this example, ISEMPTY is only
evaluating the Reviewers field for group
selections, not user selections. In this
example, ISEMPTY would have returned
true if no groups were selected but one or
more users were selected.

IF(AND(ISEMPTY(GETUSERS Empty - No users or groups selected

([Reviewers]), ISEMPTY(GETGROUPS,
([Reviewers])),"Empty - No users or groups
selected", "Not Empty - One or more users
or groups selected")
where the Reviewers Record Permissions
field has no selections.
To evaluate both user and group selections,
two ISEMPTY functions can be wrapped in
an AND function, as shown above.

IF(AND(CONTAINS(EXACT, All test users and groups are selected

GETGROUPS([Case Managers]), GROUP
(NAME, "Training", "Support", "IT")),
CONTAINS(EXACT, GETUSERS([Case
Managers]), USER(LOGIN, "blair.gates",
"alfred.turks", "betty.smalls"))), "All test
users and groups are selected", "Test
failed")
where the Case Managers Record

216 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

Permissions field contains each of the test

selections and only those selections.
To test a User/Groups List or Record
Permissions field for a combination of user
and group selections, two CONTAINS
functions can constructed (one to test for
groups; one to test for users) and wrapped
in an AND, OR or NOT function.

GETUSERS Function
The GETUSERS function returns a list of user IDs for the users currently selected
in a specified User/Groups List or Record Permissions field. The list of user IDs
can then be evaluated by another function. For example, GETUSERS might be used
inside a CONTAINS to determine whether a given user is contained in the list of
users retrieved from a specified User/Groups List field.
Return Type: Numeric
Syntax: GETUSERS(field_ref)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A User/Groups List or Record Permissions field.

Examples:

Chapter 3: Formula Builder 217

 RSA Archer GRC Platform Calculations

Formula Result

IF(CONTAINS(ANY, GETUSERS ([Sales Yes

Rep]), USER(NAME, "Wilson, Jonah",
“Kellerman, Kathy”, “Boone, Julia”)),
"Yes”, “No”
where the user "Boone, Julia” (who is
referenced by name here but converted to
an ID at runtime) matches the ID of a user
returned from the User/Groups List field
named Sales Rep.

IF(ISEMPTY(GETUSERS ([Associate]), Empty – No users selected

"Empty - No users selected", "Not Empty -
One or more users selected")
where no users are currently selected in the
Associate Users/Groups List field.
In this example, ISEMPTY is only
evaluating the Associate field for user
selections, not group selections. In this
example, ISEMPTY would have returned
true if no users were selected but one or
more groups were selected.

IF(AND(ISEMPTY(GETUSERS Empty - No users or groups selected

([Reviewers]), ISEMPTY(GETGROUPS,
([Reviewers])),"Empty - No users or groups
selected", "Not Empty - One or more users
or groups selected")
where the Reviewers Record Permissions
field has no selections.
To evaluate both user and group selections,
two ISEMPTY functions can be wrapped in
an AND function, as shown above.

GROUP Function
The GROUP function is used to maintain the validity of a formula reference to a
specific group selection in a User/Groups List or Record Permissions field, even if
the group name is changed later.

218 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The GROUP function also directly accepts system-assigned group ID numbers.

Each group in the system has an internal ID number that is guaranteed to be unique.
For example, if two groups both named Support exist in the system, the group name
cannot be resolved to determine whether the intended Support is selected in the
given User/Groups List or Record Permissions field. However, a system ID (for
example, 48761) can be used in place of the ambiguous group name to uniquely
identify the correct Support group.
Return Type: Text or Numeric, depending on the format selected for the ref_type
parameter
Syntax: GROUP(ref_type, value1, value2…)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 219

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

220 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

ref_type Accepts the keyword NAME or ID. If NAME is specified, the

function will inspect field selections by literal group name, for
example, "Support". If ID is specified, the function will inspect
group selections based on unique system-assigned ID numbers.

value1, value2… One or more values within a User/Groups or Record Permissions

field.
NAME. If ref_type is NAME, group names must be passed
exactly as they display in the User/Groups List or Record
Permissions field. Matching will be case sensitive. When using
NAME with GROUP, an error will occur during formula
validation if any of the following is true:
l If the named group cannot be found in any domain
l If the named group is found in more than one domain
l If the named group is found in a single domain but the group
name is not unique within that domain

If the NAME string contains at least one @ sign, the system will
assume that all text following the last @ sign is a domain
reference and the system will attempt to locate that domain. If
the NAME string does not contain a @ sign, the system will
look for an exact match for the entire group name string in the
Archer (NULL) domain and the default domain.

Note: The system will attempt to match the domain name against
both active and deleted (for example, soft-deleted) domains. Only
active domain names must be unique; it is possible that a deleted
domain has the same name as an active domain. If the group
name string exists in more than one of the domains that have the
same name, the system will fail the formula on validation.

If the domain can be found:

1. The system will treat all text in the name string before the
last @ sign as the group name and will attempt to find that
group within the domain.
2. If the group is found within the domain, the system will
replace the group name string in the formula with the ID of
the group matching that login.
3. If the domain cannot be found:
4. The system will look for an exact match for the entire group
name string in the Archer (NULL) domain and the default
domain.

Chapter 3: Formula Builder 221

 RSA Archer GRC Platform Calculations

Parameter Description

5. If only one group with that name exists, the system will
replace the group name string in the formula with the ID of
that group.
ID. If ref_type is ID, the function will expect one or more
system-assigned group ID numbers. The IDs in the list should be
quoted. When using ID with GROUP, an error will occur during
formula validation the group ID cannot be found in any domain.

Examples:

Formula Result

IF(CONTAINS(ANY, GETGROUPS Priority

([Technician]), GROUP(NAME, "Tier 1",
"Tier 4", “Tier 9”)), "Priority", "Standard")
where the group "Tier 4" is selected in the
Technician User/Groups List field.

IF(CONTAINS(ANY, GETGROUPS Yes

([Technician]), GROUP(ID, 76712, 89766,
90287)),"Yes", "No")
where "Tier 9" is selected in the Technician
User/Groups List field and that group’s
unique system ID is 90287.

ISCORRECT Function
The ISCORRECT function evaluates a Values List question and determines
whether the selected value is identified as “Correct” or “Incorrect.” Values are
identified as either correct or incorrect on the Answer tab of the Define Fields
page. The function evaluates to TRUE if the selected value is set as the “Correct”
value. The function evaluates to FALSE if the selected value is not set as the
“Correct” value. The ISCORRECT function must be used in conjunction with an IF
function and can only be used against a Values List question within a questionnaire.
Return Type: Text, numeric, date or a Values List field selection, depending on
the type of data supplied for the value_if_true and value_if_false parameters.
Syntax: ISCORRECT([field_ref])
In the above syntax, parameters in bold are required.

222 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

field_ref A reference to the Values List question, for example, [question

name].

Example:

Formula Result

IF(ISCORRECT([Password Compliant
Question]),“Compliant”,“Not Compliant”)
where the value selected for the question is
identified as “Correct”.

ISEMPTY Function
The ISEMPTY function is used to determine if a given field contains a value or is
blank (empty). The function evaluates to TRUE if the specified field is blank, for
example, contains no value. The function evaluates to FALSE if the specified field
is not blank (contains a value). The ISEMPTY function must be used in conjunction
with an IF function.
Return Type: Text, numeric, date or a Values List field selection, depending on
the type of data supplied for the value_if_true and value_if_false parameters.
Syntax: ISEMPTY([field_ref])
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A reference to a field, for example, [field name].

Examples:

Chapter 3: Formula Builder 223

 RSA Archer GRC Platform Calculations

Formula Result

IF(ISEMPTY([Middle Name]), "No middle No middle name

name", "Middle name is " & [Middle
Name])
where Middle Name is a Text field
containing no value.

IF(ISEMPTY([Middle Name]), "No middle Middle name is Douglas

name", "Middle name is " & [Middle
Name])
where Middle Name is a Text field
containing the value Douglas.

ISNUMBER Function
The ISNUMBER function checks the specified value and returns TRUE or FALSE
depending on whether it is a number. You can use this function to get information
about a value before performing a calculation or other action with it.
Return Type: TRUE or FALSE
Syntax: ISNUMBER(value)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value The value that you want tested. The value argument can be a
blank (empty cell), error, logical value, text, number, or reference
value, or a name referring to any of these. Returns TRUE if
Value refers to a number.

Note: The value arguments of the IS functions are not converted.

Any numeric values that are enclosed in double quotation marks
are treated as text. For example, in most other functions where a
number is required, the text value "19" is converted to the
number 19. However, in the formula ISNUMBER("19"), "19" is
not converted from a text value to a number value, and the
ISNUMBER function returns FALSE.

Example:

Formula Result

ISNUMBER(4) Checks whether 4 is a number (TRUE)

224 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

MOSTRECENTVALUE Function
The MOSTRECENTVALUE displays a specific value from the record that is
evaluated as the "most recent" from a list of related records. For example, if a
record in the Facilities application is related to multiple questionnaires, you could
use this function to return the value of the Quantitative Summary field from the
most recently submitted questionnaire.
Return Type: Text
Syntax: MOSTRECENTVALUE(field_to_display, date_criteria_field)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_to_display This is the reference for the field value that you want to display,
for example, REF([Cross-Reference field name],[field name]).

date_criteria_field This is the Date field that you will use to determine which of the
related records has the most recent value, for example, REF
([Cross-Reference field name],[Date field name]).

Example:

Formula Result

MOSTRECENTVALUE(REF([Risk 65
Questionnaire],[Inherent Risk]), REF([Risk
Questionnaire],[Submitted Date]))
where the value in the Inherent Score field
of the record with the most recent
Submitted Date value is "65".

NOVALUE Function
The NOVALUE function is used either to set a null value for a calculated Date,
Text, or Numeric field or to set a calculated Values List field to have no selection.
The NOVALUE function will only be valid within the context of the IF or
ISERROR functions.

Note: The NOVALUE function cannot be passed to VALUEOF to clear selections

from a calculated Values List field.

Return Type: None

Syntax: NOVALUE()
This function does not have any parameters.

Chapter 3: Formula Builder 225

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

IF([Rating] >=0, “Action Required”, The calculated Text field is set to null.
NOVALUE( ))
where the value of Rating is less than 6
and the calculated field is a Text field .

ISERROR([Severity] / 0, NOVALUE( )) The calculated Values List field is set to

have no selection.
where the formula produces a “divide by
zero” runtime error and the calculated field
is a Values List field .

OTHERTEXT Function
The OTHERTEXT function returns the text a user has entered in the "Other" field
for the specified Values List field or Values List question.
Return Type: Text
Syntax: OTHERTEXT([field_ref])
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A reference to a Values List field or Values List question, for

example, [question name].

Examples:

Formula Result

OTHERTEXT([Severity of Last Security We have not had a security incident.

Incident])
where the name of the Values List question
is "Severity of Last Security Incident" and
the text entered in the Other field is "We
have not had a security incident."

226 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

REF Function
The REF function returns a reference to a field that is a child field to a parent Sub-
Form, Cross-Reference, or Related Records field. It can be used within another
calculation that requires a set of fields or values as input. REF is only valid for use
with the following field types:
l Cross-Reference
l Related Records
l Sub-Form

Return Type: Text, Numeric, Date, or a Values List field selection, depending on
the type of data returned from the referenced field
Syntax: REF(parent_field, child_field, data_level_name)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

parent_field The name of the Cross-Reference, Related Records, or Sub-Form

field. These field types are considered "parents" because they act
as containers for other fields. For example, a Sub-Form field by
itself does not have any value; values can only be derived from
its child fields.

child_field The name of a field that resides within the parent_field.

data_level_name The name of the level under which the field resides where a
Cross-Reference field targets a multi-level application. Passing
data_level_name is optional and is only necessary when a Cross-
Reference field targets a multi-level application.

Examples:

Chapter 3: Formula Builder 227

 RSA Archer GRC Platform Calculations

Formula Result

SUM(REF([Controls], [Risk])) Cross-Reference to Flat Application

where Controls is a Cross-Reference field
and Risk is a field in the cross-referenced
flat application.

AVERAGE(REF([Response Measures], Cross-Reference to Multi-Level

[Severity Rating], [Responses])) Application
where Response Measures is a Cross-
Reference field, Responses is a level in the
cross-referenced multi-level application and
Severity Rating is a field in the Responses
data level.

COUNTA(REF([Baselines], [Name])) Related Records

where Baselines is a Related Records field
and Name is a field in the application that
contains the corresponding Cross-Reference
field.

COUNTA(REF([Actions], [Contact ID])) Sub-Form

where Actions is a Sub-Form field and
Contact ID is a field in the sub-form
associated with the Sub-Form field.

SELECTEDVALUENUMBER Function
The SELECTEDVALUENUMBER function extracts the numeric value from the
values list item selected from a Values List field. If the Values List field allows
multiple selections, this function must be used in conjunction with an aggregate
function, as the following example shows:
SUM(SELECTEDVALUENUMBER([Multi-Select Values List Field]))
In addition, if you reference a Values List field in a cross-referenced application,
both the Cross-Reference field used to form the application relationship and the
Values List field in the related application must be single-select fields in order to
use the SELECTEDVALUENUMBER function without wrapping it in an
aggregate function. If either the Cross-Reference or Values List field allows
multiple selections, an aggregate function must also be used, as shown in the
following example:
AVERAGE(SELECTEDVALUENUMBER(REF([Multi-Select Cross-Ref Field],
[Values List Field])))

228 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

If no numeric value is assigned to a values list item, that value will be treated as 0.
The only exception is when the AVERAGE function is used in conjunction with the
SELECTEDVALUENUMBER function. In this case, the null value will not be
used in the calculation. Use the following values as an example:
Value A: 10
Value B: 5
Value C: no numeric value assigned
If the SUM function is used in conjunction with SELECTEDVALUENUMBER,
Value C will be treated as 0 in the calculation. If all three values were selected in
the Values List field, the result of the calculation would be 15. However, if the
AVERAGE function were used and all three values were selected in the Values
List field, Value C would be ignored in the calculation since it has no numeric
value. The result would be 7.5.
Return Type: Numeric
Syntax: SELECTEDVALUENUMBER(field_ref)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A reference to a Values List field in the application, for example,

[Risk Rating], a field in a child sub-form, for example, [Notes].
[Risk Rating], or a field in a cross-referenced application, for
example, [Vendors].[Risk Rating].

Examples:

Chapter 3: Formula Builder 229

 RSA Archer GRC Platform Calculations

Formula Result

SELECTEDVALUENUMBER([Risk 10
Rating])
where the selected value in the Risk Rating
field is “High” and the numeric value
assigned to the value “High” is 10.

MAX(SELECTEDVALUENUMBER 10
([Affected Departments]))
where the Affected Departments field is a
multi-select Values List field, the selected
values are “Operations” and “IT,” and the
associated numeric values are 7 and 10,
respectively.

AVERAGE(SELECTEDVALUENUMBER 9
(REF([Vendors], [Risk Rating])))
where Vendors is a multi-select Cross-
Reference field to the Vendors application,
Risk Rating is a single-select Values List
field in the Vendors application, the
selected values in the related records are
“High” and “Low,” and the associated
numeric values are 10 and 8, respectively.

TRACKINGID Function
The TRACKINGID function returns a record ID that uniquely identifies the current
record across all applications. This function could be used in conjunction with the
CONTENTID function to produce a complex ID that combines the system-wide ID,
the application-specific ID, and data pulled from other fields.
Return Type: Numeric
Syntax: TRACKINGID( )
This function does not have parameters.
Example:

Formula Result

[Type Code] & "-" & TRACKINGID( ) & "-" & CONTENTID( ) WORM-
678904-34
where the Type Code field is WORM, the system-wide tracking ID is
678904, and the application-specific content record ID is 34.

230 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

USER Function
The USER function maintains the validity of a formula reference to a specific user
selection in a User/Groups List or Record Permissions field, even if the user name
is changed later. User references can be passed as either as literal names or logon
IDs. A logon name can optionally be referenced by a specific domain.
For example, if the literal user name "Jones, Mary" is referenced in a formula
within the USER function and that user’s name is subsequently changed to "Jones-
Smith, Mary", the original user name reference will automatically be updated in the
formula to "Jones-Smith, Mary".
As another example, suppose that the user Mary Jones is referenced in a formula by
her Archer logon name for the domain "bigcompany.com". Her logon name should
be passed to the USER function as "[email protected]". If an administrator
later changes Mary Jones’ logon name on that domain to "msmith", the original
logon name will automatically be updated to "[email protected]".
The USER function also directly accepts system-assigned user ID numbers. Each
user in the system has an internal ID number that is guaranteed to be unique. For
example, if two users both named Graham, Ned exist in the system, the user name
cannot be resolved to determine whether the intended Graham, Ned is selected in
the given User/Groups List or Record Permissions field. However, a system ID, for
example, 76219, can be used in place of the ambiguous user name to uniquely
identify the correct Graham, Ned.
Return Type: Text or Numeric, depending on the format selected for the ref_type
parameter
Syntax: USER(ref_type, value1, value2…)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 231

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

232 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

ref_type Accepts the keyword NAME, LOGIN, or ID.

l If NAME is specified, the function will inspect field
selections by literal user name, for example, "Jones, Mary".
l If LOGIN is specified, the function will inspect user
selections based on logon name, rather than user name, for
example, [email protected].
l If ID is specified, the function will inspect user selections
based on unique system-assigned ID numbers.

value1, value2… One or more values within a User/Groups or Record Permissions

field.
l NAME. If ref_type is NAME, user names must be passed
exactly as they display in the User/Groups List or Record
Permissions field. If passing a user’s name, the name must be
specified in the following format: "lastname, firstname".
Matching will be case sensitive. The system will test only
against non-deleted users.
When using NAME with USER, an error will occur during
formula validation if any of the following is true:
o If the named user cannot be found in any domain
o If the named user is found in more than one domain
o If the named user is found in a single domain only but the
user name is not unique within that domain.
l LOGIN. If ref_type is LOGIN, the function will expect one or
more Archer user logon name values. Matching will be
performed against users’ logons rather than by their last and
first names.
When using LOGIN with USER, an error will occur during
formula validation if any of the following is true:
o If the user referenced by logon cannot be found in any
domain
o If the user referenced by logon is found in more than one
domain
If the LOGIN string contains at least one @ sign, the system
will assume that all text following the last @ sign is a domain
reference and the system will attempt to locate that domain. If
the LOGIN string does not contain a @ sign, the system will
look for an exact match for the entire login string in the
Archer (NULL) domain and the default domain.

Chapter 3: Formula Builder 233

 RSA Archer GRC Platform Calculations

Parameter Description

Note: The system will attempt to match the domain name

against both active and deleted, for example, soft-deleted,
domains. Only active domain names must be unique; it is
possible that a deleted domain has the same name as an active
domain. If the logon string exists in more than one of the
domains that have the same name, the system will fail the
formula on validation.

If the domain can be found:

1. The system treats all text in the logon string before the
last @ sign as the user logon name and will attempt to
find that user logon within the domain.
2. If the logon is found within the domain, the system will
replace the logon string in the formula with the ID of the
user matching that logon.
If the domain cannot be found:
1. The system will look for an exact match for the entire
logon string in the Archer (NULL) domain and the default
domain.
2. If only one user with that logon exists, the system will
replace the logon string in the formula with the ID of the
user matching that logon.
l ID. If ref_type is ID, the function will expect one or more
system-assign user ID numbers. User IDs are assigned by the
system and are always unique. User IDs are numbers and
should not be quoted. When using ID with USER, an error
will occur during formula validation if any of the following is
true referenced user ID cannot be found in any domain.

Examples:

234 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

IF(CONTAINS(ANY, GETUSERS Standard

([Technician]), USER(NAME, "Thurman,
Laurie", "Winters, George")), "Standard",
"Priority")
where the user "Thurman, Laurie" is
selected in the Technician User/Groups List
field.

IF(CONTAINS(ANY, GETUSERS Yes

([Reviewer]), USER(NAME, "Jasper,
Susan", "Miner, Burt", "Rollins, Jacob")),
"Yes", "No")
where the user "Miner, Burt" is selected in
the Reviewer Record Permissions field.

IF(CONTAINS(ANY, GETUSERS The value "Escalate" is selected in the

([Manager]), USER(LOGIN, "kjackson", Alert Values List field.
"[email protected]",
"[email protected]",
"smartin")),VALUEOF([Alert], "Escalate"),
VALUEOF([Alert], NOVALUE( )))
where "Barnett, Tina" is selected in the
User/Groups List field and her Archer
logon ID for the "bigcompany.com" domain
is "tbarnett".

IF(CONTAINS(ANY, GETUSERS Found

([Associates]), USER(ID, 76299, 56897,
79867)),”Found”, ”Not Found”)
where "Eastman, Tina" is selected in the
User/Groups List field and her system user
ID is 79867.

Chapter 3: Formula Builder 235

 RSA Archer GRC Platform Calculations

Parameter Description

ref_type Accepts the keyword NAME, LOGIN or ID. If NAME is

specified, the function will inspect field selections by literal user
name, for example, "Jones, Mary". If LOGIN is specified, the
function will inspect user selections based on logon name, rather
than user name, for example, [email protected]. If ID is
specified, the function will inspect user selections based on
unique system-assigned ID numbers.

value1, value2… One or more values within a User/Groups or Record Permissions

field.
l NAME. If ref_type is NAME, user names must be passed
exactly as they display in the User/Groups List or Record
Permissions field. If passing a user’s name, the name must be
specified in the following format: "lastname, firstname".
Matching will be case sensitive. The system will test only
against non-deleted users.
When using NAME with USER, an error will occur during
formula validation if any of the following is true:
o If the named user cannot be found in any domain
o If the named user is found in more than one domain
o If the named user is found in a single domain only but the
user name is not unique within that domain.
l LOGIN. If ref_type is LOGIN, the function will expect one or
more Archer user logon name values. Matching will be
performed against users’ logons rather than by their last and
first names.
When using LOGIN with USER, an error will occur during
formula validation if any of the following is true:
o If the user referenced by logon cannot be found in any
domain
o If the user referenced by logon is found in more than one
domain
If the LOGIN string contains at least one @ sign, the system
will assume that all text following the last @ sign is a domain
reference and the system will attempt to locate that domain. If
the LOGIN string does not contain a @ sign, the system will
look for an exact match for the entire login string in the
Archer (NULL) domain and the default domain.

236 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Parameter Description

Note: The system will attempt to match the domain name

against both active and deleted, for example, soft-deleted,
domains. Only active domain names must be unique; it is
possible that a deleted domain has the same name as an active
domain. If the logon string exists in more than one of the
domains that have the same name, the system will fail the
formula on validation.

If the domain can be found:

1. The system treats all text in the logon string before the
last @ sign as the user logon name and will attempt to
find that user logon within the domain.
2. If the logon is found within the domain, the system will
replace the logon string in the formula with the ID of the
user matching that logon.
If the domain cannot be found:
1. The system will look for an exact match for the entire
logon string in the Archer (NULL) domain and the default
domain.
2. If only one user with that logon exists, the system will
replace the logon string in the formula with the ID of the
user matching that logon.
l ID. If ref_type is ID, the function will expect one or more
system-assign user ID numbers. User IDs are assigned by the
system and are always unique. User IDs are numbers and
should not be quoted. When using ID with USER, an error
will occur during formula validation if any of the following is
true referenced user ID cannot be found in any domain.

Examples:

Chapter 3: Formula Builder 237

 RSA Archer GRC Platform Calculations

Formula Result

IF(CONTAINS(ANY, GETUSERS Standard

([Technician]), USER(NAME, "Thurman,
Laurie", "Winters, George")), "Standard",
"Priority")
where the user "Thurman, Laurie" is
selected in the Technician User/Groups List
field.

IF(CONTAINS(ANY, GETUSERS Yes

([Reviewer]), USER(NAME, "Jasper,
Susan", "Miner, Burt", "Rollins, Jacob")),
"Yes", "No")
where the user "Miner, Burt" is selected in
the Reviewer Record Permissions field.

IF(CONTAINS(ANY, GETUSERS The value "Escalate" is selected in the

([Manager]), USER(LOGIN, "kjackson", Alert Values List field.
"[email protected]",
"[email protected]",
"smartin")),VALUEOF([Alert], "Escalate"),
VALUEOF([Alert], NOVALUE( )))
where "Barnett, Tina" is selected in the
User/Groups List field and her Archer
logon ID for the "bigcompany.com" domain
is "tbarnett".

IF(CONTAINS(ANY, GETUSERS Found

([Associates]), USER(ID, 76299, 56897,
79867)),”Found”, ”Not Found”)
where "Eastman, Tina" is selected in the
User/Groups List field and her system user
ID is 79867.

USERFIRSTNAME Function
The USERFIRSTNAME function returns the first name of either the record creator
or the record editor. The creator is defined as the user who created the record (or is
currently creating the record). The editor is defined as the user who last edited the
record.
Return Type: Text
Syntax: USERFIRSTNAME(user_type)
In the above syntax, parameters in bold are required.

238 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

user_type Accepts the keyword CREATOR or EDITOR. If CREATOR is

specified, the function returns the first name of the user
associated with creating the record. If EDITOR is supplied, the
function returns the first name of the user associated with the
most recent record update.

Examples:

Formula Result

"Hello, " & USERFIRSTNAME Hello, Janet

(CREATOR)
where Janet is the first name of the record
creator.

"Hello, " & USERFIRSTNAME(EDITOR) Hello, Miles

where Miles is the first name of the record
editor.

USERLASTNAME Function
The USERLASTNAME function returns the last name of either the record creator
or the record editor. The creator is defined as the user who created the record (or is
currently creating the record). The editor is defined as the user who last edited the
record.
Return Type: Text
Syntax: USERLASTNAME(user_type)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

user_type Accepts the keyword CREATOR or EDITOR. If CREATOR is

specified, the function returns the last name of the user associated
with creating the record. If EDITOR is supplied, the function
returns the last name of the user associated with the most recent
record update.

Examples:

Chapter 3: Formula Builder 239

 RSA Archer GRC Platform Calculations

Formula Result

"Last Name: " & USERLASTNAME Last Name: Rossi

(CREATOR)
where Rossi is the record creator's last
name.

"Last Name: " & USERLASTNAME Last Name: Eldrich

(EDITOR)
where Eldrich is the record editor's last
name.

USERMIDDLENAME Function
The USERMIDDLENAME function returns the middle name of either the record
creator or the record editor. The creator is defined as the user who created the
record (or is currently creating the record). The editor is defined as the user who
last edited the record.
Return Type: Text
Syntax: USERMIDDLENAME(user_type)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

user_type Accepts the keyword CREATOR or EDITOR. If CREATOR is

specified, the function returns the middle name of the user
associated with creating the record. If EDITOR is supplied, the
function returns the middle name of the user associated with the
most recent record update.

Examples:

Formula Result

"Middle Name: " & USERMIDDLENAME Middle Name: Ellen

(CREATOR)
where Ellen is the record creator's middle
name.

"Middle Name: " & USERMIDDLENAME Middle Name: Quentin

(EDITOR)
where Quentin is the record editor's middle
name.

240 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

VALUEOF Function
The VALUEOF function maintains the validity of a Values List field selection. If
the text of a value is changed in the custom or global values list by an
administrative user, this function will automatically update the formula to utilize the
new text for the value. For example, if the value "Blue" is referenced in a formula
with the VALUEOF function and that value is subsequently changed to "Red"
within the values list, the value reference "Blue" will automatically be changed to
"Red" within the formula.
From a user perspective, the VALUEOF function serves two additional purposes, it
enables you to:
l Evaluate a Values List field for the presence of a specific value
l Set value selections in a Values List field.

The following example shows the use of the VALUEOF function within a formula
for a calculated Values List field. The VALUEOF function is used for both the
"value_if_true" and "value_if_false" parameters within the IF function syntax.
IF([Risk Rating]>=10, VALUEOF([Criticality], "High"), VALUEOF([Criticality],
"Low"))
Within a record, this formula will evaluate the "Risk Rating" field, and if the value
in that field is greater than or equal to 10, the formula will select the value "High"
in the Criticality calculated Values List field. If the value in the "Risk Rating" field
is less than 10, the formula will select the value "Low" in the Criticality field.
This second example shows the use of the VALUEOF function within a formula for
a calculated Text field. The VALUEOF function is used for the "value" parameter
within the CONTAINS function syntax.
IF(CONTAINS(ANY, [Location],VALUEOF([Location], "New
York")),"Yes","No")
Within a record, this formula will produce the value "Yes" or "No" in the calculated
Text field depending on whether the value "New York" has been selected in the
"Location" field, which is a Values List field. If the value "New York" has been
selected, the calculated Text field will display the value "Yes." If the value "New
York" has not been selected, the calculated Text field will display the value "No."
Return Type: Text
Syntax: VALUEOF(field_ref, value1, value2…)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 241

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

field_ref A reference to a field, for example, [field name].

value1, value 2, ... A value within a Values List field. The value should be entered
as "value", for example, "Urgent". If the Values List field allows
multiple selections, multiple values can be entered as
"value1";"value2";"value3", for example, "Washington";"New
York";"Massachusetts".

Examples:

Formula Result

IF(CONTAINS(ANY, Local
[Location],VALUEOF([Office], "Chicago”,
"Local", "Global")))
where the selected value in the Location
field is Chicago.

IF(CONTAINS(ANY, [Region], Connecticut

VALUEOF([Region], "Northeast")),
New York
VALUEOF([Office], "Connecticut", "New
York", Massachusetts"), VALUEOF Massachusetts
([Office], "Kansas", "Illinois", "Texas"))
where the selected value in the Region
field is Northeast.

IF(CONTAINS(ANY, [Color], VALUEOF Other

([Color], "Red", "Green", "Blue",
"Yellow")), "Primary Color", "Other")
where the selected value in the Color field
is Silver.

WEIGHTEDSCORE Function
The WEIGHTEDSCORE function returns the weighted score value for the values
selected in a Values List question. This function is only useful if you assigned a
weight to the Values List question and you assigned a numeric value to each of the
possible answers to the question.
Using this function will execute the following calculation:
[values list selection numeric value] * [values list question weighting] =
WEIGHTEDSCORE

242 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

or (for multi-select Values List questions):

SUM([values list selection numeric value1], [values list selection numeric value2])
* [values list question weighting] = WEIGHTEDSCORE
The WEIGHTEDSCORE function can only be used within a questionnaire and can
only reference a Values List question.
Return Type: Numeric
Syntax: WEIGHTEDSCORE(field_ref)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A reference to the Values List question, for example, [question

name].

Example:

Formula Result

WEIGHTEDSCORE([New User Access]) 50

where the weighting value for the New
User Access question is "10" and the
numeric value for the answer is "5".

WEIGHTING Function
The WEIGHTING function returns the weighting value of a Values List question.
The WEIGHTING function can only be used within a questionnaire and can only
reference a Values List question.
Return Type: Numeric
Syntax: WEIGHTING([field_ref])
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

field_ref A reference to the Values List question, for example, [question

name].

Example:

Chapter 3: Formula Builder 243

 RSA Archer GRC Platform Calculations

Formula Result

WEIGHTING([New User Access]) 10

where the weighting value for the New
User Access question is "10".

Text Functions
Text functions allow you to utilize and manipulate text strings to produce dynamic
values. Available functions within this category include:
l CONCATENATE Function
l FIND Function
l LEN Function
l LOWER Function
l MASKEDTEXT Function
l NUMBERFORMAT Function
l PROPER Function
l RIGHT Function
l SUBSTRING Function
l UPPER Function
l TRIM Function

CONCATENATE Function
The CONCATENATE function joins up to 255 text strings into 1 text string. The
joined items can be text, numbers, cell references, or a combination of those items.
You must specify any spaces or punctuation that you want to appear in the results
as an argument that is enclosed in quotation marks.
Return Type: Text
Syntax: CONCATENATE(text1, text2, ...)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text1 The first text item to be concatenated.

text2, ... Additional text items, up to a maximum of 255 items. The items
must be separated by commas.

244 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Example:

Formula Result

CONCATENATE([First Name], " ", [Last John Smith

Name])
where the value in the First Name field is
"John" and the value in the Last Name field
is "Smith".

FIND Function
The FIND function searches for a specific character or text string within another
text string. It returns the number of the character at which the specific character or
test string is first found. The FIND function is case sensitive.
Return Type: Numeric
Syntax: FIND(find_text, field_ref, start_num)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

find_text The character or text string you want to find. You can format this
parameter as a hard-coded character or text string, for example,
"sci", or as a Text-field reference, for example, [field name].

field_ref A Text-field reference, for example, [field name].

start_num The character number in the field_ref parameter at which you

want to start searching for the find_text parameter. If this
parameter is omitted, the search will begin at the first character in
the Text field. If this parameter is less than or equal to 0 (zero) or
is greater than the number of characters in the Text field, a
formula validation error will occur.

Examples:

Chapter 3: Formula Builder 245

 RSA Archer GRC Platform Calculations

Formula Result

FIND("sci", [Subject]) 10 (because "sci" begins at the tenth

character in this text string)
where the value in the Subject field is "Arts
and Sciences".

FIND("s", [Subject], 5) 10 (notice that the first "s" in the Subject

field value was skipped because the start_
where the value in the Subject field is "Arts
num parameter required that the search
and Sciences".
begin at the fifth character)

LEFT Function
The LEFT function returns the first character or characters in a text string, based on
the number of characters that you specify. LEFT is intended for use with languages
that use the single-byte character set (SBCS). LEFT always counts each character,
whether single-byte or double-byte, as 1, regardless of what the default language
setting is.
Return Type: Numeric
Syntax: LEFT(text,num_chars)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text The text string that contains the characters that you want to
extract.

num_chars The number of characters that you want LEFT to extract. Note
that:
l Num_chars must be greater than or equal to zero.
l If num_chars is greater than the length of text, LEFT returns
all of text.
l If num_chars is omitted, it is assumed to be 1.

246 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Examples:

Formula Result

LEFT([Text],4) First four characters in the string (Sale)

where the value in the Text string is Sale
Price.

LEFT([Text]) First character in the string (S)

where the value in the Text string is
Sweden.

LEN Function
The LEN function returns the number of characters in the supplied string.
Return Type: Numeric
Syntax: LEN(text)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text The text string to be evaluated. This parameter should be

formatted as a Text-field reference, for example, [field name].

Example:

Formula Result

LEN ([Last Name]) 5

where the value in the Last Name field is
"Jones".

LOWER Function
The LOWER function converts all characters in the supplied text string to
lowercase. This function does not affect non-alphabetic characters.
Return Type: Text
Syntax: LOWER(text)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 247

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

text The text string to be converted to lowercase. This parameter

should be formatted as a Text-field reference, for example, [field
name].

Examples:

Formula Result

LOWER([Name]) jake miller

where the value in the Name field is "Jake
Miller ".

LOWER([Email Address]) [email protected]

where the value in the Email Address field
is "[email protected]".

MASKEDTEXT Function
The MASKEDTEXT function returns the string value of the referenced Text field
using the mask (if any) defined for the field. If the function references a Text field
for which a mask has not been defined, the function will return the raw value from
the field.

Note: Unless a Text field reference is wrapped in MASKEDTEXT, the calculation

engine will always evaluate the raw, unformatted value of the Text field.

Return Type: Text

Syntax: MASKEDTEXT(text_field)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text_field This parameter should be formatted as a Text-field reference, for

example, [field name].

Note: This function is valid only for Text fields.

Examples:

248 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

MASKEDTEXT([Phone]) (913) 786-2356

where the raw value in the Phone field is
9137862356 and the Text field is defined
to use a phone number mask.

MASKEDTEXT([SIN]) 046 454 286

where the raw value is 046454286 and the
Text field is defined to use a custom mask
for the Canadian Social Insurance Number.

NUMBERFORMAT Function
The NUMBERFORMAT function is used to "pad" zeros (0) to the left of a given
numeric value based on the count of digits specified by the number "mask." The
zero padding is only applied if the number of digits in the numeric value falls short
of the number of digits specified in the mask. This function returns a text value
(string) that can be concatenated to other strings or stored directly in the Text field.
Return Type: Text
Syntax: NUMBERFORMAT(value, value_mask)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

value The numeric value, which can be derived through a Numeric-

field reference, for example, [field name], or through the use of a
function that returns a numeric value.

value_mask The mask used to format the returned text value. The value_mask
parameter must be enclosed in quotes.
The final placeholder in the value_mask parameter must always
be a single pound sign (#). The placeholders allowed for this
function are:
0 = Zero placeholder
# = Value placeholder

Examples:

Chapter 3: Formula Builder 249

 RSA Archer GRC Platform Calculations

Formula Result

NUMBERFORMAT(TRACKINGID( ), 001
"00#")
where the tracking ID returned by the
TRACKINGID function is 1.

NUMBERFORMAT(TRACKINGID( ), 0000937
"000000#")
where the tracking ID returned by the
TRACKINGID function is 937.

CONTENTID( ) & "-" & 878762-0008

NUMBERFORMAT(TRACKINGID( ),
"000#")
where the content ID returned by the
CONTENTID function is 878762 and the
tracking ID returned by the TRACKINGID
function is 8.

NUMBERFORMAT([Risk] + [Criticality], 019

"00#")
where the value in the Risk field is 12 and
the value in the Criticality field is 7.

PROPER Function
The PROPER function capitalizes the first letter of each word in the supplied
string, as well as the first letter that follows any non-alphabetic character in the
string. All other letters in the string are converted to lowercase.
Return Type: Text
Syntax: PROPER(text)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text The text string to be converted to proper text format. This

parameter should be formatted as a Text-field reference, for
example, [field name].

Examples:

250 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

PROPER([Last Name]) Jane Pearson-Wyatt

where the value in the Last Name field is
"jane pearson-wyatt".

PROPER([Last Name]) O’Neil

where the value in the Last Name field is
"O’NEIL".

PROPER([Last Name]) St. John

where the value in the Last Name field is
"ST. JOHN".

PROPER([Web Page]) Www.Archer-Tech.Com

where the value in the Web Page field is
"www.archer-tech.com".

PROPER([Equipment Note]) This Is Mike’S Laptop.

where the value in the Equipment Note
field is "This is Mike’s laptop."

RIGHT Function
The RIGHT function returns a specific number of characters from the right side of
the string. For example, if you specify 3 characters, the last 3 characters from the
string will be returned.
Return Type: Text
Syntax: RIGHT(text, num_chars)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text The text string that contains the characters that you want to
return. This parameter should be formatted as a Text-field
reference, for example, [field name].

num_chars Specifies the number of characters in the text string that you
want to return. This parameter must be greater than or equal to 0
(zero). If this parameter is negative, the function will return an
error.

Example:

Chapter 3: Formula Builder 251

 RSA Archer GRC Platform Calculations

Formula Result

RIGHT([Department Name], 4) ting

where the value in the Department Name
field is "Marketing".

SUBSTRING Function
The SUBSTRING function returns a specified number of characters from a text
string. When creating a formula with this function, you specify the character
position where you want to start extracting text, and you specify the number of
characters to return. For example, if you enter 1 as the start position and 3 as the
number of characters to return, you would get the substring "Mar" from a Text field
with the value "Marketing."
Return Type: Text
Syntax: SUBSTRING(text, start_num, num_chars)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text_field The text string that contains the characters that you want to
return. This parameter should be formatted as a Text-field
reference, for example, [field name].

start_num Specifies the position of the first character that you want to
extract from the Text field. The first character in a string has a
start number of 1. The start_num value must be greater than or
equal to 1. If the start_num parameter is greater than the number
of characters in the Text field, the function will return "" (empty
text). If the start_num parameter is less than the number of
characters in the Text field, but start_num plus num_chars
exceeds the number of characters in the Text field, the function
will return all possible characters up to the end of the text.

num_chars Specifies the number of characters in the Text field that you want
to return. This parameter must be greater than or equal to 0
(zero). If num_chars is negative, the function will return an error.

Example:

252 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Formula Result

SUBSTRING([Department Name], 1, 4) Mark

where the value in the Department Name
field is "Marketing".

TRIM Function
The TRIM function removes spaces from text strings, with the exception of single
spaces between words. A common use for the TRIM function is to remove extra
spaces from data received from an integration or data import. Often, data formatted
in another system has irregular spacing. Using the TRIM function ensures that
unnecessary spaces are removed from your Archer text.
Return Type: Text
Syntax: TRIM(text)
In the above syntax, parameters in bold are required.
The following table describes the parameters of the function.

Parameter Description

text The text string from which you want to remove the unnecessary
spaces.

Example:

Formula Result

TRIM([Asset Description]) "The HR-DB Server is used to store our

human resources information."
where the value of the Asset Description
field is " The HR-DB Server is used to
store our human resources information. "

UPPER Function
The UPPER function converts all characters in the supplied string to uppercase.
This function does not affect non-alphabetic characters.
Return Type: Text
Syntax: UPPER(text)
In the above syntax, parameters in bold are required.

Chapter 3: Formula Builder 253

 RSA Archer GRC Platform Calculations

The following table describes the parameters of the function.

Parameter Description

text The text string to be converted to uppercase. This parameter

should be formatted as a Text-field reference, for example, [field
name].

Examples:

Formula Result

UPPER([Name]) JAKE MILLER

where the value in the Name field is "Jake
Miller ".

UPPER([Web Site]) WWW.ARCHER-TECH.COM

where the value in the Web Site field is
"www.archer-tech.com ".

254 Chapter 3: Formula Builder

 RSA Archer GRC Platform Calculations

Chapter 4: Best Practices

Calculations Best Practices

The Calculations feature in the Platform enables administrators to create formulas
for dynamically computing one or more values of Numeric, Text, Date, and Values
List fields. The Platform has an extensive library of functions and operators that
administrators can select when building a formula for a calculated field. The
formula for a calculated field can be dependent on the results of other calculations.
Calculated field formulas can also reference field values in other applications,
enabling powerful cross-module calculations.
Among many customized uses, calculated fields can be used to:
l Produce weighted risk scores for risk assessments.
l Display the number of days remaining before a critical deadline.
l Develop complex workflow processes using a series of "if-then" statements to
direct the flow of data.

When working with formulas, use best practices by reviewing the following topics:
l Calculated Field Use Cases
l Circular References
l Complex/Nested Formulas
l Common Mistakes

Calculated Field Use Cases

The following examples show how calculated fields can be used to meet a variety
of business requirements.

ID Generation
Requirements: Create a unique record ID that combines a threat-type code, the
current date, and a counter value that is automatically incremented with each new
record. Always express the counter value using five digits; pad zeroes on the value
when necessary. Example: WORM-05232005-00019
Solution: Create a calculated text field that uses the following formula:
[Type Code] & “-“ & DATEFORMAT(TODAY( ), “mmddyyyy”) & “-“ &
NUMERFORMAT(CONTENTID( ), 0000#)

Chapter 4: Best Practices 255

 RSA Archer GRC Platform Calculations

Scoring
Requirements: Using key impact indicators, assign a priority score to a security
violation report. Do not display a raw numeric score. Instead, determine whether
the score falls within the High or Low priority range. Display a text value indicating
the final priority score. Example: High
Solution: Create a calculated Numeric field to compute the raw priority score.
Suppress the display of this field by removing it from the application layout, then
create a calculated text field that maps the raw score to a priority range. Display
the corresponding range name (High or Low) in the calculated text field. Use the
following formulas:
Numeric Field: SUM([Current Impact], [Potential Impact], [LOB Impact]) *
[Violation Potential])
Text Field: IF([Raw Score] <= 15, “Low”, “High”)

Date Countdown
Requirements: Compute and display the number of days remaining before a
trouble ticket record reaches its promised resolution deadline. Example: 5 Days
Remaining
Solution: Create a calculated Text field that uses the following formula:
([Due Date] - TODAY( )) & “Days Remaining”

Circular References
Circular references are sometimes difficult to detect. Circular references are
caused by formulas that form either a direct or indirect loop.
l A direct loop is formed when a series of field references form a closed circuit.
l An indirect loop can sometimes result when a series of field references includes
a reference to a field that is set to Always recalculate.

The Platform does not allow formulas that might result in circular references.
Whenever a possible circular reference condition exists, a validation message is
displayed. Previously if this condition existed, the message that displayed was:
“The formula will result in a circular field reference that cannot be resolved.”
Improvements were made to the Platform validation messages to help reconcile
circular references. The new validation message includes the field name and
module name of both the field and the field to which it references. Now the
message might look something like this:

256 Chapter 4: Best Practices

 RSA Archer GRC Platform Calculations

Calc Depend
Field Module Level
Always All

{fieldref01} {modulename0 {levelname01} No No

1}

{fieldref02} {modulename0 {levelname02} No No

2}

{fieldref01} {modulename0 {levelname01} No No

1}

The Calc Always column contains the value of the Always Recalculate flag set at
the calculated field. The Depend All column contains the value set by the Platform
for a questionnaire that has questions dependent on any calculated field.
To see the circular reference details, validation must be done in Formula Builder.
Using the fields from two different applications that reference each other, the
message for this condition might look like this:

Calc Depend
Field Module Level
Always All

{Rating} {Risk Management} {levelname01} No No

{Controls} {Policy {levelname02} No No

Management}

{Rating} {Risk Management} {levelname01} No No

Another example of a circular reference is three formulas in three different

applications where each formula references a field in a cross-referenced
application.
For example:

Formula 1: (Field 1 in Application A references Field 2 in Application B)

Field 1 recalculates on every save

Formula 2: (Field 2 in Application B references Field 3 in Application C)

Formula 3: (Field 3 in Application C references Field 1 in Application A)

Chapter 4: Best Practices 257

 RSA Archer GRC Platform Calculations

In this example, the circular reference is created by Field 3 referencing Field 1.

The following diagram shows a direct-loop circular reference.

Attempt to save Formula 1. A circular reference is detected, and a validation

message is displayed that may read like the following:
"Circular Calculation Detected: The following displays the path of the circle:"

Calc Depend
Field Module Level
Always All

{Rating} {Vendor Management} {levelname01} No No

{Controls} {Policy Management} {levelname02} No No

{Criticality} {Risk Management} {levelname01} No No

{Rating} {Vendor Management} {levelname01} No No

Always Recalculate Flag

When the Always flag is set on a calculated field, the field recalculates every time
a record is saved. The formula indirectly results in a circular calculation that cannot
be resolved. The Platform reports a validation error when this condition exists.

258 Chapter 4: Best Practices

 RSA Archer GRC Platform Calculations

The following figure shows an indirect loop caused by a circular reference. This
condition results in a circular reference because Rating is indirectly dependent on
Criticality. Because Rating is set to Recalculate Always, it calculates every time
that Criticality calculates.

Attempt to save Formula 3. A circular reference is detected, and a validation

message is displayed that may read like the following:
"Circular Calculation Detected: The following displays the path of the circle:"

Calc Depend
Field Module Level
Always All

{Criticality} {Risk Management} {levelname01} Yes No

{Controls} {Policy Management} {levelname02} No No

{Rating} {Risk Management} {levelname01} Yes No

{Criticality} {Risk Management} {levelname01} Yes No

Complex/Nested Formulas
Use the Always option of the Recalculation rules when a formula contains the
NOW( ) or TODAY( ) functions, or user first name, last name, and middle name
(Editor) parameters. When this option is selected, fields are recalculated whenever
content is saved regardless of content change. This option adds processing overhead
and can slow performance if used unnecessarily.

Chapter 4: Best Practices 259

 RSA Archer GRC Platform Calculations

Using the Always option for any other purpose may result in cycles. This condition
makes it more difficult to find and to troubleshoot.
When using the DATEADD or DATEDIF function, the functions error when the
Date field is empty.

Common Mistakes
Syntax errors cause many of the common mistakes. The formula syntax changed
from version 4.x to 5.x.
This section includes common mistakes that occur when using the DATE,
ROUND, STRING, and VALUEOF functions.

DATE
Dates and times are converted to Greenwich Mean Time (GMT) in the Platform
database. As a result, dates and times in calculations are returned in GMT.
Dates and times are converted to the locale of the user when the date or time is
displayed in a field. For example, suppose the locale is Central Time and the date
entered in a Date field called Due Date is 8/3/2012 9:00 PM. The date and time
stored in the database is 8/4/2012 2:00 ARE. Any user viewing this record with this
field sees the user’s time zone, for example, EST 8/3/2012 10:00 PM.
When manipulating date and time and displaying them in a field type other than a
Date field, dates and times are displayed in GMT. For example, a calculated text
field with the formula DATEFORMAT([Due Date], “YYYY-MM-DD HH-MM
AM”) referencing the Due Date from the formula above returns 08-04-2012 2:00
AM.
A numeric calculated field with the formula DAY([Due Date]) returns 4.

ROUND
Rounds a number to a specified number of digits. When the number to the right of
the decimal point is 5 or greater, the number is rounded up to the nearest integer.
If the num_digits parameter is greater than 0 (zero), the number is rounded to the
specified number of decimal places. If the num_digits parameter is equal to 0, the
number is rounded to the nearest integer. If the num_digits parameter is less than 0,
the number is rounded to the left of the decimal point to the specified number of
decimal places.
For example, if the num_digits parameter is -1 and the number is 101.5, the number
is rounded to 100.

260 Chapter 4: Best Practices

 RSA Archer GRC Platform Calculations

STRING
When using string manipulations, consider the data that is stored in the field. For
example, suppose a Text Area field named Description contains
<strong>Hello</strong>, and the formula is LEN([Description]). Although the user
only sees Hello, the calculation results are 22, which is the total number of
characters in the string.

VALUEOF
A common misconception of the VALUEOF is that it returns true or false if the
referenced value is selected in the referenced field. Often a formula is written as IF
(VALUEOF[Color], “Blue”, 1,0) and should be written as IF([Color] = VALUEOF
[Color], “Blue”, 1,0).
The only purpose of the VALUEOF function is to make a formula resilient to value
changes in a Values List. If the text of a value is changed in a custom or global
values list by an administrator, this function automatically updates the formula to
use the new text for the value.
For example, if the value "Blue" is referenced in a formula with the VALUEOF
function, and that value is subsequently changed to "Red" in the values list, the
value reference of "Blue" is automatically changed to "Red" in the formula.

Chapter 4: Best Practices 261

 RSA Archer GRC Platform Calculations

Chapter 5: Troubleshooting

Calculations Troubleshooting Tips

The Platform has an extensive library of functions and operators that administrators
can select when building a formula for a calculated field. The Formula Builder
helps both experienced and novice users build formulas for calculated fields.
Experienced users can use direct formula entry, name-based field referencing, and
a familiar function and operator library. Less experienced users can leverage the
build-and-learn nature of the interface.
When working with formulas you may encounter error messages, use the following
troubleshooting tips:
l Deciphering Error Messages
l Common Error Messages

Deciphering Error Messages

The calculation engine stores data in cells or ranges much like an Excel
spreadsheet. These references are not visible to a user, making it more difficult to
decipher error messages. The calculation engine stores dates as numbers in cells.
For example, a formula that compares two dates might look like:

Using the formula as an example, the Open Date might be stored in B2 and the Due
Date stored in B3.
An error message for this formula might look like:

In this example, B3 is the parameter cell for Due Date and DATEDIF is expecting
a valid serial date.

Common Error Messages

The following are common scenarios that may cause formula calculations to fail:

Chapter 5: Troubleshooting 263

 RSA Archer GRC Platform Calculations

Invalid Value

Formula DATEDIF([Open Date],[Due Date],HOUR)

Error Value is not a valid number: B2 Parameter name: serialDate

Cause One of the date fields does not have data.

Resolution Use the ISEMPTY function to check for empty dates and to avoid
.calculating against an empty date.

Multiple Values

Formula DATEDIF([First Published],REF([Incidents],[Open Date]),HOUR)

Error A parameter "!2!A1:A2" expected to be a single value was multiple

values. Parameter name: !2!A1:A2

Cause DATEDIF expects only one value, and this record relates to multiple
incidents.

Resolution Use an interim function to generate one value for the second parameter,
for example, MAX..

Divide by Zero

Formula 1 + 10/[Value]

Error A calculation within the formula returned the non-numeric value

infinity.

Cause The value is 0.

Resolution Use zero checks to avoid dividing by zero.

Reference Outside Logical Expression

Formula IF(VALUEOF([Risk],”Medium”), “true”, “false”)

Error _invalid expression

Cause Using the VALUEOF function without an equality operation.

Resolution Write the formula as follows:

IF([Risk]=VALUEOF([Risk],”Medium”),”true”,”false”)

264 Chapter 5: Troubleshooting

 RSA Archer GRC Platform Calculations

Reference to More Characters Than Exist

Formula SUBSTRING([Description],1,10)

Error Index and length must refer to a location within the string. Parameter
name: length

Cause Description field contains less than specified number of characters. In

this case, the Description field has less than 10 characters.

Resolution Use LEFT or RIGHT function instead or use these functions in

combination with LEN to avoid reading passed the end of a string.

Chapter 5: Troubleshooting 265

RSA Archer GRC Platform 5.4
Data Driven Events
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Data Driven Events

Contents

Preface 5
About this Guide 5
Product Documentation 7
Support and Service 8
Chapter 1: About Data Driven Events 9
Data Driven Event Guidelines 9
Process Flow 9
Insert Scenario - Add New 10
Update Scenario - Edit 11
Special Considerations - Process Flow 12
Chapter 2: Rules 15
Managing Rules 15
About Rules 15
Rule Order 18
Create a Rule 18
Update the General Properties of the Rule 19
Define the Rule Criteria 20
Field Types and Operators 21
Changed Operators 23
Link Actions to a Rule 23
Configure the Rule Order 24
Delete a Rule 26
Remove an Action from a Rule 26
Chapter 3: Actions 29
Managing Actions 29
Action Types 29
Action Types 30
Apply Conditional Layout Action 30
Section-Level Options 31
Field-Level Options 33
User/Group Access 33
ACL Action Example 34
Conflict Resolution - ACL 34
Special Considerations - ACL 36
Create an Apply Conditional Layout Action 37
Filter Values List Items Action 39
Conflict Resolution - Filter Values List Items 39
Special Considerations - Filter Values List Items 40
Create a Filter Values List Action 42
Generate Notification Action 44
Special Considerations - Generate Notification 45
Create a Generate Notification Action 47
Update the General Properties of a Generate Notification Action 48
Define the Layout for the Generate Notification Action 49

3
 RSA Archer GRC Platform Data Driven Events

Select the Content for the Generate Notification Action 50

Define the Email Properties of a Generate Notification Action 51
Configure the Delivery Schedule of a Generate Notification Action 52
Select Recipients for the Generate Notification Action 53
Set Date Action 54
Conflict Resolution - Set Date 55
Special Considerations - Set Date 55
Create a Set Date Action 56
Set Values List Selection Action 58
Conflict Resolution - Set Values List Selection 58
Special Considerations - Set Values List Selection 59
Create a Set Values List Selection Action 60
Remove an Action from a Rule 61
Delete an Action 62
Chapter 4: Troubleshooting 65
Recommended Practices for Rules and Actions 65
Workarounds for Differences Between Versions 65
Event Analyzer 66
Troubleshoot Data Driven Events 67

4
 RSA Archer GRC Platform Data Driven Events

Preface

About this Guide

The Platform supports the ability to not only capture and report on data, but also to
react dynamically to data conditions or values in the system. Data driven events
(DDEs) are powerful elements that react dynamically to data conditions or values
in the Platform. It is important to understand how DDEs are processed when
adding, updating, or saving a record.
Data driven events are configured on the Events tab of the Manage Applications
page and provide administrators and application owner the ability to:
l Dynamically control page layout based on the state of content.
l Conditionally filter or set field values based on the state of content.
l Generate email notifications.

A DDE is the conceptual combination of a rule and one or more linked actions.
Before building DDEs, review the Data Driven Event Guidelines.
A rule is a set of one or more data conditions or values that must be met for the rule
to evaluate to true. Rules are evaluated in a specified rule order.
An action is a predefined operation that is executed when linked to a rule. Actions
are executed only when the rule to which they are linked is evaluated as true.
When a DDE is triggered, each rule is evaluated and its linked actions are executed
as applicable. The action is only executed when the rule is true.

Preface 5
 RSA Archer GRC Platform Data Driven Events

Rules and actions are stored in separate libraries. A single rule can have any
number of actions linked to it. Additionally, a single action can be linked to any
number of rules.
Rules and actions are defined in the context of a specific application or
questionnaire and are not available to other applications or questionnaires. In
leveled applications, rules and actions are defined in the context of a specific level
and are not available to other levels.
Depending on how rules are configured in an application or questionnaire, it is
possible that the actions defined for those rules could conflict with each other.
Conflict resolution is provided in each of the action types. See Action Types.
When defining an action, it is important to understand the effects and expected
behaviors that can occur when an action is executed. Each action type includes a
list of various things to consider when defining actions.
Data driven events includes a utility, named Event Analyzer, for troubleshooting
DDE rules. The Event Analyzer provides a real-time view of rule evaluations and
actions that are applied as a result of user interaction with the content edit page.
To create, edit, or delete both rules and actions, your user account must specify that
you:
l Are an application owner
l Have update rights on the Manage Application page
l Have ownership rights to the questionnaire (if working on a questionnaire)

For information on using the Event Analyzer to troubleshoot data driven events in an
application, see Troubleshoot Data Driven Events.
For information on action-related tasks, see the following topics:
l Managing Actions
l Create an Apply Conditional Layout Action
l Create a Filter Values List Action
l Create a Generate Notification Action
l Create a Set Date Action
l Create a Set Values List Selection Action
l Delete an Action

For information on rule-related tasks, see the following topics:

l Managing Rules
l Create a Rule
l Configure the Rule Order

6 Preface
 RSA Archer GRC Platform Data Driven Events

l Update General Properties of the Rule

l Define the Criteria for a Rule
l Link Actions to a Rule

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Preface 7
 RSA Archer GRC Platform Data Driven Events

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

8 Preface
 RSA Archer GRC Platform Data Driven Events

Chapter 1: About Data Driven Events

Data Driven Event Guidelines

When building data driven events (DDEs), consider the following guidelines:
l Required fields that are hidden from the end user in an application are still
required. Users cannot save the record when this condition exists.
l Fields that are hidden in an application and are set to be required by an Apply
Conditional Layout (ACL) action are only required conditionally. When hidden
fields are conditionally required by an ACL, users can save the record.
l A rule condition that evaluates a Text field with the Display Control set to Text
Area may result in inconsistencies due to rich text markup when an operator
other than Contains or Does Not Contain is used.
l Tabs can be dynamically shown or hidden based on the current state of content,
including nested tabs. When a data driven event hides all sections on a tab, the
tab is also hidden.
l Be cautious when using a private field that is defined in an application in an
action. Actions linked to the rule targeting a private field may not execute
because not all users can access the private field. Field permissions can be
different for each user.
l Date and Values List field values that are set by an action can still be edited by
the end user unless the field is set to not be edited. For example, all other values
in a Values List are filtered by an action.

Depending on how the rules are configured in an application or questionnaire, there

is the possibility that the actions defined for those rules could conflict with each
other. Based on that, conflicts are resolved using specific logic as described in each
of the action types.

Process Flow
Rules are evaluated and actions are executed in a rules session. A rules session is a
single, uninterrupted pass of evaluating rules in a specified order and executing
linked actions for rules that are true.
The rule and its corresponding actions are processed at different times during the
Record Edit and Record Save processes depending on the type of action being
invoked.

Chapter 1: About Data Driven Events 9

 RSA Archer GRC Platform Data Driven Events

Note: In 5.0 to 5.1.3 versions, rules sessions are invoked when a user saves or
applies a record and when the user changes field values.
In version 5.1.4, rules sessions are no longer invoked when a user saves or applies a
record with the exception of Generate Notification actions.

See Insert Scenario - Add New and Update Scenario - Edit to see the processes for
adding a new record and for updating a record.

Insert Scenario - Add New

When new content is loaded (Insert Scenario), a SINGLE pass of rules with SETS
(Set Date and Set Values List Selection) and FILTER (Filter Values List Items)
actions occurs. Conditional layout is processed against the result of the SINGLE
pass.

10 Chapter 1: About Data Driven Events

 RSA Archer GRC Platform Data Driven Events

The following figure shows the Insert Scenario – Add New process flow.

Update Scenario - Edit

When content is loaded (Update Scenario), a SINGLE pass of rules with FILTER
(Filter Values List Items) actions occurs. Conditional layout is processed against
the result of the SINGLE pass.

Chapter 1: About Data Driven Events 11

 RSA Archer GRC Platform Data Driven Events

The following figure shows the Update Scenario – Edit process flow.

Special Considerations - Process Flow

Note: Off-layout refers to the fields that are available for selection but are not
included in a section layout.

12 Chapter 1: About Data Driven Events

 RSA Archer GRC Platform Data Driven Events

Off-layout and private fields to which the user does not have field permissions:
l Can be used as a rule condition to evaluate.
l Cannot be directly set.

Calculated values are always evaluated after executing Save or Apply with the
exception of Generate Notification actions.
Generate Notification actions are only executed by a record being saved. This
action is executed at the end of the record save process and is the only action
executed after calculated fields and record permission fields are computed.
System fields can be used as rule conditions. The First Published Date and Last
Updated Date fields are not available until after the record is saved. Generate
Notification actions are entirely different from other actions and execute after these
values are calculated.

Chapter 1: About Data Driven Events 13

 RSA Archer GRC Platform Data Driven Events

Chapter 2: Rules

Managing Rules
A rule is a set of one or more data conditions or values that must be met for the rule
to be true. Actions are executed only when the rule to which they are linked is true.
A rule can be linked to one or more action types. Rules are evaluated sequentially
according to the priority in which they are assigned in the Rule Order dialog box.
Administrators and application owners can use any of the following action types:
l Apply Conditional Layout
l Filter Values List Items
l Set Date
l Set Values List Selection
l Generate Notification

About Rules
l Rules are owned by the application or questionnaire and are not available to
other applications or questionnaires.
l Rules are evaluated and actions are executed in a rules session.
l A rules session is a single uninterrupted pass of evaluating rules in a specified
order and executing linked actions for any rules that are true.
l A rules session is invoked when a record is added, changed, or saved.
l Rules can be copied and edited to make similar rules.
l Rules can be based on field types that allow for a user selection or data entry.
See Field Types.
l The following fields cannot be used in a rule:

Note: Sub-forms can be used, but not the fields in the sub-form.

Access History History Log

Attachment Image

CAST (Detail) Multiple Reference Display Control (MRDC)

Chapter 2: Rules 15
 RSA Archer GRC Platform Data Driven Events

CAST (Scorecard) Questionnaire Reference (QRFT)

Discussion Tracking ID

External Links Voting

l The following table shows when rules are evaluated and which actions are
executed based on user interaction.

User Interaction Resulting Action

On New All rules are evaluated.

Set, Filter, and ACL actions are executed.

On Edit All rules are evaluated.

Filter and ACL actions are executed.

On Field Modification All rules are evaluated.

Set actions linked to rules containing the
modified field as a rule condition, Filter, and
ACL actions are executed.

On Save Calculated fields are calculated.

All rules are evaluated.
Generate Notification actions are executed.

16 Chapter 2: Rules
 RSA Archer GRC Platform Data Driven Events

l The following table shows what happens when a rule is based on calculated
fields.

User Interaction Resulting Action

On New Calculated field value is null.

Rules evaluating a null value or evaluating the
absence of a specific value (Does Not Equal,
Does Not Contain) are evaluated to true and
linked Set, Filter, and ACL actions are executed.

On Save Calculated field value is updated by the Content

Save process.
Generate Notification actions is executed based
on the updated calculated field value.

On Edit Calculated field value was already updated by

the Content Save process.
Filter and ACL actions are executed based on
the updated calculated field value.

On View Calculated field value was already updated by

the Content Save process.
ACL actions are executed based on the updated
calculated field value.

On Field Modification Calculated field values cannot be directly mod-

ified by the end user.

You can perform the following tasks to manage rules:

l Create a Rule
l Configure the Rule Order
l Update the General Properties of a Rule
l Define the Rule Criteria
l Link Actions to a Rule
l Delete a Rule

Chapter 2: Rules 17
 RSA Archer GRC Platform Data Driven Events

Rule Order
Rule order determines the specific order in which the applicable actions of each
rule are executed. Administrators can use rule order to dynamically or conditionally
control when actions are executed based on a business process. The rule order is
specified in the Rule Order dialog box.
Rules are evaluated sequentially according to the priority in which they are
assigned. Rule 1 is ranked higher in priority than Rule 2, Rule 2 is ranked higher
than Rule 3, and so forth.

Example
Suppose that there are five rules. Each rule is evaluated individually starting with
the highest priority (Rule 1) and finishing with the lowest priority (Rule 5). The
appropriate actions of each rule are executed before the next rule in sequence is
evaluated. This process continues until all rules are evaluated and the applicable
actions of each rule are executed.
Rules can contain actions that conflict with each other. Conflict resolution for each
action type is provided in that action:
l Conflict Resolution - ACL
l Conflict Resolution - Filter Values List Items
l Conflict Resolution - Set Date
l Conflict Resolution - Set Values List Selection

Create a Rule
You can create a rule and link an action or actions to that rule. A single rule can
have multiple actions linked to it.

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.

18 Chapter 2: Rules
 RSA Archer GRC Platform Data Driven Events

2. Click Add New.

The Add New Rule dialog box opens enabling you to specify the properties of
the new rule.
For example, if your business practice requires a rule to always evaluate to true,
create a rule with the filter criteria set to Record Status equals New OR
Updated, as shown in the following figure.

3. Do one of the following:

l To use the settings of an existing rule as a starting point for your new rule,
select Copy an existing Rule and select the existing rule from the list.
l To select new settings for a rule, select Create a new Rule from scratch.
4. If the application has multiple levels, in the Add New Rule dialog box, select
the level where you want to create the rule.
5. Click OK.

Next Steps
Update the General Properties of the Rule
Define the Rule Criteria

Update the General Properties of the Rule

You can update the general properties of a rule including its name, description and
status.

Before You Begin

Create a Rule

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

Chapter 2: Rules 19
 RSA Archer GRC Platform Data Driven Events

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
2. Click the rule that you want to update.
The Manage Rule page is displayed.
3. Complete the General Informationsection:
a. In the Name field, enter a name for the rule.
b. In the Status field, select Active. To prevent anyone from using this rule
until you are ready, select Inactive.
c. In the Description field, enter the brief description for the rule.
4. Click Apply.

Next Steps
Define the Criteria for a Rule

Define the Rule Criteria

You can select the filtering criteria for a rule. Only records that match the specified
filter criteria will execute the actions linked to this rule. Rule criteria is evaluated
against current field data, regardless of whether the current user working in a
record has access to the field or not.

Before You Begin

l Create a Rule
l Update the General Properties of a Rule

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.

20 Chapter 2: Rules
 RSA Archer GRC Platform Data Driven Events

2. Click the rule that you want to update.

The Manage Rule page is displayed.
3. In the Criteria section, use the fields provided to specify the field to evaluate,
the operator, the value or values and, if applicable, the relationship to the
subsequent row of filter criteria. Each row on this page represents one set of
filter criteria.
a. Specify filter criteria in the first row. If needed, enter a second set of filter
criteria in the second row.
b. To add additional rows for specifying more filter criteria, click Add New.
This link is only enabled when the action is available.
c. To change the relationship between the rows of filter criteria, in the
Advanced Operator Logic field, enter a new value. The default value is
"And."
d. To delete a condition, click in that row.
The system automatically renumbers the criteria rows, but you may need to
modify any advanced operator logic accordingly.
For example, if your business practice requires a rule to always evaluate to true,
create a rule with the filter criteria set to Record Status equals New OR
Updated, as shown in the following figure.

4. Click Apply.

Next Steps
Link Actions to a Rule

Field Types and Operators

The following table shows a list of the field types and the operators for the fields
that can be specified for filtering rule conditions.

Field Type Operator

Cross-Reference and Related Records Contains

Matrix Does Not Contain
Record Permissions Equals
Text Does Not Equal
User/Groups List Changed

Chapter 2: Rules 21
 RSA Archer GRC Platform Data Driven Events

Field Type Operator

Values List Changed To

Changed From

Date Equals
First Published Date Does Not Equal
Last Updated Date Current
Last
Next
Greater Than
Less Than
Between
After Today
Prior To Today
Changed
Changed To
Changed From

IP Address Equals
Record Status Does Not Equal
Changed
Changed To
Changed From

Numeric Equals
Does Not Equal
Greater Than
Less Than
Between
Changed
Changed To
Changed From

Numeric Ranging Contains

Does Not Contain

22 Chapter 2: Rules
 RSA Archer GRC Platform Data Driven Events

Field Type Operator

Equals
Does Not Equal
Greater Than
Less Than
Between
Changed
Changed To
Changed From

Sub-form Changed

Changed Operators
The Changed operator only evaluates the previously saved value of a field against
the current value of the field. For new content, the initial state of the value is
considered empty.

Example

Scenario Rule 1 has the Changed operator set to Changed.

Field A currently has a value of null (empty).
User Input 1: User changes the value of Field A to 2.
User Input 2: User removes the value of 2 in Field A.

Result Rule 1 is evaluated as true from User Input 1.

Rule 1 is evaluated as false from User Input 2.
Only the first change triggers the data driven event and not the
second one because the final state of the value is the same as its
original state.

Link Actions to a Rule

You can assign one or more actions to a rule to create an event. An action can be
linked to one or more rules. You can link any existing action to a rule or create a
new action that will be automatically linked to the rule.
For more information on creating an action, see Managing Actions.

Chapter 2: Rules 23
 RSA Archer GRC Platform Data Driven Events

Before You Begin

l Create a Rule
l Define the Criteria for a Rule

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
2. Click the rule that you want to update.
The Manage Rule page is displayed.
3. In the Linked Actions section, click Select Actions.
The Action Lookup dialog box opens with the list of actions available to this
rule.
4. Select the action that you want to link to this rule.
5. Click OK to close the Action Lookup dialog box.
The selected actions are displayed in the Linked Actions section.
6. Click Apply.

Next Steps
Configure Rule Order

Configure the Rule Order

You can specify the rule order in the Rule Order dialog box. This dialog box opens
from the Configure Rule Order link on the Rules tab.

24 Chapter 2: Rules
 RSA Archer GRC Platform Data Driven Events

Rule Order determines the specific order in which the applicable actions of each
rule are executed. Use rule order to dynamically or conditionally control when
actions are executed based on a business process. Rules are evaluated sequentially
according to the priority in which they are assigned. Rule 1 is ranked higher in
priority than Rule 2, Rule 2 is ranked higher than Rule 3, and so forth. For example,
the first rule is evaluated and (if the rule is true) all actions linked to that rule are
executed. Then the second rule is evaluated and (if true) all actions linked to that
rule is executed.

Before You Begin

l Create a Rule
l Update the General Properties of a Rule
l Define the Criteria for a Rule
l Link Actions to a Rule

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
2. Click Configure Rule Order.
The Rule Order dialog box opens.
3. Click one or more rule names and drag and drop to the correct position.
4. If the application is leveled, in the Rule Order dialog box, click each level tab
and configure the appropriate order for each level.
5. Click OK to close the Rule Order dialog box.
6. Click Save.

Chapter 2: Rules 25
 RSA Archer GRC Platform Data Driven Events

Delete a Rule
If you no longer need a rule, you can delete it from the system. Deleting a rule does
not delete the actions linked to it; those actions continue to exist in the Action
Library and maintain their links with other rules.

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
2. Click the row and view the description of the rule that you want to delete.

3. Click for that rule.

A Warning dialog box opens.
4. To confirm the delete, click OK.

Remove an Action from a Rule

You can disassociate an action from a rule without deleting the action.
To delete an action, see Delete an Action.

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

26 Chapter 2: Rules
 RSA Archer GRC Platform Data Driven Events

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
2. Click the rule that you want to update.
The Manage Rule page is displayed.

3. In the Linked Actions section, click next to the action that you want to
disassociate from the rule.
4. Click Apply.

Chapter 2: Rules 27
 RSA Archer GRC Platform Data Driven Events

Chapter 3: Actions

Managing Actions
An action is a predefined operation that is executed when linked to a rule.
Actions are:
l Stored in a library and can be used with any number of rules
l Only executed when linked to a rule that is true
l Reusable across multiple rules
l Owned by the application or questionnaire and are not available to other
applications or questionnaires

Fields that are defined in an application or questionnaire are used in an action. For
example, fields can be added to a section on the layout of an application or
questionnaire and then be conditionally required or hidden by an Apply Conditional
Layout (ACL) action.

Action Types
The following table describes each action type.

Action Type Description

Apply Conditional Layout Configures dynamic record layouts based on the state of
the record.

Filter Values List Items Restricts the values available for selection in a Values
List field to a subset of the values defined for the field.

Generate Notification Generates an email notification that is sent to specified

users.

Set Date Configures and sets a value for a Date field that can be
overridden.

Set Values List Selection Configures and sets a value for a Values List field that
can be overridden.

You can perform the following tasks to manage actions:

l Create an Apply Conditional Layout Action
l Create a Filter Values List Action

Chapter 3: Actions 29
 RSA Archer GRC Platform Data Driven Events

l Create a Generate Notification Action

l Create a Set Date Action
l Create a Set Values List Selection Action
l Delete an Action

Action Types
An action is a predefined operation that is executed when linked to a rule. Actions
are stored in a library and can be used with any number of rules. Actions are only
executed when linked to a rule that is true. Actions are reusable across multiple
rules.
You can create actions based on the action types described in the following table.

Action Type Description

Apply Conditional Layout Configures dynamic record layouts based on the state of
the record.

Filter Values List Items Restricts the values available for selection in a Values
List field to a subset of the values defined for the field.

Generate Notification Generates an email notification that is sent to specified

users.

Set Date Configures and sets a value for a Date field that can be
overridden.

Set Values List Selection Configures and sets a value for a Values List field that
can be overridden.

Note: Set actions are Set Date and Set Values List Selection. The filter action is
Filter Values List Items.

Apply Conditional Layout Action

The Apply Conditional Layout (ACL) action enables administrators to configure
dynamic record layouts based on the state of the record. ACL actions only affect
view and edit modes.
Administrators and application owners can choose to force sections or fields to
display, make fields required, make sections or fields read only, or not to display
sections or fields. ACL actions can be configured to be applied to specific users,
groups, or both so that presentation can vary for different users.

30 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

With the exception of Required field settings, ACLs are intended to serve only as a
cosmetic treatment to ease data entry and viewing in the form for a particular
application or questionnaire. Fields that are hidden by an ACL action are still
available in search results and filters for defining reports, searches, and
notifications.
Data that is hidden by an ACL action to a user cannot be printed or exported by that
user. Field access permissions are still applied for printing and exporting.
The Layout Configuration section enables you to select which sections and fields in
the application that you want to display as a result of this action. When working
with this section, keep the following points in mind:
l The key icon indicates a key field and the calculator icon indicates a
calculated field.
l The user must have edit privileges to edit a field. The settings on this page do not
grant edit privileges to an account that does not already have those privileges.
l Be careful when selecting to hide a required field. The field is still required,
even if it is not displayed.
l The settings in this section do not change the layout of the page. To change the
layout, use the Layout tab of the Manage Application page.
l If the layout of the application has multiple tabs, the Layout Configuration
section includes multiple tabs.
l Placeholders may still be displayed for a screen object even though the object is
not displayed.

Section-Level Options
Sections determine how fields are organized on the layout of an application or
questionnaire. A section-level option can override a field-level option. See Field-
Level Options. The following table describes the available section-level options.

Option Description

Use Default Settings All fields and objects in the section are displayed. Individual
fields and objects in the section can have field-level options
configured.

Display All fields and objects in the section are forced to display (subject
to the user having field permissions to that field). Individual
fields and objects in the section can have field-level options
configured.

Read Only All fields in the section are displayed as read only and are not
available for editing. Individual fields in the section cannot have
field-level options configured. Objects in the section function as
originally configured.

Chapter 3: Actions 31
 RSA Archer GRC Platform Data Driven Events

Option Description

Do Not Display All fields and objects in the section are not displayed. Individual
fields and objects in the section cannot have field-level options
configured.

Setting a section to Read Only affects all of the fields in the section, but does not
impact the non-field objects in the section, such as custom interface and text box
objects. These objects continue to function as originally configured.
If multiple Apply Conditional Layout actions conflict for a field, the system
executes the action that is highest in the following order of precedence:
1. Section-level Read Only
2. Section-level Display*
3. Section-level Do Not Display
4. Section-level Use Default Settings
5. Field-level Required
6. Field-level Read Only
7. Field-level Display
8. Field-level Do Not Display
9. Field-level Use Default Settings
*When a Section-level Display action takes precedence, field-level settings are
respected. See the example in Conflict Resolution - ACL. For example, if an action
sets a section to Do Not Display and another action sets a field within the section to
Read Only, the section is not displayed because the section-level Do Not Display
setting takes precedence.

32 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Field-Level Options
Fields are defined in an application or questionnaire and then used in an action.
Fields are added to sections on the layout and can be conditionally required or
hidden by an ACL action. A field-level option can be overridden by a section-level
option. See Section-Level Options. The following table describes the available
field-level options.

Option Description

Use Default Settings Field behaves as defined.

Display Field is forced to display (subject to the user having field

permissions to that field).

Required Field is required.

Read Only Field is displayed as read only and is not available for editing.

Do Not Display Field is not displayed.

User/Group Access
An ACL action must have at least one user, group, or field (User/Groups List or
Record Permissions field) specified to save the action. The specified user, group, or
field determines to which users the ACL action applies. If one or more of the
following conditions are true, the ACL action is applied for a user:
l The user is directly specified in the ACL action.
l The user is a member of a group specified in the ACL action (or is a member of
a descendant group if the Cascade option is specified).
l The user or a group of which the user is a member is specified in a User/Groups
List or Record Permissions field that is specified in the ACL action.

When a User/Groups List or Record Permissions field is selected in an ACL action,

only the data committed in the database is used for determining whether an ACL
action is applied to the specified user.
Users, groups, or fields can be excluded from viewing the layout. The ACL action
is not applied to any user, group, or field that is excluded.

Chapter 3: Actions 33
 RSA Archer GRC Platform Data Driven Events

ACL Action Example

ACL Action Setup The ACL action has a Record Permissions field selected with a
default value of User A.

Initial Record When the record is initially created, there is no value committed
Creation in the database for the Record Permissions field. The ACL action
does not apply to any users.

Post-Record Creation After the record is saved, User A is committed in the database for
the Record Permissions field. The ACL action is applied only to
User A.

Conflict Resolution - ACL

Multiple ACL actions can apply to the same user at the same time. When multiple
ACL actions attempt to apply conflicting behaviors, the action that is ranked higher
in the order of precedence is executed as shown in the following figure.

34 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

1. Section-level Read Only

2. Section-level Display*
3. Section-level Do Not Display
4. Section-level Use Default Settings
5. Field-level Required
6. Field-level Read Only
7. Field-level Display
8. Field-level Do Not Display
9. Field-level Use Default Settings

Note: *When a Section-level Display action takes precedence, Field-level settings

are respected. See Example 3.

Example 1

Action 1 Sets a section to Do Not Display.

Action 2 Sets a field in the section to Required.

Result The section is not displayed and the field is not required because
Action 1 (section-level Do Not Display) takes precedence.

Example 2

Action 1 Sets a section to Display.

Action 2 Sets the same section to Read Only.

Result The section is read only because Action 2 (section-level Read Only)
takes precedence.

Example 3

Action 1 Sets a section to Display.

Action 2 Sets field X and field Y in the section to Do Not Display.

Action 3 Sets field X in the section to Required.

Result The section is displayed, field X is set to required, and field Y is not
displayed.
Because Action 1 (section-level Display) takes precedence, the
section is displayed and field-level settings are respected.

Chapter 3: Actions 35
 RSA Archer GRC Platform Data Driven Events

Because Action 3 (field-level Required) takes precedence over

Action 2, Field X is set to Required. There is no conflict with Field
Y, so it is set to Do Not Display by Action 2.

Special Considerations - ACL

An ACL action does not give users added field permissions, but it can restrict them.
If a field is set to Display and the user does not have Read permissions to the field,
the field is still hidden from the user. If a user has full permissions to a field that is
set to Read Only in an ACL action, the user cannot modify the field.
If a field is not displayed because of an ACL action, a user with field permissions
can still search the field and functions, such as data feed, and Web APIs can still
reference the field.
A field that is defined as required in an application can be set to one of the
following options: Use Default Settings, Display, Do Not Display, and Read Only.
If a required field is set to Read Only or Do Not Display and is hidden, the field is
still required and a user cannot save the record.
For the user to save the record, do either of the following:
l Modify the ACL action to display the field.
l Change the field in the application so that it is not required.

The Read Only option is not available for fields that are inherently read only, for
example, System fields.
The Required option is not available for fields that cannot be set to Required in an
application.
Text Box Objects, Custom Objects, and Trending Charts have the following
options: Use Default Settings, Display, and Do Not Display. Placeholder objects
cannot be modified by an ACL action and do not have any available options.

Important: Sections and fields that are hidden by an ACL action are still available
in search results and filters for defining reports unless otherwise controlled by field
permissions.

Changes to an application can affect previously configured field-level options. If a

field with field-level options is moved to a new section, the field-level options are
evaluated according to ACL Conflict Resolution rules of precedence. Specifically,
field-level options are affected when the new section has section-level options that
are more restrictive than the field-level options of the field.

36 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Example

Scenario Field A in Section 1 has a field-level setting of Required.

Field A is moved to Section 2 that has a section-level setting of Do
Not Display.

Result The Required setting of Field A is removed, and Field A inherits

the Do Not Display section-level setting.

Create an Apply Conditional Layout Action

You can create an Apply Conditional Layout action that modifies the elements that
display within a record and adjusts the properties of specific fields. Using this
action, you can:
l Determine which sections, fields, custom interface objects and text box objects
are displayed.
l Override the read/write permissions for fields.
l Set the Required Field status for fields.
l Assign specific users, groups and fields to the actions so that the presentation
can be different to different users.
l Exclude users, groups, or fields from viewing the layout.

Important: If a field with a base setting of Required is not visible to the user, the
user cannot save the record. To solve this, you must either modify the application to
display the required field for the user or change the field settings so that it is no
longer required.

For more information on ACL actions, see Apply Conditional Layout Action.

Before You Begin

Review the following:
l Conflict Resolution - ACL
l Special Considerations - ACL

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.

Chapter 3: Actions 37
 RSA Archer GRC Platform Data Driven Events

c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. Click Add New and do one of the following:
l To use the settings of an existing action as a starting point for the new action,
select Copy an existing Action and select the existing action from the list.
l To select new settings for the action, select Create a new Action from
scratch.
3. Under Available Action Types, select Apply Conditional Layout.
4. If the application has multiple levels, in the Add New Action dialog box, select
the appropriate level for the action and click OK.
5. Complete the General Information section:
a. In the Name field, enter a name for the action.
b. In the Status field, select Active. To prevent anyone from using the action
until you are ready, select Inactive.
c. In the Description field, enter a brief description.
This description is helpful later when you need to choose an action from a
list to associate with a rule.
6. Complete the Layout Configuration section:
a. Specify the sections that you want to be displayed. Click in the appropriate
section and select an option from the list.
b. For each section that you display, specify which fields should be required,
be read only, or hidden. You can also reset the settings to the default. The
options available may vary for different types of fields. Click in the
appropriate section and select an option from the list.
7. In the Qualified Users/Groups section, select the users, groups, or fields that
you want to include or exclude from this conditional layout.
8. Click Save.
After the action is saved, you can link the action to the applicable rule. The
relationship between rules and actions are specified on the Rules tab. For more
information, see Link Actions to a Rule. If the action has been linked to a rule,
the associated rules are listed in the Associated Rules section.

38 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Filter Values List Items Action

The Filter Values List Items action enables administrators to restrict the values
available for selection in a Values List field to a subset of the values specified for
the field.

Example

Scenario Field A is a Values List field with the following available values:
Red, Orange, Yellow, Green, and Blue.
Action 1 is a Filter Values List Items action that filters the list to
Red and Blue.
Action 1 is linked to Rule 1.

Result When Rule 1 is true, Field A is automatically filtered to the

values of Red and Blue making them the only values available for
selection.

Conflict Resolution - Filter Values List Items

When there are multiple Filter Values List Items actions linked to the same rule,
the actions are cumulative.

Example 1

Scenario Field C is a Values List field with available values of Red,

Orange, Yellow, Green, and Blue.
Action 1 is a Filter Values List Items action that filters the list to
Red and Blue.
Action 2 is a Filter Values List Items action that filters the list to
Orange and Yellow.
Action 1 and Action 2 are linked to Rule 1.

Result When Rule 1 is true, Field C is automatically filtered to values

Red, Orange, Yellow, and Blue making them the only values
available for selection.

If multiple Filter Values List Items actions targeting the same Values List field are
linked to different rules that are true at the same time, only the Filter Values List
Items action linked to the rule with the highest rule order is applied.

Chapter 3: Actions 39
 RSA Archer GRC Platform Data Driven Events

Example 2

Scenario Field D is a Values List field with available values of Red,

Orange, Yellow, Green, and Blue.
Action 1 is a Filter Values List Items action that filters the list to
Red and Blue.
Action 2 is a Filter Values List Items action that filters the list to
Orange and Yellow.
Action 1 is linked to Rule 1.
Action 2 is linked to Rule 2.
Rule 1 is ranked higher than Rule 2.

Result When both Rule 1 and Rule 2 are true at the same time, Field D is
automatically filtered to values of Red and Blue making them the
only values available for selection.

If a Set Values List Selection action and a Filter Values List Items action targeting
the same Values List field are in conflict, only the Filter Values List Items action is
applied.

Example 3

Scenario Field E is a Values List field with available values of Red,

Orange, Yellow, Green, and Blue.
Action 1 is a Set Values List Selection action that sets the values
of Green and Blue.
Action 2 is a Filter Values List Items action that filters the list to
Red and Blue.
Action 1 is linked to Rule 1.
Action 2 is linked to Rule 2.

Result When both Rule 1 and Rule 2 are true at the same time, Field E is
automatically filtered to values of Red and Blue making them the
only values available for selection.
The field is also automatically set to a value of Blue. (There is no
conflict between Action 1 and Action 2 for the value of Blue.)
Green is not selected because there is a conflict between Action 1
and Action 2, and therefore only the Filter Values List Items
action (Action 2) is applied.

Special Considerations - Filter Values List Items

A Filter Values List Items action cannot select "No Selection" as one of the
available options for the Values List field.

40 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

A calculated field cannot be the target of a Filter Values List Items action. If a
Filter Values List Items action is defined and the target Values List field is later
changed to a calculated field, the Filter Values List Items action is deleted.
If a child value in a hierarchical Values List is selected in a Filter Values List
Items action and the parent value is not, the parent value is displayed after the
action is executed but is not available for selection.
If a Values Lists field is the target of a Filter Values List Items action and is
deleted, the Filter Values List Items action is also deleted.
If a Value Lists value is selected in a Filter Values List Items action and is deleted,
that value is removed from the Filter Values List Items action. If that value is the
only value selected in the action, the field is also deleted from the Filter Values List
Items action.
If a Values List has an existing selection that is not in the filtered subset of values
for the Filter Values List Items action, the existing selection is removed when the
Filter Values List Items action executes.

Example

Scenario Field B is a Values List field with the available values of Red,
Orange, Yellow, Green, and Blue.
Field B currently is set to Green.
Action 1 is a Filter Values List Items action that filters the list to
Red and Blue.
Action 1 is linked to Rule 1.

Result When Rule 1 is true, the current value (Green) of Field B is replaced
by the filtered values of Red and Blue making them the only values
available for selection.

The Cumulative Filters option on the Options tab allows Filter Values List Items
actions that target the same field in different rules to have a cumulative effect.

Chapter 3: Actions 41
 RSA Archer GRC Platform Data Driven Events

Example

Scenario Field C is a Values List with available values of Red, Orange,

Yellow, Green, and Blue.
Field C currently is set to Orange.
Action 1 is a Filter Values List Items action that filters the list to
Red. Action 1 is linked to Rule 1.
Action 2 is a Filter Values List Items action that filters the list to
Orange. Action 2 is linked to Rule 2.
Action 3 is a Filter Values List Items action that filters the list to
Yellow. Action 3 is linked to Rule 3.
The Cumulative Filters option is selected.

Result When all three rules are true at the same time, the following occurs
in this order:
1. When Rule 1 is true, the list is filtered to Red being available for
selection, and the current value of Orange is not selected.
2. When Rule 2 is also true, the list is filtered to Red and Orange
being available for selection, and the current value of Orange is
selected.
3. When Rule 3 is also true, the list is filtered to Red, Orange, and
Yellow, making these values available for selection.
As an end result, the values Red, Orange, and Yellow are available
values for selection and the current selection (Orange) remains
selected.

Create a Filter Values List Action

You can create a Filter Values List action that limits the items available in a
Values List field. For example, if a Values List field contains these values by
default: Red, Green, Yellow, Orange, and Blue, you can create a Filter Values List
action that excludes Orange and Blue and displays only the Red, Green, and
Yellow values.
If multiple Filter Values List actions target the same field within in the same rule,
they have a cumulative effect. For example, if the example Filter Values List
described above is executed, and then an additional Filter Values List action is
executed that displays only Blue, the field will display the Red, Green, Yellow, and
Blue values. However, if the Filter Values List actions are not in the same rule, the
system will only execute the Filter Values List action that is highest in the rule
order.

42 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

d. Click the Events tab.

e. Click the Actions tab.
2. Click Add New and do one of the following:
l To use the settings of an existing action as a starting point for the new action,
select Copy an existing Action and select the existing action from the list.
l To select new settings for the action, select Create a new Action from
scratch.
3. Under Available Action Types, select Filter Values List Items.
4. Complete the General Information section:
a. If the application has multiple levels, in the Add New Action dialog box,
select the appropriate level for the action, and click OK.
b. In the Name field, enter a name for the action.
c. In the Status field, select Active.
d. In the Description field, enter a brief description of the action.
5. Complete the Values List Filter section:
a. From the Field list, select the field that you want to filter by.
b. In the Value(s) field, click to select the values that you want to make
available for selection in the filtered list.

Note: You cannot select a Calculated Values List field.

6. Click Save.
After the action is saved, you can link the action to the applicable rule. The
relationship between rules and actions are specified on the Rules tab. For more
information, see Link Actions to a Rule. If the action has been linked to a rule,
the associated rules are listed in the Associated Rules section.

Chapter 3: Actions 43
 RSA Archer GRC Platform Data Driven Events

Generate Notification Action

The Generate Notification action enables administrators to configure an email
notification. When a record is added or updated that meets defined rule conditions,
the notification is sent to intended recipients after the content is saved.
Generate Notification actions are different from other data driven event (DDE)
actions in the following ways:
l Rule order does not affect a Generate Notification action.
l Calculated field values are computed after clicking Save or Apply. The server
order of operations executes Generate Notification actions after the calculated
fields are computed and system fields are updated. When Generate Notification
actions execute, the conditions are evaluated against already calculated values of
the calculated fields.

Because Generate Notification actions are executed after calculated fields are
computed, it is possible to have two actions (one being a Generate Notification
action) linked to the same rule where one action executes and the other one does
not.

44 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Example

Scenario Field A is a calculated field with a formula of [Field C] + 1.

Field C has an initial value of 2.
Field B has an initial value of Green.
Field A has a value of 3 (calculated field: 2 + 1 = 3).
Rule: Field A = 5.
Action 1 is Set Values List Selection that sets Field B to Blue.
Action 2 is Generate Notification.

Result User edits this record and changes the value of Field C to 4.
The Set Values List Selection action executes before Field A is
recalculated. Field A is 3 before being recalculated, and the rule
evaluates to false (3 does not equal 5), so Field B is not set to
Blue.
When the user clicks Save, the following occurs:
1. The record is processed.
2. Field A is calculated (4 + 1), and its value is set to 5.
3. The rule evaluates to true, and the Generate Notification
action executes. (Set Values List Selection actions are only
executed by user interaction, so the server does not set Field B
to Blue.)
Action 1 did not execute, but Action 2 did execute even though
both of these actions are linked to the same rule.

Note: There is no conflict resolution for Generate Notification actions. These action
types are executed when content is saved for rules that are true.

Special Considerations - Generate Notification

End users cannot subscribe or unsubscribe from generated notifications. Generated
notifications are automatically sent to all of the intended recipients.
Because calculations are done before rules are evaluated, it is possible that a rule is
true in View/Edit mode, but is false when the Generate Notification action is
evaluated. This condition is also the case in reverse.
If multiple Generate Notification actions are linked to rules that are true, saving one
record causes multiple notifications to be sent for the record. Each distinct
Generate Notification action causes a notification to be sent.

Chapter 3: Actions 45
 RSA Archer GRC Platform Data Driven Events

Example 1

Scenario New Record A is added.

Action 1 is a Generate Notification action with its frequency set
to Instantly.
Action 2 is a Generate Notification action with its frequency set
to Instantly.
Action 1 is linked to Rule 1.
Action 2 is linked to Rule 2.

Result When Record A is saved and both Rule 1 and Rule 2 are true, two
notifications are sent (one for Action 1 and one for Action 2).

Example 2

Scenario New Record A is added.

Action 1 is a Generate Notification action with its frequency set
to Instantly.
Action 2 is a Generate Notification actions with its frequency set
to Instantly.
Action 1 is linked to Rule 1.
Action 2 is linked to Rule 1.

Result When Record A is saved and Rule 1 is true, two notifications are
sent (one for Action 1 and one for Action 2).

Example 3

Scenario New Record A is added.

Action 1 is a Generate Notification action with its frequency set
to Instantly.
Action 1 is linked to Rule 1.
Action 1 is linked to Rule 2.

Result When Record A is saved and both Rule 1 and Rule 2 are true,
only one notification is sent because both rules are linked to the
same Generate Notification action (Action 1).

46 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Create a Generate Notification Action

You can create a Generate Notification action that delivers alert emails to select
users when a record is added or updated. It can also send reminder emails based on
date values. Recipients cannot opt out of receiving these emails.
To set up a notification that users can elect to unsubscribe, use the Notifications
feature instead.

Before You Begin

Review Special Considerations - Generate Notification.

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. Click Add New and do one of the following:
l To use the settings of an existing action as a starting point for the new action,
select Copy an existing Action and select the existing action from the list.
l To select new settings for the action, select Create a new Action from
scratch.
3. Under Available Action Types, select Generate Notification.
4. If the application has multiple levels, in the Add New Action dialog box, select
the appropriate level for the action and click OK.
The Manage Action page is displayed. This page is made up of three tabs, the
General tab, the Content tab and the Delivery tab. The General tab is displayed.

Next Steps
Update the General Properties of a Generate Notification Action

Chapter 3: Actions 47
 RSA Archer GRC Platform Data Driven Events

Update the General Properties of a Generate Notification Action

You can update the general properties of a Generate Notification action.

Before You Begin

Create a Generate Notification Action

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. Do one of the following:
l For a new Generate Notification action, go to the next step.
l For an existing Generate Notification action, in the Action Library section,
click the action that you want to modify.
The Manage Action page is displayed at the General tab.
3. Complete the General Information section:
a. In the Name field, enter a name for the action.
b. In the Status field, select Active. To prevent anyone from using this rule
before you are ready, select Inactive.
c. In the Description field, enter a brief description.
This description is helpful later when you need to choose an action from a
list to associate with a rule.
4. Click Apply.

Next Steps
Define the Layout of a Generate Notification Action

48 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Define the Layout for the Generate Notification Action

You can choose the letterhead to display on a notification, as well as define its page
layout.

Before You Begin

Create a Generate Notification Action

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. Do one of the following:
l For a new Generate Notification action, go to the next step.
l For an existing Generate Notification action, in the Action Library section,
click the action that you want to modify.
The Manage Action page is displayed at the General tab.
3. In the Template Design section, in the Letterhead field, select the letterhead
for the notification.

4. In the Body Layout field, click to open the Body Layouts dialog box.
5. Select the applicable layout and click OK.
The preview displayed in the Preview field is updated based on your selection.
6. Click Apply.

Next Steps
Select the Content for the Generate Notification Action

Chapter 3: Actions 49
 RSA Archer GRC Platform Data Driven Events

Select the Content for the Generate Notification Action

You can define the content of a Generate Notification action, using both static and
dynamic content. Static content is text that remains the same for every notification,
while dynamic content is content that changes based on the unique parameters.

Before You Begin

l Create a Generate Notification Action
l Define the Layout of a Generate Notification Action

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. Do one of the following:
l For a new Generate Notification action, go to the next step.
l For an existing Generate Notification action, in the Action Library section,
click the action that you want to modify.
The Manage Action page is displayed at the General tab.
3. Click the Content tab.
4. In the Template Design section, in the Subject field, enter the text that you
want to display in the email subject line.
You can also include fields (but not reports or links) in the subject line as
dynamic information. To enter a field, place your cursor in the desired location,
click the Select a Field arrow and select the appropriate field from the list.

Note: You cannot include the following fields in the subject line: Attachment,
Cross-Application Status Tracking, Image, Record Permissions, Risk
Assessment, Sub-Form, Questionnaire Reference, Access History, and History
Log.

50 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

5. In the Body fields, enter the text that you want to display in the body of the
message.
You can use the options in the Rich Text Editor toolbar to modify the
appearance of the text. You can also include fields, reports, and links in the
body. To enter this type of dynamic information, place your cursor in the desired
location, select information from the Select a Field list, the Select a Report list,
or the Select a Link list and insert it into the body.
6. Click Apply.

Next Steps
Define the Email Properties of a Generate Notification Action

Define the Email Properties of a Generate Notification Action

You can define the From address for the notification and enter an alias for the
address. You can also select the importance of the email and determine whether to
enable read-receipt functionality.

Before You Begin

Create a Generate Notification Action

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
The Actions tab enables you to manage the actions associated with the event.
2. Do one of the following:
l For a new Generate Notification action, go to the next step.
l For an existing Generate Notification action, click the action that you want to
modify in the Action Library section.
The Manage Action page is displayed at the General tab.

Chapter 3: Actions 51
 RSA Archer GRC Platform Data Driven Events

3. Click the Delivery tab.

4. Complete the Email Properties section:
a. In the From Address field, enter the "From" address .
b. In the From Alias field, enter the appropriate alias.
c. In the Importance field, select the importance level.
d. In the Read Receipt field, select either to enable or disable return receipts.
5. Click Apply.

Next Steps
Configure the Delivery Schedule of a Generate Notification Action

Configure the Delivery Schedule of a Generate Notification Action

You can configure the frequency and the delivery schedule of the Generate
Notification action. Options include instant, daily, weekly, monthly, quarterly and
reminder. For all frequency options except instantly and reminder, users receive one
email per selected interval that contains all records that meet the notification
criteria during the selected frequency period.

Before You Begin

Create a Generate Notification Action

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. In the Action Library section, click the action that you want to modify.
The Manage Action page is displayed.

52 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

3. Click the Delivery tab.

4. In the Delivery Schedule section, from the Frequency list, select the desired
frequency.
Additional fields may be displayed depending on the frequency selected,
enabling you to specify the specific time to send the notification.
5. Complete any additional fields in the Delivery Schedule section.
6. If you selected Reminder, the Interval grid is displayed with the following
fields. Click Add New to add criteria to these fields.

Field Action

Field Select from a list of Date fields from the application.

Operator Select Equals, Does Not Equal, Less Than, or Greater Than.

Days Enter a number of days.

Occurrence This field is auto-generated and read-only based on your criteria

selections.

Target Select either After Date or Before Date.

Actions Click to remove the criteria for that row from the reminder.

7. Click Apply.

Next Steps
Select Recipients for the Generate Notification Action

Select Recipients for the Generate Notification Action

You can determine who will receive email messages generated by this Generate
Notification action. You can select to send the notification to a static listing of users
and groups, or select to dynamically determine the recipients based on the values of
User/Groups List and Record Permission fields or an email address stored within a
field. Recipients cannot unsubscribe from notifications generated by this action.

Before You Begin

Create a Generate Notification Action

Chapter 3: Actions 53
 RSA Archer GRC Platform Data Driven Events

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
e. Click the Actions tab.
2. Do one of the following:
l For a new Generate Notification action, go to the next step.
l For an existing Generate Notification action, in the Action Library section,
click the action that you want to modify.
The Manage Action page is displayed at the General tab.
3. Click the Delivery tab.
4. In the Recipients section, select the users to receive the notifications:
a. Under Available, use the Find box to find user names.
b. Click the name to copy it to the Selected area.
You can also select Groups or Fields to dynamically determine the
recipients.
c. Verify that the names, groups, or fields listed under Selected are your
intended recipients.
Recipients cannot unsubscribe from notifications generated by the Generate
Notification action.
5. Click Save.

Set Date Action

The Set Date action enables administrators to specify a value for a Date field based
on the state of the record. This value can then be overridden by the end user.

54 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

Important: When a data driven event includes a rule with a Set Date action and is
used in a questionnaire, the Review Date and Submit Date must be included in the
General section of the questionnaire. By default, these fields are included in this
section.

The following table describes the Set Date options.

Option Description

Current Date Sets the Date field to the current date (and time to 12:00
A.M., if enabled).

Set to Number of Days Sets the Date field to the current date plus the specified
from Current Date number of days from the current date (and time to 12:00
A.M., if enabled).

Set to Specific Date Sets the Date field to the date specified (and time, if
enabled).

Set to Date Field to Removes any value currently set in the Date field.
Blank

Conflict Resolution - Set Date

If multiple Set Date actions targeting the same Date field are linked to different
rules that are true at the same time, only the Set Date action linked to the rule with
the highest ranking in the rule order is applied.

Example

Scenario Field B is a Date field.

Action 1 is a Set Date action that sets the date to the Current
Date.
Action 2 is a Set Date action that sets the date to 1/15/2012.
Action 1 is linked to Rule 1.
Action 2 is linked to Rule 2.
Rule 1 is ranked higher than Rule 2.

Result When both Rule 1 and Rule 2 are true at the same time, Field
B is automatically set to the Current Date.

Special Considerations - Set Date

A calculated field cannot be the target of a Set Date action. If a Set Date action is
defined and the target Date field is later changed to a calculated field, the Set Date
action is deleted.

Chapter 3: Actions 55
 RSA Archer GRC Platform Data Driven Events

If a date field that is the target of a Set Date action is deleted, the Set Date action
is also deleted.
A rule cannot have multiple Set Date actions linked to it that target the same Date
field.
A Set Date action replaces any current value specified in the field.

Example

Scenario Field A is a Date field with the date of 12/25/2011.

Action 1 is a Set Date action that sets the date to 1/15/2012.
Action 1 is linked to Rule 1.

Result When Rule 1 is true, Field A is automatically set to a value of

1/15/2012.

Create a Set Date Action

You can create a Set Date action that changes the value displayed in a Date field.
You can set the value to the current date, to a number of days from the current date,
to a specific date or set the field to blank. If the Date field is configured to include
date and time, you can set the date, time and time zone.
You cannot link more than one Set Date action for the same Date field in the same
rule. If a rule set has multiple Set Date actions for the same Date field, only the
first Set Date action is executed.

Before You Begin

Review the following:
l Special Considerations - Set Date
l Conflict Resolution - Set Date

Procedure
1. Navigate to the Manage Applications page:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
2. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to it.

3. Click the Events tab.

4. Click the Actions tab.

56 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

5. Click Add New.

6. Do one of the following
l To use the settings of an existing action as a starting point for your new
action, select Copy an existing Action and select the existing action from
the list.
l To select new settings for an action, select Create a new Action from
scratch.
7. Under Available Action Types, select Set Date.
8. If the application has multiple levels, in the Add New Action dialog box, select
the appropriate level for the action.
9. Click OK.
The Manage Action page displays.
10. Complete the General Information section:
a. In the Name field, enter a name for the action .
b. To prevent anyone from using this action, in the Status field, select
Inactive. Otherwise, select Active.
c. In the Description field, enter a brief description.
This description is helpful later when you need to choose an action from a
list to associate with a rule.
11. In the Date Selection section, from the Field list, select the field that you want
to modify.

Note: This field cannot be a calculated field.

12. From the Date Option list, select the date that you want to insert based on the
following options.

Option Action

Current Date Today's date is displayed.

Set to Number of Days In the Future Days field that displays, specify the
from Current Date appropriate number of days in this field.

Set to Specific Date In the Specific Date field that displays, specify the
appropriate date.
If the field is configured for date and time, additional
fields display. Specify the time, if applicable.

Set Date Field to Blank If that field is a required field, the system will prompt the
user to insert a date.

Chapter 3: Actions 57
 RSA Archer GRC Platform Data Driven Events

13. In the Associated Rules section, verify that the appropriate rule or rules are
associated with this action.
The relationship between rules and actions are specified on the Rules tab. For
more information, see Link Actions to a Rule.
14. Click Save.

Set Values List Selection Action

The Set Values List Selection action enables administrators to specify one or more
values for a Values List field based on the state of the record. This value can then
be overridden by the end user.

Example

Scenario Field A is a Values List field with available values of Yes, No,
and N/A.
Action 1 is a Set Values List Selection action that sets the value
to Yes.
Action 1 is linked to Rule 1.

Result When Rule 1 is true, Field A is automatically set to a value of

Yes.

Conflict Resolution - Set Values List Selection

If multiple Set Values List Selection actions are linked to the same rule targeting
the same Values List field, the first action replaces the initial setting of the field,
and subsequent actions are cumulative.

Example 1

Scenario Field D is a Values List field with available values of Reason 1,

Reason 2, Reason 3, Reason 4, and Reason 5.
Field D currently has a value of Reason 1.
Action 1 is a Set Values List Selection action that sets the value
of Reason 2.
Action 2 is a Set Values List Selection action that sets the values
of Reason 3 and Reason 4.
Action 3 is a Set Values List Selection action that sets the value
of Reason 5.
Action 1, Action 2, and Action 3 are linked to Rule 1.

Result When Rule 1 is true, Field D is automatically set to the values of

Reason 2, Reason 3, Reason 4, and Reason 5.

58 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

If multiple Set Values List Selection actions targeting the same Values List field
are linked to different rules that are true at the same time, only the Set Values List
Selection action linked to the rule with the highest ranking in the rule order is set.

Example 2

Scenario Field E is a Values List field with available values of Value 1,

Value 2, and Value 3.
Action 1 is a Set Values List Selection action that sets the value
of Value 1.
Action 2 is a Set Values List Selection action that sets the value
of Value 2.
Action 1 is linked to Rule 1.
Action 2 is linked to Rule 2.
Rule 1 is ranked higher than Rule 2.

Result When both Rule 1 and Rule 2 are true at the same time, Field E is
automatically set to Value 1.

Special Considerations - Set Values List Selection

A Set Values List Selection action cannot set No Selection as a value.
A calculated field cannot be the target of a Set Values List Selection action. If a
Set Values List Selection action is specified, and the target Values List field is
changed later to a calculated field, the Set Values List Selection action is deleted.
A rule cannot set less than the minimum selections specified for the field. If a rule
has a Set Values List Selection action linked to it that sets 1 field value, but the
Minimum Selections setting of the field is specified as 2, the rule cannot be saved.
The existing Set Values List Selection action must be modified to set a second
value, or a second Set Values List Selection action that sets an additional value
must be linked to the rule.

Note: Changing the Minimum Selections and Maximum Selections fields after a
rule is defined does affect the validity of the Set Values List Selection action.
These fields can be changed and then saved without appearing to be in conflict with
the action values specified. You must make certain that all action values match the
defined parameters of the rule.

If a values list field that is the target of a Set Values List Selection action is
deleted, the Set Values List Selection action is also deleted.
If a Value Lists value is selected in a Set Values List Selection action and is
deleted, that value is removed from the Set Values List Selection action. If that
value is the only value selected in the action, the field is also deleted from the Set
Values List Selection action.

Chapter 3: Actions 59
 RSA Archer GRC Platform Data Driven Events

A Set Values List Selection action replaces any current value selected in a field.

Example

Scenario Field C is a Values List field with available the values of

Rejected, Approved, and In Process.
Field C is currently set to In Process.
Action 1 is a Set Values List Selection action that sets the value
of Approved.
Action 1 is linked to Rule 1.

Result When Rule is true, Field C is automatically set to the value of

Approved.

Create a Set Values List Selection Action

You can create a Set Values List Selection action that selects one or more specific
values within a Values List field. This action changes the default value in the field.
This value can be edited by the user if needed. For example, if a Values List field
has the options Yes, No, and N/A, you can create a Set Values List Selection
action to automatically set the value in the field to Yes.
If multiple Set Values List Selection actions linked to the same rule affect the same
Values List field, they have a cumulative effect. For example, if one action sets the
value to Red and a subsequent action in the same rule sets the value to Blue, the
final value is Red and Blue.

Before You Begin

Review the following:
l Special Considerations - Set Values List Selection
l Conflict Resolution - Set Values List Selection

Procedure
1. Navigate to the Manage Applications page:
a. Click the Administration workspace.
b. On the Navigation Menu, select Application Builder > Manage
Applications.
2. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to it.

3. Click the Events tab.

4. Click the Actions tab.

60 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

5. Click Add New.

6. Do one of the following
l To use the settings of an existing action as a starting point for your new
action, select Copy an existing Action and select the existing action from
the list.
l To select new settings for an action, select Create a new Action from
scratch.
7. Under Available Action Types, select Set Values List Selection.
8. If the application has multiple levels, in the Add New Action dialog box, select
the appropriate level for the action.
9. Click OK.
The Manage Action page is displayed.
10. Complete the General Information section:
a. In the Name field, enter a name for the action.
b. To prevent anyone from using this action, in the Status field, select
Inactive. Otherwise, select Active.
c. In the Description field, enter a brief description.
This description is helpful later when you need to choose an action from a
list to associate with a rule.
11. In the Values List Selection section, from the Field list, select the field that
you want to modify.

Note: You can only select a Values List field, and you cannot select a
Calculated Values List field.

12. Click in the Value(s) field to select the value or values that you want
displayed for selection.
13. In the Associated Rules section, verify that the appropriate rule or rules are
associated with this action.
The relationship between rules and actions are specified on the Rules tab. For
more information, see Link Actions to a Rule.
14. Click Save.

Remove an Action from a Rule

You can disassociate an action from a rule without deleting the action.
To delete an action, see Delete an Action.

Chapter 3: Actions 61
 RSA Archer GRC Platform Data Driven Events

Procedure
1. Navigate to the Events tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.
d. Click the Events tab.
2. Click the rule that you want to update.
The Manage Rule page is displayed.

3. In the Linked Actions section, click next to the action that you want to
disassociate from the rule.
4. Click Apply.

Delete an Action
If you no longer need an action, you can delete it from the system. Deleting an
action removes it from the Action Library and disassociates it from any rules to
which it is linked.
To disassociate an action from a rule without deleting the action, see Remove an
Action from a Rule.

Procedure
1. Navigate to the Actions tab:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Select the application that you want to update.

Note: If you cannot select the application, you do not have Edit privileges to
it.

The Manage Application page is displayed for that application. This page
enables you to configure the properties for the selected application.

62 Chapter 3: Actions
 RSA Archer GRC Platform Data Driven Events

d. Click the Events tab.

e. Click the Actions tab.
2. Click the row of the action that you want to delete.

3. Click for that action.

A Warning dialog box opens listing any rules associated with the action.
4. Click OK.
5. Click Apply.

Chapter 3: Actions 63
 RSA Archer GRC Platform Data Driven Events

Chapter 4: Troubleshooting

Recommended Practices for Rules and Actions

The following guidelines are intended to help you implement the new functionality
of data driven events. Keep these guidelines in mind when defining data drive event
(DDE) rules and actions.
l A default display action to show sections is not required. By default, all layout
objects are shown. The only time that you need to explicitly show a layout object
is when another ACL action needs to be overridden.
l RSA Archer does not recommend using rules with the Changed operator in ACL
or Filter Values List Items actions. The action is inconsistent from one save to
another because the rule is true before the save and false after. For additional
information on changed operators, see Changed Operators.
l Do not associate rules evaluating only calculated fields with the Set Date or Set
Values List Selection actions. This action type is never executed because
calculations are not updated until after these actions are executed. These actions
require a triggering field to be included in the rule linked with the action.
l Do not associate rules with calculated fields and Changed Operators with
actions other than Generate Notification actions. These rules will never be true
at that time because calculations are not evaluated until after the actions are
executed.

Workarounds for Differences Between Versions

The following list provides workarounds for fields affected by set and filter actions:

Note: Set actions are Set Date and Set Values List Selection. The filter action is
Filter Values List Items. Off-layout refers to the fields that are available for
selection but are not included in a section layout.

l If set and filter actions are executed though updates or inserts performed by data
feed or data import:
o Include those fields previously set by the actions in the source data.
o If the affected fields do not require a user to modify them, change the fields
affected by the set actions to be calculated fields.

l If set and filter actions are executed on off-layout fields:

o Add the fields affected by the action to the layout. If the fields should be
hidden, create an ACL action that hides the fields, and link the ACL action to

Chapter 4: Troubleshooting 65
 RSA Archer GRC Platform Data Driven Events

a rule that always evaluates to true. If multiple fields are affected, create a
section, place the fields in that section, and set the section to be hidden in the
ACL action.
o If the affected fields do not require a user to modify them, change the fields
affected by the set actions to be calculated fields.

l If set and filter actions are executed on fields that are private to users modifying
the record:
o If the field permissions prevent users from making their own selections, make
the field public and create an ACL action that makes the field read-only or
hidden. Make certain the field is on the layout.

Note: ACL actions do not affect interactions with fields anywhere else
besides View/Edit. If a user did not previously have rights to a field and the
field is made public, the user can now see the field in search results even
though the field is hidden in the View/Edit mode by the ACL action.

o If the affected fields do not require a user to modify them, change the fields
affected by the set actions to be calculated fields.

Event Analyzer
The Event Analyzer provides a real-time view of rule evaluations and actions that
are applied as a result of user interaction with the content edit page. The analyzer is
only available for applications and questionnaires that have valid configured Data
Driven Events (DDEs).
The analyzer only captures browser-executed actions. It will not analyze Generate
Notification actions. The initial state of the content or server evaluation or
processing is not logged to the console window.
Administrators can use the Event Analyzer to validate the actions against the
conditions of DDE rules in real time. If a problem is detected, the administrator can
make the necessary modifications to the DDE and validate the rule again until the
expected results are achieved.
Any change a user makes to the content that triggers a rule to be evaluated is
logged to the analyzer console window.
The information logged to the analyzer console window includes:
l Any rule that was evaluated.
l The true or false result of each individual filter condition in the rule.
l Any corresponding actions that were applied as a result of the overall rule
evaluating to true.

66 Chapter 4: Troubleshooting
 RSA Archer GRC Platform Data Driven Events

Troubleshoot Data Driven Events

You can use the Event Analyzer to troubleshoot data driven events in an
application. The Event Analyzer dialog box shows a real-time summary of the rules
and actions in an application and how the conditions are evaluated.
You can change the values displayed in an application and see, in real time, how
the rules are evaluated and which actions are executed. See Event Analyzer.

Procedure
1. Open the application that contains the data driven events that you want to
troubleshoot.
2. Display a record in Edit mode.
3. Press CTRL+ALT and click the mouse button.
The Event Analyzer dialog box opens.
4. Click Enable to start monitoring data driven event activity.
5. Interact with the record to execute any data driven events within the application.
The Event Analyzer dialog box shows the following information:
l Rules evaluated
l Conditions evaluated (true or false)
l Actions executed
6. Click Clear at any time to reset the information displayed in the dialog box.
7. When finished, click Disable in the Event Analyzer dialog box.
You can also close the record to automatically disable the monitoring process.

Chapter 4: Troubleshooting 67
RSA Archer GRC Platform 5.4
Data Feed Manager
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Data Feed Manager

Contents

Preface 9
About this Guide 9
Use Cases 9
Product Documentation 10
Support and Service 11
Chapter 1: About Data Feeds 13
Data Feed Manager Capabilities 13
Data Feed Service Architecture 13
Data Transport 14
Record Iteration 15
Field-Level Data Manipulation 15
Field Mapping 16
Scheduling 16
Data Persistence 17
Integration Options 17
Data Feed Manager Tabs 18
Integration Exchange 19
Chapter 2: Managing Archer-to-Archer Data Feeds 21
Archer-to-Archer Data Feed 21
Add a New Data Feed Record 22
Manage the General Properties of a Data Feed 22
Define the Archer Web Services Transporter 25
Filename Tokens 30
Determining the Navigation Method 31
Data Navigation Methods 32
Define an XML File 33
Defining Source Data 34
Define the Source Data 35
Schema Sources 38
Apply a Calculation 39
Functions and Operators for Calculated Field Formulas 40
Perform a Lookup Translation 42
Incorporate Static Text 44
Define Data Filters 45
Advanced Operator Logic 46
Define Data Tokens 48
Data Tokens 50
Defining Data Mapping Activities 50
Map Data 51
Field Population Options 53
Define Key Fields 53
Set Update and Archive Options 56
Define a Schedule for the Data Feed 59

3
 RSA Archer GRC Platform Data Feed Manager

Chapter 3: Managing Database Query Data Feeds 61

Database Query Data Feed 61
Add a New Data Feed Record 61
Manage the General Properties of a Data Feed 62
Define a Database Query Transporter 63
Filename Tokens 65
Determining the Navigation Method 66
Data Navigation Methods 66
Defining Source Data 67
Define the Source Data 68
Apply a Calculation 71
Perform a Lookup Translation 72
Incorporate Static Text 74
Define Data Filters 75
Define Data Tokens 77
Data Tokens 78
Defining Data Mapping Activites 79
Map Data 79
Define Key Fields 81
Set Update and Archive Options 84
Define a Schedule for the Data Feed 86
Chapter 4: Managing File Data Feeds 89
File Data Feed 89
Add a New Data Feed Record 89
Manage the General Properties of a Data Feed 90
Define a File Transporter 93
Filename Tokens 95
Determining the Navigation Method 96
Data Navigation Methods 97
Define Delimited Files 98
Define an XML File 99
Defining Source Data 100
Define the Source Data 101
Apply a Calculation 104
Perform a Lookup Translation 105
Incorporate Static Text 107
Define Data Filters 108
Define Data Tokens 110
Data Tokens 111
Defining Data Mapping Activites 112
Map Data 112
Define Key Fields 114
Set Update and Archive Options 117
Define a Schedule for the Data Feed 119
Chapter 5: Managing FTP Data Feeds 121
FTP Data Feed 121
Add a New Data Feed Record 121
Manage the General Properties of a Data Feed 122
Define an FTP Transporter 125

4
RSA Archer GRC Platform Data Feed Manager

Filename Tokens 127

Determining the Navigation Method 128
Data Navigation Methods 129
Define Delimited Files 130
Define an XML File 131
Defining Source Data 132
Define the Source Data 133
Schema Sources 136
Apply a Calculation 137
Perform a Lookup Translation 138
Incorporate Static Text 140
Define Data Filters 141
Define Data Tokens 143
Data Tokens 144
Defining Data Mapping Activities 145
Map Data 145
Define Key Fields 147
Set Update and Archive Options 150
Define the Schedule for the Data Feed 152
Chapter 6: Managing HTTP Data Feeds 155
HTTP Data Feed 155
Add a New Data Feed Record 155
Manage the General Properties of a Data Feed 156
Define an HTTP Transporter 159
Filename Tokens 162
Determining the Navigation Method 163
Data Navigation Methods 164
Define Delimited Files 164
Define an XML File 165
Defining Source Data 166
Define the Source Data 167
Schema Sources 170
Apply a Calculation 171
Perform a Lookup Translation 172
Incorporate Static Text 174
Define Data Filters 175
Define Data Tokens 177
Data Tokens 178
Defining Data Mapping Activities 179
Map Data 179
Define Key Fields 181
Set Update and Archive Options 184
Define the Schedule for the Data Feed 186
Chapter 7: Managing Mail Monitor Data Feeds 189
Mail Monitor Data Feed 189
Add a New Data Feed Record 189
Manage the General Properties of a Data Feed 190
Define a Mail Monitor Transporter 193
Filename Tokens 195

5
 RSA Archer GRC Platform Data Feed Manager

Determining the Navigation Method 196

Data Navigation Methods 196
Define an XML File 197
Defining Source Data 198
Define the Source Data 199
Schema Sources 202
Schema Sources 203
Apply a Calculation 204
Perform a Lookup Translation 205
Incorporate Static Text 207
Define Data Filters 208
Define Data Tokens 210
Data Tokens 211
Defining Data Mapping Activities 212
Map Data 212
Define Key Fields 214
Set Update and Archive Options 217
Define a Schedule for the Data Feed 219
Chapter 8: Managing RSS Data Feeds 221
RSS Data Feed 221
Add a New Data Feed Record 221
Manage the General Properties of a Data Feed 222
Define an RSS Transporter 225
Filename Tokens 226
Determining the Navigation Method 227
Data Navigation Methods 228
Define an XML File 229
Defining Source Data 230
Define the Source Data 231
Schema Sources 234
Apply a Calculation 235
Perform a Lookup Translation 236
Incorporate Static Text 238
Define Data Filters 239
Define Data Tokens 241
Data Tokens 242
Defining Data Mapping Activities 243
Map Data 243
Define Key Fields 245
Set Update and Archive Options 248
Define a Schedule for the Data Feed 250
Chapter 9: Managing Threat Data Feeds 253
Threat Data Feed 253
Prerequisites 253
Threat Feed Configuration 254
Manage the General Properties of a Data Feed 258
Define a Threat Feed Transporter 261
Filename Tokens 263
Determining the Navigation Method 264

6
RSA Archer GRC Platform Data Feed Manager

Data Navigation Methods 265

Define an XML File 266
Defining Source Data 267
Define the Source Data 268
Schema Sources 271
Apply a Calculation 272
Functions and Operators for Calculated Field Formulas 273
Perform a Lookup Translation 275
Incorporate Static Text 277
Define Data Filters 278
Advanced Operator Logic 279
Define Data Tokens 281
Data Tokens 283
Defining Data Mapping Activities 283
Map Data 284
Field Population Options 286
Define Key Fields 286
Set Update and Archive Options 289
Define a Schedule for the Data Feed 292
Activate a Threat Feed 293
Chapter 10: Managing Additional Tasks 295
Additional Data Feed Tasks 295
Import a Data Feed 295
Run Data Feed Now 296
Generate the Run Detail Report 296
View the Execution History of a Data Feed 297

7
 RSA Archer GRC Platform Data Feed Manager

Preface

About this Guide

The Data Feed Manager provides the ability to build and configure dynamic
integrations with external enterprise systems and files. Using the Data Feed
Manager, you can build a transport path between the Platform and an external
source and then map the data from that source to an existing target application or
questionnaire in the Platform. You also can configure the data feed to run on a set
schedule. After the initial configuration, the data feed executes automatically with
no need for you to intervene.
Because the Platform is vendor neutral and content independent, you can use the
Platform as a point of consolidation for enterprise data of any type, supporting
analysis, and process management. With a centralized view of data from point
solutions, databases, spreadsheets, and other sources, you more easily can access
content that is relevant to your job functions, and data can be repurposed to support
a variety of business processes.
Two types of data feeds are available:
l Standard. Brings data from an external source into an application or
questionnaire.
l Transport Only. Locates a separate data file that contains additional
instructions for launching subsequent, standard data feeds. With this data feed
type, the data feed only completes the Transporter and Navigation activities. The
Source Definition and Field Mapping activities are not allowed. Processing of
the data feed does not attempt to process the data.

Use Cases
Examples of data that you can integrate using the Data Feed Manager include:
l Network and asset discovery data
l Vulnerability scan results
l Performance scorecards
l Incident reports
l Audit results and recommendations

The Data Feed Manager supports the definition of the following data feed types:
l Archer-to-Archer
l Database Query
l FTP

Preface 9
 RSA Archer GRC Platform Data Feed Manager

l HTTP
l Mail Monitor
l RSS
l Threat

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

10 Preface
 RSA Archer GRC Platform Data Feed Manager

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 11
 RSA Archer GRC Platform Data Feed Manager

Chapter 1: About Data Feeds

Data Feed Manager Capabilities

The following table describes the key capabilities of the Data Feed Manager.

Capability Description

Data transport and mapping The Data Feed Manager enables you to define the path
to your external data source and map incoming data to
applications or questionnaires within the Platform.
You can modify these settings at any time.

Data filtering and manipulation To ensure that only relevant information is pulled into
your Platform environment, the Data Feed Manager
supports value-based filtering of inbound data. You
can also modify incoming data with user-specified
calculations to ensure that it maps correctly to
Platform applications or questionnaires.

Auto-scheduling Through the Data Feed Manager, you can define set
schedules for individual data feeds.

Pre-built configurations The Data Feed Manager offers prebuilt configurations

for capturing data from XML, delimited file types, and
databases. You can tailor these configurations to your
needs.

Data Feed Service Architecture

The Data Feed Manager offers Platform administrators platform-independent data
integration functionality capable of managing multiple in-bound data feeds that
operate on a scheduled basis. Built on extensible integration architecture, the Data
Feed Manager allows you to centralize data within the Platform, unifying and
correlating critical business data regardless of its source location.
Configuration of individual feeds is accomplished using a graphical interface, which
allows non-technical users to extend the Platform to import data from external
sources. Configuration information is persisted and may be published for popular
data formats, including the retrieval and mapping of data from commercial products,
data publication services, and similar sources.
The underlying system for the Data Feed Manager is the Data Feed Service (DFS).
The DFS architecture is structured to accommodate future extensions and
capabilities.

Chapter 1: About Data Feeds 13

 RSA Archer GRC Platform Data Feed Manager

The architecture divides into the following functional areas:

l Data Transport
l Record Iteration
l Field-Level Data Manipulation
l Field Mapping
l Scheduling
l Data Persistence

Data Transport
The Data Feed Service (DFS) architecture accommodates the definition of various
data retrieval mechanisms. The following table describes the out-of-the-box
transporters.

Transporter Description

Archer Web Services Accesses the Web Services API and retrieves data from an
instance of the Platform. This transporter is used in Archer-to
Archer data feeds.

Database Query Returns results using an SQL query.

DeepSight 2.0 Uses the v2 Symantec web service to retrieve malicious code
and vulnerabilities threat feed data.

Note: This transporter is deprecated by Symantec and will

soon become unusable. For DeepSight v4 data feeds that are
available on the RSA Archer Exchange, use the DeepSight 4.0
transporter.

DeepSight 4.0 Uses the v4 Symantec web service to retrieve security risk and
vulnerability SCAP data feeds.

File Based Retrieves delimited data files, including support for multi-file
manifests.

FTP Retrieves data files using the FTP protocol.

HTTP Executes a GET or POST to retrieve data from an HTTP or

HTTPS site.

14 Chapter 1: About Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Transporter Description

iDefense Retrieves malicious code, vulnerabilities, and geopolitical

threat feed data.

Mail Monitor Retrieves content from monitored email accounts.

RSS Retrieves records from a configured RSS feed.

Record Iteration
After data retrieval, the Data Feed Manager provides mechanisms to iterate
individual records. Iteration methods are associated with data transport types,
providing end users a list of relevant iterators:
Data transform capabilities are integrated into this mechanism for certain types, as
well as supporting processes such as XSLT translation of retrieved XML document
data.
Finally, a data filtering capability is integrated directly into the iteration process,
allowing for value-based filtering of inbound data items.

Field-Level Data Manipulation

To facilitate the normalization of inbound data, the Data Feed Manager supports
several data manipulation functions. You can use these function when identifying
source fields that are included in the data feed.
The following table describes the available options.

Option Description

Calculated Field Allows for the specification of Microsoft Excel-like functions

that derive a final value from a specified calculation statement.
The calculation logic is consistent between the Data Feed
Manager and the Platform.

Lookup Translation Allows inbound data to be reconciled with a normalized set of

values stored in a Platform application, which allows the
system to use a data value stored in an existing application as
the final insert value.

Raw Field Data Instructs the Data Feed Manager to capture field data in a raw,
as-is state, to be populated into the mapped Platform field.

Chapter 1: About Data Feeds 15

 RSA Archer GRC Platform Data Feed Manager

Option Description

Static Text Supports the definition of static insert values for identification
of source data, labeling, or other static identifier purposes.

List Instructs the Data Feed Manager to import the data as a values
list. No transformation or calculations are to be applied to the
data.

Field Mapping
You can map inbound data fields to Platform application fields using a drag-and-
drop interface. The user interface simplifies the mapping process and allows for
rapid visualization of data relationships.

Scheduling
Each defined data feed can be configured to run on a set schedule, facilitating
regular data update processes at appropriate intervals. The following table
describes the scheduling options.

Option Description

Daily Includes a schedule based on the number of days between each data feed
run.

Hourly Includes a schedule based on the number of hours between each data feed
run.

Minutely Includes a schedule based on the number of minutes between each data
feed run.

Weekly Includes a schedule based on the number of weeks between each data
feed run.

Note: Multiple days can be selected for weekly scans.

Monthly Includes a schedule based on the number of months between each data
feed run.
When this option is selected, the Execute On and Weekday Options are
displayed. To schedule a data feed on the first or last day of the month,
select 1st or Last in the Execute On field and Day in the Weekday field.

Reference Includes a schedule based on the successful completion of a dependent

data feed, accommodating data dependency situations.

16 Chapter 1: About Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: When using the Run Data Feed Now option, a data feed can be run
immediately, overriding the set data feed execution schedule.

Data Persistence
The Data Feed Manager supports persistence of data as Platform application data
or group/role information. The Save process incorporates error reporting functions,
allowing the system to aggregate data import failure information for problem
resolution and tracking purposes.
You can review the status history and results of your data feeds using the Data
Feed Execution History page.

Integration Options
The Data Feed Manager is one of several tools that RSA Archer offers to allow
seamless integration of enterprise data systems with the Platform. Another
commonly used tool is the Web Services API, which allows programmatic access
to features within the Platform, such as searching, user management, and data
import and export.
To help you decide whether the Data Feed Manager or the Web Services API is the
appropriate integration tool for your needs, the following table highlights the
characteristics of each tool.

Data Feed Manager Web Services API

Audience Provides technical business Intended for developers with

analysts with an easy to use knowledge of SOAP and Web
interface for performing and Services programming in C#, VB,
managing data integrations. C++, Perl, Java, or other languages.

Key Uses Executing scheduled data l Importing individual records or

imports from the following small batches of data in real time.
sources:
l Extracting data on-demand for
l Databases use in external applications or
processes.
l Third-party solutions
l Interoperating with proprietary
l Proprietary applications
user management or access
l Spreadsheets control systems.
l Searching and reporting.

Chapter 1: About Data Feeds 17

 RSA Archer GRC Platform Data Feed Manager

Data Feed Manager Tabs

The graphical user interface of the Data Feed Manager allows you to execute a
data integration project and to manage data feeds on an ongoing basis without
requiring programming resources.
To help simplify the management of multiple data feeds, the Data Feed Manager
page is divided into tabs. The following table describes the tabs on the Data Feed
Manager page.

Tab Description

General Defines the high-level information for a data feed including:

l Data feed name
l Description
l Target (for example, applications, questionnaires, and leveled
applications)
l User account
l Locale
l Data format

Transport Defines the path to the external source. The Data Feed Manager
can connect to a variety of sources:
l Flat files
l XML files
l Databases
l Mail servers
l RSS feeds
l Threat feeds
l Other Platform applications and questionnaires

Navigation Identifies the structure of the data file and uploads any
transformation files (XSLT), if necessary. The Platform XML
translator is built in. This tab also contains processing
instructions, such as ignore first row or rows of data.

18 Chapter 1: About Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Tab Description

Source Definition Identifies the elements from the source data that will be extracted
by the Data Feed Manager. The source data can be imported "as
is" or can be modified prior to being imported. This tab also
defines filters that review the source data and limits what
information is returned.

Data Map Defines the Platform field where the external data is placed, and
provides instructions for handling the data. This tab also
specifies the unique identifiers (key fields) and contains
configuration instructions for:
l Creating records
l Updating records
l Archiving records
l Deleting records

Schedule Defines the frequency for how often the data feed will run along
with specifying the start time for the data feeds. Data feeds can
execute after the completion of another data feed, which is also
known as a convoy. This tab also provides the capability to
immediately run a data feed.

Integration Exchange
Before you begin a new integration project with the Data Feed Manager, visit the
RSA Archer Exchange on the EMC Community Network. In Exchange Integrations
category, you can review prebuilt integration packages from RSA Archer and third-
party providers such as Qualys, nCircle, and Sendmail.
New integration packages are available regularly, and each package includes the
following items:
l Data feed configuration file
l Target application(s)
l Any supporting files (such as an .xslt file)

When you download an integration package from the RSA Archer Exchange, you
can import the configuration file directly into the Data Feed Manager and, if
necessary, modify the configuration. You can also import the target applications
into the Platform environment and modify the applications through Application
Builder.

Chapter 1: About Data Feeds 19

 RSA Archer GRC Platform Data Feed Manager

Chapter 2: Managing Archer-to-Archer Data Feeds

Archer-to-Archer Data Feed

An Archer-to-Archer data feed provides the ability to pull data from an instance in
the form of an XML query or report-based search. The source data is inserted in its
raw or formatted state back into the same application, a different application, or
even a different instance entirely.
An Archer-to-Archer data feed requires that the search being performed is in the
form of an XML search string or a column-flat formatted report. The user account
running the search in the API must have at least Read access to the report being
used and the application. Record permissions are evaluated, as well, and could limit
the source data retrieved from the application. Report-based data feeds can use
either the report ID or the report GUID during configuration.
For report-based data feeds, create a Global Report and click Apply in the source
application. Ensure that content exists for every field in the source application from
which you want to import data. If a field in the source application is empty, it will
not be available for you to select in the data feed. Note the report GUID to be used
when working with the data feed before closing the report.
Do not run the Archer-to-Archer data feed with the same account that you used to
log on. If you use the same credentials, you will be logged out of your session in the
Platform.
An Archer-to-Archer data feed is established using the Archer Web Services
Transporter. For the data feed to run, the Archer Web Services Transporter must be
configured with the same authentication method as specified in Microsoft IIS on the
web server. The following authentication methods are available:
l Anonymous authentication
l Service Account User
l Windows authentication

Important: If you do not know the Microsoft IIS configuration, contact your system
administrator before continuing.

When working with Archer-to-Archer data feeds, you can perform the following
tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define the Archer Web Services Transporter
4. Determine the Navigation Method

Chapter 2: Managing Archer-to-Archer Data Feeds 21

 RSA Archer GRC Platform Data Feed Manager

5. Define Source Data

6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. In the Manage Data Feed page toolbar, click Add New.
3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.
4. Click OK.
5. In the Name field, enter the name for the data feed.
The data feed name must be unique.
6. Click Save.

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

22 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Perform one of the following tasks: Add a New Data Feed or Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.

Chapter 2: Managing Archer-to-Archer Data Feeds 23

 RSA Archer GRC Platform Data Feed Manager

l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.
d. In Send Notifications, select whether to have the data feed trigger
notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.
l Text field. Contains valid HTML.
l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

24 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

Define the Archer Web Services Transporter

Complete this task to configure a transporter to access the Web Services API and
retrieve data from this instance or another instance of the Platform. An Archer-to-
Archer data feed is established using the Archer Web Services Transporter.
The Archer Web Services Transporter must be configured with the same
authentication method as configured in Microsoft Internet Information Services
(IIS) on the web server. Use the following guidelines when designating the security
credentials:
l If IIS is configured for Anonymous authentication, use the Anonymous/Service
Account User option. When IIS is set to Anonymous authentication, the user
account credentials are not sent with the data feed request.
l If IIS is configured for Windows Integrated authentication, use either
Anonymous/Service Account User or Specific.

Chapter 2: Managing Archer-to-Archer Data Feeds 25

 RSA Archer GRC Platform Data Feed Manager

l If credentials are set to Anonymous/Service Account User, the service

account running the asynchronous job is sent with the data feed request.
l If credentials are set to Specific, the specified Windows account credentials
are sent with the data feed request.

Important: If you do not know the Microsoft IIS configurations, contact your system
administrator before continuing.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select Archer Web Services Transporter.
Important: If you do not know the Microsoft IIS configurations, contact your

26 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

system administrator before continuing.

4. In the Security section, complete the following fields:

Option Description

URL Enter the URL to the Web Services API for the Platform instance.

Use Credentials Based on the authentication method configured in Microsoft IIS,

select the authentication option:
l Anonymous/Service Account User. Use this setting when IIS
is configured as Anonymous authentication or Windows
Integrated authentication.
l When IIS is set to Anonyomous, the user account
credentials are not sent with the data feed request.
l When IIS is set to Windows Integrated, the service account
running the asynchronous job is sent with the data feed
request.
l Specific. Use this setting when IIS is set to Windows
integrated and you want the specified Windows account
credentials to be sent with the data feed requests.
If this option is selected, enter the credentials to the
appropriate domain user account in User Name, Password,
and Domain.

Chapter 2: Managing Archer-to-Archer Data Feeds 27

 RSA Archer GRC Platform Data Feed Manager

5. In the Transport Configuration section, select the Search Type for the data
feed from the following options.

Option Description

Report ID Uses the SearchRecordsByReport API method, which allows

search results to be retrieved by supplying a report ID or
report GUID. The API method returns the search results in the
standard API search results format. For more information on
XML formatting guidelines and samples, see the appendix
“XML Formatting Used in Field Results and Input” in the
RSA Archer Web Services API Reference Guide.

Search XML Uses the ExecuteSearch and RetrieveSearchResultsPage API

methods, which return reports and their associated report
GUIDs. The API methods return XML representing the report
list as a string. Continue with providing the credentials for
the data feed to access the RSA Archer Web Services API
and retrieve data from this or another instance of the Platform.
For more information on the RSA Archer Web Services API,
see the RSA Archer Web Services API Reference Guide.

Statistics Report ID Uses the ExecuteStatisticSearch API method, which allows

searching statistics by report ID or report GUID. The API
method returns a string. The value is an XML string
containing the fields of records matching the statistics search
criteria.

Note: Best practices include using a separate, dedicated user account for each
data feed. Assign maximum rights to run the report and view the data. A user
account for the Archer-to-Archer data feed absorbs a user license. Set the
records per file on report ID to 250.

28 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager
6. Provide the parameters for the data feed according to the selected search type.
Report ID or Statistics Report ID
a. In the Report or Statistics Report
field, enter the report ID or report
GUID.
Note: If you use the report GUID, do
not include the braces. Reports must
be configured with a Column-Flat
display type.
b. To run the report with Windows
credentials, select the Use Windows
Authentication option. Single Sign-
On (SSO) must be configured to use
this option.
c. If the Use Windows Authentication
option is not selected, enter the
credentials of the account that will be
running the report in User Name and
Password.
Note: Use the account that has access
role rights to the search.asmx page.
The account should also be an
application owner with full access
permissions to the content of the
applications. Do not use the same
account that you used to log on.
d. (Optional) In the Domain field, enter
the name of the domain to be searched
against.
e. In the Instance field, enter the name of
the instance to be searched against.
Use the instance name and not the
PIN.
f. In the Records Per File list, set how
many records should be included in
each file.
The default value is 100.
Chapter 2: Managing Archer-to-Archer Data Feeds
Search XML
a. To run the report with Windows
credentials, select the Use
Windows Authentication option.
b. If the Use Windows Authentication
option is not selected, enter the
credentials of the account that will
be running the report in User
Name and Password.
Note: Use the account that has
access role rights to the search.asmx
page. The account should also be
an application owner with full
access permissions to the content of
the applications. Do not use the
same account that you used to log
on.
c. (Optional) In the Domain field,
enter the name of the domain to be
searched against.
d. In the Instance field, enter the
name of the instance to be searched
against.
Use the instance name and not the
PIN.
e. From the Records Per File list, set
how many records should be
included in each file.
The default value is 100.
f. In the Application GUID field,
enter the module ID.
g. In the Configuration String field,
enter the XML search string.
29
 RSA Archer GRC Platform Data Feed Manager

7. If a proxy needs to be used to access the remote site, in the Proxy section,
select whether the data feed must pass through a proxy to access the source
data. Select from the following options.

Option Description

No Proxy Indicates that the data feed does not pass through a proxy.

Use System Proxy Indicates that the Data Feed Service runs the feed with the
proxy configuration that is set up in the Control Panel.

Configure Proxy Indicates that the data feed must pass through a proxy.
Continue with providing the parameters for accessing the
proxy.

8. To perform post-processing on the source file retrieved, in the Post-Processing -

Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete.
In the On Success field, select from the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully completes
and deletes the local copy.

Rename Saves the source file under a new name when the data feed successfully
completes. In Destination File, specify where the file should be saved
and the new name for the file. For information on using filename tokens
when renaming files, see Filename Tokens.

Note: To save the data, the path of the destination file must be
accessible to the account running the Job Engine service.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

30 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

Chapter 2: Managing Archer-to-Archer Data Feeds 31

 RSA Archer GRC Platform Data Feed Manager

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

32 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

Chapter 2: Managing Archer-to-Archer Data Feeds 33

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

34 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation
l Perform a Lookup Translation
l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Chapter 2: Managing Archer-to-Archer Data Feeds 35

 RSA Archer GRC Platform Data Feed Manager

l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

36 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Chapter 2: Managing Archer-to-Archer Data Feeds 37

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

38 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

Chapter 2: Managing Archer-to-Archer Data Feeds 39

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Functions and Operators for Calculated Field Formulas

The Formula Builder provides a library of functions and operators that you can use
to build a formula.
Functions
The Formula Builder for calculated fields offers a library of functions divided into
the categories. By clicking a category, you can see the functions that it contains
along with a description of each function. To view a more detailed function
description that includes syntax requirements, parameter descriptions, and
examples, you can click the desired function. The functions are:
l Date Functions
l Financial Functions
l Logical Functions
l Math Functions
l Statistics Functions
l System Functions
l Text Functions

Operators
The Formula Builder also offers a library of operators divided into categories. By
clicking a category, you can see the operators that it contains along with a
description of each operator.

40 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Arithmetic:

Operator Description

+ Addition (3 + 3)

- Subtraction (5 - 2)
Negation (-4)

* Multiplication (2 * 3)

/ Division (3 / 2)

^ Exponentiation (3 ^ 2)

Comparison:

Operator Description

= Equal to (3 = 3)

> Greater than (3 > 2)

< Less than (2 < 3)

>= Greater than or equal to

(3 >= 3)

<= Less than or equal to (3

<= 3)

<> Not equal to (3 <> 2)

Text Concatenation:

Operator Description

& Concatenate, or join, two

or more text strings to
produce a single piece of
text, for example, "text"
& "string".

Chapter 2: Managing Archer-to-Archer Data Feeds 41

 RSA Archer GRC Platform Data Feed Manager

Note: If a field included in an addition, subtraction, multiplication, division or

comparison operation is empty or null, the value "0" (zero) is used for the field
value. The following formula is an exception to this rule:

IF([Sample Field] = 0, "TRUE","FALSE")

In this formula, the Sample Field is not populated with the value "0" if the field is
empty or null. Instead, this formula returns FALSE when the Sample Field is empty
or null.

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

42 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.

Chapter 2: Managing Archer-to-Archer Data Feeds 43

 RSA Archer GRC Platform Data Feed Manager

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .

44 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

The Static Text Editor dialog box opens.

5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

Chapter 2: Managing Archer-to-Archer Data Feeds 45

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

Advanced Operator Logic

When creating filters, you can use custom operator logic to form relationships
between the individual filters. By default, multiple conditions are related with the
AND operator, as are multiple actions. However, by creating custom operator
logic, you can also use the OR and NOT operators, as well as parenthetical
groupings. Operator logic statements are evaluated left to right with parenthetical
groupings evaluated first. By using advanced operator logic with your filters, you
can eliminate extraneous data that may be imported with your data feed or included
in your search results.
You enter the custom operator logics in the Advanced operator logic field.

46 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: Custom operator logic must validate before you can save or apply
changes to your data filter. If your custom operator logic does not validate, you are
prompted with an "Invalid Operator Logic" error message.

Examples
Single operator. Suppose you are importing assets from an external source into the
Assets application. You want to import assets from your external file only if they
are labeled as being in a production environment or if they are customer impacting.
To set up this process, you define data filters to evaluate both the System
Environment and Security Class elements in your external data file for the desired
values. Without using operator logic, your conditions are related with the AND
operator, and the data feed imports items that are both in a production environment
AND have a high security class. By using operator logic with the OR operator, you
achieve the desired result: Assets that are in a production environment OR have a
high security class are imported into the Assets application.

Multiple operators with a parenthetical expression. You can use additional

operators by incorporating parentheses in your operator logic, as shown in the
following example.

Based on the above criteria, the following table details the result of the operator
logic.

(1) System
(2) Security Class (3) Manufacturer Result
Environment

Production Medium IBM Imported

Testing High IBM Imported

Production High Dell Not Imported

Testing Medium IBM Not Imported

Chapter 2: Managing Archer-to-Archer Data Feeds 47

 RSA Archer GRC Platform Data Feed Manager

The system evaluates the parenthetical expression first. In the last example in the
previous table, since neither 1 or 2 evaluate to "TRUE," the entire condition fails
even if 3 evaluates to "TRUE".
Multiple operators with nested parenthetical expressions. You also can use
nested parenthetical expressions in your operator logic. Nested parenthetical
expressions allow you to combine the results of two separate logical conditions,
thereby creating an additional logical condition, as shown in the following example.

Based on the above criteria, the following table details the result of the operator
logic.

(1)
(3)
System (2) Security (4) Operating (5) Server
Manufactu Result
Environm Class System Room
rer
ent

Production Medium IBM RHEL 4.0 Denver Imported

Facility

Testing High Dell Windows Denver Imported

Server 2003 Facility

Testing High Dell Windows Chicago Not Impor-

Server 2003 Facility ted

Production Medium Dell CentOS Denver Not

Facility Imported

The Data Feed Manager evaluates the nested parenthetical expressions first. In the
last example in the previous table, since neither 3 or 4 evaluate to "TRUE" in the
nested parenthetical expression, the primary parenthetical expression evaluates to
"FALSE," and thus the entire logical condition fails and the data is not imported,
even though all of the other conditions are met.

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.

48 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Chapter 2: Managing Archer-to-Archer Data Feeds 49

 RSA Archer GRC Platform Data Feed Manager

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

Defining Data Mapping Activities

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.

50 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.

Chapter 2: Managing Archer-to-Archer Data Feeds 51

 RSA Archer GRC Platform Data Feed Manager

This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:
l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

52 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Field Population Options

The Field Population dialog box provides additional options based on the selected
field type in the Field Map tab on the Data Map tab. The following table describes
these options.

Option Description

Empty Values Specifies that the data feed should overwrite

existing values in a target application or
questionnaire record with a Blank value from the
data source field.

Add Unknown Specifies that values from your data source that do
not appear in your target's list-based fields are to be
added. This option is available only for external link
and values list field types.

Append data to list-based field Specifies that additional values are to be added to
the target application record's existing values in list-
based field types.

Replace data in list-based field Specifies that the values in a list-based field type of
a target application or questionnaire record are
replaced with the values from the mapped data
source list.

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Chapter 2: Managing Archer-to-Archer Data Feeds 53

 RSA Archer GRC Platform Data Feed Manager

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

54 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Chapter 2: Managing Archer-to-Archer Data Feeds 55

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

56 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

Chapter 2: Managing Archer-to-Archer Data Feeds 57

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

58 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define a Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 2: Managing Archer-to-Archer Data Feeds 59

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

60 Chapter 2: Managing Archer-to-Archer Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Chapter 3: Managing Database Query Data Feeds

Database Query Data Feed

The Database Query data feed provides the ability to pull data directly from a
database by query and insert the data in its raw or manipulated state into a Platform
instance.
The numerous types of supported database connections are Odbc, OleDb, Oracle,
SQL, and many others. As long as the connection string is configured successfully
and the client driver is installed on the system, the Platform can integrate regardless
of the database type.
When working with Database Query data feeds, you can perform the following
tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define a Database Query Transporter
4. Determine the Navigation Method
5. Define Source Data
6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. In the Manage Data Feed page toolbar, click Add New.
3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.

Chapter 3: Managing Database Query Data Feeds 61

 RSA Archer GRC Platform Data Feed Manager

4. Click OK.
5. In the Name field, enter the name for the data feed.
The data feed name must be unique.
6. Click Save.

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
l Add a New Data Feed or Import a Data Feed.

2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

62 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define a Database Query Transporter

Complete this task to configure a transporter to capture data from an external
database and store the data in the Platform.

Important: For the data feed to execute successfully, the server responsible for
running the data feed must have the required network access to the database.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
If the data feed uses the Database Query transporter in a multiple server
environment, you must install the data provider on all servers.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select Database Query Transporter.
4. In the Database Configuration section, select the data provider based on the
type of connection string used.

Note: If Oracle dotConnect is the data provider, you do not need to install the
drivers for Oracle because these drivers are included in the Platform
installation. To determine the connection string for this data provider, go to the
following URL:
http://www.devart.com/dotconnect/oracle/docs/Devart.Data.Oracle~
Devart.Data.Oracle.OracleConnection~ConnectionString.html.

5. To force the feed to fail because of long-running queries, in Connection

Timeout, specify the timeout parameter in seconds.

Note: The default value of 0 corresponds to 60 seconds.

6. In the Connection String field, enter the connection string that allows the data
feed to locate and access the database and retrieve the specified source data.
7. In the User Name and Password fields, enter the credentials for an account
that has access to query the database if one was not inserted as part of the
connection string in the previous step.

Chapter 3: Managing Database Query Data Feeds 63

 RSA Archer GRC Platform Data Feed Manager

8. In the Query field, enter the query that you want to execute against the
database.
You can also execute a stored procedure by entering it in the Query field. This
field cannot be longer than 4,000 characters.
The following figure shows a stored procedure that you can execute.

Important: Contact your organization's database administrator prior to executing

any queries against your company's corporate data. If you configure the query
string incorrectly, you may alter the data stored in the database.
Always verify your results by manually running the query directly against the
database first.

9. To perform post-processing on the source file retrieved, in the Post-Processing

- Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete. In the On Success field,
select from the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

10. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

64 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Chapter 3: Managing Database Query Data Feeds 65

 RSA Archer GRC Platform Data Feed Manager

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

66 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.

Chapter 3: Managing Database Query Data Feeds 67

 RSA Archer GRC Platform Data Feed Manager

On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation
l Perform a Lookup Translation
l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

68 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

Chapter 3: Managing Database Query Data Feeds 69

 RSA Archer GRC Platform Data Feed Manager

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

70 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

Chapter 3: Managing Database Query Data Feeds 71

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

72 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

Chapter 3: Managing Database Query Data Feeds 73

 RSA Archer GRC Platform Data Feed Manager

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

74 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .
The Static Text Editor dialog box opens.
5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Chapter 3: Managing Database Query Data Feeds 75

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

76 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.
Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.
For information on the fields for which tokens are available, see Data Tokens.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

Chapter 3: Managing Database Query Data Feeds 77

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

78 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Defining Data Mapping Activites

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.
To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 3: Managing Database Query Data Feeds 79

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.
This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:

80 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 3: Managing Database Query Data Feeds 81

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

82 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

Chapter 3: Managing Database Query Data Feeds 83

 RSA Archer GRC Platform Data Feed Manager

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

84 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

Chapter 3: Managing Database Query Data Feeds 85

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define a Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

86 Chapter 3: Managing Database Query Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Chapter 3: Managing Database Query Data Feeds 87

 RSA Archer GRC Platform Data Feed Manager

Chapter 4: Managing File Data Feeds

File Data Feed

The File data feed provides the ability to pull data directly from a flat file and insert
that data in its raw or manipulated state into the Platform instance. The source files
should be delimited text files or XML files. You can use an XSLT to transform
your XML data into a consumable format.
When working with File data feeds, you can perform the following tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define a File Transporter
4. Determine the Navigation Method
5. Define Source Data
6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. In the Manage Data Feed page toolbar, click Add New.
3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.
4. Click OK.
5. In the Name field, enter the name for the data feed.

Chapter 4: Managing File Data Feeds 89

 RSA Archer GRC Platform Data Feed Manager

The data feed name must be unique.

6. Click Save.

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
Perform one of the following tasks: Add a New Data Feed or Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

90 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.
d. In Send Notifications, select whether to have the data feed trigger
notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.

Chapter 4: Managing File Data Feeds 91

 RSA Archer GRC Platform Data Feed Manager

l Text field. Contains valid HTML.

l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

92 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define a File Transporter

Complete this task to configure a transporter to capture data from an external
source and store the data in the Platform. The Data Feed Manager can access files
located on a network server that is accessible to the Data Feed Manger. For
example, a delimited file must reside on the network server rather than your
personal computer.

Important: For the data feed to execute successfully, the server responsible for
running the data feed must have the required access to the files.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select File Transporter.
4. In the Transport Configuration section, select the File Type for the data feed
from the following options. 

Chapter 4: Managing File Data Feeds 93

 RSA Archer GRC Platform Data Feed Manager

Option Description

Single Data File References a single data file. This option requires you
to specify a path in the Path field. You can filter which
files to process by entering a standard file expression in
the File Filter field.

Manifest File Points the Data Feed Manager to a file that contains
instructions for locating a series of data files. This
option requires you to specify a path in the Path field.
You can filter which files to process by entering a
standard file expression in the File Filter field.

Zip File References a .zip file. The .zip file can be a single,
compressed data source file or a collection of files. This
option requires you to specify a path in the Path field.
You can filter which files from the .zip file to process
by entering a standard file expression in the File Filter
field. Use the Encryption Type list to identify the
encrypted file type, if any. If the encrypted .zip file is
password protected, enter the password in the Password
field.

5. To perform post-processing on the source file retrieved, in the Post-Processing

section, determine how the data feed should handle the source data when the
integration is complete. In On Success, select from the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file.

Delete Delete the source file when the data feed successfully
completes.

94 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

6. To perform post-processing on the source file retrieved, in the Post-Processing

- Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete. In the On Success field,
select from the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

Chapter 4: Managing File Data Feeds 95

 RSA Archer GRC Platform Data Feed Manager

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

96 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

Chapter 4: Managing File Data Feeds 97

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define Delimited Files

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into Platform content.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. In the Navigation section, select Delimited Text File Iterator.
4. In the File Definition section, select the encoding and delimiters to match the
source file.
5. Click Apply.

98 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

Chapter 4: Managing File Data Feeds 99

 RSA Archer GRC Platform Data Feed Manager

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation

100 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l Perform a Lookup Translation

l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Chapter 4: Managing File Data Feeds 101

 RSA Archer GRC Platform Data Feed Manager

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

102 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Chapter 4: Managing File Data Feeds 103

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

104 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

Chapter 4: Managing File Data Feeds 105

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

106 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

Chapter 4: Managing File Data Feeds 107

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .
The Static Text Editor dialog box opens.
5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

108 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

Chapter 4: Managing File Data Feeds 109

 RSA Archer GRC Platform Data Feed Manager

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.
Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

110 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

Chapter 4: Managing File Data Feeds 111

 RSA Archer GRC Platform Data Feed Manager

Defining Data Mapping Activites

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.
To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

112 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.
This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:

Chapter 4: Managing File Data Feeds 113

 RSA Archer GRC Platform Data Feed Manager

l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

114 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

Chapter 4: Managing File Data Feeds 115

 RSA Archer GRC Platform Data Feed Manager

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

116 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

Chapter 4: Managing File Data Feeds 117

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

118 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define a Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 4: Managing File Data Feeds 119

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

120 Chapter 4: Managing File Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Chapter 5: Managing FTP Data Feeds

FTP Data Feed

The FTP data feed provides the ability to pull data files using the FTP protocol, and
insert that data in its raw or manipulated state into the Platform instance. The
source files should be delimited text files or XML files. You can use an XSLT to
transform your XML data into a consumable format.
When working with FTP data feeds, you can perform the following tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define an FTP Transporter
4. Determine the Navigation Method
5. Define Source Data
6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. In the Manage Data Feed page toolbar, click Add New.
3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.
4. Click OK.
5. In the Name field, enter the name for the data feed.

Chapter 5: Managing FTP Data Feeds 121

 RSA Archer GRC Platform Data Feed Manager

The data feed name must be unique.

6. Click Save.

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
Perform one of the following tasks: Add a New Data Feed or Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

122 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.
d. In Send Notifications, select whether to have the data feed trigger
notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.

Chapter 5: Managing FTP Data Feeds 123

 RSA Archer GRC Platform Data Feed Manager

l Text field. Contains valid HTML.

l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

124 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define an FTP Transporter

Complete this task to configure a transporter to capture data from an external server
and store it in the Platform.

Important: For the data feed to execute successfully, the server responsible for
running the data feed must have the required access to the URL or FTP server.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select FTP Transporter.
4. In the Transport Configuration section, select the File Type for the data feed
from the following options.

Option Description

Single Data File References a single data file. This option requires you
to specify a path in the Path field. You can filter which
files to process by entering a standard file expression in
the File Filter field.

Manifest File Points the Data Feed Manager to a file that contains
instructions for locating a series of data files. This
option requires you to specify a path in the Path field.
You can filter which files to process by entering a
standard file expression in the File Filter field.

Zip File References a .zip file. The .zip file can be a single,
compressed data source file or a collection of files. This
option requires you to specify a path in the Path field.
You can filter which files from the .zip file to process
by entering a standard file expression in the File Filter
field. Use the Encryption Type list to identify the
encrypted file type, if any. If the encrypted .zip file is
password protected, enter the password in the Password
field.

Chapter 5: Managing FTP Data Feeds 125

 RSA Archer GRC Platform Data Feed Manager

5. If a proxy needs to be used to access the remote site, in the Proxy section,
select whether the data feed must pass through a proxy to access the source
data. Select from the following options.

Option Description

No Proxy Indicates that the data feed does not pass through a proxy.

Use System Proxy Indicates that the Data Feed Service runs the feed with the
proxy configuration that is set up in the Control Panel.

Configure Proxy Indicates that the data feed must pass through a proxy.
Continue with providing the parameters for accessing the
proxy.

6. To perform post-processing on the source file retrieved, in the Post-Processing

section, determine how the data feed should handle the source data when the
integration is complete. In the On Success field, select from the following
options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file.

Delete Delete the source file when the data feed successfully
completes.

126 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

7. To perform post-processing on the source file retrieved, in the Post-Processing

- Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete. In the On Success field,
select from the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

Chapter 5: Managing FTP Data Feeds 127

 RSA Archer GRC Platform Data Feed Manager

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

128 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

Chapter 5: Managing FTP Data Feeds 129

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define Delimited Files

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into Platform content.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. In the Navigation section, select Delimited Text File Iterator.
4. In the File Definition section, select the encoding and delimiters to match the
source file.
5. Click Apply.

130 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

Chapter 5: Managing FTP Data Feeds 131

 RSA Archer GRC Platform Data Feed Manager

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation

132 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l Perform a Lookup Translation

l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Chapter 5: Managing FTP Data Feeds 133

 RSA Archer GRC Platform Data Feed Manager

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

134 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Chapter 5: Managing FTP Data Feeds 135

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

136 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

Chapter 5: Managing FTP Data Feeds 137

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

138 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

Chapter 5: Managing FTP Data Feeds 139

 RSA Archer GRC Platform Data Feed Manager

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

140 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .
The Static Text Editor dialog box opens.
5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Chapter 5: Managing FTP Data Feeds 141

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

142 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.
Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

Chapter 5: Managing FTP Data Feeds 143

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

144 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Defining Data Mapping Activities

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.
To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 5: Managing FTP Data Feeds 145

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.
This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:

146 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 5: Managing FTP Data Feeds 147

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

148 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

Chapter 5: Managing FTP Data Feeds 149

 RSA Archer GRC Platform Data Feed Manager

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

150 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

Chapter 5: Managing FTP Data Feeds 151

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define the Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

152 Chapter 5: Managing FTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Chapter 5: Managing FTP Data Feeds 153

 RSA Archer GRC Platform Data Feed Manager

Chapter 6: Managing HTTP Data Feeds

HTTP Data Feed

The HTTP data feed provides the ability to executes a GET or POST to retrieve
data from an HTTP or HTTPS site. The data is inserted in its raw or manipulated
state into the Platform instance. The source files must be delimited text files or
XML files. You can use an XSLT to transform your XML data into a consumable
format.
When working with HTTP data feeds, you can perform the following tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define an HTTP Transporter
4. Determine the Navigation Method
5. Define Source Data
6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. In the Manage Data Feed page toolbar, click Add New.
3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.
4. Click OK.
5. In the Name field, enter the name for the data feed.

Chapter 6: Managing HTTP Data Feeds 155

 RSA Archer GRC Platform Data Feed Manager

The data feed name must be unique.

6. Click Save.

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
Perform one of the following tasks: Add a New Data Feed or Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

156 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.
d. In Send Notifications, select whether to have the data feed trigger
notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.

Chapter 6: Managing HTTP Data Feeds 157

 RSA Archer GRC Platform Data Feed Manager

l Text field. Contains valid HTML.

l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

158 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define an HTTP Transporter

Complete this task to configure a transporter to capture data from an HTTP or
HTTPS site and store the data in the Platform.

Important: If data is from an external HTTP or HTTPS site, you must be able to
access that external site from the server running the services for the data feed to
execute successfully.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select HTTP Transporter.
4. In the Transport Configuration section, select the File Type for the data feed
from the following options.

Chapter 6: Managing HTTP Data Feeds 159

 RSA Archer GRC Platform Data Feed Manager

Option Description

Single Data File References a single data file. This option requires you
to specify a path in the Path field. You can filter which
files to process by entering a standard file expression in
the File Filter field.

Manifest File Points the Data Feed Manager to a file that contains
instructions for locating a series of data files. This
option requires you to specify a path in the Path field.
You can filter which files to process by entering a
standard file expression in the File Filter field.

Zip File References a .zip file. The .zip file can be a single,
compressed data source file or a collection of files. This
option requires you to specify a path in the Path field.
You can filter which files from the .zip file to process
by entering a standard file expression in the File Filter
field. Use the Encryption Type list to identify the
encrypted file type, if any. If the encrypted .zip file is
password protected, enter the password in the Password
field.

5. From the Action Type list, select one of the following options:
l Get. Uses the GET type of HTTP request. This type adds the parameters on
the query string.
l Put. Uses the POST type of HTTP request. This type includes the
parameters as form parameters on the request.
6. In the Logon Properties section, select one of the following Use Credentials
options:
l Anonymous. Allows public access to the data.
l Specific. Restricts access to the data. From the Specify Credentials options,
specify from which authorized account to make the HTTP request, and enter
the credentials for the appropriate account.
7. In the Data Request Properties section, configure the HTTP site to connect to
retrieve the data source by completing the following fields:
a. In Data Request URI, enter the uniform resource identifier (URI) of the
HTTP or HTTPS site that contains the data you want to import. This field
also allows you to specify a port, for example, http://company-
server:8080/httpFeed/.
b. If your request requires the use of header parameters, specify any key/value
pair that may be required as part of your Get or Put operation in Header
Parameters.

160 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: Header parameters are key/value pairs providing additional metadata

information that is contained in the header portion of an HTTP request. For
example, UserName=jdoe or CompanyId=50000.

c. (Optional) To add multiple header parameters, click Add New in the Data
Request Properties toolbar.
d. (Optional) To remove a header parameter, click in the row of that header
parameter.
e. If the action type is Put, enter the posting data in Post Data.
8. If a proxy needs to be used to access the remote site, in the Proxy section,
select whether the data feed must pass through a proxy to access the source
data. Select from the following options.

Option Description

No Proxy Indicates that the data feed does not pass through a proxy.

Use System Proxy Indicates that the Data Feed Service runs the feed with the
proxy configuration that is set up in the Control Panel.

Configure Proxy Indicates that the data feed must pass through a proxy.
Continue with providing the parameters for accessing the
proxy.

9. To perform post-processing on the source file retrieved, in the Post-Processing

- Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete. In On Success, select from
the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

10. Click Apply.

Chapter 6: Managing HTTP Data Feeds 161

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

162 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

Option Description

Xml File Iterator
Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Chapter 6: Managing HTTP Data Feeds 163

 RSA Archer GRC Platform Data Feed Manager

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define Delimited Files

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into Platform content.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

164 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Navigation tab.

3. In the Navigation section, select Delimited Text File Iterator.
4. In the File Definition section, select the encoding and delimiters to match the
source file.
5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Chapter 6: Managing HTTP Data Feeds 165

 RSA Archer GRC Platform Data Feed Manager

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.

166 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation
l Perform a Lookup Translation
l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 6: Managing HTTP Data Feeds 167

 RSA Archer GRC Platform Data Feed Manager

2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

168 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Chapter 6: Managing HTTP Data Feeds 169

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

170 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

Chapter 6: Managing HTTP Data Feeds 171

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

172 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

Chapter 6: Managing HTTP Data Feeds 173

 RSA Archer GRC Platform Data Feed Manager

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

174 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .
The Static Text Editor dialog box opens.
5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Chapter 6: Managing HTTP Data Feeds 175

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

176 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.
Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

Chapter 6: Managing HTTP Data Feeds 177

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

178 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Defining Data Mapping Activities

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.
To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 6: Managing HTTP Data Feeds 179

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.
This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:

180 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 6: Managing HTTP Data Feeds 181

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

182 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

Chapter 6: Managing HTTP Data Feeds 183

 RSA Archer GRC Platform Data Feed Manager

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

184 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

Chapter 6: Managing HTTP Data Feeds 185

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define the Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

186 Chapter 6: Managing HTTP Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Chapter 6: Managing HTTP Data Feeds 187

 RSA Archer GRC Platform Data Feed Manager

Chapter 7: Managing Mail Monitor Data Feeds

Mail Monitor Data Feed

The Mail Monitor data feed provides the ability to monitor email accounts using
mail fields or plain text body XML to specific fields in an application. By pulling
email content into the Platform, you can assess and process disparate email
information, then create and document clear action plans based on the information.
When integrating an application or questionnaire with a Mail Monitor data feed, you
can do the following tasks:
l Insert email content into an application or questionnaire.
l Retrieve email messages, such as vulnerability alerts and open source monitoring
alerts.
l Define field mapping from email content to content records.
l Configure mail protocols, mail servers, email accounts, and scheduling intervals.

When working with Mail Monitor data feeds, you can perform the following tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define a Mail Monitor Transporter
4. Determine the Navigation Method
5. Define Source Data
6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.

Chapter 7: Managing Mail Monitor Data Feeds 189

 RSA Archer GRC Platform Data Feed Manager

2. In the Manage Data Feed page toolbar, click Add New.

3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.
4. Click OK.
5. In the Name field, enter the name for the data feed.
The data feed name must be unique.
6. Click Save.

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
Perform one of the following tasks: Add a New Data Feed or Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.

190 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

4. In the Description field, enter a description for the data feed.

5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.

Chapter 7: Managing Mail Monitor Data Feeds 191

 RSA Archer GRC Platform Data Feed Manager

d. In Send Notifications, select whether to have the data feed trigger

notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.
l Text field. Contains valid HTML.
l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

192 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

Define a Mail Monitor Transporter

Complete this task to configure a transporter to monitor email accounts and merge
email content into a target application or questionnaire.

Important: For the data feed to execute successfully, the server responsible for
running the data feed must have a service account with valid logon credentials.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select Mail Monitor Transporter.
4. In the Transport Configuration section, specify the required credentials to
allow the data feed to locate and access the appropriate mailbox and retrieve.

Chapter 7: Managing Mail Monitor Data Feeds 193

 RSA Archer GRC Platform Data Feed Manager

a. From the Protocol list, select one of the following options.

Option Description

POP3 Uses the POP3 protocol to retrieve emails from your organization's
mail server.

IMAP4 Uses the IMAP4 protocol to retrieve emails from your organization's
mail server.

b. (Optional) To filter which messages to process, in the Filter field, enter a

file expression.
5. To perform post-processing on the source file retrieved, in the Post-Processing
- Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete. In the On Success field,
select from the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

6. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

194 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Chapter 7: Managing Mail Monitor Data Feeds 195

 RSA Archer GRC Platform Data Feed Manager

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to

import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

196 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

Chapter 7: Managing Mail Monitor Data Feeds 197

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

198 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation
l Perform a Lookup Translation
l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Chapter 7: Managing Mail Monitor Data Feeds 199

 RSA Archer GRC Platform Data Feed Manager

l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

200 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Chapter 7: Managing Mail Monitor Data Feeds 201

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

202 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

Chapter 7: Managing Mail Monitor Data Feeds 203

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

204 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

Chapter 7: Managing Mail Monitor Data Feeds 205

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

206 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

Chapter 7: Managing Mail Monitor Data Feeds 207

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .
The Static Text Editor dialog box opens.
5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

208 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

Chapter 7: Managing Mail Monitor Data Feeds 209

 RSA Archer GRC Platform Data Feed Manager

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.
Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

210 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

Chapter 7: Managing Mail Monitor Data Feeds 211

 RSA Archer GRC Platform Data Feed Manager

Defining Data Mapping Activities

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.
To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

212 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.
This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:

Chapter 7: Managing Mail Monitor Data Feeds 213

 RSA Archer GRC Platform Data Feed Manager

l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

214 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

Chapter 7: Managing Mail Monitor Data Feeds 215

 RSA Archer GRC Platform Data Feed Manager

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

216 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

Chapter 7: Managing Mail Monitor Data Feeds 217

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

218 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define a Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 7: Managing Mail Monitor Data Feeds 219

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

220 Chapter 7: Managing Mail Monitor Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Chapter 8: Managing RSS Data Feeds

RSS Data Feed

The RSS data feed provides the ability to retrieves records from a configured RSS
feed into a Platform instance.
When working with RSS data feeds, you can perform the following tasks:
1. Add a New Data Feed Record
2. Manage the General Properties of a Data Feed
3. Define an RSS Transporter
4. Determine the Navigation Method
5. Define Source Data
6. Define Data Mapping Activities
7. Define a Schedule for the Data Feed

Add a New Data Feed Record

Complete this task to add a data feed record as the first step in creating a new data
feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. In the Manage Data Feed page toolbar, click Add New.
3. Do one of the following:
l To configure new settings for a data feed, select Create a new Data Feed
from scratch.
l To use the settings of an existing data feed as a starting point, select Copy
an existing Data Feed and select the existing data feed from the Existing
Data Feeds list.
4. Click OK.
5. In the Name field, enter the name for the data feed.
The data feed name must be unique.
6. Click Save.

Chapter 8: Managing RSS Data Feeds 221

 RSA Archer GRC Platform Data Feed Manager

Next Steps
Manage the General Properties of a Data Feed

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
Perform one of the following tasks: Add a New Data Feed or Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

222 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.
d. In Send Notifications, select whether to have the data feed trigger
notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.

Chapter 8: Managing RSS Data Feeds 223

 RSA Archer GRC Platform Data Feed Manager

l Text field. Contains valid HTML.

l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

224 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define an RSS Transporter

Complete this task to configure a transporter from a configured RSS feed and
import the data into the Platform.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. From the Transport Method list, select RSS Transporter.
4. In the Transport Configuration section, enter the URL and credentials to
allow the data feed to locate and access the records and retrieve the specified
source data.
5. In the Proxy section, select whether the data feed must pass through a proxy to
access the source data from the following options.

Option Description

No Proxy Indicates that the data feed does not pass through a proxy.

Use System Proxy Indicates that the Data Feed Service runs the feed with the
proxy configuration that is set up in the Control Panel.

Configure Proxy Indicates that the data feed must pass through a proxy.
Continue with providing the parameters for accessing the
proxy.

6. To perform post-processing on the source file retrieved, in the Post-Processing

- Local Copy section, determine how the data feed should handle the local copy
of the source data when the integration is complete. In On Success, select from
the following options.

Chapter 8: Managing RSS Data Feeds 225

 RSA Archer GRC Platform Data Feed Manager

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
l For a standard data feed, determine the navigation method.
l For transport-only data feed, define a schedule for the data feed.

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

226 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

Chapter 8: Managing RSS Data Feeds 227

 RSA Archer GRC Platform Data Feed Manager

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

228 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

Chapter 8: Managing RSS Data Feeds 229

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

230 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation
l Perform a Lookup Translation
l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Chapter 8: Managing RSS Data Feeds 231

 RSA Archer GRC Platform Data Feed Manager

l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

232 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Chapter 8: Managing RSS Data Feeds 233

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

234 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

Chapter 8: Managing RSS Data Feeds 235

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

236 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

Chapter 8: Managing RSS Data Feeds 237

 RSA Archer GRC Platform Data Feed Manager

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

238 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .
The Static Text Editor dialog box opens.
5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Chapter 8: Managing RSS Data Feeds 239

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

240 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.
Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

Chapter 8: Managing RSS Data Feeds 241

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

242 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Defining Data Mapping Activities

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.
To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 8: Managing RSS Data Feeds 243

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.
This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:

244 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 8: Managing RSS Data Feeds 245

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

246 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

Chapter 8: Managing RSS Data Feeds 247

 RSA Archer GRC Platform Data Feed Manager

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

248 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

Chapter 8: Managing RSS Data Feeds 249

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define a Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

250 Chapter 8: Managing RSS Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Chapter 8: Managing RSS Data Feeds 251

 RSA Archer GRC Platform Data Feed Manager

Chapter 9: Managing Threat Data Feeds

Threat Data Feed

Threat data feeds aggregate data from external data feed sources into the Platform
on a dynamic and scheduled basis. The Data Feed Manager supports threat data
feeds with the following sources:
l iDefense
l DeepSight

The iDefense threat feeds support the following feed types:

l Malicious Code
l Vulnerabilities
l Geopolitical Threat

Currently there are two DeepSight connectors, or transporters, available in the

Platform. The following table identifies feed types that are available for each
DeepSight transporter.

Transporter Supported Feeds

DeepSight Transporter 2.0 Malicious Code

Vulnerabilities

DeepSight Transporter 4.0 Security Risk

Vulnerabilities SCAP

RSA Archer provides a configuration file to establish a connection between an

iDefense or DeepSight threat feed and your instance of the Platform. Each of the
threat feeds can be quickly integrated with your instance of the Platform by
importing the configuration file.

Note: Data feeds using the DeepSight 2.0 transporter are deprecated by Symantec
and will soon become unusable. From the RSA Archer Exchange, download a copy
of the data feeds that use the DeepSight 4.0 transporters and import them.

Prerequisites
Before you can work with threat feeds in the Platform, verify that you have the
following:

Chapter 9: Managing Threat Data Feeds 253

 RSA Archer GRC Platform Data Feed Manager

l License to one of the supported threat feed providers, including a user name and
password.
l License to the RSA Archer Threat Management solution master.
l A user account on the Platform with access rights to the Data Feed Manager.
l Access to the RSA Archer Exchange to download the threat feed package file.
For more information, see Integration Exchange.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

When working with threat data feeds, you can perform the following tasks:
1. Import a Data Feed
2. Manage the General Properties of a Data Feed
3. Define a Threat Feed Transporter
4. Define Source Data
5. Define Data Mapping Activities
6. Define a Schedule for the Data Feed
7. Activate a Threat Feed

Threat Feed Configuration

RSA Archer provides a configuration file to establish the connection between an
iDefense or DeepSight threat feed and your instance of the Platform. After
importing the configuration file, you provide a few additional details in the Data
Feed Manager to complete the connection. You can also change the scheduling or
create additional source fields and data mappings to the Platform.
Before you begin configuring a threat data feed, verify that you have fulfilled the
prerequisites. For more information, see Threat Data Feed.

254 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

The following table provides you the information you need when configuring your
threat feed.

Action Configuration Notes Task

Importing the threat feed
configuration file
(Manage Data Feeds page)
When you log on to the Import a Data Feed
Platform to import the threat
feed file, use a user account
that has full access rights to
the Data Feed Manager.

Setting the feed information Select the user account that Manage the General
is appropriate for your Properties of a Data Feed
(Data Feed Manager page >
threat feed.
General tab)
The imported configuration
file sets the Feed Type to
Standard. Do not make any
changes to this setting.

Setting additional properties The imported configuration Manage the General

file sets the Data Validation Properties of a Data Feed
(Data Feed Manager page >
option. Do not change this
General tab)
setting.
Also, the Send Notifications
option is not selected. Do
not change this setting until
the baseload completes.

Note: The baseload is the

initial load of threat feed
data into your instance of
the Platform. After the
baseload completes,
whenever the threat feed
runs, existing data is
deleted or updated, and new
data is inserted.

Configuring the threat feed

The imported configuration Define a Threat Transporter
transporter file sets the transporter
based on the threat feed
(Data Feed Manager page >
type. Do not make any
Transport tab)
changes to this setting.
However, you need to type
the user name and
password. Also, you can set
the proxy and post-

Chapter 9: Managing Threat Data Feeds 255

 RSA Archer GRC Platform Data Feed Manager

Action Configuration Notes Task

processing settings.

Selecting the navigation The imported configuration

method file selects the navigation
method. Do not make any
(Data Feed Manager page >
changes to this setting.
Navigation tab)

Configuring the source The imported configuration Define the Source Data
fields file provides the default
source fields. Do not edit or
(Data Feed Manager page >
remove any these fields.
Source Definition tab >
However, you can add new
Source Data tab)
calculated, static text, or
lookup translation fields.

Configuring data filters The imported configuration

file sets the data filters. Do
(Data Feed Manager page >
make any data filter
Source Definition tab >
changes.
Data Filter tab)

256 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Action Configuration Notes Task

Configuring data tokens The imported configuration

file sets the following data
(Data Feed Manager page >
tokens:
Source Definition tab >
Data Tokens tab> l The token for DeepSight

threat feeds identifies the

last sequence number
fetched.
l The token for iDefense
identifies the date from
which the threat feed
begins fetching records.

Do not make any token

changes.

Mapping source fields The imported configuration Map Data

file provides the field
(Data Feed Manager page >
mappings for the default
Data Map tab > Field Map
source fields. If you added
tab)
any source fields, map these
fields to the application.

Important: For DeepSight

threat feeds, change the
mapping of the Patch ID.
Create a numeric field for
the Patch ID in the Patches
application called Patch ID
Numeric, map the field to
the Patch ID in the threat
feed, and assign the field as
a key field. Remove patch
Name as a key field.

Chapter 9: Managing Threat Data Feeds 257

 RSA Archer GRC Platform Data Feed Manager

Action Configuration Notes Task

Defining key fields The sub-forms do not have

keys defined by default and
(Data Feed Manager page >
do not need to have keys
Data Map tab > Key Field
added. Do not make any
Definitions tab)
changes to the key fields.

Setting update or archive The imported configuration

options file sets the update and
archive options. Do not
(Data Feed Manager page >
make any changes to these
Data Map tab >
settings.
Update/Archive tab)

Establishing a schedule The imported configuration Define a Schedule for the

file provides the default Data Feed
(Data Feed Manager page >
settings, but you need to
Schedule tab)
verify that these settings are
appropriate.

Activating the threat feed Before running a threat Activate a Threat Feed
feed, you need to activate
(Data Feed Manager page)
the threat feed and run a
baseload.

Important: Only one

version of the DeepSight
transporter can be active at
a time. If you try to activate
a threat feed that uses one
of the two DeepSight
transporters, and another
threat feed that uses the
other DeepSight transporter
is already active, a warning
message is displayed. To
continue activating this
threat feed, set the Status for
the other DeepSight threat
feed to Inactive.

Manage the General Properties of a Data Feed

Complete this task to configure the overall properties of a Platform data feed.

258 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.
Perform this task: Import a Data Feed.
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. In the Name field, enter the name for the data feed.
The data feed name must be unique.
3. From the Status list, select Active to run the data feed.
4. In the Description field, enter a description for the data feed.
5. In the Feed Type field, select the type of feed that you are configuring.

Option Description

Standard Integrates data from an external source into an application or

questionnaire.

Transport Only Locates a specific data file. This file contains additional
instructions for launching subsequent, standard data feeds.
With this data feed type, the data feed only completes the
Transport and Navigation activities. The Source Definition and
Field Mapping activities are not allowed. Processing of the
data feed does not attempt to process the data.

Important: If the data feed is intended to be used as part of a convoy, or you are
troubleshooting the data being pulled, select the Transport Only option. This option
enables you to use a transform to manipulate the data being returned by bringing the
source data in as a flat file and then configure a subsequent XML-based feed that
includes an XSLT file. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input” in
the RSA Archer Web Services API Reference Guide that can be downloaded from
the RSA Archer Community.

Chapter 9: Managing Threat Data Feeds 259

 RSA Archer GRC Platform Data Feed Manager

6. Complete the following steps based on the selected Feed Type.

For Standard feed type:

a. From the Target list, select the application or questionnaire that should
receive the data from the external data source. If the application is leveled,
select the level.
b. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: This user account must have permissions for creating records and
updating History Logs fields. To avoid potential conflicts with other data
feeds, RSA Archer recommends that you use a different user account for
each data feed. Additionally, if you are going to simultaneously run multiple
data feeds, create a unique name to prevent termination of session tokens.

c. From the Locale list, select the country (language) format of your source
data. Different cultures or countries use different characters when
formatting similar data.
d. In Send Notifications, select whether to have the data feed trigger
notification emails when records are published or updated. If notifications
are not enabled in the selected target application, no notification emails are
sent when the data feed is run.
e. In Data Validation, select whether to have the system not perform data
validations against the selected target application when saving a record.
When this option is selected, validation that is based on field definition and
configuration is bypassed (with some exceptions). This option applies
regardless of whether targeting a questionnaire or application.
The system validates the following items regardless of whether the Data
Validation field is selected:
l Attachment or image field. Validity of the file.
l DateTime field. Minimum and maximum system values.
l Text field. Contains valid HTML.
l Field name. Uniqueness.

Note: The required field settings are disregarded if you select to ignore the
rules defined within the target application, however, the unique selection
cannot be ignored.

f. Click Apply.

260 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

For Transport Only feed type:

a. From the User Name list, do one of the following:
l Select the appropriate user account that is associated with the data feed.
l Create a new user account by selecting Other and entering the name of
the new user account. When you save your data feed settings, the Data
Feed Manager automatically creates the new user account.

Note: To avoid potential conflicts with other data feeds, RSA Archer
recommends that you use a different user account for each data feed.
Additionally, if you are going to simultaneously run multiple data feeds,
create a unique name to prevent termination of session tokens.

b. In the Target Path field, enter the path for the separate data file.
c. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you configure
your data feed, the Data Feed Manager validates the information for you. If it is not
valid, an error message is displayed. You can save the data feed and correct the
errors later; however, the data feed does not process until the errors are corrected
and the data feed validates.

Next Steps
To define the appropriate data transporter, select one the following:
l Archer Web Services Transporter
l Database Query Transporter
l File Transporter
l FTP Transporter
l HTTP Transporter
l Mail Monitor Transporter
l RSS Transporter
l Threat Transporter

Define a Threat Feed Transporter

Complete this task to configure a transporter from a configured Threat Feed and
import the data into the Platform.The imported configuration file sets the transporter
based on the threat feed type. To complete configuration of the transporter, you
need to enter the user name and password. Also, you can set the proxy and post-
processing settings.

Chapter 9: Managing Threat Data Feeds 261

 RSA Archer GRC Platform Data Feed Manager

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Import a Data Feed
l Verify that you have fulfilled the prerequisites. For more information, see Threat
Data Feed.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Transport tab.
3. Do not change the Transport Method setting.
4. In Transport Configuration, verify that the appropriate URL is displayed in
the URL field.
5. In the User Name and Password fields, enter the credentials of the account
that will run the threat feed.

Note: For this information, see your license agreement with the threat feed
provider.

6. If a proxy needs to be used to access the remote site, in the Proxy section,
select from the following options whether the data feed must pass through a
proxy to access the source data.

Option Description

No Proxy Indicates that the data feed does not pass through a proxy.

Use System Proxy Indicates that the Data Feed Service runs the feed with the
proxy configuration that is set up in the Control Panel.

Configure Proxy Indicates that the data feed must pass through a proxy.
Continue with providing the parameters for accessing the
proxy.

7. To perform post-processing on the source file retrieved, in the Post-Processing

- Local Copy section, determine how the data feed should handle the local copy

262 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

of the source data when the integration is complete. In On Success, select from
the following options.

Option Description

Nothing Does not alter the source file when the data feed successfully
completes and deletes the local copy.

Rename Saves the source file under a new name when the data feed
successfully completes. In Destination File, specify where the
file should be saved and the new name for the file

Important: To save the data, the path of the destination

file must be accessible to the account running the Job
Engine service.

Note: If you want to rename all files, use a token, for example, {Now
(MM.dd.yyyy)}.{DataFileName}. Otherwise, only the last file downloaded is
renamed.

8. Click Apply.

Next Steps
Define the Source Data
Activate a Threat Feed

Filename Tokens
Filename tokens are available for post processing when you want to save the source
information and specify a location or name for the file. When you select the
Rename option, you can use tokens to automatically generate unique names for the
files.
The following table describes the usable tokens for renaming data files.

Chapter 9: Managing Threat Data Feeds 263

 RSA Archer GRC Platform Data Feed Manager

Token Description

Now Enables the Data Feed Manager to insert a user-defined date

format within the new filename. Possible formats include
Now(MM/dd/yyyy) or Now(MMM-dd-yyyy). See the
Microsoft .Net Framework Developer Center for available
custom date/time formats.

DataFileDirectoryName Enables the Data Feed Manager to update the filename with
the directory name, including the drive, of your file.

DataFileName Enables the Data Feed Manager to insert the original

filename, excluding the directory name and extension.

DataFileExtension Enables the Data Feed Manager to insert the file extension,
such as .csv, in the new filename.

DataFileFullName Enables the Data Feed Manager to insert the fully qualified
filename. This data includes the drive, directory, filename,
and extension of the original file.

For example, if the data file came from the following location,
C:\DataFeed\Source\ESL\processed\ThreatData.csv, filenames that have been
renamed using tokens would have the following output.

Example 1

Input Tokens {DataFileDirectoryName}\success\{DataFileName}_{Now

(MM.dd.yyyy)}.{DataFileExtension}

Output C:\DataFeed\Source\ESL\processed\success\ThreatData_
01.31.2008.csv

Example 2

Input Tokens \\DFSRepository\{Now(yyyy)}\{Now(MM)}\{DataFileName}_

success.{DataFileExtension}

Output \\DFSRepository\2008\01\ThreatData_success.csv

Determining the Navigation Method

The Data Feed Manager supports a collection of transformation capabilities to
import a variety of data formats into the Platform.
The following table describes the formats from which the system can use to collect
data.

264 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Option Description

Xml File Iterator Use this option when importing an .XML file. When this
option is selected, the Xml File Definition section becomes
available. For more information on XML formatting
guidelines and samples, see the appendix “XML
Formatting Used in Field Results and Input” in the RSA
Archer Web Services API Reference Guide that can be
downloaded from the RSA Archer Community.

Delimited Text File Use this option to ensure that the Data Feed Manager
Iterator properly analyzes the data in your delimited file. When
this option is selected, the File Definition section becomes
available.

Database Query Iterator Use this option when importing data from a database.

Available and default navigation methods are based on the selected transport
method.

Note: The Navigation tab is available only for Standard data feed types.

Data Navigation Methods

You can instruct the Data Feed Manager on how to read and parse the data located
in the designated data source as defined on the Transport tab.
The following table identifies the available and default navigation methods based on
the selected transport method.

Chapter 9: Managing Threat Data Feeds 265

 RSA Archer GRC Platform Data Feed Manager

Transport Method Available Values Default Values

Archer Web Services Xml File Iterator Xml File Iterator

Transporter

Database Query Database Query Iterator Database Query Iterator

Transporter

DeepSight Transporter 2.0 Xml File Iterator Xml File Iterator

DeepSight Transporter 4.0 Xml File Iterator Xml File Iterator

FTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

HTTP Transporter Delimited Text File Iterator Delimited Text File Iterator
Xml File Iterator

iDefense Transporter Xml File Iterator Xml File Iterator

Mail Monitor Transporter Xml File Iterator Xml File Iterator

RSS Transporter Xml File Iterator Xml File Iterator

Define an XML File

Complete this task to define the structure of the data source for the Data Feed
Manager to process the data and convert the data into system content on the
Navigation tab. The Xml File Iterator enables you to import an .XML file. You can
also manipulate or restructure the data prior to importing.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

266 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Navigation tab.
3. From the Navigation Method list, select Xml File Iterator.
4. In the Xml File Definition section, select Transform.
5. In the Xml File Definition section toolbar, click Load Transform.
The Schema Source dialog box opens.

Note: You must load a transform. A default transform is included with the
installation; however, you can develop your own XSLT if you require additional
data transformation. For more information on XML formatting guidelines and
samples, see the appendix “XML Formatting Used in Field Results and Input”
in the RSA Archer Web Services API Reference Guide that can be downloaded
from the RSA Archer Community.

6. Do one of the following:

l Select Default to load the out-of-the-box transform file. This option is
typically used.
l Select File if you require additional data transformation and choose to
develop your own XSLT.
7. Click OK.
8. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Source Data

Defining Source Data

Using the options on the Source Definition tab, you can configure the source data to
ensure that only the desired data is included with the data feed.

Note: The Source Data tab is available only for Standard data feed types.

Chapter 9: Managing Threat Data Feeds 267

 RSA Archer GRC Platform Data Feed Manager

You can select to import the data “as is” into the Platform or execute modifications
and calculations against the data to convert the incoming data into a format that
matches the requirements of the application or questionnaire it is imported into. You
can also use several advanced options, such as lookup translations and calculations,
so you can prepare and modify the data to meet your individual business needs.
Additionally, you can filter data so that only what you want to receive is imported
into the target application or questionnaire. By not defining filters on the Data Filter
tab, you instruct the Data Feed Manager to return all records in the data feed. Or,
using operator logic, you can add filters to include only records meeting certain
criteria in the data feed process.
Finally you can capture tokens of data from the last execution of a data feed that
can be used during the next run to identify which data to retrieve. On the Tokens
tab, you can add, edit, or delete token values in preparation of the next data feed
execution.
On the Source Definition tab, you can complete the following tasks:
l Define the Source Data
l Apply a Calculation
l Perform a Lookup Translation
l Incorporate Static Text
l Define Data Filters
l Define Data Tokens

Define the Source Data

Complete this task to select how you want the Data Feed Manager to interact, or
not interact, with each field from your data source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

268 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

l Ensure that the user account used has access to the content, or you will receive a
schema error when building the source definition. You can also receive a
schema error for the following reasons:
o If your connection string is not correct on the Transport tab.
o The account is unable to login.
o The report is not in the correct format.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. To supply the list of source fields, choose one of the following methods and
complete the tasks.

Sample Data File Manual Input

a. Click Load Fields located in the
Source Field title bar.
b. Depending on the selected transport
method, select how to retrieve the
source schema.
a. In the Source Name column, enter
the name of the first field that you
want to define for your data feed.
The first line is the record definition.
b. To continue adding source fields, do
any of the following:
l To add a source field, click Add
New and name the field.
l To add a source field in a

hierarchical structure, click

in the Actions column and name
the field.

4. In the first line in the Source Fields section, from the Field Type list, select the
appropriate field option for the record definition.

Option Description

None Instructs the Data Feed Manager that the field is the record
definition and nothing is to be done with the data.

List Instructs the Data Feed Manager to import the data as a value
list. No transformation or calculations are to be applied to the
data.

Chapter 9: Managing Threat Data Feeds 269

 RSA Archer GRC Platform Data Feed Manager

5. For the remaining source fields, from the Field Type list, select one of the
following field options and complete the associated steps for that field option.

Option Description

Calculated Field Allows calculations to be applied to the fields to

dynamically generate new values, which can then be
populated in an application or questionnaire. Upon selection
of this option, the Status field for that source field is set to
Not Configured and is displayed in the Actions column.

Lookup Translation Enables you to use an application to reconcile values from

your data source to values that are accepted in the target
application or questionnaire. Upon selection of this option,
the Status field for that source field is set to Not Configured,
and is displayed in the Actions column

Raw Field Data Instructs the Data Feed Manager to accept the data from the
data source "as is." No transformation or calculations are to
be applied to the data.

Static Text Allows you to add an additional field to the data feed, which
adds context to the data. Upon selection of this option, the
Status field for that source field is set to Not Configured and
is displayed for that source field.

List Instructs the Data Feed Manager to import the data as a

values list. No transformation or calculations are to be
applied to the data.

6. Complete any of the following optional tasks:

l In the Token column, select the checkbox if you want the source field to be
used as a data token in future data feed runs.
l To remove a source field from the schema, click in the row of the source
field.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

270 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Schema Sources
The source for the schema of your data feed depends on which transporter you are
using. The following table identifies and describes the schema sources that are
available for each of the out-of-the-box transporters.

Source Description Transport Method

Execute Search Executes the search in the Archer Web Services Transporter
Platform and detects the source
schema from the results.

Sample File Uses a skeleton of your actual Archer Web Services Transporter
source data file. For example, if
Database Query Transporter
you are importing data from a
.csv file, the source data file is a DeepSight Transporter 2.0
.csv file that includes the column DeepSight Transporter 4.0
names from your source data. If
you are importing data from an File Transporter
.XML file, the source data file FTP Transporter
includes the structure of your
HTTP Transporter
.XML without the actual field
values. iDefense Transporter
When you select the sample file, Mail Monitor Transporter
the Source Fields section RSS Transporter
populates with the fields
specified in the sample data file.

Execute Query Executes the query specified on Database Query Transporter

the Transport tab and detects the
source schema from the resulting
record set.

CAUTION: Using this option may

trigger actions in the database
associated with this query.

Load URL Loads the contents at the target DeepSight Transporter 2.0
URL and detects the source
DeepSight Transporter 4.0
schema from the contents.
HTTP Transporter
CAUTION: Using this option may
iDefense Transporter
trigger actions associated with
accessing the target URL. RSS Transporter

Standard Schema Uses the standard mail schema. Mail Monitor Transporter

Chapter 9: Managing Threat Data Feeds 271

 RSA Archer GRC Platform Data Feed Manager

Apply a Calculation
Complete this task to apply calculations to source fields to dynamically generate
new values, which can be populated in an application or questionnaire.
The following are examples of common calculations:
l CONCATENATE([TOLastName], ", ", [TOFirstName])
This calculation combines the values of two fields into a single value. For
example, it would take the value “Doe” from the Last Name field and the value
“John” from the First Name field and merge them into the value “Doe, John.”

l If(LEN([Production IP])>0,[Production IP],If(LEN([Maintenance IP])>0,

[Maintenance IP],[Backup IP]))
This calculation executes a logical operation to determine which field to use as
the source value. If the Production IP field is not blank, the value from this field
is used. If the Production IP field is blank and the Maintenance IP field has a
value, the value from the Maintenance IP is used. If both fields are blank, the
Backup IP value is used.

Calculations for the Data Feed Manager use the same calculation engine and syntax
as the Application Builder feature.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field to which you want to apply a
calculation, select Calculated Field.
4. In the Actions column of that source field, click .

272 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

The Calculation Editor dialog box opens.

5. Type your calculated formula.
6. Click OK.
The calculation is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Functions and Operators for Calculated Field Formulas

The Formula Builder provides a library of functions and operators that you can use
to build a formula.
Functions
The Formula Builder for calculated fields offers a library of functions divided into
the categories. By clicking a category, you can see the functions that it contains
along with a description of each function. To view a more detailed function
description that includes syntax requirements, parameter descriptions, and
examples, you can click the desired function. The functions are:
l Date Functions
l Financial Functions
l Logical Functions
l Math Functions
l Statistics Functions
l System Functions
l Text Functions

Operators
The Formula Builder also offers a library of operators divided into categories. By
clicking a category, you can see the operators that it contains along with a
description of each operator.

Chapter 9: Managing Threat Data Feeds 273

 RSA Archer GRC Platform Data Feed Manager

Arithmetic:

Operator Description

+ Addition (3 + 3)

- Subtraction (5 - 2)
Negation (-4)

* Multiplication (2 * 3)

/ Division (3 / 2)

^ Exponentiation (3 ^ 2)

Comparison:

Operator Description

= Equal to (3 = 3)

> Greater than (3 > 2)

< Less than (2 < 3)

>= Greater than or equal to

(3 >= 3)

<= Less than or equal to (3

<= 3)

<> Not equal to (3 <> 2)

Text Concatenation:

Operator Description

& Concatenate, or join, two

or more text strings to
produce a single piece of
text, for example, "text"
& "string".

274 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: If a field included in an addition, subtraction, multiplication, division or

comparison operation is empty or null, the value "0" (zero) is used for the field
value. The following formula is an exception to this rule:

IF([Sample Field] = 0, "TRUE","FALSE")

In this formula, the Sample Field is not populated with the value "0" if the field is
empty or null. Instead, this formula returns FALSE when the Sample Field is empty
or null.

Perform a Lookup Translation

Complete this task to use an application to reconcile values from your source data
to values that are accepted in the Platform target application or questionnaire.
For example, you may have a field in your external file with values of "New York"
and "California". However, the application that you are importing the data into only
accepts state abbreviations. Using the Lookup Translation option, you can use a
separate application to map your external values to the proper internal values, as
shown in the following table.

Destination
Source Data Translation Application
Application

Field Name: State Field Name: State Field Name: State Field Name: State
ID1 ID2

California California CA CA

Texas Texas TX TX

New York New York NY NY

Florida Florida FL FL

Using an application as an intermediary ensures that the data feed converts all of
the external data into the proper format prior to importing it to the destination
application.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Chapter 9: Managing Threat Data Feeds 275

 RSA Archer GRC Platform Data Feed Manager

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field that you want to translate, select
Lookup Translation.
4. In the Actions column of that source field, click .
The Translation Editor dialog box opens.
5. From the Source list, select the source field.
6. From the Application list, select the application that translates the values.
7. From the Exceptions list, select from the following options the function that the
Data Feed Manager should execute when a value generates an exception.

Option Description

Log Warning Writes an error to the log file, and the value is not imported.
No updates are made to the translation application.

Insert Raw Data Inserts the raw value from your source file in the target
application if a match is not found.

Original Value Identifies the field in the translation application that maps to
the value from your external data file.

Translation Value Identifies the field in the translation application that maps to
the proper value in the target application or questionnaire.

Note: The selections from the Original Value and Translation Value lists must
be different, or a warning message is displayed.

8. Click OK.
The translation settings are saved. The Status field for that source field changes
to Configured.

276 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Incorporate Static Text

Complete this task to add an additional field to your data feed that adds context to
the source data. For example, you can add a Static Text field that specifies the
name of the source, such as the database name or threat feed.
In the Platform target application or questionnaire, you can create a field called
Data Source. When the data feed completes, all records updated by this feed have
the same value for the Data Source field. Using this option, you can quickly identify
and report on records updated from a specific source.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Source Data tab is available only for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Source Data tab.
3. From the Field Type list of the source field where you want to insert static text,
select Static Text.
4. In the Actions column of that source field, click .

Chapter 9: Managing Threat Data Feeds 277

 RSA Archer GRC Platform Data Feed Manager

The Static Text Editor dialog box opens.

5. Enter your static text.
6. Click OK.
The static text is saved. The Status field for that source field changes to
Configured.
7. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Filters

Define Data Filters

Complete this task to apply filters and advanced operator logic to imported fields.
With filters, you can limit the number of records retrieved from your source data. If
no filters are defined, the Data Feed Manager returns all records. After a filter has
been added, only those records meeting the defined criteria are included in the data
feed.

Note: The Data Filter tab is available only for Standard data feed types.

You can combine your data filters through advanced operator logic to provide
additional filters to your data.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.

278 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

b. In the Navigation Menu, click Integration > Manage Data Feeds.

c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab and then click the Data Filter tab.
3. In the Sources column, select the source name to which you want to apply a
filter.
4. From the Field Name list, select the field name from your data source to which
you want to apply a filter.
5. From the Operator list, select an operator to define which type of filter you
want to apply to the source data.
6. In the Values column, enter a value based on your selection in the Operator
column.
7. To create custom operator logic to form relationships between the individual
filters, enter the custom operator logics in the Advanced operator logic field.
8. Complete any of the following optional tasks:
l To add an additional data filter, click Add New Filter located in the Data
Filter section title bar.
l To remove a data filter, in the Actions column of the filter you want to
remove, click .
9. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Data Tokens

Advanced Operator Logic

When creating filters, you can use custom operator logic to form relationships
between the individual filters. By default, multiple conditions are related with the
AND operator, as are multiple actions. However, by creating custom operator
logic, you can also use the OR and NOT operators, as well as parenthetical
groupings. Operator logic statements are evaluated left to right with parenthetical
groupings evaluated first. By using advanced operator logic with your filters, you
can eliminate extraneous data that may be imported with your data feed or included
in your search results.
You enter the custom operator logics in the Advanced operator logic field.

Chapter 9: Managing Threat Data Feeds 279

 RSA Archer GRC Platform Data Feed Manager

Important: Custom operator logic must validate before you can save or apply
changes to your data filter. If your custom operator logic does not validate, you are
prompted with an "Invalid Operator Logic" error message.

Examples
Single operator. Suppose you are importing assets from an external source into the
Assets application. You want to import assets from your external file only if they
are labeled as being in a production environment or if they are customer impacting.
To set up this process, you define data filters to evaluate both the System
Environment and Security Class elements in your external data file for the desired
values. Without using operator logic, your conditions are related with the AND
operator, and the data feed imports items that are both in a production environment
AND have a high security class. By using operator logic with the OR operator, you
achieve the desired result: Assets that are in a production environment OR have a
high security class are imported into the Assets application.

Multiple operators with a parenthetical expression. You can use additional

operators by incorporating parentheses in your operator logic, as shown in the
following example.

Based on the above criteria, the following table details the result of the operator
logic.

(1) System
(2) Security Class (3) Manufacturer Result
Environment

Production Medium IBM Imported

Testing High IBM Imported

Production High Dell Not Imported

Testing Medium IBM Not Imported

280 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

The system evaluates the parenthetical expression first. In the last example in the
previous table, since neither 1 or 2 evaluate to "TRUE," the entire condition fails
even if 3 evaluates to "TRUE".
Multiple operators with nested parenthetical expressions. You also can use
nested parenthetical expressions in your operator logic. Nested parenthetical
expressions allow you to combine the results of two separate logical conditions,
thereby creating an additional logical condition, as shown in the following example.

Based on the above criteria, the following table details the result of the operator
logic.

(1)
(3)
System (2) Security (4) Operating (5) Server
Manufactu Result
Environm Class System Room
rer
ent

Production Medium IBM RHEL 4.0 Denver Imported

Facility

Testing High Dell Windows Denver Imported

Server 2003 Facility

Testing High Dell Windows Chicago Not Impor-

Server 2003 Facility ted

Production Medium Dell CentOS Denver Not

Facility Imported

The Data Feed Manager evaluates the nested parenthetical expressions first. In the
last example in the previous table, since neither 3 or 4 evaluate to "TRUE" in the
nested parenthetical expression, the primary parenthetical expression evaluates to
"FALSE," and thus the entire logical condition fails and the data is not imported,
even though all of the other conditions are met.

Define Data Tokens

Complete this task to configure token values for the source fields that you selected
to be tokens on the Source Data tab.

Chapter 9: Managing Threat Data Feeds 281

 RSA Archer GRC Platform Data Feed Manager

Tokens only store a single value for a source field that has been configured on the
Source Data tab. The list of tokens is based on these fields, as well as the
LastRunTime and LastFileName attributes of a previous data feed execution. If a
source field is not selected as a token, token data for that field is not stored.

Note: The Tokens tab is available only for Standard data feed types.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Source Definition tab, and then click the Tokens tab.
3. (Optional) To add an additional token, click Add New located in the Tokens
title bar and enter the field name.
4. In the Value field of the token that you want to modify, enter the updated value.
When modified, the updated value is used on the next data feed execution, and
the execution updates the value at its completion.

5. (Optional) To delete a token, click in the row of the token that you want to
remove.
6. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Map Data

282 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Data Tokens
The Data Feed Manager allows capturing "tokens" of data from the last execution
of a data feed. A token can be any field of data from the last source row processed.
The following table identifies the fields for which tokens are available.

Field Input

Post processing Destination files

Archer Web Services transporter Configuration string

Database Query transporter Query

Symantec DeepSight transporter Sequence number

File transporter Path

FTP transporter Fully qualified URI

HTTP transporter Data request URI

HTTP transporter Data request header parameters

HTTP transporter Logon header parameters

HTTP transporter Logoff header parameters

iDefense transporter URL

Mail Monitor transporter Filter

RSS transporter URL

Tokens also are available for the following attributes:

l LastRunTime
l LastFileName

Defining Data Mapping Activities

After the Data Feed Manager identifies the elements in the source data to import,
the filters to apply, and the tokens to use to capture data, it requires a specific
destination in the Platform. With the options on the Data Map tab, you can define
the location for the data imported through your data feed.

Chapter 9: Managing Threat Data Feeds 283

 RSA Archer GRC Platform Data Feed Manager

To direct the Data Feed Manager to the correct destination for the data it will
import, use the options on the Data Map tab to configure the field mappings for your
data feed.

Note: The Data Map tab is available for Standard data feed types.

On the Data Map tab, you can complete the following tasks:
l Map Data
l Define Key Fields
l Set Update and Archive Options

Map Data
Complete this task to map the configured elements from the Source Definition tab to
fields in a Platform target application or questionnaire. The Data Feed Manager
updates the target field with the value from the mapped source field during the data
feed execution.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Field Map tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Field Map tab.
The Source Fields section lists the Source Field names listed on the Source
Data tab.
3. Complete one of the following tasks:
l To have the system analyze the source fields and automatically map them to
application or questionnaire fields, click Auto-Populate.

284 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

This option maps fields from the data source to application or questionnaire
fields that have the same name. Auto populate occurs on level 1 fields only.
Additionally, if there is an exact name match between the source field and
the target field, and the field type is one of the following, the field is not auto
populated: External links, Values list, Sub-form, Related records, Cross
reference, or CAST.
l From the Source Fields column, drag your source field and drop it next to the
application or questionnaire field in the Target Fields section.
The mapped field from the data source populates the designated target field.

Note: For target fields that have a field type of cross-reference, sub-form, or
related records, map the fields expanded under these field types. You cannot
directly map to a target field with any of these field types.

4. (Optional) In the Actions column of each mapped field for which you want to
configure additional options, click .
The Field Population dialog box opens with options based on the selected field
type.
5. (Optional) To assign a trust level to your source data for a field that is mapped,
in the Trust Level field, enter a value from "0" to "99."

Note: The Trust Level option is useful when you have multiple data feeds
populating the same target application. By assigning trust levels, the Data Feed
Manager can determine when and when not to overwrite existing data.

The Trust Level option allows you to develop a hierarchy for updates to your
target data by entering the desired trust level for the field. The value 0 is
considered the greatest trust level. The trust level accepts values up to 99,
which is the lowest level of trust.
For example, consider a situation where two data feeds map to the same target
application field. Data Feed A runs first and populates the Case Status field
with the value Open. When Data Feed B runs, the Data Feed Manager
recognizes that Data Feed B has data that maps to the same field. Data Feed
Manager evaluates the trust levels to determine which data is the most trusted.
Since the field from Data Feed B has the greater trust level, its value of Closed
overwrites the data from Data Feed A.
6. Complete any of the following optional tasks:
l To delete a mapping for a single field, click in the Actions column of the
field that you want to remove.
l To remove the mappings for all fields, click Clear Target Field Mappings
located in the Target Fields title bar.
7. Click Apply.

Chapter 9: Managing Threat Data Feeds 285

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define Key Fields

Field Population Options

The Field Population dialog box provides additional options based on the selected
field type in the Field Map tab on the Data Map tab. The following table describes
these options.

Option Description

Empty Values Specifies that the data feed should overwrite

existing values in a target application or
questionnaire record with a Blank value from the
data source field.

Add Unknown Specifies that values from your data source that do
not appear in your target's list-based fields are to be
added. This option is available only for external link
and values list field types.

Append data to list-based field Specifies that additional values are to be added to
the target application record's existing values in list-
based field types.

Replace data in list-based field Specifies that the values in a list-based field type of
a target application or questionnaire record are
replaced with the values from the mapped data
source list.

Define Key Fields

Complete this task to specify one or more fields as key fields that uniquely identify
a record in the Platform target application or questionnaire for updating purposes.
Key field definitions must be established for every level and reference field in a
target application or questionnaire that has a source information mapping.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

286 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Note: The Key Field Definitions tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. Click the Data Map tab and then click the Key Field Definitions tab.
The Reference Field section contains the target application or questionnaire and
any mapped cross-reference, related records, CAST, or sub-form fields that
require a key field definition to be created. You can use the Key Field
Definitions section to define the unique key identifiers and the data feed actions
during the feed execution.
3. In the Reference Field section, select the field that requires a key field
definition.
4. In the Key Field Definitions title bar, click Add New Key.
5. In the Field Name field, select a target application or questionnaire field that
uniquely identifies the record.
6. To assign compound unique identifiers for the record, complete the following:
a. In the Actions column, click .
The Select Key Field dialog box opens.
b. From the Available Fields list, select the fields.
c. Click OK.
A new row for each selected field is added, and the order number for the new
rows is assigned the same number.
7. To add unique identifiers in a hierarchical structure for sub-form field types,
click in the Actions column.
A new child row is added to the Key Field Definitions section.

Chapter 9: Managing Threat Data Feeds 287

 RSA Archer GRC Platform Data Feed Manager

Note: After setting the order of key fields, the Data Feed Manager scans the
data source for matches to the first unique identifier. If no matches are found, it
searches for matches to the second unique identifier, and so on. Once the Data
Feed Manager scans through all of the unique identifiers and does not find a
match, the system creates a new target record.

8. From the Action list, select one of the following matching criteria for the unique
identifier.

Option Description

MatchExact Specifies that the value in the data source field must match the
unique identifier value exactly for the target record to be
updated. If the match is not exact, a new record is created.
For example, if a data source field has a value of "Renee Jones"
and a mapped application field that is specified as a unique
identifier has a value of "Renee Ellen Jones," the system does
not update the target application record because it is not an
exact match.

MatchAny Specifies that the data in the data source must match at least
one condition in the list-based field for the target record to be
updated.
For example, if a target application record has the values Blue
and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes
only the value Blue, the record is updated because at least one
of the values matches.

MatchAll Specifies that the data in the source file must match all of the
conditions in the list-based field for the target record to be
updated.
For example, if the target application record has the values
Blue and Green selected in the field specified as the unique
identifier, and the mapped field in the source data includes the
values Blue and Green, the record is updated. However, if the
source data includes only the value Blue, the record is not
updated. A new target application record is created instead
because there is not a complete match.

9. Click Apply.

288 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Set Update and Archive Options

Set Update and Archive Options

Complete this task to select options on the Update/Archive tab of the Data Map tab
to update existing records, create new records, or both. In addition, when target
records in the Platform cannot be matched with records in the external data source,
you can select to have those records modified or deleted. This option can be useful
if you are deferring the accuracy and current status of your data to the external
system. By deleting or modifying records in the system that are not found in your
external data source, you ensure that both the external source and the system are
synchronized.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Update/Archive tab is available for Standard data feed types.

Before You Begin

l Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

l Define Source Data.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

Chapter 9: Managing Threat Data Feeds 289

 RSA Archer GRC Platform Data Feed Manager

2. Click the Data Map tab and then click the Update/Archive tab.
3. In the Update Options section, select any of the following options.

Option Description

Create Instructs the data feed to create new records for data found in
the source file and not in the target application or
questionnaire.

Update Instructs the data feed to update records in the target

application or questionnaire when a unique identifier match
exists in the source file.

290 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

4. In the Archive Options section, select one of the following options:

Option Description

None Instructs the data feed to do nothing when a matching record is

not found.

Delete Instructs the data feed to delete records in the target

application or questionnaire when a matching record is not
found in the source data.

Set Value Instructs the data feed to set a value in a Values List field in a
record whenever the external data file does not contain a
matching record.
You can use this option to have the data feed set a Values List
to a value that identifies this record as Inactive or Not Current.
For example, if you have a Devices application with a record
for a specific laptop, and the external data file does not have a
matching record for that laptop, you can use this option to set
a Values List field in the laptop record to the value Inactive.
When you select this option, you also select the Values List
field in the target application or questionnaire and the value
you want to set in that field.
You cannot set the value in the Values List field of the target
leveled application under the following conditions:
l The Set Value Target Field is a global values list.
l Level 3 or lower in a leveled application.
l You are modifying the data feed configuration.

Note: When running a data feed that updates a values list, you
can view the time that the data feed updated the record in the
Execution History log. The last updated time is not displayed
under Last Updated on the Manage Data Feeds page.

Important: If you select to delete records, records in the selected application,

questionnaire, or sub-form without a matching record in the source information
are permanently deleted from the system database and cannot be recovered.

In most scenarios, RSA Archer recommends selecting the Set Value option and
flagging these records with a specific value rather than deleting them. For
example, you can add a field to your application called Status and include the
values Current and Archived. If a data feed cannot find a matching record in the
data source with a system record, the system record could be updated to have a
value of Archived for the Status field.

Chapter 9: Managing Threat Data Feeds 291

 RSA Archer GRC Platform Data Feed Manager

5. Click Apply.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Next Steps
Define a Schedule for the Data Feed

Define a Schedule for the Data Feed

Complete this task to configure the start time, pattern, and frequency for data feeds.
You can set up data feeds to automatically run at regular intervals. This option
reduces the time and effort required to import data from an external file. Data feeds
can be initiated at a variety of times and can be configured to run in regular
increments for an indefinite period of time.
To prevent excess server load, schedule data feeds on a staggered basis. A
maximum of 10 data feeds can be scheduled to run at a time. If more than 10 data
feeds are scheduled, each remaining data feed is executed as the previous one is
completed.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.

292 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

2. Click the Schedule tab.

3. From the Frequency list, select the frequency for the data feed and set up the
schedule.
For example, if you select Minutely from the Frequency list and specify 45 in
the Every list, the data feed executes every 45 minutes.

Note: To configure your data feed to execute after an existing data feed runs,
select Reference. For example, you can select to have a Threats data feed run
immediately after your Assets data feed is completed. From the Reference Feed
list, select after which existing data feed your feed should execute.

4. (Optional) To override the set data feed execution schedule and immediately
execute your data feed, click Start in the Run Data Feed Now section.
5. Click Save.

Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Activate a Threat Feed

Complete this task to activate the threat feed in the Platformafter you configure a
threat feed and before run it.
For a new threat feed, the first run is the baseload run, which should take place
before regular threat feeds are run. For DeepSight threat feeds, the baseload is run
as one job. For iDefense, the baseload runs in a series of jobs that pull up to 1,000
alerts at a time. Baseload runs may take a long time to complete—typically under
14 days.

Important: Only one version of the DeepSight transporter can be active at a time. If
you try to activate a threat feed that uses one of the two DeepSight transporters, and
another threat feed that uses the other DeepSight transporter is already active, a
warning message is displayed. To continue activating this threat feed, set the Status
for the other DeepSight threat feed to Inactive.

Before You Begin

When you configure an iDefense or DeepSight threat data feed, you need to set
specific parameters to properly connect the threat feed with your instance of the
Platform. For information on these required settings, see Threat Feed Configuration.

Chapter 9: Managing Threat Data Feeds 293

 RSA Archer GRC Platform Data Feed Manager

Procedure
1. Select the data feed that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed or click in the Actions column.
2. From the Status list, verify that Active is selected.
3. Click the Schedule tab.
4. In the Immediate Processing section, click Start.
If this is the first time that you run the threat feed, the baseload begins. The
Run Data Feed Now field displays the status.
5. In the Recurrences section, verify that the schedule settings are appropriate for
subsequent runs.
6. Click Save.

Note: You can exit the Data Feed Manager page while the baseload is running.

294 Chapter 9: Managing Threat Data Feeds

 RSA Archer GRC Platform Data Feed Manager

Chapter 10: Managing Additional Tasks

Additional Data Feed Tasks

The Data Feed Manager provides users with a flexible, code-free tool for
aggregating data in the Platform. Through a point-and-click interface, you can
configure multiple, dynamic data feeds within a day, and you can manage those
feeds without relying on programming resources.
In addition to transporter-specific data feed tasks, you can perform the following
tasks:
l Import a Data Feed
l Run Data Feed Now
l Generate the Run Detail Report
l View the Execution History of a Data Feed

Import a Data Feed

Complete this task to import a data feed configuration file into Data Feed Manager
and, if necessary, modify the configuration.

Important: When you configure an iDefense or DeepSight threat data feed, you
need to set specific parameters to properly connect the threat feed with your
instance of the Platform. For information on these required settings, see Threat
Feed Configuration.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. Click Import on the Manage Data Feeds toolbar.
3. In the Open dialog box, click the configuration file and select its Platform
version number.
4. Click Open.
The selected data feed configuration file is displayed in the Manage Data Feeds
page.

Chapter 10: Managing Additional Tasks 295

 RSA Archer GRC Platform Data Feed Manager

Run Data Feed Now

Complete this task to override the set data feed execution schedule and immediately
execute your data feed.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Before You Begin

Set up a report-based search for an application or questionnaire that contains the
source data that you want to import into another application or questionnaire.

Procedure
1. Select the data feed that you want to run:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed.
2. Click the Schedule tab.
3. Click Start in the Run Data Feed Now section.
Important: For a data feed to run, it must be both active and valid. As you
configure your data feed, the Data Feed Manager validates the information for
you. If it is not valid, an error message is displayed. You can save the data feed
and correct the errors later; however, the data feed does not process until the
errors are corrected and the data feed validates.

Generate the Run Detail Report

Complete this task to generate a report for application-specific data regarding the
last data feed run.

Note: The Schedule tab is available for both Standard and Transport-Only data feed
types.

Procedure
1. Select the data feed for which you want to view the data feed details:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
c. In the Name column, click the data feed.
2. Click the Schedule tab.
3. Click Run Detail.

296 Chapter 10: Managing Additional Tasks

 RSA Archer GRC Platform Data Feed Manager

The Run Detail dialog box opens. This dialog box has the Statistics and
Messages tabs. The Statistics tab shows the entity, rows processed, status, and
start date and time. The Messages tab shows the job activity, type, and date and
time of the activity.
4. Click OK to close the dialog box.

View the Execution History of a Data Feed

Complete this task to view the status, history, and result of your data feed.

Procedure
1. Navigate to the Manage Data Feeds page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration > Manage Data Feeds.
2. Locate the data feed for which you want to view the Execution History.

3. Under the Actions column, click Report .

The Execution History page is displayed, showing the following information:
l The name of the data feed
l A description of the data feed, if one has been provided
l The status of the data feed
l The start date and time of the data feed
l The date and time the data feed last completed an update
l The number of source rows processed

Chapter 10: Managing Additional Tasks 297

RSA Archer GRC Platform 5.4
Data Imports
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Data Imports

Contents

Preface 5
About this Guide 5
File Formats 5
Preparing for a Data Import 5
Product Documentation 6
Support and Service 6
Chapter 1: Data Imports 9
Data Import Preparation 9
File Formats for Data Imports 10
Importing Data Into Leveled Applications 10
Field Types for Data Imports 12
Field Types for Sub-Form Data Input 12
Unsupported Field Types 12
Data Requirements and Import Results 13
Using Excel as a .CSV Editor 15
Enable End Users to Perform Data Imports 16
Chapter 2: Data Import Wizard 17
Using the Data Import Wizard 17
Access the Data Import Wizard 17
Select the Data File and Import Options 18
Select Unique Record Identifiers 20
Unique Identifiers 21
Map Import Data to Application Fields 22
Review Data Import Wizard Settings 23
Initiate Data Validation and Import 23
Data Validation Errors 24
Chapter 3: Reports 31
Review Job Queues 31

3
 RSA Archer GRC Platform Data Imports

Preface

About this Guide

You can use the Data Import feature to import records into an application,
questionnaire, or sub-form from an external data file. Importing data through the
Data Import feature rather than entering it manually can save you a lot of time, and
with good preparation, a data import can be completed quickly and easily.

File Formats
Your import file must be a flat, delimited-values data file. A flat file contains all
data in a single table and does not include any hierarchical structure. In a delimited-
values file, each row is equal to one record, and field values are separated in each
record by a comma, tab, or some other designated character. For more information
on the proper file format for data imports, see File Formats for Data Imports.

Preparing for a Data Import

To ensure that the data is correctly and efficiently copied into the application,
before beginning your data import, examine both your external data file and the
system component (application, questionnaire, or sub-form) into which you are
importing data. Taking a few minutes to carefully plan a successful data import can
save you a lot of time in resolving import errors later. For more information on
planning for your data import, see Data Import Preparation.
You can perform the following tasks using the Data Import feature:
l Import Data into Various Field Types
l Import Data into Leveled Applications
l Enable End Users to Perform Data Imports

Preface 5
 RSA Archer GRC Platform Data Imports

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

6 Preface
 RSA Archer GRC Platform Data Imports

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform Data Imports

Chapter 1: Data Imports

Data Import Preparation

To ensure that the data is correctly and efficiently copied into the application,
examine both your external data file and the system component (application,
questionnaire, or sub-form) before you begin the data import process.

Important: If you are importing data that uses a double-byte character set, such as
Japanese, the alias of each field must be set to a single-byte character set, such as
English. To do this, open the Manage Field page for each field and rename the
Alias field using single-byte characters.

Consider the following points as you examine your import file and the application
into which you are importing data:
l Your file must be a delimited-values data file, and because the Data Import
Wizard requires you to specify the primary and secondary delimiters used in your
data file, it is important to know what these characters are before you begin the
data import.
l Importing data into an application copies data from an import file into existing
application, questionnaire, or sub-form fields. It does not create any new fields.
Therefore, your application must contain all necessary fields before you begin
the import process. If you import sub-form records, the application to which you
import must contain a Sub-Form field. This Sub-Form field must reference a sub-
form that contains the appropriate fields.
l Mapping fields from your external data file to fields in your application is much
easier if the corresponding fields have the same name. The system automatically
maps import fields to application fields when they have the same name, which
can save you a lot of time in manually mapping fields.
l If you map a field from your external data file to a required field, each record in
your data file must include a value for this required field.
l If your import file contains date or date-time values, you are asked to specify the
format used for these values. Your import file must use a consistent format for
date and time values, and you should know what these formats are before you
begin the Data Import Wizard. Also, if your import file contains date-time
values, note the separator (hyphen, period, comma, space, or so on) that is used
between the date and time values and between the time and the AM/PM
designation.
l When importing data into a leveled application, you must import each level's data
separately, starting with the top data level. Each level must be imported from a
separate external data file.

Chapter 1: Data Imports 9

 RSA Archer GRC Platform Data Imports

l When importing data into an application that contains a sub-form, you must
import application records and sub-form entries separately. You need one
external data file for your application records and another for your sub-form
entries. The sub-form data file must contain unique field values from the
application records, such as Tracking ID values, so the sub-form entries can be
appropriately mapped to the application records where they will reside.

File Formats for Data Imports

Your import file must be a flat, delimited-values data file. A flat file contains all
data in a single table and does not include any hierarchical structure. In a delimited-
values file, each row is equal to one record, and field values are separated in each
record by a comma, tab, or some other designated character. If your file contains
multiple values in individual fields, those values are separated with a secondary
delimiter, such as a semicolon or pipe (|). In the Data Import Wizard, you specify
the primary (Field Delimiter) and secondary (Values Delimiters) delimiters used in
your data file, so it is important to know what these characters are before you begin
your data import.
When selecting Field and Values Delimiters to use in your external data file,
consider whether the selected characters are displayed anywhere in your field
values. For example, if you choose a comma as your Field Delimiter, examine your
data file to see if commas appear in individual field values, such as text strings. If
commas do occur in individual field values, the system reads those commas as
delimiters and separates the field data that comes before and after a comma into
two separate field values. To solve this problem, you can use single or double
quotes to enclose field values in your data file, for example, "Server, Router".
Characters enclosed in quotation marks are not interpreted as delimiters. A second
way to solve this problem is to choose Field and Values Delimiters for your data
file that do not occur anywhere in your field values. The pipe (|) and circumflex
accent (^) characters are good examples of uncommon characters that work well as
delimiters.

Importing Data Into Leveled Applications

When importing data into a leveled application, you must import each level's data
separately, starting with the top data level. Each level must be imported from a
separate external data file. You can create these separate source files by exporting
data from the leveled application that contains the data that you want to import. You
must export data one level at a time.
The following steps explain the process for importing data into a leveled
application:

Note: Before beginning a data import, see Data Import Preparation.

10 Chapter 1: Data Imports

 RSA Archer GRC Platform Data Imports

1. Execute a search in your leveled application and select only level-1 fields for
display in the search results (using column format). Export those results.
2. Re-execute your search and select level-2 fields for display in your search
results. Also select a field from the first data level to include in your search
results that associates your level-2 records with your level-1 records (The
values for that level-1 field must be unique for each record.). Export those
records.
3. Repeat step 2 for each subsequent data level and include only an individual
level's fields along with a parent-level field in each search and export process.
Note that the parent level is the data level that directly precedes each child
level. For example, the third data level's parent level is the second data level.

Note: If you try to import each level by selecting specific columns of data to import
from a single master file, you have duplicate upper-level records and/or your lower-
level records are not associated with their parent records. You must use a separate
file for each level's data import.

Example
The following steps explain the process for importing data into a three-level
application:
1. Perform a new import or an import update of the level-1 field data.
2. Perform a new import or an import update of the level-2 field data. Your import
file must contain the level-2 field values along with unique values for a field in
level 1 of the application, such as the Tracking ID field. When you are mapping
values from your external data file to fields in your application in step 3 of the
Data Import Wizard, you map the level-2 data to the appropriate level-2 fields,
and you map the level-1 values to the appropriate level-1 field. This action
creates the association between level-1 and level-2 records.
3. Perform a new import or an import update of the level-3 field data. Your import
file must contain the level-3 field values along with unique values for a field in
level 2 of the application, such as the Tracking ID field. When you are mapping
values from your external data file to fields in your application in step 3 of the
Data Import Wizard, you map the level-3 data to the appropriate level-3 fields,
and you map the level-2 values to the appropriate level-2 field. This action
creates the association between level-2 and level-3 records.

Chapter 1: Data Imports 11

 RSA Archer GRC Platform Data Imports

Field Types for Data Imports

You can import external field data into any of the following field types:

l Cross-Application Status Tracking l Record Permissions (only if the field is

(only available for import updates) configured to allow manual selection)
l Cross-Reference l Related Records
l Date (unless the field is configured as l Sub-Form
a calculated field)
l Text (unless the field is configured as a
l IP Address calculated field)
l Matrix l User/Groups List
l Numeric (unless the field is l Values List (unless the field is configured
configured as a calculated field) as a calculated field)

Field Types for Sub-Form Data Input

The following field types are supported for sub-form data import:
l Cross-Reference
l Date (unless the field is configured as a calculated field)
l IP Address
l Numeric (unless the field is configured as a calculated field)
l Text (unless the field is configured as a calculated field)
l User/Groups List
l Values List (unless the field is configured as a calculated field)

Unsupported Field Types

The following field types are not supported for data import:

l Access History l Image

l Attachment l Last Updated Date
l Discussion l Multiple Reference Display Control
l External Links l Record Status
l First Published Date l Tracking ID
l History Log l Voting

12 Chapter 1: Data Imports

 RSA Archer GRC Platform Data Imports

Data Requirements and Import Results

Individual field types react differently when their content is modified through a data
import. Additionally, some fields require specific data formats for successful
imports. The following table provides information on data import results and data
requirements for various field types.

Field Type Result in Data Import and Data Requirements

Cross Application CAST values can be specified only during an import update.
Status Tracking (CAST) If you are adding additional field values rather than updating
existing values with your data import, this field is not
available in the Application Fields drop-down list on the
second page of the Data Import Wizard. CAST values are
specified in the target/child application. Because a CAST
value is specific to two different records, you must include
unique identifiers for both the parent and the child record.

Example
To update the Implementation Status of two vulnerabilities
on 10 assets, you need 20 rows of data. You need the asset
identifier, for example, IP Address or Asset Name, the
vulnerability identifier, for example, BugTraq ID, and a status
value, for example, Implemented.

Cross-Reference The values that you import into a Cross-Reference field must
be key-field values for the related application. If you import
values that are not key-field values for the related
application, the data importer cannot link records in the
import application to records in the cross-referenced
application.

IP Address An IP Address value must be formatted as four octets

separated by periods. Each octet can contain one, two, or
three numbers. The following is an example of an import
value for an IP Address field:
1.160.10.240

Matrix When importing data into this field type, you must specify
the column name and corresponding row value for each
column in the Matrix field. Column names are separated from
row values with a comma, and a semicolon is used to
separate column and row pairs.
The following is an example of an import value for a Matrix
field:
Maintenance Burden, Low; Portability, Medium; Power

Chapter 1: Data Imports 13

 RSA Archer GRC Platform Data Imports

Field Type Result in Data Import and Data Requirements

Consumption, High
In this example, "Maintenance Burden," "Portability," and
"Power Consumption" are column names, and "Low,"
"Medium," and "High" are the corresponding row values.

Important: Ifyou import a Matrix value that contains a

column or row value that does not display in the
application's Matrix field, that column or row is added
to the Matrix field. If you do not want additional
columns or rows to be added to your Matrix field
during a data import, ensure that your external data
file only includes Matrix values that display in your
application's Matrix field.

Numeric If the application with which you are working has a ranged
Numeric field, and you import values that are outside of the
field's defined ranges, records with these values are not
returned when users execute advanced searches in the
application using numeric-range filters.
Also, if you import numeric values that exceed your Numeric
field's maximum number of decimal places, the values are
rounded off to meet the field's requirements. If you import
values with fewer decimal places than the minimum number
of decimal places allowed in the Numeric field, these values
are padded with zeros, for example, 4.22000.
In addition, if you import values that are above or below the
Numeric field's minimum and maximum values, an error is
reported.

Record Permissions If you import an empty value into a Record Permissions field,
the field is empty in the new or updated record, even if the
field is configured with one or more default values. When no
value is selected in the Record Permissions field, the only
users who have access to the record are those who are
assigned the System Administrator access role, and those who
are assigned as owners of the application.

Sub-Form A Sub-Form field can be active or inactive during the import

process; however, the actual sub-form storing the data from
the data import must be active.

Text This field is updated regardless of the content of your data

14 Chapter 1: Data Imports

 RSA Archer GRC Platform Data Imports

Field Type Result in Data Import and Data Requirements

import.

User/Groups List Users are identified using following format: last_name, first_
name middle_name. Groups are identified by their name. If
there is more than one user or group with the same value
(name), the first one (based on the system ID) is used.
Multiple values are separated with the secondary delimiter
specified on the first page of the Data Import Wizard.
If you try to import a user or group that is not a valid
selection among the User/Groups List field values list, an
error is reported.
If you import an empty value into the User/Groups List field,
the field is empty in the new or updated record, even if the
field is configured with one or more default values.

Values List If you import a value into a Values List field that is not
included in the field's values list, the value is added to the
values list. If the values list is global, the imported value is
displayed in the global values list for all fields configured to
use it.

Note: Importing a record with all of the values that you

would like your values list to include is an easy way to add
those values to the list.

Using Excel as a .CSV Editor

While Microsoft Excel is a tool that most users have for editing comma-separated
values (.csv), it occasionally may make unexpected changes to your data file. If you
use Excel only to preview your files, there should be no problems. However, if you
save your file in Excel, you may find that the saved version is different from what
you anticipated.
Note the following types of changes that may occur in your files:
l Date Values. Excel converts date values to use its format. You can use this
feature to your advantage if you are pulling values in from disparate sources.
l Points of Precision. Excel manipulates decimal places to use its format.
l Quoted Strings. Excel uses quoted strings if they are necessary, and strips
extra ones if they are not.

Chapter 1: Data Imports 15

 RSA Archer GRC Platform Data Imports

l Cell Limitations. A cell in an Excel spreadsheet holds a finite number of

characters. If your .csv file exceeds this limit, saving it in Excel corrupts your
data.

Enable End Users to Perform Data Imports

As an application owner, you can extend data-import rights to end users. To do this,
you must configure the Navigation Menu to display the Data Import option and grant
rights to the Data Import Wizard to end users through their access role or roles.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Navigation Menu tab.

3. Select the Display Item option adjacent to the Data Import item.
4. Click Save.
5. In the Navigation Menu, click Access Control.
If you do not have rights to the Access Control feature, contact an Access
Control administrator to complete the remaining steps.
6. Open the Manage Access Roles page.
This page lists all of the access roles for the application.
7. On the Role tab, select the role whose privileges you want to modify to grant
end-user access to the Data Import Wizard.
8. Click the Rights tab.
9. From the Application list, select the application that you just configured to
display the Data Import link in the Navigation Menu.
10. On the [Application Name]: Data Import page, select Read, Create, and
Update.
11. Click Save.

16 Chapter 1: Data Imports

 RSA Archer GRC Platform Data Imports

Chapter 2: Data Import Wizard

Using the Data Import Wizard

Once you have prepared your external data file and your application, questionnaire,
or sub-form for data import, you can begin the import process using the Data Import
Wizard. The wizard asks you to select your data file, configure import options, and
map import data to application fields.
Perform the following tasks in the Data Import Wizard:
1. Access the Data Import Wizard
2. Select the Data File and Import Options
3. Select Unique Record Identifiers
4. Map Import Data to Application Fields
5. Review Data Import Wizard Settings
6. Initiate Data Validation and Import

 Access the Data Import Wizard

The Data Import Wizard walks you step by step through the data import process. If
you are an end user, and your administrator has given you data import privileges for
an application, you can access the Data Import Wizard from the Navigation Menu.
If you are an application owner, you can access the Data Import Wizard from the
Manage Data Import page.

Note: You can also access the Data Import Wizard from the Navigation Menu of an
application, if your account has been granted appropriate privileges. If the
application contains levels or sub-forms, you are prompted to select the level or
sub-form before the Wizard starts.

Before You Begin

Prepare your external data file and your application, questionnaire, or sub-form for
data import. See Data Import Preparation.

Procedure
1. Navigate to the Manage Data Imports page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.

Chapter 2: Data Import Wizard 17

 RSA Archer GRC Platform Data Imports

c. Click Manage Data Imports.

This page enables you to import data to applications and questionnaires for
which you have ownership rights.
2. In the Name column, locate and click the name link for the application,
questionnaire, or sub-form that you want to receive the data import.
The Data Import Wizard opens.

Next Steps
Select the Data File and Import Options

Select the Data File and Import Options

The first step of the Data Import Wizard asks you to provide a filename for your
external data file, to specify the file format, and to select other advanced import
options.

Before You Begin

Access the Data Import Wizard

Procedure
1. Click Browse to select the source file for the data that you want to import. The
file that you select must be a flat, delimited-values file. Additionally, verify that
the source file is closed.

Note: If you make changes to the source file after you have uploaded it to the
Data Import Wizard, you must return to this step and upload the file again
before initiating the data validation and import process.

2. In the Format Options section, select the characters that your data file uses as
its Field and Values Delimiters. If your data file's field delimiter is something
other than a comma or a tab, enter the correct character in the Other field.
Likewise, if your Values Delimiter is something other than a semicolon or pipe
(|), enter the correct character in the Other field.
3. In the Locale field, select the locale of the input file.
4. If the first row of data in your file contains field names instead of actual record
data, select File Contains Header Row in the Header Row field. If the first
row of data in your file contains actual record data, select File Does Not
Contain Header Row in the Header Row field.
5. In the HTML Formatting field, indicate whether fields in your data file contain
HTML formatting.

18 Chapter 2: Data Import Wizard

 RSA Archer GRC Platform Data Imports

6. In the Advanced Options section, make selection for the following fields:
l Are any field values quoted in your data file? If the answer is yes, select
the double or single quotes option.
l Should imported records be allowed to trigger notifications? If
notifications are enabled for the application into which you are importing
data, you can select to send notifications for your imported records.
Important: Consider this option carefully. If you are importing a large
number of records, triggering a notification email for each of these records
could produce a heavy load on the email accounts of users who are
subscribed to a notification template for the application.

l Should invalid cross references be imported? If you select Import

Invalid Cross References, records that contain invalid cross-reference
values are imported, but the invalid values are left out of the import. If you
select Do Not Import Invalid Cross-References, each record's cross-
references are validated, and if any are found to be invalid, the Data Import
Wizard reports errors after the Validating Records import stage and prevents
you from completing the data import.
l How should existing references be handled? If you select to replace
existing cross-reference values, the existing data in the application is
replaced with the data from the import file. Data existing prior to the import
process is removed. If you select to append cross-referenced data, the system
leaves all existing values in the record intact and adds new cross-reference
values from the data file to the records.
7. Click Next.

Note: Be certain that you have selected the source file (see step 1) so that you
can advance to the next page of the Data Import Wizard.

Next Steps
Select Unique Record Identifiers

Chapter 2: Data Import Wizard 19

 RSA Archer GRC Platform Data Imports

Select Unique Record Identifiers

If you are updating existing records or importing sub-form entries, there is a Unique
Identifiers control group on the second page of the Data Import Wizard. A unique
identifier is a field (or a combination of fields) whose values in individual records
are different from all other records. For example, the Tracking ID field, when
configured as System ID, is a unique identifier because the value for that field is
different for every record. If you are updating entries in a sub-form that does not
contain a Tracking ID field or any other field with unique values, you can use a
combination of fields to establish the unique identifier. For example, you can select
a Text field and a Date field if the combined values of those fields are different for
every sub-form entry.

Note: The Tracking ID field can only be used as a unique identifier if configured as
System ID. If configured as Application ID, it is not available for use as a unique
identifier.

By establishing a unique identifier, the Data Import Wizard maps import data to
existing data in the application. If you are updating application records with your
data import, the unique identifier matches records in your import file with existing
records in the application. If you are importing data into a sub-form, the unique
identifier correctly matches your sub-form entries to their parent application
records.
The steps for selecting unique record identifiers vary depending on the type of data
import you are performing.

Before You Begin

l Access the Data Import Wizard
l Select the Data File and Import Options

Procedure
1. On page 2 of the Data Import Wizard, in the General Information section,
select one of the following options:
l Import New Records. If you are importing new records, existing records in
your application remain unchanged. The new records are added to the
existing population of records in the application.
l Update Existing Records. If you are updating existing records, the system
examines your existing records and, when it finds a match between a record
in your application and a record in your external data file, the existing record
is updated with the imported record. If your external data file contains
records that do not match any records in your application (according to the
unique record identifier that you specify), those unmatched records are added
as new records in your application.

20 Chapter 2: Data Import Wizard

 RSA Archer GRC Platform Data Imports

2. If you are updating existing records with your data import, do the following:

a. In Application Field(s), click .

b. Select one or more fields whose values serve as the unique record identifier.
This allows the Data Import Wizard to match records in your external data
file with records in the application, questionnaire, or sub-form.

Next Steps
Map Import Data to Application Fields

Unique Identifiers
A unique identifier is a field, or a combination of fields, whose values in individual
records are different from all other records, thereby uniquely identifying the record.
By establishing a unique identifier, you instruct the Data Feed Manager on how to
update existing data in the application or questionnaire from the matching source
data. If no match is found, the Data Feed Manager creates a new target application
or questionnaire record. For example, you can select an IP Address field in a record
to be your unique identifier. If a data source record has a matching value for the
target application field, the source record data updates the target application record
data. If no match is found, the data feed creates a new application record.

Note: Matching logic includes text formatting when matching the key fields in the
data feed source to a record in the Platform database. When a data feed has two
records with the same text, but with different formatting tags, the records are
distinguished as separate records.

Fields that act as unique identifiers for your data feed do not have to be the same as
the key fields for your target applications or questionnaires. The following table
lists the field types from a target application or questionnaire that can be selected as
unique identifiers.

Text-Based Field Types List-Based Field Types

Text Values Lists

Numeric Record Permission

Date User Groups

IP Address Sub-form Fields

Tracking ID ("System ID" only)

Note: The Tracking ID field can only be used as a key field if configured as System
ID. If configured as Application ID, it is not available for use as a key field.

Chapter 2: Data Import Wizard 21

 RSA Archer GRC Platform Data Imports

When selecting cross-reference or related records fields as unique identifiers, you

must select a field from the related application matching one of the above field
types. For example, if you select the Vulnerabilities cross-reference field, which
cross-references the Vulnerabilities application, in an Assets application, you also
select a qualifying field from the Vulnerabilities application to serve as a unique
identifier.

Map Import Data to Application Fields

The next step of the Data Import Wizard involves mapping fields from your import
file to fields in your application or sub-form. To assist you in this process, page 2 of
the Data Import Wizard provides a preview of the first 20 rows of data in your
import file, which gives you additional confirmation when correlating columns of
data to application or sub-form fields.

Before You Begin

l Access the Data Import Wizard
l Select the Data File and Import Options
l Select Unique Record Identifiers

Procedure
1. For each field in the Import Fields row, select the corresponding field in the
Application Fields row from the lists. This allows you to map data from your
import file to the appropriate fields in your application or sub-form. If you do not
want to import one or more columns of data from your import file, select Do Not
Import from the list in those columns.
Note: If you are updating existing records or importing sub-form entries, you
must map the field that you selected as a unique identifier to the appropriate
field in the field mapping grid. Otherwise, an error message is displayed. For
more information on unique identifiers, see Select Unique Record Identifiers.
Additionally, import values for a Cross-Reference field must be key field values
for the cross-referenced application. If the values are not key field values, the
importer cannot link the records.

2. If you have mapped a Date field in the import file to a Date field in the
application, specify the format for date and time values in the import file.
The format for these values in the import file must be consistent. The examples
to the right of the date and time drop-down lists update according to the
selections that you make, enabling you to verify your choices.
3. Click Next.

Next Steps
Review Data Import Wizard Settings

22 Chapter 2: Data Import Wizard

 RSA Archer GRC Platform Data Imports

Review Data Import Wizard Settings

The next step when working with the Data Import Wizard is to review the data
import settings on the Wizard Summary page before initiating the import process.

Before You Begin

l Access the Data Import Wizard
l Select the Data File and Import Options
l Select Unique Record Identifiers
l Map Import Data to Application Fields

Procedure
1. On page 3 of the Data Import Wizard, review the data import settings.
2. To change any of the settings, click Previous to return to the appropriate Data
Import Wizard page.
For more information on a particular page, see the Help content for that page.

Next Steps
Initiate Data Validation and Import

Initiate Data Validation and Import

The final step when working with the Data Import Wizard, after reviewing the data
import settings on the Wizard Summary page, is to initiate the import process.

Before You Begin

l Access the Data Import Wizard
l Select the Data File and Import Options
l Select Unique Record Identifiers
l Map Import Data to Application Fields
l Review Data Import Wizard Settings

Procedure
1. When you are satisfied with the Data Import Wizard settings, click Import to
initiate the validation and import of your data.
Once you click Import, the system begins a three-stage import process:
l Validating Records
l Building the Import File
l Importing/Updating Records

Chapter 2: Data Import Wizard 23

 RSA Archer GRC Platform Data Imports

In the Validating Records stage, each record in your data file is examined for
errors. If you click Cancel during the Validating Records stage, your data
import is aborted. When the Validating Records stage completes, the Data
Import Wizard reports any errors that are found, up to the first 100 errors. If
errors are found, the import process terminates, and you must correct these
errors before attempting to import the records again.
2. If necessary, correct errors, and begin the import process again (starting on the
first page of the Data Import Wizard).
For more information on correcting errors, see Data Validation Errors.
If no errors are found in the Validating Records stage, the system continues
with the Building the Import File stage, where your import file is built record by
record. During this stage, you can abort the import by clicking Cancel.

Important: You must not close this window or log off from the system during
this stage of the import process. Doing so causes adverse results.

Note: Invalid HTML or XML characters in the external data file are stripped
from the data during the import process to prevent import errors.

When the Importing/Updating stage completes, the Overall Import Status

message is displayed. This message includes the number of records that are
successfully imported into the application. If unexpected errors occurred during
the import process that prevented one or more records from being imported,
these records automatically are exported to a .csv file.
The Overall Import Status message provides a link to this external .csv file.
Once you have corrected the problems that prevented these records from being
imported, you can attempt to import these records again.
3. Once the import is completed successfully, click Continue.

Data Validation Errors

Once you click Import in the Data Import Wizard, the system validates your
external data and reports any errors. If errors are found, the import process is
terminated, and you must correct the errors in your data file before attempting your
data import again (starting on the first page of the Data Import Wizard). The
Wizard can report up to 100 errors. If your data file contains more than 100 errors,
they are not all reported.

24 Chapter 2: Data Import Wizard

 RSA Archer GRC Platform Data Imports
The following table describes errors that can occur during the data validation
process and provides possible resolutions.
Error
All unique identifiers must be
mapped for insert
All unique identifiers must be
mapped for update
All unique identifiers must be
mapped for update
Column mismatch
Could not locate group name
Chapter 2: Data Import Wizard
Description and Possible Resolution
If you are importing new sub-form records, you must
map the fields that you selected to serve as the applic-
ation's unique identifier to those fields in the field
mapping grid.
If you are updating existing master or sub-form
records, you must map the field that you selected to
serve as the application's unique identifier to that
field in the field mapping grid.
If you are updating existing master or sub-form
records, you must map the field that you selected to
serve as the application's unique identifier to that
field in the field mapping grid.
Your external data file contains a value that does not
match the data type of the field to which the value is
mapped. For example, the value might be a text string
while the field you are attempting to import the value
into only accepts date values. To resolve this
problem, change the value in your data file to match
the data type required by the field to which you are
mapping the value.
This error can occur if your external data file contains
a group value that is not a group value established in
the system. To resolve this problem, either change the
group value in your data file so that it matches a
group in the system, or add the group from your data
file to the system from the Manage Groups page in
the Access Control feature.
25
 RSA Archer GRC Platform Data Imports

Error Description and Possible Resolution

Date does not match
expected format
Your external data file contains a date that
does not match the date format that you
specified for the import. To resolve this
problem, reformat the date value so that it
matches the format that you selected in the
Data Import Wizard.

Field is required
Your external data file is missing one or more values
for a required field. You can resolve this problem by
entering the required values in your import file or by
changing the field in your application so it is no
longer a required field.

Field requires a selected Your external data file is missing a value

value for a Values List field that requires a selec-
ted value. To resolve this problem, enter
the required value in your data file or
change the field in your application so that
it no longer requires a certain number of
value selections.

Imported subform record cannot This error can occur if you are importing sub-form
have multiple parents data, and the field from the parent record that you
selected as the unique identifier contains non-unique
data. To resolve this problem, select a unique field
value from the parent record to serve as the applic-
ation's unique record identifier.

26 Chapter 2: Data Import Wizard

 RSA Archer GRC Platform Data Imports
Error
Invalid IP Address
Invalid key(s) for cross applic-
ation status field for application a Cross-Application Status Tracking (CAST) field and
Invalid matrix format
Invalid number
Chapter 2: Data Import Wizard
Description and Possible Resolution
Your external data file contains a value for
an IP Address field that is not correctly
formatted. To resolve this problem,
reformat the value according to the
guidelines in the IP Address entry in Field
Types for Data Imports.
This error can occur if you are updating records with
do not specify valid, unique identifiers for the parent-
application and child-application records associated
with the CAST field. To resolve this problem, see the
Cross-Application Status Tracking (CAST) entry in
Field Types for Data Imports.
Your external data file contains a value for
a Matrix field that is not formatted correctly.
To resolve this problem, reformat the value
according to the guidelines in the Matrix
entry in Field Types for Data Imports.
This error can occur if you are importing a value into
a Numeric field that contains alphabetic characters.
To resolve this problem, change the value in your
external data file so it contains only numeric char-
acters.
27
 RSA Archer GRC Platform Data Imports
Error
Invalid tracking ID
Multiple columns are mapped
to the same field
Number is larger than
maximum value
Number is smaller than min-
imum value
Too many cross ref-
erences selected
28
Description and Possible Resolution
This error can occur if you are doing an
import update, and the Tracking ID field in
your external data file contains a value
that is not a valid tracking ID for the applic-
ation into which you are importing. The
tracking ID value may not exist in the sys-
tem, or it may be a valid tracking ID for
another application. To resolve this prob-
lem, change the value in your data file so
that it is a valid, unique tracking ID for the
import application.
This error can occur if more than one field from your
data import file is mapped to the same application
field. If you are performing a sub-form data import, a
field from your data import file may be mapped to the
same field as the parent record. To resolve this prob-
lem, make sure that your application fields are
mapped to different fields and that the import data
fields are mapped to the sub-form fields.
This error can occur if you are importing a
value into a Numeric field that is above the
maximum value allowed for the field. To
correct this problem, examine the Numeric
field in your application to determine the
maximum value it allow and change the
value in your data file, so it falls at or
below that maximum value.
This error can occur if you are importing a value into
a Numeric field that is below the minimum value
allowed for the field. To correct this problem, exam-
ine the Numeric field in your application to determine
the minimum value it allows and change the value in
your data file, so it falls at or above that minimum
value.
This error can occur if a record in your external data
file contains more values for a Cross-Reference field
than the maximum number of value selections that
Chapter 2: Data Import Wizard
 RSA Archer GRC Platform Data Imports

Error Description and Possible Resolution

field allows. To resolve this problem, examine the

Cross-Reference field in your application to determine
how many values can be selected for the field, and
reduce the number of values in your data file so that
they fit within that limit.
If the number of values selected in your data file does
not exceed the value limit for your Cross-Reference
field, this error can also occur if the key field for the
cross-referenced application is not unique and your
Cross-Reference field maps to one of the non-unique
values. To resolve this, verify that the key field of the
cross-referenced application is unique.

Unsupported import type This error can occur if you are importing new records
and attempt to import data into a Tracking ID field.
To resolve this problem, select Do Not Import from
the list for the Tracking ID field in the field mapping
grid.

Unsupported link type This error can occur if you are updating records with
your data import and you select a field type for the
key field that cannot serve as the key field for a
record. Examples of field types that cannot serve as
the key field for a record include:
l First Published Date
l Last Updated Date
l Record Status
l Related Records

To resolve this problem, select a field type for the key

field that can serve as the key field for a record.

Chapter 2: Data Import Wizard 29

 RSA Archer GRC Platform Data Imports

Chapter 3: Reports

Review Job Queues

Complete this task to view the Review Job Queues page which lists the current
status of data imports for the Platform.

Procedure
1. Navigate to the Review Job Queues page:

As Platform Administrator As End User

a. Click the Administration workspace.
b. In the Navigation Menu, click
Integration > Review Job Queues.
a. From the menu strip in the top
frame, click Preferences.
b. From the User Preferences menu,
click View Your Data Import
History.

The Review Job Queues page is displayed, which lists current status of data
imports for the Platform.
2. Locate the data import that you want to view.

3. Click to display the Run Detail dialog box for that data import.
This page contains application-specific data regarding the last run of the data
feed.

Chapter 3: Reports 31
RSA Archer GRC Platform 5.4
Data Publications
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Data Publications

Contents

Preface 5
About this Guide 5
Data Publication Process 5
Supported Field Types 5
Product Documentation 6
Support and Service 7
Chapter 1: Data Publications 9
Create a New Data Publication 9
Manage the General Properties of a Data Publication 9
Define the Connection Parameters 10
Define a Schedule for the Data Publication 11
View Data Publication History 12
Clear Job History 13

3
 RSA Archer GRC Platform Data Publications

Preface

About this Guide

The Data Publication Manager allows users to extract data from the Platform and
load it into external systems for data analysis and modeling. A point-and-click
interface steps you through the data publication process with no need for custom
code. When constructing a data publication, you select the solution whose data you
want to publish, provide credentials for the database where the data is to be loaded,
and provide a schedule for automatically executing the publication. Additionally,
you can view the detail history of data publication jobs, including detailed
information on errors or records tried or failed.

Data Publication Process

The data publication process converts records residing in system applications into a
relational database structure. Applications, questionnaires, and sub-forms are
created as tables in the destination database and maintain their linkages, and fields
are represented as columns in the table of their parent entity (application,
questionnaire, or sub-form).
When generating the names of columns and tables, the data publication process
uses the Alias value for applications, questionnaires, sub-forms, fields, and values
lists. Using the alias values allows administrators more flexibility in referencing a
separate identifier than the display name and provides a method for ensuring naming
consistency, independent of the display name.

Supported Field Types

The following field types are supported for data publication:
l Text
l Numeric (Prefixes and suffixes cannot be published.)
l Date
l Values List (Fields that display the value "No Selection" contain no value in the
published version.)
l Matrix
l Tracking ID (Prefixes and suffixes can be published.)
l External Links
l Attachment
l Image
l IP Address

Preface 5
 RSA Archer GRC Platform Data Publications

l Record Status
l First Published Date
l Last Updated Date
l Cross-Reference/Related Records (Upon publication, reference field values
display a link to the table containing the sub-form data.)
l Sub-Form (Upon publication, sub-form field values display a link to the table
containing the sub-form data.)
l Record Permissions
l User/Groups List

Note: Calculated fields publish the current value of the field, not the calculation
formula.

You can perform the following tasks using the Data Publication Manager:
l Create a New Data Publication
l Manage the General Properties of a Data Publication
l Define the Connection Parameters
l Define a Schedule for the Data Publication
l View Data Publication History
l Clear Job History

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

6 Preface
 RSA Archer GRC Platform Data Publications

Guide Description

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference
Guide
Provides IT managers and programmers with a list of
the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.

Preface 7
 RSA Archer GRC Platform Data Publications

The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC

initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

8 Preface
 RSA Archer GRC Platform Data Publications

Chapter 1: Data Publications

Create a New Data Publication

You can create, define, and activate data publications without the need for
programming knowledge. On the General tab of the Manage Data Publication page,
you can define general information for a data publication.

Procedure
1. Navigate to the Manage Data Publications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
c. Click Manage Data Publications.
2. Click Add New.
3. Do one of the following:
l To use the settings of an existing data publications as a starting point, select
Copy an existing Data Publication and select the existing data publication
from the Existing Data Publications list.
l To select new settings for a data publication, select Create a new Data
Publication from scratch.
4. Click OK.
The Manage Data Publication page is displayed where you can specify the
properties of the data publication.

Next Steps
Manage the General Properties of a Data Publication

Manage the General Properties of a Data Publication

You can configure the overall properties of the data publication.

Before You Begin

Create a New Data Publication

Chapter 1: Data Publications 9

 RSA Archer GRC Platform Data Publications

Procedure
1. Select the data publication that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
c. Click Manage Data Publications.
2. In the Name column, click the data publication.
3. Complete the General Information section:
a. In the Name field, enter a name for the data publication.
b. From the Solution list, select the solution whose data is to be published to
the external database.
c. From the Status list, select whether your data publication is currently
Active or Inactive.
d. In the Description field, enter a description for the data publication.
4. Click Apply.

Next Steps
Define the Connection Parameters

Define the Connection Parameters

You can transfer record information from system applications to an external
database. To set up this process, you must configure the connection parameters that
instructs the Data Publication Manager on how to access the desired database.

Before You Begin

l Create a New Data Publication
l Manage the General Properties of a Data Publication

Procedure
1. Select the data publication that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
c. Click Manage Data Publications.
2. In the Name column, click the data publication.

10 Chapter 1: Data Publications

 RSA Archer GRC Platform Data Publications

3. Click the Connection tab.

4. From the Publication Target list, select the type of database where the
information is to be published.
5. In the Connection String field, enter the connection string to the database. To
use the value entered for the password, you can enter the password token by
entering the following syntax:
Server=[name];Database=[name];UID=[user ID];Pwd={Password}
The {Password} token will be replaced by the password entered in the
Password field when the connection string is submitted.

Important: For the data publication to execute successfully, the server

responsible for running the data publication must have the required network
access to the database.

6. In the Password field, enter the password that the system uses when accessing
the database.
The password to the target database can be entered in either the Password field
or the Connection String field as a token as shown in the previous step. When
using a token, the {Password} token in the connection string is replaced by the
password entered in this field when the connection string is submitted.
7. Click Apply.
8. To test the connection, click Test in the Test Connection field.

Next Steps
Define a Schedule for the Data Publication

Define a Schedule for the Data Publication

You can configure the start time, pattern, and frequency for data publications.

Before You Begin

l Create a New Data Publication
l Manage the General Properties of a Data Publication
l Define the Connection Parameters

Procedure
1. Select the data publication that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.

Chapter 1: Data Publications 11

 RSA Archer GRC Platform Data Publications

A menu of Integration pages is displayed.

c. Click Manage Data Publications.
2. In the Name column, click the data publication.
3. Select the Schedule tab.
4. From the Frequency list, select the frequency for the data publication from the
following options and complete setting up the schedule:
l Daily. Select the Start Time and the Start Date for the publication. In the
Every field, select how often the data publication should run. For example, if
you select 15, the data publication executes every 15 days.
l Weekly. Select the Start Time and the Start Date for the publication. In the
Every field, select how often the data publication should run. For example, if
you select 5, the data publication executes every 5 weeks. From the
Weekday list, specify on which day of the week you want the data
publication to execute.
l Monthly. Select the Start Time and the Start Date for the publication. In
the Every field, select how often the data publication should run. For
example, if you select 5, the data publication executes every 5 months. From
the Execute On list, select on which day of the month you want the data
publication to execute. From the Weekday list, select on which day of the
week you want the data publication to execute.
5. From the Time Zone list, select the current time zone for the data publication.
6. (Optional) To override the set data publication execution schedule and
immediately execute your data publication, click Run Data Publication Now.
7. To view the job details, click Run Detail.
The Run Detail dialog box opens. This dialog box has the Statistics and
Messages tabs. The Statistics tab shows the entity, rows processed, status, and
start date and time. The Messages tab shows the job activity, type, and date and
time of the activity. Close this dialog box when you are finished viewing the job
details.
8. Click Save to apply your configuration to the data publication.

View Data Publication History

You can view the detailed history of a data publication using the Execution History
icon in the Data Publications section of the Manage Data Publications page. This
icon is shown after the job is run initially. The Execution History icon includes a
tool tip that displays the text “Execution History.” After clicking this icon, the
Execution History dialog box opens where the date and time when the job started
and ended and the job status is shown for each job listed. You can also view the job
details by clicking the job link or the Run Detail icon in the Actions column for a
specific job.

12 Chapter 1: Data Publications

 RSA Archer GRC Platform Data Publications

Before You Begin

Define a Schedule for the Data Publication

Procedure
1. Navigate to the Manage Data Publications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
c. Click Manage Data Publications.
2. In the Actions column of the data publication that you want to view, click the
Execution History icon.
3. In the Status column, view the status to determine which job ran successfully or
failed.
4. In the Actions column of the job that you want to view, click the Run Details
icon.
The Run Detail dialog box opens. This dialog box has the Statistics and
Messages tabs. The Statistics tab shows the entity, rows processed, status, and
start date and time. The Messages tab shows the job activity, type, and date and
time of the activity.
5. When you are finished, close the Run Detail dialog box.
6. Close all other open dialog boxes and pages.

Clear Job History

You can clear all job history or the job history of one or more data publication jobs
from the Clear Job History dialog box. This dialog box opens from the Execution
History: [data publication] dialog box.

Procedure
1. Select the data publication that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
c. Click Manage Data Publications.
2. In the Name column, click the data publication.
3. In the Actions column, click the Execution History icon.
4. Click Clear Job History.

Chapter 1: Data Publications 13

 RSA Archer GRC Platform Data Publications

5. Select the checkbox next to the Started column for the jobs that you want to
delete the history of. To clear all history for all jobs, select Clear All History
and go to step 7.
6. Click OK.
7. Close the Clear Job History dialog box.

14 Chapter 1: Data Publications

RSA Archer GRC Platform 5.4
Discussion Forums
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Discussion Forums

Contents

Preface 5
About this Guide 5
Product Documentation 6
Support and Service 7
Chapter 1: About Discussion Forums 9
Discussion Forums Icon Legend 9
Discussion Forums Terminology 10
Display the Discussion Forums Feature 12
Chapter 2: Discussion Communities 15
Managing Discussion Communities 15
Create a Discussion Community 15
Assign Community Administrator and Forum Creators 16
Chapter 3: Discussion Forum Roles 19
Managing Discussion Forum Roles 19
Create a Discussion Forum Role 19
Update the General Properties of a Discussion Forum Role 20
Define Role Permissions for Discussion Forum Members 20
Chapter 4: Discussion Forums 23
Managing Discussion Forums 23
Configuring Discussion Forums 23
Create a Discussion Forum 24
Update the General Properties of a Discussion Forum 24
Enroll Discussion Forum Members 25
Configure Discussion Forum Options 26
Merge Topics within a Discussion Forum 28
Lock or Unlock a Discussion Forum 29
Archive a Discussion Forum 29
Chapter 5: Reports 31
Discussion Forum Reports 31

3
 RSA Archer GRC Platform Discussion Forums

Preface

About this Guide

The Discussion Forums feature enables administrators to create structured
environments where users can exchange information on various topics. These
environments, called forums, provide a platform for posting and replying to topics.
Administrators can group forums together into communities. For example, a
community named Microsoft Windows might contain forums for Microsoft
Windows Vista vulnerabilities and Microsoft Windows 7 vulnerabilities.
The Discussion Forums feature appears in both the administration suite and the end-
user suite of features. In the Discussion Forums feature in the administration suite,
administrators can establish discussion forum communities and assign forum
creators for each community. They also can define roles for forum participants,
which control the permissions end users have in discussion forums.
Application owners also can create record-specific discussion forums to allow
users to discuss information as it relates to a specific content record. The
Discussion field type is available for this purpose.
In the end-user Discussion Forums feature, forum creators can create new forums
in their assigned communities and can define the properties of those forums, select
forum members, and assign roles to those members. End users also can access
forums to which they belong through the end-user Discussion Forums feature,
enabling them to read, add, or respond to topics according to the rights assigned to
them through their forum roles.
The Discussion Forums feature provides several default roles for forum participants
and enables administrators to create additional roles. Forum creators, designated by
administrators of the Discussion Forums feature, can create new forums in their
assigned communities and can define the properties and the membership for those
forums. Default roles that forum creators can assign to forum members include
forum administrator, moderator, participant, and read-only participant.
For information on Discussion Forums icons and terminology, see the following
topics:
l Discussion Forums Icon Legend
l Discussion Forums Terminology

You can perform the following tasks:

l Create a Discussion Community
l Create a Discussion Forum
l Create a Discussion Forum Role

Preface 5
 RSA Archer GRC Platform Discussion Forums

l Assign Comminuty Adminsistrators and Forum Creators

l Configure Discussion Forum Options
l Define Role Permissions for Discussion Forum Members
l Enroll Discussion Forum Members
l Lock or Unlock a Discussion Forum
l Merge Topics within a Discussion Forum
l Update the General Properties of a Discussion Forum
l Update the General Properties of a Discussion Forum Role

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

6 Preface
 RSA Archer GRC Platform Discussion Forums

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform Discussion Forums

Chapter 1: About Discussion Forums

Discussion Forums Icon Legend

The Discussion Forums feature uses icons that are unique in this feature. The
following table describes each icon.

Icon Description

You have read all posts in this discussion community, forum, or

topic.

This discussion community, forum, or topic contains new posts

for you to read.

This discussion community, forum, or topic has recently

experienced a large number of postings and viewings. You have
read all posts in this community, forum, or topic.

This discussion community, forum, or topic recently

experienced a large number of postings and viewings. The
community, forum, or topic contains new posts for you to read.

This discussion forum or topic is locked, and you have read all
posts in it.

This discussion forum or topic is locked, and it contains new

posts.

Chapter 1: About Discussion Forums 9

 RSA Archer GRC Platform Discussion Forums

Discussion Forums Terminology

The following definitions of terms are specific to the Discussion Forums feature.

Term Definition

Archived Forum An archived forum is hidden entirely from forum

participants. No messages can be read or posted in the
forum. However, an archived forum can be made
available again to forum participants by a community or
forum administrator.

Community An organizational structure for grouping one or more

related discussion forums. A community itself is not a
forum and cannot receive posts.

Community A user who has been granted the rights to view, edit, and
Administrator delete all forums in a selected community, regardless of
whether the user has been enrolled as a member of those
forums. Discussion community administrators also can
add new forums in their assigned communities.

Content-Specific A discussion forum that is linked directly to a specific

Forum content record. It cannot be accessed through the
Discussion Forums application. Instead, users can access
it by clicking View Forum in the Discussion field in a
record.

Forum A discussion area focused on a specific subject or theme.

A forum is housed in a discussion community. The sole
purpose of the forum is to act as a container for
information exchange relative to one specific subject.
Each forum can contain many topics, and those topics
should all relate back to the central subject or theme
established by the forum.

Forum When a forum creator assigns a user as an administrator

Administrator of a selected forum, the administrator has rights to post
messages and to edit and delete posts made by any forum
participant. Forum administrators also can enroll
additional members or revoke the membership of any
user or group.

Forum Membership To access and contribute to a forum, a user must be

enrolled as a member of that forum. Each member is
assigned a specific role that governs the user's rights in
the forum.

10 Chapter 1: About Discussion Forums

 RSA Archer GRC Platform Discussion Forums

Term Definition

Forum Role Each member of a forum is assigned a specific role,

which is a named grouping of rights. A user's role
dictates what the user can and cannot do in a particular
discussion forum. For example, administrators might
create a role called "Reader," which is assigned to users
who need the ability to view all posts in a given forum,
but who will not be permitted to respond to those posts
or to contribute new topics for discussion.

Hot Topic A topic is considered "hot" if it has been replied to or

viewed several times in a short period of time. Hot topics
are displayed with a star icon so users can easily identify
them. Community and forum administrators define the
criteria for topics marked as "hot," and these criteria can
vary from forum to forum. For example, in one forum, a
hot topic may be defined as one that has received 10
posts in the last 3 days and has been viewed 20 times in
the last day. In another forum, a hot topic may be defined
simply as one that has received 5 posts in the last day.

Locked Forum Messages in a locked forum can be read by users, but no

new messages can be posted to the forum.

Locked Topic When a topic is locked, users are not permitted to reply
to it. The topic and its previous replies, however, remain
visible to users. Locked topics can be unlocked at any
time by users who have the proper rights.

Moderator When a forum creator assigns a user as a moderator of a

selected forum, that moderator has rights to post
messages and to edit and delete posts made by any forum
participant. They also can enroll additional members or
revoke the membership of any user or group, and they
can manage the forum's properties, including its
expiration plan, reply depth, display options, and so on.
In addition, moderators can merge topics in the forum.

Post This is a generalized term referring to any type of

message submitted to a forum. Topics and replies are
specific types of posts.

Chapter 1: About Discussion Forums 11

 RSA Archer GRC Platform Discussion Forums

Term Definition

Reply This is a post that is submitted in response to an existing

post. Replies provide the means for exchanging thoughts,
opinions, or supporting information relative to a given
topic.

Thread This term refers to a single topic and all of its related
replies. The topic-directed discussion that occurs in a
forum is thought of as "threaded" because you can trace
the path of information from the original topic down
through all of its reply postings.

Topic This is a top-level post that poses a question or otherwise

establishes the context for a thread of discussion. Topics
serve as containers for replies.

Traditional Forum This term refers to a standard discussion forum built

through the Discussion Forums feature.

Display the Discussion Forums Feature

To enable users to access the forums in which they have been granted access, you
must add the Discussion Forums feature to a solution. This displays the Discussion
Forums link in the Navigation Menu for that solution.

Note: These instructions do not apply to record-specific discussion forums. Users

are able to access these forums through the link on the associated record.

Procedure
1. Select the solution that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Solutions.
c. In the Solution name column, click the solution.
2. In the Applications section, click Add New.
3. On the Applications tab, click Discussion Forums.
4. Click OK.
Discussion Forums is displayed in the list of applications, and is displayed with
the other applications in the solution.
5. Click Save.

12 Chapter 1: About Discussion Forums

 RSA Archer GRC Platform Discussion Forums

Note: Users must have the rights to view the workspace where the solution displays
before they can access the Discussion Forums link.

Chapter 1: About Discussion Forums 13

 RSA Archer GRC Platform Discussion Forums

Chapter 2: Discussion Communities

Managing Discussion Communities

A discussion community is a named container that groups together discussion
forums with similar subjects or themes.
Discussion community administrators and discussion forum creators can add and
edit forums in their assigned communities. Users assigned as administrators for
individual forums in a community also can edit the properties of those forums,
although they cannot create new forums.
You can perform the following tasks to manage discussion communities:
l Create a Discussion Community
l Assign Community Administrator and Forum Creators

Create a Discussion Community

You can create and edit communities that display in the Discussion Forums feature
for end users. A discussion community is essentially a named container that groups
together discussion forums with similar subjects or themes.

Procedure
1. Navigate to the Manage Discussion Communities page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Discussion Forums.
c. Click Manage Discussion Communities.
2. Click Add New.
3. Do one of the following:
l To use the settings of an existing discussion forum community as a starting
point for your new community, select Copy an existing Discussion Forum
Community and select the existing community from the Discussion Forum
Communities list.
l To select new settings for a community, select Create a new Discussion
Forum Community from scratch.
4. Click OK.
The Manage Discussion Forum Community page is displayed.

Chapter 2: Discussion Communities 15

 RSA Archer GRC Platform Discussion Forums

5. Complete the General Information section:

a. In the Name field, enter a unique name for the community.
b. In the Description field, enter a description of the community.
This description is displayed for end users on the Discussion Community
Listing page.
6. Click Apply.

Next Steps
Assign Community Administrators and Forum Creators

Assign Community Administrator and Forum Creators

You can assign administration and forum creation rights to selected users and
groups for specific discussion communities. Both the community administrator and
discussion forum creator roles are built into the Discussion Forums feature. The
rights that make up these roles cannot be individually configured.
Discussion community administrators have full access to their assigned
communities. They can view and manage all forums in their communities,
regardless of their membership in those forums. Discussion forum creators can
create new forums in their assigned communities and can view, edit, and delete
those forums. However, they cannot edit or delete forums added by other discussion
forum creators.

Before You Begin

Create a Discussion Community

Procedure
1. Navigate to the Manage Discussion Communities page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Discussion Forums.
c. Click Manage Discussion Communities.
2. Click the community that you want to update.
The Manage Discussion Forum Community page is displayed for the selected
community.

3. In the Administration section, click in the Community Administrators

field, assign the community to one or more users or groups and click OK.
To search for a specific user or group, enter the appropriate name in the Find
field, select the name type from the adjacent drop-down list and click Search.
The results of your search is displayed in the Available list.

16 Chapter 2: Discussion Communities

 RSA Archer GRC Platform Discussion Forums

4. In the Forum Creators field, click , assign the community to one or more
users or groups and click OK.
5. To remove a user or group from the role, click to the right of the desired
name in the Selected list.
6. Click Save.

Chapter 2: Discussion Communities 17

 RSA Archer GRC Platform Discussion Forums

Chapter 3: Discussion Forum Roles

Managing Discussion Forum Roles

The discussion forum role governs user's access rights in the end-user Discussion
Forums feature.
You can perform the following tasks to manage discussion forum roles:
l Create a Discussion Forum Role
l Update the General Properties of a Discussion Forum Role
l Define Role Permissions for Discussion Forum Members

Create a Discussion Forum Role

You can create and edit roles for discussion forum users. The forum role governs
user's access rights in the end-user Discussion Forums feature.
Several system roles are also included on the Manage Discussion Forum Roles
page. These roles include Forum Administrator, Forum Moderator, Forum
Participant, and Forum Participant - Read Only. Keep in mind that you can view the
properties of a system role, but you cannot edit a system role.

Procedure
1. Click the Administration workspace.
2. In the Navigation Menu, click Discussion Forums.
3. Click Manage Discussion Forum Roles.
This page lists all existing discussion forum roles in the Platform. Several
system roles are included by default.
4. Click Add New.
The Add New Discussion Forum Role dialog box opens.
5. Do one of the following:
l To use the settings of an existing role as the starting point for the new role,
select Copy an existing Discussion Forum Role and select the existing role
from the Discussion Forum Roles list.
l To select new settings for the role, select Create a new Discussion Forum
Role from scratch.
6. Click OK.
The Manage Discussion Forum Role page is displayed for the new discussion
forum role.

Chapter 3: Discussion Forum Roles 19

 RSA Archer GRC Platform Discussion Forums

Next Steps
Update the General Properties of a Discussion Forum Role
Define Role Permissions for Discussion Forum Members

Update the General Properties of a Discussion Forum Role

You can update the name and description of the discussion forum role.

Before You Begin

Create a Discussion Forum Role

Procedure
1. Click the Administration workspace.
2. In the Navigation Menu, click Discussion Forums.
3. Click Manage Discussion Forum Roles.
This page lists all existing discussion forum roles in the Platform. Several
system roles are included by default.
4. Click the discussion forum role that you want to update.
5. Complete the General Information section:
a. In the Name field, enter a name for the role.
b. In the Description field, enter a description for the role.
6. Click Apply.

Next Steps
Define Role Permissions for Discussion Forum Members

Define Role Permissions for Discussion Forum Members

You can set the permissions for discussion forum roles. The forum role governs
user's access rights in the end-user Discussion Forums feature.

Before You Begin

l Create a Discussion Forum Role
l Update the General Properties of a Discussion Forum Role

Procedure
1. Click the Administration workspace.
2. In the Navigation Menu, click Discussion Forums.
3. Click Manage Discussion Forum Roles.

20 Chapter 3: Discussion Forum Roles

 RSA Archer GRC Platform Discussion Forums

This page lists all existing discussion forum roles in the Platform. Several
system roles are included by default.
4. Click the discussion forum role that you want to update.
5. In the Role Permissions section, select each access right that you want to
enable for the discussion forum role.

Access Right Description

Read Posts Users can read posts in the selected forum, but cannot post
messages of their own.

Post Replies Users can post replies to existing topics or existing

replies.

Post New Topics Users can post new topics in the forum.

Delete My Posts Users can delete any message they have posted in the
forum. If other users have replied to the deleted post, those
replies also are deleted.

Edit Posts Users can edit any post in the forum, whether created by
them or by another user.

Delete All Posts Users can delete any post in the forum, whether created by
them or by another user. If other users have replied to the
deleted post, those replies also are deleted.

Add Forum Users Users can add users and/or groups to the list of forum
members.

Remove Forum Users Users can remove users and/or groups from the list of
forum members.

Manage Forum Users can modify the forum's properties.

Properties

Merge Topics Users can merge topics to organize them in the forum.

6. Click Save.

Chapter 3: Discussion Forum Roles 21

 RSA Archer GRC Platform Discussion Forums

Chapter 4: Discussion Forums

Managing Discussion Forums

Discussion forums provide a secure collaboration environment where users can ask
questions and share information and ideas. A discussion forum can focus on any
topic. For example, you might create a forum called "Enterprise Portal" in which
users could share ideas about customizing workspaces to meet their specific needs.
Or you could create a forum for a specific security incident where a response team
could discuss appropriate processes and procedures.
Discussion community administrators and discussion forum creators can add and
edit forums in their assigned communities. Users assigned as administrators for
individual forums in a community also can edit the properties of those forums,
although they cannot create new forums.
You can perform the following tasks to manage discussion forums:
l Configuring Discussion Forums
l Create a Discussion Forum
l Update the General Properties of a Discussion Forum
l Enroll Discussion Forum Members
l Configure Discussion Forum Options
l Merge Topics within a Discussion Forum
l Lock or Unlock a Discussion Forum
l Archive a Discussion Forum

Configuring Discussion Forums

You create and configure Discussion Forums using the Manage Discussion Forums
page.
Complete the following tasks to create and manage Discussion Forums:
1. Create a Discussion Forum.
2. Update the General Properties of a Discussion Forum.
3. Enroll Discussion Forum Members.
4. Configure Discussion Forum Options.

Chapter 4: Discussion Forums 23

 RSA Archer GRC Platform Discussion Forums

Create a Discussion Forum

You can create a discussion forum by providing a subject for the forum and defining
its membership, including administrators, moderators, and participants. You also
can schedule an expiration date for the forum, limit the number of topics and replies
it can contain, enable anonymous posting in the forum, and merge forum topics,
among several other options.

Procedure
1. Navigate to the Manage Discussion Forums page:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion forum is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
2. Click the community that you want to manage.
The Forums page is displayed for that community.
3. Click Add New in the toolbar.
The Add New Discussion Forum Community dialog box opens.
4. Do one of the following:
l To use the settings of an existing forum as the starting point for the new
forum, select Copy an existing Discussion Forum and select the existing
forum from the Discussion Forums list.
l To select new settings for the forum, select Create a new Discussion
Forum from scratch.
5. Click OK.
The Manage Discussion Forum page is displayed for the new forum.

Next Steps
Update the General Properties of a Discussion Forum

Update the General Properties of a Discussion Forum

You can update the name and description for the discussion forum.

24 Chapter 4: Discussion Forums

 RSA Archer GRC Platform Discussion Forums

Before You Begin

Create a Discussion Forum

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. On the General tab, complete the General Information section:
a. In the Forum Name field, enter a name for the forum.
b. In the Description field, enter a description for the forum.
This description is displayed to the end user in the list of forums on the
Forums page.
3. Click Apply.

Next Steps
Enroll Discussion Forum Members

Enroll Discussion Forum Members

You can select and remove forum members and assign roles to the selected
members. In addition, you can import members from other discussion forums.

Before You Begin

Create a Discussion Forum

Chapter 4: Discussion Forums 25

 RSA Archer GRC Platform Discussion Forums

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. On the Membership tab, for each Forum Role to which you want to assign
members, click and from the Available list, select the users and groups you
want to assign to the role.
To remove a user or group from the Selected list, click to the right of the
name.
To search for a specific user or group, enter the appropriate name in the Find
field, select the name type from the adjacent drop-down list and click . The
results of your search is displayed in the Available list.
3. Click OK.
4. Click Apply.

Next Steps
Configure Discussion Forum Options

Configure Discussion Forum Options

You can configure administrative, display, and notification options for a discussion
forum.

26 Chapter 4: Discussion Forums

 RSA Archer GRC Platform Discussion Forums

Before You Begin

l Create a Discussion Forum
l Enroll Discussion Forum Members

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. On the Administration tab, select from the following administrative, display,
and notification options:
l Forum Expiration Plan. To set the forum to be archived or deleted on a
specific date, select Archive or Delete, and in the Forum Expiration Date
field, select a date on which the forum should be archived or deleted.
l Maximum Topic Count. Enter the maximum number of topics that can be
added to the forum. By default, 100 topics are permitted.
l Maximum Reply Count. Enter the maximum number of replies that can be
posted per topic. By default, 300 replies are permitted.
l Maximum Reply Level Count. When a discussion forum user posts a reply
to a topic, that reply is nested under the topic. If another user posts a reply to
the first user's reply, that second post is nested beneath the first post, creating
a 2-level reply depth. In this field, enter the maximum number of reply levels
allowed per topic. By default, 20 reply levels are permitted.
l Maximum Topic Age (Days). To set the maximum number of days a topic
can reside in the forum, enter the number of days in this field.

Chapter 4: Discussion Forums 27

 RSA Archer GRC Platform Discussion Forums

l Attachments. To allow forum participants to attach files when posting topics

and replies, select Allow Attachments. You also can define the maximum
allowable size for those file attachments by selecting a size from the
Maximum Attachment Size (MB) list. The default size is 1MB.
l Anonymous Posting. To allow users to optionally post anonymous messages
in the forum, select Allow. When this option is selected, forum participants
can select the Post as Anonymous User option when submitting a new post
in the forum.
l Moderator Emails. To configure the forum to trigger email notifications for
forum moderators each time a new post is submitted, select Notify when a
message is posted.
l Hot Topics Status Criteria. A topic is considered "hot" if it has been
replied to or viewed a specified number of times within a specified number
of days. Hot topics are marked for users with a star. To configure when
topics are flagged as "hot," enter the number of replies, views, and days in
the appropriate fields.
3. Click Save.

Merge Topics within a Discussion Forum

You can organize topics in a forum by defining certain topics as key topics and then
nesting other topics beneath those key topics.

Procedure
1. Click a workspace containing a solution that includes the Discussion Forums
feature.
2. In the Navigation Menu, click Discussion Forums to expand the menu.
3. From the Discussion Forums menu, select Communities.
4. Click the community that you want to manage.
The Forums page is displayed for that community.
5. In the Actions column, click for a topic that you want to merge.

6. In the Target Topic field, click .

7. In the Target Topic Lookup dialog box, select the topic that you want to serve as
a "parent" to the topics that you plan to merge together and click OK.
The topics that you select in the next step are nested beneath this topic.

8. In the Merge Topics field, click .

9. In the Merge Topics Lookup dialog box, select the topics that you want to group,
or merge, under the parent topic.

28 Chapter 4: Discussion Forums

 RSA Archer GRC Platform Discussion Forums

The merged topics are nested under the parent topic and display as replies to
that topic. Merged topics retain their original threading.
10. Click OK.

Lock or Unlock a Discussion Forum

You can lock a forum to prevent further posts. Users can continue to access and
view locked forums, but they cannot submit new topics or replies.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. On the General tab, select Locked to lock the forum. You can unlock a locked
forum by clearing this checkbox.
3. Click Save.

Archive a Discussion Forum

You can archive an existing forum and remove it from participant view. Once a
forum has been archived, only administrators can continue to access the forum and
its posts, as well as edit the forum's properties.

Chapter 4: Discussion Forums 29

 RSA Archer GRC Platform Discussion Forums

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. On the General tab, select Archived to archive the forum.
You can restore an archived forum to participant use by clearing the checkbox.
3. Click Save.

30 Chapter 4: Discussion Forums

 RSA Archer GRC Platform Discussion Forums

Chapter 5: Reports

Discussion Forum Reports

The following table describes the discussion forum reports available in the
Platform. You can access these reports by selecting View Discussion Forum
Reports from the Discussion Forums menu.

Report Description

Discussion Forums Provides a list of each discussion forum, including the name,
Summary the community it resides in, the number of topics in the
forum, the total number of posts in each forum, and the date
and time of the last post to the forum.

My Discussion Forums Provides a list of discussion forums for which you are a
member. It shows the name of each forum, the community it
resides in, the topics included in it, the number of posts in
each forum that you have or have not read, the total number
of posts in each forum, and the date and time of your last
visit to each forum.

Chapter 5: Reports 31
RSA Archer GRC Platform 5.4
Globalization
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Globalization

Contents

Preface 5
About this Guide 5
Product Documentation 5
Support and Service 6
Chapter 1: Understanding Languages, Locales, and Trans-
lations 7
Languages 7
Languages Supported in the RSA Archer GRC Platform 7
Locales 8
Locales Available in the RSA Archer GRC Platform 8
Translations 8
Navigation Translations for the RSA Archer GRC Platform 9
Solution Translations for the RSA Archer GRC Platform 9
Chapter 2: Managing Languages 11
Activate a Language 11
Deactivate a Language 11
Set the Default Language for an Instance 11
Delete a Language from an Instance 12
Display Language Licenses 12
Add a Language License to an Instance 12
Create a New Language 12
Chapter 3: Managing Locales 15
Set the Locale for Users and Groups 15
Assign Locales to a Language 15
Remove Locales from a Language 15
Chapter 4: Managing Translations 17
Activate a Translation 17
Deactivate a Translation 17
Move a Solution Translation Between Instances 17
Delete a Translation 18
Chapter 5: Translating Solution Components 19
Translating Applications 19
Translate an Application 19
Check the Status of an Application Translation 20
See Untranslated Fields in an Application 20
See Untranslated Values Lists in an Application 20
Set the Design Language for an Application 21
Translating Questionnaires 21
Translate a Questionnaire 22
Check the Status of a Questionnaire Translation 22
See Untranslated Fields in a Questionnaire 23
See Untranslated Values Lists in a Questionnaire 23

3
 RSA Archer GRC Platform Globalization

Set the Design Language for a Questionnaire 24

Translating Sub-Forms 24
Translate a Sub-Form 24
Check the Status of a Sub-Form Translation 25
See Untranslated Fields in a Sub-Form 25
See Untranslated Values Lists in a Sub-Form 26
Set the Design Language for a Sub-Form 26
Translating Global Values Lists 26
Translate a Global Values List 27
Check the Status of a Global Values List Translation 27
See Untranslated Values in a Global Values List 27
Set the Design Language for a Global Values List 28

4
 RSA Archer GRC Platform Globalization

Preface

About this Guide

Globalization features in the RSA Archer GRC Platform enable administrators and
users to adapt the interface and solutions to appear in languages and formats that
meet the needs of different geographical and cultural regions. The features allow
Platform navigation and content to meet localization and internationalization
requirements defined by organizations, companies, and governments.

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference
Guide
Provides IT managers and programmers with a list of
the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Preface 5
 RSA Archer GRC Platform Globalization

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

6 Preface
 RSA Archer GRC Platform Globalization

Chapter 1: Understanding Languages, Locales, and

Translations
l Languages
l Locales
l Translations

Languages
A language in the Platform, like a language in everyday life, refers to a natural
language that people read, write, and speak. Various language translations of
Platform navigation and solution content are available for licensing from RSA.
These translations allow users to see Platform content in their native languages.
A language must be licensed and activated in an instance to make its Platform
navigation translations available. At least one language license is included with the
original product license and is set during installation as the default Platform
language. You can purchase and add language licenses to provide different Platform
navigation translations to your users.
Administrators associate locales with a language to let users see content such as
dates and currency in formats used in their countries and cultures. A separate time
zone setting completes the localization of Platform navigation and content displays.
The Platform navigation is displayed to users in the language associated with their
locale. If the language associated with their locale is not active, the default
Platform language is displayed instead.
Administrators cannot delete a language that meets any of these criteria:
l The language is the default language for the instance.
l The language is defined as the design language for an Archer component.
l The language has associated locales that include users.
l The language is defined by users as their override language in user preferences.

Languages Supported in the RSA Archer GRC Platform

These languages are supported for use in navigation, solutions, and user entry of
content in the RSA Archer GRC Platform :
l Chinese
l English
l French
l German

Chapter 1: Understanding Languages, Locales, and 7

Translations
 RSA Archer GRC Platform Globalization

l Italian
l Japanese
l Portuguese
l Russian
l Spanish

Locales
A locale defines the display formats used for dates and currency and also affects
Platform functions such as calculations, time-based filtering, and reporting. A major
function of a locale is to let users see Platform content as they are accustomed to
seeing information in their native countries and cultures.
An administrator associates one or more locales with a language to let users see
Platform navigation and licensed solutions in their native languages. A locale can
be associated with only one language. Any number of locales can be associated
with the same language. A locale cannot be removed from a language if the locale
has associated users.
An administrator can set a default locale for individual users and user groups.
However, the locale assignment is associated only with individual users and not
with groups. The assignment of a user group to a locale assigns the locale to the
current set of users in the group. Future user additions to the group do not get the
locale assignment, and future user removals from the group do not remove the user
locale setting.
Users with update permissions for their accounts can set their locale to a non-
default locale.

Locales Available in the RSA Archer GRC Platform

Locales are defined by language and country. A complete list of supported locales
is available here in the Platform:
Administration > Globalization > Manage Locales

Translations
A translation refers to a natural-language translation of Platform navigation or
solution content. Translations of Platform navigation and core solution components
are available for licensing from RSA.
The language used to create an application, questionnaire, sub-form, or global
values list is called its design language. The design language is defined by default
in components produced by RSA, is set automatically when you select the target
language for a new translation, and can be changed manually when necessary to
specify the actual design language of a component.

8 Chapter 1: Understanding Languages, Locales, and Trans-

lations
 RSA Archer GRC Platform Globalization

An administrator or user with appropriate permissions can translate solution

components into a licensed or unlicensed language. A translation always begins
with the selection of a licensed language into which the components are translated,
or with the creation of a new language to use as a target language for the
translation.
An administrator can move a solution translation as a package from one instance to
another. For example, a solution translation created and tested in one instance can
be packaged and installed on a different instance for user access after testing is
completed. A valid license for the translation language must be installed on the
importing instance before the translation can be installed.
Global values lists are the only components that are not restricted by language
licenses. Translations of a global values list can be packaged and installed on a
different instance even if the different instance has no license for the translation
language.
If a packaged translation will be used to update the same components on a different
instance, the design language for the components in both the source and target
instances must be the same.

Navigation Translations for the RSA Archer GRC Platform

RSA produces localized translations of Platform navigation labels and contents in
these languages:
l Chinese
l English
l French
l German
l Italian
l Japanese
l Portuguese
l Russian
l Spanish

The initial product installation installs all Platform navigation translations and
activates at least one licensed language to enable navigation in that language. When
users need to see Platform navigation in more languages, your organization can
purchase additional language licenses to enable navigation translations in those
languages.

Solution Translations for the RSA Archer GRC Platform

RSA produces packages of localized solution translations in these languages for all
core solutions:

Chapter 1: Understanding Languages, Locales, and 9

Translations
 RSA Archer GRC Platform Globalization

l Chinese
l English
l French
l German
l Italian
l Japanese
l Portuguese
l Russian
l Spanish

English translations for labels and contents of core solutions are part of the default
Platform installation. The initial installation includes at least one licensed solution
language. When users need to see solutions in more languages, your organization
can purchase additional language licenses for the solutions it owns.
Localized core solutions in languages other than English are available as package
downloads from the RSA Archer Exchange at
https://community.emc.com/community/connect/grc_ecosystem/rsa_archer_
exchange.

10 Chapter 1: Understanding Languages, Locales, and Trans-

lations
 RSA Archer GRC Platform Globalization

Chapter 2: Managing Languages

l Activate a Language
l Deactivate a Language
l Set the Default Language for an Instance
l Delete a Language from an Instance
l Display Language Licenses
l Add a Language License to an Instance
l Create a New Language

Activate a Language
You can active licensed languages and custom languages that you create.

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language you want to activate.
3. In the Options section, set the status to Active.
4. Click Apply.

Deactivate a Language
Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language you want to deactivate.
3. In the Options section, set the status to Inactive.
4. Click Apply.

Set the Default Language for an Instance

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language to set as the default instance language.
3. In the Options section, select Make this the default language.
4. Click Apply.

Chapter 2: Managing Languages 11

 RSA Archer GRC Platform Globalization

Delete a Language from an Instance

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language to delete.

3. In the toolbar, click .

4. Click OK.

Display Language Licenses

Procedure
1. Click Administration > Application Builder > Manage Applications.
2. In the toolbar, click Licensing Information.
3. See these sections:
l Solution Languages -- Lists the languages licensed for solutions.
l Platform Languages -- Lists the languages licensed for Platform navigation.

Add a Language License to an Instance

Procedure
1. Contact your RSA sales representative to purchase a license for the language
you want to add. You will receive a new license key that includes the new
language license.
2. In the RSA Archer Control Panel, update the license key for the instance. See
Update the License Key in RSA Archer Control Panel Help.
3. In the instance, make the language available to administrators and users with
Activate a Language.

Create a New Language

You can create a new language as the target language for a new translation if the
language does not exist in the Platform.

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click Add New.

12 Chapter 2: Managing Languages

 RSA Archer GRC Platform Globalization

3. Enter a name and description for the new language.

4. Click Save.

Chapter 2: Managing Languages 13

 RSA Archer GRC Platform Globalization

Chapter 3: Managing Locales

l Set the Locale for Users and Groups
l Assign Locales to a Language
l Remove Locales from a Language

Set the Locale for Users and Groups

Locales are associated with users. A group assignment to a locale assigns the
locale to the current set of users in the group.

Procedure
1. Click Administration tab > Globalization > Manage Locales.
2. Click for the locale to which you want to assign users.
3. In the Options section, select the groups and users to assign to the locale.
4. Click Apply.

Assign Locales to a Language

A locale can be assigned to only one language. Any number of locales can be
assigned to the same language.

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language to which you want to assign locales.
3. In the Options section, select the locales to assign to the language.
4. Click Apply.

Remove Locales from a Language

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language from which you want to remove locales.
3. In the Options section, click alongside each locale you want to remove from
the language.
4. Click Apply.

Chapter 3: Managing Locales 15

 RSA Archer GRC Platform Globalization

Chapter 4: Managing Translations

l Activate a Translation
l Deactivate a Translation
l Move a Solution Translation Between Instances
l Delete a Translation

Activate a Translation
An administrator activates a translation by activating the licensed or custom
language that includes the translation. Users with a locale set to the language or
with the language set as their override language will see user interface components
in the translation for the active language instead of the design language.

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language that includes the translation that you want to activate.
3. In the Options section, set the status to Active.
4. Click Apply.

Deactivate a Translation
An administrator deactivates a translation by deactivating the language that includes
the translation. Users with a locale set to the language or with the language set as
their override language will see user interface components in the design language
instead of the deactivated language translation.

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language that includes the translation that you want to
deactivate.
3. In the Options section, set the status to Inactive.
4. Click Apply.

Move a Solution Translation Between Instances

You can package and move a solution translation from one instance to another.

Chapter 4: Managing Translations 17

 RSA Archer GRC Platform Globalization

For the steps to perform this task, see "Move a Solution Translation Between
Instances" in the RSA Archer GRC Platform Help Center.

Delete a Translation
Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language that includes the translation you want to delete.
3. Click the Applications, Questionnaires, Sub-Forms, or Global Values Lists
tab that includes the translation.
4. If the translation is in a level, in Translate Levels, click for the level that
includes the translation.

5. Click in the row for the application, questionnaire, sub-form, or global values
list that includes the translation.
6. Click OK.

18 Chapter 4: Managing Translations

 RSA Archer GRC Platform Globalization

Chapter 5: Translating Solution Components

You can translate solution components to let your users see field labels and other
interface components in their preferred natural language.
l Translating Applications
l Translating Questionnaires
l Translating Sub-Forms
l Translating Global Values Lists

Translating Applications
l Translate an Application
l Check the Status of an Application Translation
l See Untranslated Fields in an Application
l See Untranslated Values Lists in an Application
l Set the Design Language for an Application

Translate an Application

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Create a Language only if the language to which you want to translate the
application is not available in the list of languages.
3. Click Translate for the language to which you want to translate the
application.
4. In Translate Applications, click for the application you want to translate.
5. If the application has levels, in Translate Levels, click for the application
level to translate.
6. Translate fields in the application:
a. In Translate Fields, click the topmost to start translating attributes for
application fields.
b. Translate attributes for the first field.
c. Click Next to translate the next set of field attributes.
d. To pause or stop translating, click OK and then Apply.

Chapter 5: Translating Solution Components 19

 RSA Archer GRC Platform Globalization

7. Translate values lists in the application:

a. Click the Values Lists tab.
b. In Translate Values Lists, click for the values list to translate.
c. In Translate Values List Values, click the topmost to start translating
attributes of values list items.
d. Translate attributes for the first values list item.
e. Click Next to translate the next values list item.
f. To pause or stop translating, click OK and then Apply.
8. If you pause the translation, note the language, application, level, and
component you were translating so you know where to resume.

Check the Status of an Application Translation

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which the application is being translated.
3. In Translate Applications, hover over the icon before the name of the
application. A tooltip explains the amount of translation completed.

See Untranslated Fields in an Application

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which application fields are being translated.
3. In Translate Applications, click for the application being translated.
4. If the application has levels, in Translate Levels, click for the application
level being translated.
5. In Translate Fields, text boxes with no content in the Translate To column
indicate untranslated fields.
6. To see only the untranslated fields, filter the Translate To column using Equals
<blank>.

See Untranslated Values Lists in an Application

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which application values lists are being
translated.
3. In Translate Applications, click for the application being translated.

20 Chapter 5: Translating Solution Components

 RSA Archer GRC Platform Globalization

4. If the application has levels, in Translate Levels, click for the application
level being translated.
5. Click Values Lists.
6. In Translate Values Lists, hover over the icon before a values list name. A
tooltip explains if the values list is translated and the amount complete of the
translation.
7. To see the untranslated values in one of the values lists:
a. In Translate Values Lists, click for the values list.
b. In Translate Values List Values, text boxes with no content in the
Translate To column indicate untranslated values.
c. To see only the untranslated values, filter the Translate To column using
Equals <blank>.

Set the Design Language for an Application

The design language for a new application is set automatically to the default
language for the instance. If you create an application in a different language, set
the design language for the application to reflect the different language used for
field names and other user interface elements.

Procedure
1. Click Administration > Application Builder > Manage Applications.
2. Select an application.
3. In the General tab > Options section, select the design language in the
Language field.
4. Click Apply.

Translating Questionnaires
l Translate a Questionnaire
l Check the Status of a Questionnaire Translation
l See Untranslated Fields in a Questionnaire
l See Untranslated Values Lists in a Questionnaire
l Set the Design Language for a Questionnaire

Chapter 5: Translating Solution Components 21

 RSA Archer GRC Platform Globalization

Translate a Questionnaire

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Create a Language only if the language to which you want to translate the
questionnaire is not available in the list of languages.
3. Click Translate for the language to which you want to translate the
questionnaire.
4. Click Questionnaires.
5. In Translate Questionnaires, click for the questionnaire you want to
translate.
6. If the questionnaire has levels, in Translate Levels, click for the
questionnaire level to translate.
7. Translate fields in the questionnaire:
a. In Translate Fields, click the topmost to start translating attributes for
questionnaire fields.
b. Translate attributes for the first field.
c. Click Next to translate the next set of field attributes.
d. To pause or stop translating, click OK and then Apply.
8. Translate values lists in the questionnaire:
a. Click the Values Lists tab.
b. In Translate Values Lists, click the name of the values list to translate.
c. In Translate Values List Values, click the topmost to start translating
values list text.
d. Translate attributes for the first values list item.
e. Click Next to translate the next values list item.
f. To pause or stop translating, click OK and then Apply.
9. If you pause the translation, note the language, questionnaire, level, and
component you were translating so you know where to resume.

Check the Status of a Questionnaire Translation

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which the questionnaire is being translated.
3. Click Questionnaires.

22 Chapter 5: Translating Solution Components

 RSA Archer GRC Platform Globalization

4. In Translate Questionnaire, hover over the icon before the name of the
questionnaire. A tooltip explains the amount of translation completed.

See Untranslated Fields in a Questionnaire

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which questionnaire fields are being translated.
3. Click Questionnaire:
4. In Translate Questionnaire, click the name of the questionnaire being
translated.
5. If the questionnaire has levels, in Translate Levels, click for the level being
translated.
6. In Translate Fields, text boxes with no content in the Translate To column
indicate untranslated fields.
7. To see only the untranslated fields, filter the Translate To column using Equals
<blank>.

See Untranslated Values Lists in a Questionnaire

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which values lists for questionnaires are being
translated.
3. Click Questionnaires.
4. In Translate Questionnaires, click for the questionnaire being translated.
5. If the questionnaire has levels, in Translate Levels, click for the level being
translated.
6. Click Values Lists.
7. In Translate Values Lists, hover over the icon before the values list name. A
tooltip explains if the values list is translated and the amount complete of the
translation.
8. To see the untranslated values in one of the values lists:
a. In Translate Values Lists, click for the values list.
b. In Translate Values List Values, text boxes with no content in the
Translate To column indicate untranslated values.
c. To see only the untranslated values, filter the Translate To column using
Equals <blank>.

Chapter 5: Translating Solution Components 23

 RSA Archer GRC Platform Globalization

Set the Design Language for a Questionnaire

The design language for a new questionnaire is set automatically to the default
language for the instance. If you create a questionnaire in a different language, set
the design language for the questionnaire to reflect the different language used for
field names and other user interface elements.

Procedure
1. Click Administration > Application Builder > Manage Questionnaires.
2. Select a questionnaire.
3. In the General tab > Options section, select the design language in the
Language field.
4. Click Apply.

Translating Sub-Forms
l Translate a Sub-Form
l Check the Status of a Sub-Form Translation
l See Untranslated Fields in a Sub-Form
l See Untranslated Values Lists in a Sub-Form
l Set the Design Language for a Sub-Form

Translate a Sub-Form

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Create a Language only if the language to which you want to translate the sub-
form is not available in the list of languages.
3. Click Translate for the language to which you want to translate the sub-
form.
4. Click Sub-Forms.
5. In Translate Sub-Forms, click for the sub-form you want to translate.
6. If the sub-form includes levels, in Translate Levels, click for the sub-form
level to translate.
7. Translate fields in the sub-form:
a. In Translate Fields, click the topmost to start translating attributes for
sub-form fields.
b. Translate attributes for the first field.

24 Chapter 5: Translating Solution Components

 RSA Archer GRC Platform Globalization

c. Click Next to translate the next set of attributes.

d. To pause or stop translating, click OK and then Apply.
8. Translate values lists in the sub-form:
a. Click the Values Lists tab.
b. In Translate Values Lists, click the name of the values list to translate.
c. In Translate Values List Values, click the topmost to start translating
values list text.
d. Translate attributes for the first values list item.
e. Click Next to translate the next values list item.
f. To pause or stop translating, click OK and then Apply.
9. If you pause the translation, note the language, sub-form, level, and component
you were translating so you know where to resume.

Check the Status of a Sub-Form Translation

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which the sub-form is being translated.
3. Click Sub-Forms.
4. In Translate Sub-Form, hover over the icon before the name of the sub-form.
A tooltip explains the amount of translation completed.

See Untranslated Fields in a Sub-Form

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which questionnaire fields are being translated.
3. In Translate Questionnaire, click the name of the sub-form being translated.
4. If the sub-form has levels, in Translate Levels, click for the level being
translated.
5. In Translate Fields, text boxes with no content in the Translate To column
indicate untranslated fields.
6. To see only the untranslated fields, filter the Translate To column using Equals
<blank>.

Chapter 5: Translating Solution Components 25

 RSA Archer GRC Platform Globalization

See Untranslated Values Lists in a Sub-Form

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which values lists for sub-forms are being
translated.
3. Click Sub-Form.
4. In Translate Sub-Form, click for the sub-form being translated.
5. If the sub-form has levels, in Translate Levels, click for the level being
translated.
6. Click Values Lists.
7. In Translate Values Lists, hover over the icon before the name of the values
list. A tooltip explains if the values list is translated and the amount complete of
the translation.
8. To see the untranslated values in one of the values lists:
a. In Translate Values Lists, click for the values list.
b. In Translate Values List Values, text boxes with no content in the
Translate To column indicate untranslated values.
c. To see only the untranslated values, filter the Translate To column using
Equals <blank>.

Set the Design Language for a Sub-Form

The design language for a new sub-form is set automatically to the default language
for the instance. If you create a sub-form in a different language, set the design
language for the sub-form to reflect the different language used for field names and
other user interface elements.

Procedure
1. Click Administration > Application Builder > Manage Sub-Forms.
2. Select a sub-form.
3. In the General tab > Options section, select the design language in the
Language field.
4. Click Apply.

Translating Global Values Lists

l Translate a Global Values List
l Check the Status of a Global Values List Translation

26 Chapter 5: Translating Solution Components

 RSA Archer GRC Platform Globalization

l See Untranslated Values in a Global Values List

l Set the Design Language for a Global Values List

Translate a Global Values List

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Create a Language only if the language to which you want to translate the
global values list is not available in the list of languages.
3. Click Translate for the language to which you want to translate the global
values list.
4. Click Global Values Lists.
5. In Translate Global Values Lists, click for the global values list you want
to translate.
6. Translate values in the global values list:
a. In Translate Fields, click the topmost to start translating attributes for
global values list items.
b. Translate attributes for the first field.
c. Click Next to translate the next set of field attributes.
d. To pause or stop translating, click OK and then Apply.
7. If you pause the translation, note the language and global values list you were
translating so you know where to resume.

Check the Status of a Global Values List Translation

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which the global values list is being translated.
3. Click Global Values Lists.
4. In Translate Global Values List, hover over the icon before the name of the
global values list. A tooltip explains the amount of translation completed.

See Untranslated Values in a Global Values List

Procedure
1. Click Administration > Globalization > Manage Languages.
2. Click for the language into which global values list fields are being
translated.
3. Click Global Values Lists.

Chapter 5: Translating Solution Components 27

 RSA Archer GRC Platform Globalization

4. In Translate Global Values Lists, hover over the icon before a values list
name. A tooltip explains if the global values list is translated and the amount
complete of the translation.
5. To see the untranslated values in one of the global values lists:
a. In Translate Global Values Lists, click for the values list.
b. In Translate Values List Values, text boxes with no content in the
Translate To column indicate untranslated values.
c. To see only the untranslated values, filter the Translate To column using
Equals <blank>.

Set the Design Language for a Global Values List

The design language for a new global values list is set automatically to the default
language for the instance. If you create a global values list in a different language,
set the design language for the global values list to reflect the different language
used for field names and other user interface elements.

Procedure
1. Click Administration > Application Builder > Manage Global Values Lists.
2. Select a global values list.
3. In General Information, select the design language in the Language field.
4. Click Apply.

28 Chapter 5: Translating Solution Components

RSA Archer GRC Platform 5.4
Management Reporting
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Management Reporting

Contents

Preface 5
About this Guide 5
Product Documentation 5
Support and Service 6
Chapter 1: Master Report Listing 9
Managing the Master Report Listing 9
View Personal and Global Reports 9
Add a Report 10
Update a Report 10
Delete a Report 12
Print a List of Reports 12
Chapter 2: Global Print and Export Settings 13
Managing the Printing and Exporting of Records 13
Add a Template for Record Exports 13
Configure the Header and Footer of HTML and Print Templates 14
Delete a Template for Record Exports 14
Chapter 3: Mail Merge Templates 15
Managing Mail Merge Templates 15
Process for Adding a Mail Merge Template 15
Mail Merge Terminology 16
Alias and Merge Regions 16
Field Types 17
Alias Names 17
Alias Syntax 18
Syntax Formatting 18
Merge Regions Syntax 20
Designing Word Documents and Templates for Export Templates 20
Compatible Word Document File Types 20
Add a Mail Merge Template 21
Define the General Properties of a Mail Merge Template 21
Upload a Word Document or Template to the Export Template 22
Select the Options for a Mail Merge Template 23
Define Access Privileges for a Mail Merge Template 23
Delete a Mail Merge Template 24
Update the General Properties of a Mail Merge Template 24

3
 RSA Archer GRC Platform Management Reporting

Preface

About this Guide

The Management Reporting feature enables you to create and manage customized
reports in any application. Reports provide a means of saving search criteria in a
given application that can be reused. The Master Reports Listing page displays all
system, global, and personal reports. A personal report is accessible only by the
person who created it, while a global report can be made accessible to all users in
an application or to selected users and user groups.
You also can define templates for search results that are exported to external data
files. Using the Manage Global Print and Export Settings page, administrators can
upload Microsoft Word templates, which are used for data exports in Word format.
You also can use Microsoft Excel templates, which are used for Excel exports. In
addition, administrators can use the Rich Text Editor toolbar to create a custom
header and footer for HTML exports.
The Mail Merge functionality enables you to create custom reports in the form of
Word documents that contain mail merge fields displaying data from your
application. This particularly is useful for customers who conduct iterative vendor
assessments and SOX compliance reviews. To use this function, you need to create
a report template in Microsoft Word, create a Mail Merge template in the Platform,
and then upload the report template to the Archer Mail Merge template. Once you
have defined the settings for the Mail Merge template, users can select a specific
report template from a list of available templates defined for the application.

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Preface 5
 RSA Archer GRC Platform Management Reporting

Guide Description

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.

6 Preface
 RSA Archer GRC Platform Management Reporting

The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC

initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform Management Reporting

Chapter 1: Master Report Listing

Managing the Master Report Listing

The Master Report Listing page displays global and personal reports. Each page
lists up to 50 reports. Reports provide a means of saving search criteria in a given
application that can be reused. A personal report is accessible only by the person
who created it, while a global report can be made accessible to all users in an
application or to selected users and user groups.
Users can filter the reports displayed on the Master Report Listing page by name,
solution. application, or type. Because the page is directly linked to all advanced
search pages, users can also initiate searches from the Master Report Listing page
and save their search results as new personal reports. Users also can delete
personal reports on this page. In addition, users who have global report
administration rights can create, edit, and delete global reports from this page.
Users also can print a list of the reports that are displayed on the Master Report
Listing page. Results that are displayed on the printed report can be filtered by
solution or report type. Reports listed on the printout are grouped by application.
You can perform the following tasks to manage the Master Report Listing:
l View Personal and Global Reports
l Add a Report
l Update a Report
l Delete a Report
l Print a List of Reports

View Personal and Global Reports

Complete this task to view personal and global reports on the Master Report Listing
page. The page provides a central point for locating and executing all reports that
are available to you, including your personal reports and global reports for which
you have been granted access.

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.
2. Using the Grouping and Filter toolbars, filter and sort the list as needed to
locate the report that you want to view.
3. Click the report to execute that report and view it.

Chapter 1: Master Report Listing 9

 RSA Archer GRC Platform Management Reporting

Note: If the Navigation Menu properties of an application are configured to show

reports, you can execute a report from the Navigation Menu. Also, you can open the
Master Report Listing page by clicking Master Reports Listing under Management
Reporting in the Administration solution.

Add a Report
Complete this task to create new personal reports. If you have global report
administration rights for an application, you can also create global reports.

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.
2. Click Add New to open the Add New Report dialog box.
3. Select the application that you want to run the report against and click OK.
The Advanced Search page is displayed, enabling you to specify criteria for the
report.
4. Enter your search criteria on the Advanced Search page and click Search.
Your report is displayed.
5. Click Save.
The Save Report page is displayed for the new report. This page enables you to
specify the properties of the report.

Next Steps
Update a Report

Update a Report
Complete this task to edit your personal reports. If you have global report
administration rights for an application, you also can edit global reports.

Before You Begin

Add a Report

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.
2. Click the report that you want to modify.
3. Click Modify in the record toolbar.
The Advanced Search page is displayed.

10 Chapter 1: Master Report Listing

 RSA Archer GRC Platform Management Reporting

4. Enter updated search criteria on the Advanced Search page and click Search.
Your modified report is displayed.
5. Do one of the following:
l Click Save.
l Select Save as New Report from the list displayed to save a separate report
with your changes.
l Select Save Report Changes from the list displayed to save the changes to
the existing report.
6. Complete the Report Information section:
a. In the Name field, enter a name for the report.
b. In the Description field, describe the report.
This description is displayed on the Master Report Listing page.
7. In the Report Type section, select whether the report is a personal report or a
global report:
l Personal Report. Accessible only to the person who created it.
l Global Report. Accessible to all users in an application or to selected users
and user groups.
8. If you selected Global Report, access is granted to all users with access rights
to the current application by default. Assign access rights for the report
according to the following options:
l Current User. In the Available list, expand the Current User node and
select the user who you want to have access to the report.
l Groups. In the Available list, expand the Groups node and select the
groups whose members you want to have access to the report.
l Users. In the Available list, expand the Users node and select the users
who you want to have access to the report.
To revoke access rights for a user or group, click in the Selected list.
9. In the iView Caching section, define the caching behavior and duration for the
report. If caching is enabled, the refresh rate is disabled.
l Enabled iView Caching. Select to enable or unselect to disable iView
caching for the report. Caching requires configuration of a caching provider
before it can be enabled.
l Cache Duration. If you enable caching, set the amount of time to display
cached results instead of running a new search to update iView content. You
can set the duration to a minimum of 2 minutes up to a maximum of 30 days.
l Reset to default. Click to change iView caching settings to the global
defaults defined by the instance administrator.

Chapter 1: Master Report Listing 11

 RSA Archer GRC Platform Management Reporting

10. From the Refresh Rate list, select how often you want the report to refresh. If
a refresh rate is set, iView caching is disabled.
11. Click Apply.
12. If you changed the cache duration from one time range to another, open and
refresh the Report iView to complete the change.

Delete a Report
Complete this task to delete your personal reports. If you have global report
administration rights for an application, you also can delete global reports.

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.

2. Click in the row of the report that you want to delete.

3. Click OK.

Print a List of Reports

Complete this task to print a list of reports from the Master Report Listing page.

Procedure
1. Navigate to Management Reporting > Master Report Listing.
2. Click Print.
The list of reports is displayed on a new tab, grouped by application.
3. Click Print to print the list of reports.

Related Topics
Managing the Master Report Listing

12 Chapter 1: Master Report Listing

 RSA Archer GRC Platform Management Reporting

Chapter 2: Global Print and Export Settings

Managing the Printing and Exporting of Records

You can define templates for search results that are exported to external data files.
The Manage Global Print and Export Settings page enables you to upload Microsoft
Word templates, which are used for data exports in Word or PDF format. You also
can use Microsoft Excel templates, which are used for Excel exports. You can
create a custom header and footer for HTML exports.
You can perform the following tasks:
l Add a Template for Record Exports
l Delete a Template for Record Exports
l Configure the Header and Footer of HTML and Print Templates

Add a Template for Record Exports

Complete this task to define templates for search results that are exported to
external data files. The Manage Global Print and Export Settings page enables you
to upload Microsoft Word templates, which are used for data exports in Word or
PDF format, and Microsoft Excel templates, which are used for Excel exports.

Procedure
1. Navigate to the Manage Global Print and Export Settings page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Global Print and Export Settings.
2. To add a Word template:
a. In the Word Configuration section, click Add New.
b. In the File Upload dialog box, click Add New.
c. Browse to and select the file and click OK.
The file is displayed in the Word Configuration section.
d. To specify the template as the default, select the Default option.
3. To add an Excel template:
a. In the Excel Configuration section, click Add New.
b. In the File Upload dialog box, click Add New.

Chapter 2: Global Print and Export Settings 13

 RSA Archer GRC Platform Management Reporting

c. Browse to and select the file and click OK.

The file is displayed in the Excel Configuration section.
d. To specify the template as the default, select the Default option.
4. Click Apply.

Configure the Header and Footer of HTML and Print Templates

Complete this task to define templates for advanced search results that are exported
to external data files. Using the Manage Global Print and Export Settings page, you
can create a custom header and footer for HTML exports.

Procedure
1. Navigate to the Manage Global Print and Export Settings page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Global Print and Export Settings.
2. In the HTML Configuration section, enter the text in the Header and Footer
fields. Use the Rich Text Editor toolbar to format the text, if necessary.
3. Click Save.

Delete a Template for Record Exports

Complete this task to delete templates that are no longer needed on the Manage
Global Print and Export Settings page.

Procedure
1. Navigate to the Manage Global Print and Export Settings page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Global Print and Export Settings.

2. Click in the row of the template that you want to delete.

3. Click Save.

14 Chapter 2: Global Print and Export Settings

 RSA Archer GRC Platform Management Reporting

Chapter 3: Mail Merge Templates

Managing Mail Merge Templates

Mail Merge templates define how to insert records from the Platform into a
Microsoft Word document using the Mail Merge functionality.
You can export a record using Word documents containing Mail Merge fields that
display data from your application. This functionality is particularly useful if you
conduct iterative vendor assessments and SOX compliance reviews. The exported
file is formatted according to the layout of the Word document with the exception of
attachments. The attachment is inserted inline on a separate page. For example, if
the mail merge template is formatted as an 8-1/2" x 11" page and the attachment is
an 8-1/2" x 14" page, the attachment is inserted into the Word document as an 8-
1/2" x 14" page. All attachments must be a Word (.doc) document. All other file
types are not supported and are ignored in the exported file.
To use this function, you must create an export template in Microsoft Word, add a
Mail Merge template in the Platform, and then upload the document or template to
the Platform Mail Merge template.
After you have defined the settings for the Mail Merge template, users can select a
specific mail merge template from a list of available templates defined for the
application.

Process for Adding a Mail Merge Template

1. Identify the fields and associated aliases that you want to include in the export
template. For more information, see Alias and Merge Regions.
2. Create the document or template in Word using the Mail Merge functionality
that includes the aliases as fields. For more information, see Designing Word
Documents and Templates for Export Templates.
3. Add a Mail Merge Template.
4. Upload a Word Document or Template to the Export Template.
5. Specify the properties of the mail merge template:
l Define the General Properties of a Mail Merge Template .
l Select the options for a Mail Merge template.
l Define access privileges for the Mail Merge template.
Copyright © 2010 - 2013 EMC Corporation. All rights reserved.

Chapter 3: Mail Merge Templates 15

 RSA Archer GRC Platform Management Reporting

Mail Merge Terminology

The following table defines terms related to the Mail Merge feature.

Term Definition

Alias A unique name that identifies a Platform object or component,

such as fields, applications, solutions, workspaces, and iViews.
You assign aliases to fields when creating the report template in
Word.

Exported File The final output produced from a Export template with data
merged from a Platform application.

Export Template The Word document that is uploaded to the Mail Merge template.

Mail Merge A feature of Microsoft Word that the Platform leverages to create
the reports.

Mail Merge A Platform entity that contains the necessary settings, including
Template the Word document that serves as the report template to create the
report. Mail Merge templates are configured using the Manage
Mail Merge Templates function under Management Reporting.

Alias and Merge Regions

Most objects in the Platform, such as applications, levels, and fields, have aliases
associated with them.
When you create a export template for the Mail Merge Template functionality, use
these aliases to refer to the Platform entities.

16 Chapter 3: Mail Merge Templates

 RSA Archer GRC Platform Management Reporting

Field Types
You can use aliases to any of these field types in your report template:

l Attachment l Record Permission

l Cross-Reference l Record Status
l Date l Related Records
l External Link l Sub-form
l Image l Text
l IP Address l Tracking ID
l First Published l User/Group
l Last Updated l Values List
l Matrix l Voting
l Numeric

Note: ".Data" represents the field data of an attachment, which is how the data is
retrieved.

Once you understand the alias syntax, you can Design a Document to Use as a
Report Template.

Alias Names
Numerous operations in the Platform require references to objects—everything
from solutions, applications, and fields to individual values list values—to specify
the target for a particular activity. One example is mail merge, in which you must
create templates with unambiguous references to individual fields in an application.
Another example is the process of mapping external data to fields in the Data Feed
Manager. To provide a constant name that is also human readable, all Platform
objects, such as workspaces, applications, fields, and notification templates, support
an alias.
An alias is a short name for a unique object in the system that is human readable,
but also can be used in code or as a reference in configuration processes. All alias
names must contain only alphanumeric characters, beginning with a letter and
containing no spaces. The maximum length is 40 characters.
An alias name must be unique in the entity type. The following are additional points
of consideration:
l Field aliases must be unique in the level.
l Values List Value aliases must be unique in a Values List.
l Level, Data Driven Event, Report, and Workflow Stage aliases must be unique
in an application.

Chapter 3: Mail Merge Templates 17

 RSA Archer GRC Platform Management Reporting

You can edit the alias name for non-system provided entities. Alias name for
system-provided entities are read only.

Important: Applications cannot be named "ContentID". Applications with this name

are automatically changed to "Content_ID".

CAUTION: Alias name are used in configuration processes, system processes, and
web service API integrations. Modification of the alias name can cause these
functions to fail.

Alias Syntax
To reference a field that is in the primary level, insert the alias of that field into the
export template. The following list provides the syntax for the Date, External Link,
and IP Address fields:
l Date: «Drp_Dwn_DateTime», «Drp_Dwn_Date_Only», «Txt_Box_DateTime»,
or «Txt_Box_Date_Only»
l External Link: «List_ExternalLink»
l IP Address: «IPAddress» or «List:IPField»

For a complete list, see Syntax Formatting.

Other field types require a merge region.

Syntax Formatting
You can reveal the syntax codes by pressing [Alt]+[F9] keys.
The following table provides the syntax formatting for the various field types.

Control Type Field Type Syntax Formatting

List Cross-Reference <<List:Cross_A_to_B>>

Drop Down Date <<Drp_Dwn_DateTime>>

Text Box Date and Time <<Txt_Box_DateTime>>

Text Box Date/Time - Date <<Txt_Box_DateTime>>

List External Link <<List:External Link>>

List External Link URL <<List:External Link>>

List External Link Name <<List:External Link>>

18 Chapter 3: Mail Merge Templates

 RSA Archer GRC Platform Management Reporting

Control Type Field Type Syntax Formatting

First Published.Date <<First_Published>>

First Published.User Name <<First_Published>>

First Published.Display Name <<First_Published>>

IP Address <<IP Address>>

LastUpdated.Date <<Last_Published>>

LastUpdated.UserName <<Last_Published>>

LastUpdated.DisplayName <<Last_Published>>

Numbered Matrix.Row <<List:Values_Checkbox>>

Numbered Matrix.Column <<List:Values_Checkbox>>

Numeric <<Numeric>>

Numbered Rec Status <<List:RecStatusField>>

List Record Permissions <<List:RecPerm>>

Bulleted Sub-form <<List:A__SubForm>>

Numbered Sub-form <<List:A__SubForm>>

Text <<Text>>

Tracking Id <<TrackingID>>

List User/Group DisplayName <<List:UGField>>

Bulleted User/Group ID <<List:UGField>>

Numbered User/Group Type <<List:UGField>>

Drop Down Values List <<List:Values_List_Drp_Dwn>>

Voting <<Voting>>

Chapter 3: Mail Merge Templates 19

 RSA Archer GRC Platform Management Reporting

Merge Regions Syntax

Certain field types must be specified using a merge region, which enables the field
to dynamically grow portions of the document. To specify a merge region, insert
TableStart at the beginning of the region and TableEnd at the end of the region.
Mail merge regions can be nested inside of each other. Templates are associated to
a level and can reference fields from that level and up to six levels deep. To
reference a field in an adjacent level, use the Cross-Reference field as the Level
Reference.
For example, the following statement contains several aliases to fields in another
application. Opportunity is the cross-reference alias to related levels:
«TableStart:Opportunity» «Product_Name» «Product _Code» «Quantity» «Unit Price»
«Total_Price» «TableEnd.Opportunity»
The following are additional examples of merge region syntax for various field
types:
l Cross-Reference, Related Record, and Sub-Form fields:
«TableStart:FieldAlias»«RelatedFieldAlias» «TableEnd:FieldAlias»

l Values List fields:

«TableStart:FieldAlias»«ValuesList»«TableEnd:FieldAlias»
l External Links fields (with either a Name or URL):
«TableStart:FieldAlias»«Name»«URL»«TableEnd:FieldAlias»

Designing Word Documents and Templates for Export Templates

To use the Mail Merge Template functionality for exporting a record, you must
create a Microsoft Word document or template that serves as the export template.
This template defines which fields from the record are merged and the order in
which the fields are presented in the exported file.
After you create the Word document or template, you upload it to the Platform using
Manage Mail Merge Templates.

Compatible Word Document File Types

You can use any of the following document file types to create your export
template:
l .docx (Microsoft Word 2007 or 2010)
l .dotx (Microsoft Word 2007 or 2010)
l .doc (Microsoft Word 2000 or 2003)
l .dot (Microsoft Word 2000 or 2003)

20 Chapter 3: Mail Merge Templates

 RSA Archer GRC Platform Management Reporting

The mail merge template must be formatted with the proper formatting syntax. For
more information, see Syntax Formatting.

Add a Mail Merge Template

Complete this task to add a Mail Merge template, which is a Platform entity that
contains the necessary settings to export a record.

Procedure
1. Navigate to the Manage Mail Merge Templates page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.
2. Click Add New.
The Add Mail Merge Template window is displayed.
3. Do one of the following:
l To use an existing mail merge template as a starting point for your new
template, select Copy Existing and select the template that you want to copy
from the Mail Merge Templates list.
l To create a new mail merge template, select Create Original.
4. Click OK.

Next Steps
Define the General Properties of a Mail Merge Template

Define the General Properties of a Mail Merge Template

Complete this task to define the General Properties of a mail merge template.
These templates must contain fields from the selected application and can contain
fields from applications related to the selected application up to six levels deep.

Note: You can only upload Microsoft Word 2010 or 2007, or Word 2003 files
(.docx, .dotx, .doc, and .dot).

Before You Begin

Design a Document to Use as a Report Template
Add a Mail Merge Template

Chapter 3: Mail Merge Templates 21

 RSA Archer GRC Platform Management Reporting

Procedure
1. Open the General tab on the Mail Merge Template dialog box:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.
d. Click Add New.
2. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the template.
b. In the Description field, describe the template.
3. Click Apply.

Next Steps
Select the Options for a Mail Merge Template
Upload a Word Document or Template to the Export Template
Define Access Privileges for a Mail Merge Template

Upload a Word Document or Template to the Export Template

Complete this task to upload a Microsoft Word document or template to serve as an
export template. These templates must contain fields from the selected application
and can contain fields from applications related to the selected application up to six
levels deep.

Note: You can only upload Microsoft Word 2010 or 2007, or Word 2003 files
(.docx, .dotx, .doc, and .dot).

Before You Begin

Design a Document to Use as an Export Template

Procedure
1. Navigate to the Manage Mail Merge Templates page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.
2. In the Report Template section, click Add New.
The File Upload dialog box opens.

22 Chapter 3: Mail Merge Templates

 RSA Archer GRC Platform Management Reporting

Note: If an export template already is attached to the Mail Merge template, a

warning dialog box opens. To replace the existing template, click OK.

3. In the File Upload dialog box, click Add New, browse to and select the correct
file and click OK.
The file is displayed in the Files to Upload list.
4. Click OK.
5. Click Apply.

Next Steps
Define Access Privileges for a Mail Merge Template

Select the Options for a Mail Merge Template

Complete this task to determine the application and level, if applicable, for a Mail
Merge template. You also can activate or inactivate the template.

Before You Begin

Create a Mail Merge Template

Procedure
1. Select the Mail Merge template that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.
d. Click the Mail Merge template.
2. On the General tab, in the Options section, select the application for the
template from the Application list.
3. If the Level field is displayed, select the correct level from the Level list.
4. To prevent anyone from using this notification template, select Inactive in the
Status field. Otherwise, select Active.
5. Click Apply.

Next Steps
Define Access Privileges for a Mail Merge Template

Define Access Privileges for a Mail Merge Template

Complete this task to define which users and groups can access a mail merge
template.

Chapter 3: Mail Merge Templates 23

 RSA Archer GRC Platform Management Reporting

Before You Begin

Create a Mail Merge Template

Procedure
1. Select the Mail Merge template that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.
d. Click the Mail Merge template.
2. Click the Access tab.
3. Do one of the following:
l To enable any user to have access to the template, select the Public option.
l To restrict access to only designated users and groups, select the Private
option. In the Available section, select the users and groups that you want to
have access to the template. Verify that the correct users and groups are
displayed in the Selected box and click Apply.
4. Click Save.

Delete a Mail Merge Template

Complete this task to delete your personal mail merge templates. If you have global
report administration rights for an application, you also can delete global templates.

Procedure
1. Navigate to the Manage Mail Merge Templates page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.

2. Click in the row of the mail merge template that you want to delete.
A warning dialog box opens.
3. Click OK.

Update the General Properties of a Mail Merge Template

Complete this task to update the name and description for a Mail Merge template.
The Alias, ID, Type, Created By, and Last Updated fields are populated
automatically. For more information, see Alias Names.

24 Chapter 3: Mail Merge Templates

 RSA Archer GRC Platform Management Reporting

Procedure
1. Select the Mail Merge template that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Management Reporting.
c. Click Manage Mail Merge Templates.
d. Click the Mail Merge template.
2. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the template.
b. In the Description field, describe the template.
3. Click Apply.

Chapter 3: Mail Merge Templates 25

RSA Archer GRC Platform 5.4
Notifications
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Notifications

Contents

Preface 5
About this Guide 5
Product Documentation 7
Support and Service 7
Chapter 1: Letterheads 9
Notification Blueprint Overview 9
Layout Template Design 10
Letterhead 10
Body Layout 11
Content 12
Delivery Methods 12
Subscription Rules 14
Recipient Rules 15
Filter Criteria 15
Chapter 2: Global Notification Settings 17
Record-Based Notifications Overview 17
Subscription Notifications 19
On-Demand Notifications 20
XML Notifications 21
DDE Generate Notification Action 22
Workflow Notifications 23
Report-Based Notifications Overview 24
Scheduled Report Distributions 25
Notifications from Other Data Sources Overview 27
Training and Awareness 27
Discussion Forums 28
Chapter 3: Subscription Notifications 29
Managing Letterheads 29
Create a Letterhead 29
Update the General Properties of a Letterhead 30
Define the Layout of a Letterhead 30
Delete a Letterhead 31
Chapter 4: Scheduled Report Distributions 33
Configuring Notifications 33
Configuring Notifications for the Instance 33
Configuring Notifications in the Platform 34
Managing Global Notification Settings 37
Configure Default Notification Settings 37
Define Read Receipt Properties 38
Chapter 5: On Demand Notification Templates 41
Managing Subscription Notifications 41
Create a Subscription Notification 42

3
 RSA Archer GRC Platform Notifications

Update the General Properties of a Subscription Notification 42

Define the Layout of a Subscription Notification 43
Select the Content to Display in a Subscription Notification 44
Define the Email Properties of a Subscription Notification 45
Configure the Delivery Schedule for a Subscription Notification 46
Select the Options for a Subscription Notification 47
Select the Recipients of a Subscription Notification 47
Establish Filter Criteria for a Subscription Notification 48
Delete a Subscription Notification 49
Chapter 6: XML Notifications 51
Managing Scheduled Report Distributions 51
Create a Scheduled Report Distribution 51
Update the General Properties of a Scheduled Report Distribution 52
Define the Layout of a Scheduled Report Distribution 53
Select the Content to Display in a Scheduled Report Distribution 54
Define the Email Properties of a Scheduled Report Distribution 55
Configure the Delivery Schedule of a Scheduled Report Distribution 56
Select the Recipients of a Scheduled Report Distribution 57
Delete a Scheduled Report Distribution 57
Chapter 7: Reports 59
Managing On Demand Notification Templates 59
Create an On Demand Notification Template 59
Update the General Properties of an On Demand Notification Template 60
Define the Layout of an On Demand Notification Template 61
Select the Content to Display in an On Demand Notification Template 62
Select the Recipients of an On Demand Notification 63
Determine the Access Rights for an On Demand Notification Template 64
Delete an On Demand Notification Template 65
Chapter 8: XML Notifications 67
Managing XML Notifications 67
Create an XML Notification 67
Update the General Properties of an XML Notification 68
Select the Content to Display in an XML Notification 69
Define the Email Properties of an XML Notification 70
Configure the Delivery Schedule of an XML Notification 70
Select the Recipients of an XML Notification 71
Establish Filter Criteria of an XML Notification 72
Delete an XML Notification 72
Chapter 9: Reports 75
Notification Reports 75
Chapter 10: Troubleshooting 77
Determine Point of Failure 77
Filter Criteria for Reminder Notifications 78
Notification Reports 80

4
 RSA Archer GRC Platform Notifications

Preface

About this Guide

The Notifications feature is a communication tool in the Platform that provides
time-saving functionality to reuse settings across multiple notification blueprints.
The notification blueprint specifies the properties and settings used to generate and
to send notifications based on a notification type.
Notifications enable administrators to configure notification blueprints and publish
notifications to specified recipients for any module. Recipients can be Platform
users or anyone with a valid email address. Notifications are sent to the specified
recipients when a defined trigger occurs in a module. A trigger is any change
detected in the Platform that initiates the publishing of a notification. When a
specified trigger occurs, notifications are queued after a save or based on a specific
schedule.
Notifications can be record-based, report-based, or from other data sources, such as
Training and Awareness Campaigns and Discussion Forums.
l Record-based notifications contain dynamic and static content of specified fields
from a record.
l Report-based notifications contain attached reports or links to reports.
l Other data source notifications are generated from Training & Awareness
campaigns: presentation, acceptance, and quizzes. Notifications from Discussion
Forums are sent to subscribers.

Administrators begin by creating the notification blueprint for a module to which

they have ownership rights. The notification blueprint specifies the properties and
settings for the notifications. The notification blueprint is used to publish and send
notifications to specified recipients when a defined trigger occurs in a module. A
trigger is any change detected in the Platform that initiates the publishing of a
notification. For more information, see Notification Blueprint Overview.
A trigger can be any of the following:

l Saving a record l Daily record search based on filter criteria

l Periodic reports l Training and Awareness events and reminders
l DDE rules l Discussion Forum postings
l Workflow stage changes

Preface 5
 RSA Archer GRC Platform Notifications

The Platform provides the following notification types and blueprints.

Notification
Description
Type

Record- Contains dynamic and static content of specified fields from a record.
Based The following notifications are record based:
l Subscription
l On-Demand
l XML
l DDE Generate Notification Action
l Workflow

Report- Contains attached reports or links to reports. Contents are based on the
Based permissions of the user who creates the report. Report-based notifications
are sent on a required schedule. The report-based notification is called
Scheduled Report Distributions.

Other Data Contains data from other data sources. These notifications are generated
Source from Training & Awareness campaigns: presentation, acceptance, and
quizzes. Notifications from Discussion Forums are sent to subscribers.

The Notifications feature also provides several time-saving features that enable
administrators to reuse settings across multiple notifications. Letterhead templates
define header, footer, body, and page properties that can be used by multiple
notifications. Global Notification Settings are general properties that define default
values for all notifications, as well as read-receipt functionality.
Users select the notifications that they want to receive from the User Preferences
menu. Users can receive notification emails using any email-based device. If filter
edit rights are enabled for a notification template, end users can filter the
information that they receive by selecting specific field values, such as
technologies, versions, or categories. For example, a user may choose to receive
vulnerability alerts only for HP-UX version 11i.

6 Preface
 RSA Archer GRC Platform Notifications

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

Preface 7
 RSA Archer GRC Platform Notifications

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

8 Preface
 RSA Archer GRC Platform Notifications

Chapter 1: Letterheads

Notification Blueprint Overview

Notification blueprints are containers used to generate and send notifications to
specified recipients when a defined trigger occurs in a module, for example, a
record is added or updated. Notification blueprints specify the properties and
settings for the notifications. For each notification type, different notification
blueprints are used to generate a variety of notifications.
The following table describes the notification blueprints that are available for each
notification type.

Notification Type Notification Blueprint

Record-based Subscription Notification Blueprint

On-Demand Notification Blueprint
XML Notification Blueprint
DDE Generate Notification Action
Workflow Notification Blueprint

Report-based Scheduled Report Distributions

Other Data Sources Training and Awareness

Discussion Forum

The name of the notification blueprint must be unique for each instance. The From
Address and at least one recipient are required for each notification blueprint.
The elements of a notification blueprint include the following:

l Name l Recipients
l Layout l Scheduling (frequency and delivery schedule)
l Letterhead l Subscription
l Email template (Subject line and l Record filtering
Body)

9 Chapter 1: Letterheads
 RSA Archer GRC Platform Notifications

The following figure shows the key elements of a notification blueprint.

Layout Template Design

The layout template design enables administrators to configure the format and
content of notifications. Predefined letterhead templates and body layouts are used
to specify the layout of the notifications recipients can receive.

Letterhead
Letterhead templates define the page, header, body, and footer properties used in a
notification. A letterhead is not a required element of a notification blueprint, and
does not apply to notifications sent in XML format. A default letterhead is specified
in Global Notification Settings, but the selection can be overridden in the individual
notification blueprint.
The following table describes the properties of the letterheads.

Property Description

Name Specifies the name of the letterhead. The name of each letterhead must
be unique across the instance.

Status Enables the letterhead to be used in notifications. To prevent the

letterhead from being used, select Inactive.

Description Specifies information about the letterhead.

Chapter 1: Letterheads 10
 RSA Archer GRC Platform Notifications

Property Description

Page Specifies the entire page background color and border settings,
including the line height.

Header Specifies the header background color and border settings, including
the line height.

Body Specifies the body background color and border settings, including the
line height.

Footer Specifies the footer background color and border settings, including
the line height.

Body Layout
The body layout defines the format of the layout in the notification body, including
how the content is arranged. There are two types of body layout structured and free
form. The structured format presents content in a two-column table. The left column
contains the field name, and the right column contains the field value. The free-
form body layouts allow the content to be arranged anywhere in the body of the
notification.
The following table describes the available body layouts.

Body Layout Description

Free Form Arranges the content anywhere in the body of the

notification.

Formal Letter Arranges the content within three rows.

Dashboard Arranges the content in a header row with four cells

underneath.

Two Column 50-50 Arranges the content in two equally spaced columns.

Two Column 30-70 Arranges the content in two columns. The right column is 30
percent of the body and the left column is 70 percent.

Catalog Arranges the content in a table in which the right column is

narrower than the left column.

Table Arranges the field names on the left column and the field
values on the right column. Table is a structured body layout,
and the arrangement of the content cannot be changed.

11 Chapter 1: Letterheads
 RSA Archer GRC Platform Notifications

Content
The content of a notification includes user-defined static content and dynamic
content placeholders in the Subject line and Body. Static content is text that remains
the same for every notification, while dynamic content changes based on data from
specified fields.
The following content placeholders are available.

Type Description

Field Dynamic content placeholder for data from the fields of the records used for
publishing the notification.

Report Dynamic content placeholder for links to global and personal reports that
are available from a module.

Link Dynamic content placeholder for links to user pages, administrative pages,
and records.

Subject
The Subject line for all notification types can be configured using static and
dynamic text and data from fields. A Cross-Reference field is displayed as a Key
Field reference.
The following field types cannot be used to create dynamic content in the Subject
line:

l Attachment l Sub-Form
l Cross-Application Status Tracking l Questionnaire Reference
l Image l Access History
l Record Permissions l History Log
l Risk Assessment

Body
The Body is composed of user-defined static content and dynamic content
placeholders. The dynamic content placeholders can be used for fields, reports, and
links. Static content is manually entered text that remains the same for every
notification, while dynamic content changes based on data from fields.

Delivery Methods
Notifications are delivered based on the delivery methods that are configured in the
notification blueprint.

Chapter 1: Letterheads 12
 RSA Archer GRC Platform Notifications

The following figure shows the available delivery methods.

Note: Notifications are only sent when a record is saved. For Instantly and Digest
delivery methods, notifications are not sent when Save or Apply updates a
calculated field when there are no other changes to the record.

13 Chapter 1: Letterheads
 RSA Archer GRC Platform Notifications

The following delivery types can be used in the notification blueprints.

Type Description

Instantly Notifications are published as soon as possible when a trigger occurs for
record-based notifications. An example of a trigger is saving a record.

Digest Notifications are aggregated and published in a digest. The data used for
publishing the notification are captured each time a record is added or
updated. Notification publishing uses the most recent version of a record
that passed the filter criteria of the notification blueprint. If the
notification blueprint filters are modified within a specified period, the
already captured record is still used for notification publishing at the end
of the period.
The frequencies include the following:
l Daily. Notifications are published once per day based on the
notification blueprint.
l Weekly. Notifications are published once per week based on the
notification blueprint.
l Monthly. Notifications are published once per month based on the
notification blueprint.
l Quarterly. Notifications are published once per quarter based on the
notification blueprint.

Reminder Notifications are published once per day, and typically use date filters
that compare a date-based field in each record to the date that the
notification is being run. The record collection is search-based, and does
not require a save to occur for the notifications to be published. All
records for a module can potentially be returned for a record-based
notification.

Subscription Rules
Notification subscriptions enable recipients to receive notifications when records
are added or updated in specified modules. Administrators specify the default
settings for notifications in the notification blueprints. Platform users can subscribe
or unsubscribe to notifications from the User Preferences menu > Manage Your
Email Subscriptions.
All recipients are automatically subscribed to receive notifications. If the
administrator does not want recipients to unsubscribe to a notification, use DDE
Generated Notification action. Recipients can subscribe and unsubscribe from most
notifications, but cannot unsubscribe from a DDE Generate Notification action.

Chapter 1: Letterheads 14
 RSA Archer GRC Platform Notifications

Recipient Rules
Recipients can be a listing of users, groups, or manually entered email addresses.
Recipients who are non-Platform users receive all content regardless of
permissions.
The following table describes the types of recipients.

Type Description

Users A specific Platform user receives the notification. The primary email address
for the user listed in the user account is used to send the notification.
If the user is subscribed to a notification and selects a different address in the
Manage Your Email Subscription page from the Preferences menu, the
specified email address is used.

Groups A specific group receives the notification. Each user in the group is treated
individually at the time the notification is sent. The user email address
follows the same rules defined for the Users type.

Fields The fields that contain email addresses at the time of publication receive the
notification. The following types of fields can contain email addresses:
l Record Permissions. Recipients are specified at the record level.
l Text. Recipients are specified as users in the field.
l User/Groups List. Recipients are specified in a list of users and groups in
the Platform.
l Values List. Recipients are specified in a list of predetermined values
l Workflow. Recipients are specified in the Workflow Stage Properties.

User/Group Lists are not record-based. All other field types are record-based
Text fields. Values Lists do not use record permissions.

Static The email address that is entered manually in the notification blueprint that
receives the notification.

Filter Criteria
Filters are based on fields, operators, and values. Filters criteria determines the
records that are published in a notification. Only records that meet the specified
filter criteria are included in the notifications.
For notifications generated from the DDE Generate Notification action, DDE rules
determine the records that are included.

15 Chapter 1: Letterheads
 RSA Archer GRC Platform Notifications

The following example shows the criteria for filtering by a date.

Field To Evaluate Operator Value(s)

Date Equals 1/10/2013

Chapter 1: Letterheads 16
 RSA Archer GRC Platform Notifications

Chapter 2: Global Notification Settings

Record-Based Notifications Overview

Record-based notifications contain dynamic and static content of specified fields
from a record as defined in the notification blueprints.
The following notification blueprints are used to generate record-based
notifications:

l Subscription Notification l DDE Generated Notification Action

l On-Demand Notification l Workflow Notification
l XML Notification

17 Chapter 2: Global Notification Settings

 RSA Archer GRC Platform Notifications

The following figure shows the elements of record-based notifications.

Chapter 2: Global Notification Settings 18

 RSA Archer GRC Platform Notifications

The following table describes the available record-based notifications.

Notification Description

Subscription Notification Enables Platform users to receive notifications

on a set schedule or instantly when records are
added or updated in a module.

On-Demand Notification Enables Platform users to send notification from

a pre-defined list of format that can be generated
dynamically. Content from records can be
inserted directly into a predefined form.

XML Notification Enables the transmission of information from the

Platform to an external system or integration in
XML format.

DDE Generate Notification Action Enables recipients to receive notifications when

defined rule conditions are met.

Workflow Notification Enables recipients to receive notifications based

on a defined workflow process.

Subscription Notifications
Subscription notifications enable recipients to receive notifications on a set
schedule or instantly when records are added or updated in a module.
Administrators can create notification blueprints for any module for which they are
assigned ownership rights. The Subscription Notification blueprint specifies the
properties used to generate a subscription notification.
Platform users can subscribe or unsubscribe to notifications from the User
Preferences menu > Manage Your Email Subscriptions.
Notifications generated from the DDE Generate Notification action are filtered by
DDE rules. If the administrator does not want recipients to unsubscribe to a
notification, use DDE Generated Notification action.

19 Chapter 2: Global Notification Settings

 RSA Archer GRC Platform Notifications

The following elements are specific to Subscription notifications.

Subscription Recipients can subscribe or unsubscribe to notifications.

Administrators specify one of the following subscription options in the
notification blueprint:
l None. Platform users and specified recipients are not subscribed by
default. Platform users can subscribe or unsubscribe to the
notification at any time.
l New Users. New users will receive notifications by default, but
they can cancel the subscription at any time.
l All Users. New and existing users will receive notifications by
default, but they can cancel the subscription at any time.

Example

Scenario A team needs to be alerted each time an urgent issue is added or updated
in a custom module.

Action A user with administrative rights to the custom module creates a

subscription notification blueprint, specifying that a notification is sent to
all members of the team each time a new issue is reported. The filter
criteria are defined so that notifications are sent only when the value
"Urgent" is selected in the Priority field, thereby limiting the number of
notifications that are triggered by the blueprint.

Result A user adds a new issue in the module and selects "Urgent" in the
Priority field and clicks Save. A notification is sent to everyone on the
team.

On-Demand Notifications
On-Demand notifications are pre-configured notifications that Platform users can
send to anyone with an active email address. Administrators configure the
properties of a notification in an On-Demand notification blueprint.

When Platform users click in the page toolbar on a record, they can make a
selection from a list of available On-Demand notification blueprints.

Chapter 2: Global Notification Settings 20

 RSA Archer GRC Platform Notifications

The following elements are specific to On-Demand notifications.

Recipient By default, the email address of recipients is entered manually. They

also have the option to specify with which addressee type the
recipient can be associated, for example, as CC, BCC, and To.

Delivery On-Demand notifications can only be sent instantly.

Subscription Recipients of On-Demand notifications cannot subscribe or

unsubscribe to the notifications.

Access The access right for an On-Demand notification is specified in the On-
Demand notification blueprint. The following options are available:
l Public. All module users will automatically be granted unrestricted
access to use the notification blueprint.
l Private. Only specified users and groups can access the notification
blueprint.

Example

Scenario Members of the executive team would like to receive the status of
remediation plans periodically. Some of the members have access to the
RSA Archer GRC Suite, but some members do not.

Action A Platform user with administrative rights creates an On-Demand

notification blueprint called Remediation Plans. Specific values from a
record in a specified location are placed within the Subject line and Body
of the template, including the name and status of each remediation plan.
The email addresses of every member of the executive team are added as
recipients. Email addresses for non-Platform users are entered manually in
the Static field.

Result A user adds new information to a remediation plan that affects other plans.

The user clicks and selects Remediation Plans from a list of

blueprints. An email alert is sent to every member of the executive team
with the status of the remediation plans.

XML Notifications
XML notifications are used to transmit information from the Platform to an external
system or integration in XML format. Administrators configure the properties of an
XML notification in an XML notification blueprint.

21 Chapter 2: Global Notification Settings

 RSA Archer GRC Platform Notifications

The following elements are specific to XML notifications.

Element Description

Layout Does not apply to XML notifications.

Content Only fields are included within the Subject line and Body of the
notifications.

Recipient The email addresses of the recipients are entered manually. Multiple
email addresses are separated by a semicolon. The email addresses
specified as recipients receive all notifications generated by the
notification blueprint.

Subscription Recipients cannot subscribe or unsubscribe to the notifications. The

subscription behavior is defined in the notification blueprint.

Example

Scenario The Devices Vulnerability system of the IT team needs to be

automatically notified when a new vulnerability is added to correctly
update user interface displays.

Action A Platform user with administrative rights creates an XML notification

blueprint. Specific fields are selected to be in the Subject line and Body of
the template. The delivery frequency is Instantly, and the recipient is the
email address of the Devices Vulnerability system. The filter criteria is
"Vulnerability" in the Text field.

Result Every time a new vulnerability is imported into the Platform, a

notification is sent to the Devices Vulnerability system in an XML format.

DDE Generate Notification Action

Notifications can be generated through the DDE Generate Notification action. The
Generate Notification action enables administrators to configure a notification.
When a record is added or updated that meets defined rule conditions, a Generate
Notification action is triggered.
The following rules apply to the DDE Generate Notification action.

Recipient Platform users, groups, or recipients specified in a field or Record

Permission fields. Recipients are not specified in the notification
blueprint of the DDE Notification action.

Filter Criteria Fields, operators, and values set by DDE rules.

Subscription Recipients cannot subscribe or unsubscribe from DDE Generate

Notification action.

Chapter 2: Global Notification Settings 22

 RSA Archer GRC Platform Notifications

For more information, see the Help Center topics under Administrator Help >
Application Builder > Managing Applications > Managing Data Driven Events >
Managing Actions.

Example

Scenario A team needs to be alerted each time an urgent issue is added or updated
in a custom module.

Action A user with administrative rights to the custom module creates a Generate
Notification action, specifying that a notification is sent to all members of
the team each time a new issue is reported. The filter criteria in the DDE
rule are defined so that notifications are sent only when the value
"Urgent" is selected in the Priority field, thereby limiting the number of
notifications that are triggered by the notification blueprint.

Result A user adds a new issue in the module and selects "Urgent" in the Priority
field and then clicks Save. A notification is sent to everyone on the team.

Workflow Notifications
Workflow Notification blueprints enable administrators to configure the workflow
process to automatically send notifications to users and groups that are assigned to a
workflow task. A Workflow Notification blueprint is defined and enabled for each
stage of the workflow in the Workflow tab > Stage Properties of a module. The
notifications are sent when a record:
l Is enrolled or moved to a new stage (except the End stage)
l Is manually reassigned by the Application Owner

The following rules apply to the Workflow notifications.

Recipient Any users or groups determined by the Assignment Model for a stage.

Delivery Configured for entrance to any stage in the workflow process, and sent
at the end of that stage.

Subscription Recipients cannot subscribe or unsubscribe to the notifications. The

subscription behavior is defined in the workflow process.

For more information, see the Help Center topics under Administrator Help >
Application Builder > Managing Applications > Managing Workflow > Managing
Workflow Notifications.

23 Chapter 2: Global Notification Settings

 RSA Archer GRC Platform Notifications

Example

Scenario A custom module has a workflow configuration with three stages: Stage 1,

Stage 2, and Stage 3. A Workflow Assignee needs to be alerted each time
a record enters Stage 2 of the workflow.

Action A user with administrative rights creates a custom module with three
Stages and enables Workflow. A Workflow Notification blueprint was
created and enabled for Stage 2.

Result A user promotes a record from Stage 1 to Stage 2. A notification is sent to

the Workflow Assignee as determined by the assignment model for that
stage.
The task is promoted to Stage 3, but the Workflow Assignee for Stage 3
rejects the task and it is sent back to Stage 2. A notification is sent to the
Workflow Assignee for Stage 2.

Report-Based Notifications Overview

Report-based notifications contain attached reports, links to reports, and static text.
Administrators configure the Scheduled Report Distribution blueprint to generate
report-based notifications. At a set schedule, notifications with attached reports and
links to reports can be sent to Platform and non-Platform recipients.

Chapter 2: Global Notification Settings 24

 RSA Archer GRC Platform Notifications

The following figure shows the elements of report-based notifications.

The attached report contains records based on the permissions of the Platform user
who creates the report. The report is not generated based on the Record
Permissions of the recipients.
If you do not want everyone to view the entire report, send a link to the report
instead of an attached report. A link to the report requires the recipient to have an
active Platform user account, and recipients can only view records for which they
have record permissions.

Related Topics
Scheduled Report Distributions

Scheduled Report Distributions

The Scheduled Report Distribution enables administrators to schedule notifications
with attached reports or links to reports. The content of an attached report is based
on the record permissions of the user who creates the report.

25 Chapter 2: Global Notification Settings

 RSA Archer GRC Platform Notifications

The following elements are specific to the Scheduled Report Distributions.

Layout Table body layout is not available. All free-form body layouts can be
used for report-based notifications.

Content Only links and attached reports are available. Information in the
attached report is based on the record permissions of the Platform user
who creates the report. If the report creator has permission to private
fields, all reports sent through the distribution will include the data of
the private fields, even if the recipient does not have access to the
fields.

Recipient Recipients must have active Platform user accounts.

Delivery Notifications are sent on a set schedule: daily, weekly, monthly, or

quarterly.

Subscription Recipients cannot unsubscribe to a Scheduled Report Distribution

notification.

Example 1: Attached Report

Scenario A Platform user wants to send a weekly report to managers for feedback.

Action A user with administrative rights creates a Scheduled Report Distributions

notification. The report is included as an attachment in the Body of the
template. The notification is scheduled to be sent weekly to managers.

Result Once a week, a notification with an attached report is sent to managers.

The report contains the information based on the record permissions of the
user instead of the managers.

Example 2: Link to Report

Scenario A Platform user wants to send a weekly report to colleagues for feedback.

Action A user with administrative rights creates a Scheduled Report Distributions

notification. A link to the report is included in the Body of the template. The
notification is scheduled to be sent weekly to a group of colleagues.

Result Once a week, a notification with a link to the report is sent to the group of
colleagues. A recipient clicks on the link to view the report that contains
information based on the record permissions of the recipient.

Chapter 2: Global Notification Settings 26

 RSA Archer GRC Platform Notifications

Notifications from Other Data Sources Overview

Notifications are published for Training and Awareness Campaigns and Discussion
Forums. The notification blueprints specify the properties and settings for the
notifications.
The following figure shows the elements of notifications from other data sources.

Training and Awareness

The Notification functionality of the Training and Awareness feature in the
Platform enables administrators to construct and deliver training and awareness
notifications to any users and groups. Training and awareness notifications are
organized as campaigns with one or more events. Campaigns support the
coordination of three event types:
l Presentation. Events allow information to be broadcast to users or groups using
email or prompts at logon. Recipients of presentation events are not required to
acknowledge receiving the event or respond to the content of the event.
Presentation events represent a passive form of communication.
l Acceptance. Events extend presentation events to require action from the
recipient. These events are presented to users or groups as a prompt when they
log on to the Platform. Users receiving an acceptance event are required to
accept or decline the event.
l Quiz. Events enable administrators to test knowledge of the users. These events
are presented to users as a prompt when they log on to the Platform. A quiz
event is a method for determining that a user or group received or accepted a
trigger, and that they have a complete understanding of the required reading.

27 Chapter 2: Global Notification Settings

 RSA Archer GRC Platform Notifications

The following elements are specific to notifications generated from Training and
Awareness Campaigns.

Content Custom text or specified pre-built content from any module to which a
user has ownership rights. The notification content of a Training and
Awareness Campaign event includes a static text introduction, dynamic
content placeholders for a trigger, and a static text closing.

Delivery Acceptance and Quiz events have reminders. Presentation events are sent
only once.

Discussion Forums
The notifications from Discussion Forums are subscription-based notifications.
Platform users can subscribe to receive notifications when messages are posted to a
forum, posted to a topic, or posted to a message.
The following elements are specific to notifications generated from Discussion
Forums.

Content Letterheads and body layouts are not available.

Delivery Notifications are sent as soon as possible after a trigger occurs.

Recipient Only Platform users can receive notifications from Discussion Forums.

Chapter 2: Global Notification Settings 28

 RSA Archer GRC Platform Notifications

Chapter 3: Subscription Notifications

Managing Letterheads
Letterheads define the page, header, body, and footer properties used by a
notification template. Once you create a letterhead, you can use it in multiple
notification templates.
You can perform the following letterhead tasks:
l Create a Letterhead
l Update the General Properties of a Letterhead
l Define the Layout of a Letterhead
l Delete a Letterhead

Create a Letterhead
Complete this to add a new letterhead by creating a new, original letterhead or
copying an existing letterhead, then naming and describing the letterhead. You then
define the layout for the letterhead, which includes specifying the background
design properties and content to be included in the header and footer.

Procedure
1. Navigate to the Manage Letterheads page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Letterheads.
The Manage Letterheads page is displayed. This page lists all existing
letterheads in the Platform.
2. Click Add New.

Note: This link is displayed only if your user account has create rights for this
page.

3. Do one of the following

l To use the settings of an existing letterhead as a starting point for your new
letterhead, click Copy an existing Letterhead and select the existing
letterhead from the Available Letterheads list.
l To select new settings for the letterhead, select Create a new Letterhead
from scratch.

Chapter 3: Subscription Notifications 29

 RSA Archer GRC Platform Notifications

4. Click OK.
The Manage Letterhead page is displayed for the new letterhead. This page
enables you to specify the properties of the letterhead.

Next Steps
Update the General Properties of a Letterhead

Update the General Properties of a Letterhead

Complete this task to use descriptive names and thoughtful descriptions to identify
your letterheads. You also can specify whether a letterhead is active or inactive.

Before You Begin

Create a Letterhead

Procedure
1. Select the letterhead that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Letterheads.
The Manage Letterheads page is displayed. This page lists all existing
letterheads in the Platform.
d. Click the letterhead.
2. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the letterhead.
b. To prevent anyone from using this notification, select Inactive in the Status
field. Otherwise, select Active.
c. In the Description field, enter a description of the letterhead
3. Review the information in the remaining fields in this section.
4. Click Apply.

Next Steps
Define the Layout of a Letterhead

Define the Layout of a Letterhead

Complete this task to define the layout for the letterhead. This includes the
background design properties, the content included in the header, body, and footer,
as well as the overall page.

30 Chapter 3: Subscription Notifications

 RSA Archer GRC Platform Notifications

Before You Begin

Create a Letterhead

Procedure
1. Select the letterhead that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Letterheads.
The Manage Letterheads page is displayed. This page lists all existing
letterheads in the Platform.
d. Click the letterhead.
2. Click the Layout tab and define the layout for the letterhead.
3. Using the options in the Toolbar field, specify properties for the letterhead.
Click Page Properties, Header Properties, Body Properties, and Footer
Properties. For each of these dialog boxes, complete the following steps:
a. Under Fill Properties, in the Background Fill field, select No Fill or Solid
Fill.
b. If you selected Solid Fill, in the Background Color field, use the color
picker to select the desired background color.
c. Under Border Settings, in the Line Color field, use the color picker to
select the desired border color.
d. In the Line Height field, enter the desired line height in pixels. For no
border, enter a height of 0.
e. Click OK.

Note: The settings in the Header Properties, Body Properties and Footer
properties dialog boxes override the settings in the Page Properties dialog box.

4. In the Header field and in the Footer field, enter or paste the text that you want
to appear in the header and footer.
You can use the options in the rich text editor toolbar to modify the appearance
of the text.
5. Click Save.

Delete a Letterhead
Complete this task to delete a letterhead that is no longer needed.

Chapter 3: Subscription Notifications 31

 RSA Archer GRC Platform Notifications

Procedure
1. Navigate to the Manage Letterheads page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Letterheads.
The Manage Letterheads page is displayed. This page lists all existing
letterheads in the Platform.
2. Click the row and view the description of the letterhead that you want to delete.

3. Click for that letterhead.

A warning dialog box opens.
4. To confirm the delete, click OK.

32 Chapter 3: Subscription Notifications

 RSA Archer GRC Platform Notifications

Chapter 4: Scheduled Report Distributions

Configuring Notifications
The Notification settings for an instance must be specified in the RSA Archer
Control Panel before the notifications can be sent in the Platform.
In the Platform, the Notifications functionality must be enabled in Application
Builder for all modules with records used to generate notifications. When a defined
trigger occurs in a module, the Platform uses the notification blueprint to generate
and send notifications to selected recipients.
The Notifications feature enables administrators to define default values for all
notification blueprints and the read-receipt functionality. The global notification
settings determine the default options and values used across all notification
blueprints of an instance.
The Read Receipt properties enable administrators to activate the read receipt
functionality. An email account is designated to track the receipt of notifications
triggered by a notification blueprint.
Recipients can receive notifications using any email-based device. Platform users
can select the notifications that they want to receive from the User Preferences
menu.

Configuring Notifications for the Instance

The Notifications settings need to be configured in the RSA Archer Control Panel
for an instance before the notifications can be sent in the Platform. The Default
From Address is required for creating an instance.

Chapter 4: Scheduled Report Distributions 33

 RSA Archer GRC Platform Notifications

The following options are defined in the General tab for the Notifications feature.

Option Description

Server Address Specifies the IP address to the mail server. By default, this
address is blank.

Email Link Format Specifies the format of notifications. Select the applicable
value. The valid values include the following:
l Default. The designated default value.
l Truncated. Reduces the amount of text automatically
inserted into the notification. If you experience errors
using the Default option, select this option.
l Lotus Notes. Generates notifications through Lotus Notes.

Number of Retries Designates the number of times the notification job attempts
to send the notification through the mail server when there
are failures, for example, a bad email address. By default, this
option is set to zero (0).

Retry Timeout (sec) Designates the number of seconds between retry attempts. By
default, this option is set to zero (0).

Default From Address Specifies the email address of the sender as a failback
measure in case the From Address is not entered. By default,
this option is blank. An email address must be entered for
this option to create an instance.

For instructions on configuring notifications for the instance, see "Configure

Notifications" in the RSA Archer Control Panel Help.

Configuring Notifications in the Platform

In the Platform, the Notifications option must be selected in Application Builder for
all modules that contain records used for generating notifications.
The Notifications feature enables administrators to specify the default settings for
notification blueprints and read-receipt functionality in Global Notification Settings.
Default Notification Settings define the default values for notification blueprints.
The read-receipt functionality allows the Platform to track the receipt of
notifications. The default settings are overridden by the settings of the individual
notification blueprints.
Default Notification Settings
The default notification settings determine the default options and values used
across all notification blueprints of an instance. Administrators can designate a
default letterhead, body layout, from address, alias, and attachment types.

34 Chapter 4: Scheduled Report Distributions

 RSA Archer GRC Platform Notifications

The following settings are default values, but can be overridden in the individual
notification blueprints.

Settings Description

Letterhead Specifies the default letterhead that is used. The right column
displays a preview of the selected letterhead.
XML Notifications do not contain letterheads.

Body Layout Specifies the default layout of the body, including how the data
is arranged. The Table body layout arranges the content in a
structured format. All other body layouts are free-form layouts,
and content can be arranged anywhere in the body.

From Address Specifies the default email address from which notifications are
sent. The Default From Address established for the instance is
used if this one is not provided.

From Alias Specifies the default email alias for the From Address.

Attachment Type Specifies the default attachment type. The following types are
available:

l Adobe PDF l Microsoft Excel

l CSV l Microsoft Word
l HTML File l XML File

Chapter 4: Scheduled Report Distributions 35

 RSA Archer GRC Platform Notifications

Read Receipt Properties

Read-receipt functionality enables administrators to track the actual receipt of
notifications. When the return-receipt functionality for notification blueprints is
activated, administrators can specify the following properties.

Property Description

Status Specifies whether the read-receipt functionality is active or

inactive. The Active status enables administrators to configure
any notification blueprint to request read-receipts when
notifications are sent to the recipients.

Email Address Specifies the email address that receives the return receipts.

Important: Do not use your own email address as the account to

receive the return receipt. All notifications are deleted from the
specified email account after the module retrieves read-receipt
information to prevent the account from exceeding its storage
limit. Use a dedicated email address to receive the read receipts.

Server Name Specifies the server name or IP address of the mail server on
which the return-receipt email account is created.
The Server Name is the same server name or IP address that was
used when configuring the Notifications for the instance.

Protocol Specifies the method that is used to retrieve notifications from

the email server.

Port Specifies the number associated with the communication

endpoint for the selected protocol.

User Name Specifies the name of the user who has access to the return-
receipt email account.

Password Specifies the password that is required to log on to the return-

receipt email account.

Test Connection Verifies that the credentials and connection information entered
are correct.
If the test reports an error, correct the error and click Test again.
Continue this process until a confirmation message indicating
success is displayed.

36 Chapter 4: Scheduled Report Distributions

 RSA Archer GRC Platform Notifications

Managing Global Notification Settings

Global notification settings define the default values for notification templates and
control read-receipt functionality, which allows the system to track the receipt of
email notifications.

Note: The default settings are overridden by the settings of the individual
notifications.

You can perform the following tasks from the Manage Global Notification Settings
page:
l Configure Default Settings
l Define Read Receipt Properties

Configure Default Notification Settings

Complete this task to specify the default options and values used for all
notifications. These settings are default values only and can be modified for a
specific notification in that properties of a notification.

Procedure
1. Navigate to the Manage Global Notification Settings page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Global Notification Settings.
2. In the Default Notification Settings section, from the Letterhead list, select
the default letterhead that you want to use.
For more information on configuring letterheads, see Managing Letterheads.
3. In the Body Layout field, click Select.
4. Preview and select the desired layout and click OK.
5. In the From Address field, enter a default email address.
6. In the From Alias field, enter a default email alias.
7. From the Attachment Type list, select one of the default attachment types:
l Adobe PDF
l CSV
l HTML File
l Microsoft Excel
l Microsoft Word
l XML File

Chapter 4: Scheduled Report Distributions 37

 RSA Archer GRC Platform Notifications

8. Click Apply.

Define Read Receipt Properties

Complete this task to enable or disable the return-receipt functionality and specify
the supporting properties, such as the email address that receives the return
receipts.
In the Read Receipt Properties section of the Manage Global Notification Settings
page, you can activate or inactivate return-receipt functionality for notification
templates. If return-receipt functionality is activated, administrators can enter the
return email address for read-receipts that are requested from users when they open
a notification email. This page also provides controls for configuring mail server
properties and providing a user name and password for the return email account.

Important: After the application pulls read-receipt information from the email
account that you define on this page, all emails are deleted from that account to
prevent the account from exceeding its storage limit.

Before You Begin

Set up an email account on your organization's mail server that receives read
receipts from users who have indicated receipt of notification emails. The mail
server on which you create this account most likely is the same mail server that
your organization is using for alert notifications.

Procedure
1. Navigate to the Manage Global Notification Settings page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Global Notification Settings.
2. Complete the Read Receipt Properties section:
a. In the Status field, select whether the read-receipt functionality is Active or
Inactive.
If you select Active, Notification administrators can configure any template
to request read-receipts when emails are sent to template subscribers.
b. In the Email Address field, enter the email address that should receive the
messages.
For best results, set up an account on your organization's email server for
this purpose.
c. In the Server Name field, enter the server name or IP address of the mail
server on which you created the return-receipt email account.

38 Chapter 4: Scheduled Report Distributions

 RSA Archer GRC Platform Notifications

This most likely is the same server name or IP address used when
configuring notifications during the installation process.
d. From the Protocol list, select the protocol used to retrieve emails from your
organization's email server.
e. In the Port field, enter the appropriate port for the selected protocol.
f. In the User Name field, enter the user name that has access to the return-
receipt email account.
g. In the Password field, enter the password that is required to log on to the
return-receipt email account.
h. In the Test Connection field, click Test to verify that the credentials and
connection information you have entered are correct.
If the test reports an error, correct the error and click Test again. Continue
this process until you receive a confirmation message indicating success.
3. Click Save.

Chapter 4: Scheduled Report Distributions 39

 RSA Archer GRC Platform Notifications

Chapter 5: On Demand Notification Templates

Managing Subscription Notifications

Subscription-based notifications enable end users to receive email alerts on a set
schedule or instantly when records are added or updated in an application.
Administrators can create notification templates for any application for which they
have been assigned ownership rights.
The settings for a subscription notification are captured in a notification template,
which is a triggering mechanism for alert emails. Administrators create and manage
notification templates using the Subscription Notification feature. When creating
and configuring a template, you can select the application it should monitor, design
the layout, configure the delivery methods and recipients, and specify the conditions
in the application's records that should cause an email to be sent. For example, you
could create a notification template for an "Issue Tracker" application, specifying
that an alert email should be sent to all members of the Risk Response team each
time a new issue is reported in the application. You also could apply filters to this
template so that email messages are sent only when the values "Urgent" and "High"
are selected in the "Priority" field, thereby limiting the number of alert emails that
are triggered by the template.
Users select which notifications to receive using the Manage Your Email
Subscriptions option in the User Preferences menu. They can receive notification
emails using any email-based device.
You can perform the following tasks using the Subscription Notification feature:
l Create a Subscription Notification
l Update the General Properties of a Subscription Notification
l Define the Layout of a Subscription Notification
l Select the Content to Display in a Subscription Notification
l Define the Email Properties of a Subscription Notification
l Configure the Delivery Schedule for a Subscription Notification
l Select the Subscription Options for a Subscription Notification
l Select the Recipients of a Subscription Notification
l Establish Filter Criteria for a Subscription Notification
l Delete a Subscription Notification

Chapter 5: On Demand Notification Templates 41

 RSA Archer GRC Platform Notifications

Create a Subscription Notification

Complete this task to add a new subscription notification by creating a new, original
template or copying an existing template, then naming and describing the template.
You also define the fields that you want to display in notification emails, select
notification recipients, and select the frequency for delivering emails. In addition,
you define the template as optional or required, select a format for the notification
emails, and specify default filter properties for the template.

Procedure
1. Navigate to the Manage Subscriptions Notifications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
2. Click Add New.

Note: This link is displayed only if your user account has create rights for this
page.

3. Do one of the following:

l To use the settings of an existing subscription notification as a starting point
for your new subscription notification, select Copy an existing Subscription
Notification and select the existing subscription notification from the list.
l To select new settings for a subscription notification, select Create a new
Subscription Notification from scratch and from the Available
Applications list, select an application to associate the notification in.
4. Click OK.
If the selected application is a leveled application, an additional dialog box
opens in which you select the level to associate the notification.

Next Steps
Update the General Properties of a Subscription Notification

Update the General Properties of a Subscription Notification

Complete this task to set basic properties of a subscription notification, including
name, description, folder location and status.

Before You Begin

Create a Subscription Notification

42 Chapter 5: On Demand Notification Templates

 RSA Archer GRC Platform Notifications

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
d. Click the subscription notification.
2. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the notification.
b. To prevent anyone from using this notification, select Inactive from the
Status list. Otherwise, select Active.
c. In the Description field, describe the notification.
3. From the Folder list, select the folder in which to store the notification.
To create a new folder, on the Manage Folders page, click Edit and then click
Add New. After naming the new folder, click OK to return to the previous
page.
4. Review the information in the remaining fields in this section.
5. Click Apply.

Next Steps
Define the Layout of a Subscription Notification

Define the Layout of a Subscription Notification

Complete this task to choose the letterhead that displays in a notification and to
define its page layout.

Before You Begin

Create a Subscription Notification

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all

Chapter 5: On Demand Notification Templates 43

 RSA Archer GRC Platform Notifications

existing subscription notifications in the Platform.

d. Click the subscription notification.
2. On the General tab, scroll down to the Template Design section.
3. From the Letterhead list, select the desired letterhead.
4. In the Body Layout field, click Select to open the Body Layouts dialog box.
5. Select a layout and click OK.
The preview displayed in the Preview field is updated based on your selection.
6. Verify that the preview displayed in the Preview field meets your needs.
7. Click Apply.

Next Steps
Select the Content to Display in a Subscription Notification

Select the Content to Display in a Subscription Notification

Complete this task to define the content of a notification, using both static and
dynamic content. Static content is text that remains the same for every notification,
while dynamic content is content that changes based on the unique parameters.

Before You Begin

Create a Subscription Notification

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
d. Click the subscription notification.
2. Click the Content tab.
The Template Design section is displayed.
3. In the Subject field, enter the text that you want to appear in the email subject
line.
You also can include fields (but not reports or links) in the subject line as
dynamic information. To enter a field, place your cursor in the desired location
of the Subject field and select the appropriate field from the Toolbar list.

44 Chapter 5: On Demand Notification Templates

 RSA Archer GRC Platform Notifications

Note: You cannot include the following fields in the subject line: Attachment,
Cross-Application Status Tracking, Image, Record Permissions, Risk
Assessment, Sub-Form, Questionnaire Reference, Access History, and History
Log.

4. In the Body fields, enter the text that you want to display in the body of the
message.
You can use the options in the rich text editor toolbar to modify the appearance
of the text.
5. (Optional) To include fields, reports, and links in the body, place your cursor in
the desired location of a Body field and select the desired information to insert
from the Select a Field, Select a Report, or Select a Link lists.
Important: In version 5.0.2, you cannot display a statistical chart in a
notification.

6. (Optional) To change the layout of the boxes that make up the Body fields, click
the General tab and select a layout from the Body Layout list in the Template
Design section.
7. Click Apply.

Next Steps
Define the Email Properties of a Subscription Notification

Define the Email Properties of a Subscription Notification

Complete this task to define the From address for the notification and to enter an
alias for the address as needed. You also can select the importance of the email and
determine whether to allow read-receipt functionality.

Before You Begin

Create a Subscription Notification

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
d. Click the subscription notification.

Chapter 5: On Demand Notification Templates 45

 RSA Archer GRC Platform Notifications

2. Click the Delivery tab.

3. In the Email Properties section, do the following:
a. In the From Address field, enter the "From" address.
b. In the From Alias field, enter the appropriate alias.
c. From the Importance list, select the appropriate importance level.
d. From the Read Receipt list, select either to enable or disable return
receipts.
This option is available only if you have enabled Read Receipt functionality
in Global Notification Settings. For more information on enabling this
functionality, see Define Read Receipt Properties.
4. Click Apply.

Next Steps
Configure the Delivery Schedule for a Subscription Notification

Configure the Delivery Schedule for a Subscription Notification

Complete this task to configure the frequency and the delivery schedule of the
notification.

Before You Begin

Create a Subscription Notification

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
d. Click the subscription notification.
2. Click the Delivery tab.
3. In the Delivery Schedule section, from the Frequency list, select the
frequency.
Depending on your selection, additional fields may be displayed in this section.
Use these fields to set the specific time to send the notification.
4. Complete any additional fields in the Delivery Schedule section.
5. Click Apply.

46 Chapter 5: On Demand Notification Templates

 RSA Archer GRC Platform Notifications

Next Steps
Select the Subscription Options for a Subscription Notification

Select the Options for a Subscription Notification

Complete this task to select the default subscription type, which includes specifying
whether to send notifications to all users, new users, or only to selected users.

Before You Begin

Create a Subscription Notification

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
d. Click the subscription notification.
2. Click the Delivery tab.
3. In the Subscriptions section, select one of the following options:
l None. Users are not subscribed by default. Users can subscribe to the
notification at any time and, if they choose, cancel their subscription.
l New Users. New users receive notifications by default, but they can cancel
the subscription at any time.
l All Users. New and existing users receive notifications by default, but they
can cancel the subscription at any time.
4. Click Apply.

Next Steps
Select the Recipients of a Subscription Notification

Select the Recipients of a Subscription Notification

Complete this task to determine who receives email messages generated by this
subscription notification. You can select to send the notification to a static listing of
users and groups, or select to determine the recipients dynamically based on the
values of User/Groups List and Record Permission fields or an email address stored
in a field.

Chapter 5: On Demand Notification Templates 47

 RSA Archer GRC Platform Notifications

Before You Begin

Create a Subscription Notification

Procedure
1. Select the subscription notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
d. Click the subscription notification.
2. Click the Delivery tab.
3. In the Recipients section, select the users and groups to receive the
notifications:
a. In the Available section, use the Find box to find users and groups to send
the notification.
b. Click the user or group to display it in the Selected section.
You also can find and select groups to determine the recipients dynamically.
4. Verify that the users, groups, and fields that are displayed in the Selected
section are your intended recipients.
5. Click Apply.

Next Steps
Establish Filter Criteria for a Subscription Notification

Establish Filter Criteria for a Subscription Notification

Complete this task to select the filtering options generated by a subscription
notification. Only records that match the specified filter criteria generate an email
notification.

Before You Begin

Create a Subscription Notification

Procedure
1. Navigate to the Manage Subscriptions Notifications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.

48 Chapter 5: On Demand Notification Templates

 RSA Archer GRC Platform Notifications

The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
2. Click the subscription notification that you want to edit.
3. Click the Filter Criteria tab.
Each row on this page represents one set of filter criteria.
4. To set filter criteria for the subscription, complete the following steps:
a. In the Field To Evaluate column, select the field to evaluate for one or
more specific values.

Note: To create additional conditions, click Add New.

b. In the Operator column, select the filter operator.

c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic
to your search criteria.
5. Click Save.

Delete a Subscription Notification

Complete this task to delete a subscription notification no longer needed.

Procedure
1. Navigate to the Manage Subscriptions Notifications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Subscription Notifications.
The Manage Subscription Notifications page is displayed. This page lists all
existing subscription notifications in the Platform.
2. Click the row of the notification that you want to delete.
The row expands to display a description of the notification.

3. Click for that notification.

A Warning dialog box opens.
4. To confirm the deletion, click OK.

Chapter 5: On Demand Notification Templates 49

 RSA Archer GRC Platform Notifications

Chapter 6: XML Notifications

Managing Scheduled Report Distributions

You can schedule email alerts to send to users that contain embedded reports or
links to reports. The records and fields displayed in the scheduled report distribution
are based on the access restrictions of the user who set up the notification. As such,
it is possible that a recipient of an embedded report, who is otherwise restricted
from certain data, could receive and view that data in the report. If you send a link
to a report, the system enforces any restrictions on viewing data based on the
privileges of the individual user account.
You can perform the following scheduled distribution tasks:
l Create a Scheduled Report Distribution
l Update the General Properties of a Scheduled Report Distribution
l Define the Layout of a Scheduled Report Distribution
l Select the Content to Display in a Scheduled Report Distribution
l Define the Email Properties of a Scheduled Report Distribution
l Configure the Delivery Schedule of a Scheduled Report Distribution
l Select the Recipients of a Scheduled Report Distribution
l Delete a Scheduled Report Distribution

Create a Scheduled Report Distribution

Complete this task to add a new scheduled report distribution by creating a new,
original template or by copying an existing template, then naming and describing the
template. You also define the reports and links to reports that you want to display in
notification emails, select notification recipients, and select the frequency for
delivering emails. In addition, you define the template as optional or required, and
select a format for the notification emails.

Procedure
1. Navigate to the Manage Scheduled Report Distributions page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page lists
all report distributions in the Platform.

Chapter 6: XML Notifications 51

 RSA Archer GRC Platform Notifications

2. Click Add New.

Note: This link is displayed only if your user account has create rights for this
page.

The Add New Scheduled Report Distribution dialog box opens.

3. Do one of the following:
l To use the settings of an existing report distribution as a starting point for
your new report distribution, select Copy an existing Scheduled Report
Distribution and from the Available Scheduled Report Distributions list,
select the existing report distribution.
l To create an original distribution, click Create a new Scheduled Report
Distribution from scratch and from the Available Applications list, select
an application to associate the report distribution .
4. Click OK.
If the selected application is a leveled application, an additional dialog box
opens in which you select the level to associate the notification.

Next Steps
Update the General Properties of a Scheduled Report Distribution

Update the General Properties of a Scheduled Report Distribution

Complete this task to set basic properties of a scheduled report distribution,
including name, description, folder location, and status.

Before You Begin

Create a Scheduled Report Distribution

Procedure
1. Select the report distribution that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page
lists all report distributions in the Platform.
d. Click the report distribution.

52 Chapter 6: XML Notifications

 RSA Archer GRC Platform Notifications

2. On the General tab, complete the General Information section:

a. In the Name field, enter a name for the notification.
b. To prevent anyone from using this notification, select Inactive from the
Status list; otherwise, select Active.
c. In the Description field, enter a description of the notification.
3. From the Folder list, select the folder in which to store the notification.
To create a new folder, click Edit and click Add New on the Manage Folders
page. After naming the new folder, click OK to return to the previous page.
4. Review the information in the remaining fields in this section.
5. Click Apply.

Next Steps
Define the Layout of a Scheduled Report Distribution

Define the Layout of a Scheduled Report Distribution

Complete this task to select the letterhead that displays in a notification and to
define its page layout.

Before You Begin

Create a Scheduled Report Distribution

Procedure
1. Select the report distribution that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page
lists all report distributions in the Platform.
d. Click the report distribution.
2. On the General tab, scroll down to the Template Design section.
3. From the Letterhead list, select the desired letterhead.
4. In the Body Layout field, click Select to open the Body Layouts dialog box.
5. Select a layout and click OK.
The preview displayed in the Preview field is updated based on your selection.
6. Verify that the preview displayed in the Preview field meets your needs.
7. Click Apply.

Chapter 6: XML Notifications 53

 RSA Archer GRC Platform Notifications

Next Steps
Select the Content to Display in a Scheduled Report Distribution

Select the Content to Display in a Scheduled Report Distribution

Complete this task to specify the report or link to send with the scheduled report
distribution.

Before You Begin

Create a Scheduled Report Distribution

Procedure
1. Select the report distribution that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page
lists all report distributions in the Platform.
d. Click the report distribution.
2. Click the Content tab.
The Report Attachments and Template Design sections are displayed.
3. In the Report Attachments section, click Select in the Reports field and
select the report or reports that you want to embed in the email distribution, and
click OK.
4. From the Attachment Type list, select the format of the report or reports.

Note: Use caution when sending reports with restricted data. The records and
fields that are displayed in the report are based on the access restrictions of the
user setting up this notification. As such, it is possible that the recipient, who
may be otherwise restricted from certain data, could receive and view that data
in the report.

5. In the Template Design section, in the Subject field, enter the text that you
want displayed in the email subject line.
To include fields (but not reports or links) in the subject line as dynamic
information, place your cursor in the body location and click the Select a Field
list, and select the field from the list.

Note: You cannot include the following fields in the subject line: Attachment,
Cross-Application Status Tracking, Image, Record Permissions, Risk
Assessment, Sub-Form, Questionnaire Reference, Access History, and History

54 Chapter 6: XML Notifications

 RSA Archer GRC Platform Notifications

Log.

6. In the Body fields, enter the text that you want displayed in the body of the
message.
You can use the options in the rich text editor toolbar to modify the appearance
of the text.
7. (Optional) To enter dynamic information, such as reports and links in the body,
place your cursor in the location and click the Select a Report drop-down list or
the Select a Link icon. Select the information to insert it into the body.
8. (Optional) To define how the boxes that make up the Body fields are arranged
in the message, on the General tab, select a layout from the Body Layout list in
the Template Design section.
9. Click Apply.

Next Steps
Define the Email Properties of a Scheduled Report Distribution

Define the Email Properties of a Scheduled Report Distribution

Complete this task to define the From address for the notification and to enter an
alias for the address as needed. You can also select the importance of the email and
determine whether to enable read-receipt functionality.

Before You Begin

Create a Scheduled Report Distribution

Procedure
1. Select the report distribution that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page
lists all report distributions in the Platform.
d. Click the report distribution.
2. Click the Delivery tab.
3. In the Email Properties section, do the following:
a. In the From Address field, enter the "From" address.
b. In the From Alias field, enter the appropriate alias.
c. From the Importance list, select the appropriate importance level.

Chapter 6: XML Notifications 55

 RSA Archer GRC Platform Notifications

d. From the Read Receipt list, select either to enable or disable return
receipts.

Note: This option is available only if you have enabled Read Receipt
functionality in Global Notification Settings. For more information on
enabling this functionality, see Define Read Receipt Properties.

4. Click Apply.

Next Steps
Configure the Delivery Schedule of a Scheduled Report Distribution

Configure the Delivery Schedule of a Scheduled Report Distribution

Complete this task to configure the frequency and the delivery schedule of the
report distribution.

Before You Begin

Create a Scheduled Report Distribution

Procedure
1. Select the report distribution that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page
lists all report distributions in the Platform.
d. Click the report distribution.
2. Click the Delivery tab.
3. In the Delivery Schedule section, from the Frequency list, select the
frequency.
Depending on your selection, additional fields may be displayed in this section.
Use these fields to set the specific time to send the notification.
4. Complete any additional fields in the Delivery Schedule section.
5. Click Apply.

Next Steps
Select the Recipients of a Scheduled Report Distribution

56 Chapter 6: XML Notifications

 RSA Archer GRC Platform Notifications

Select the Recipients of a Scheduled Report Distribution

Complete this task to specify who receives email messages generated by the
scheduled report distribution.

Before You Begin

Create a Scheduled Report Distribution

Procedure
1. Select the report distribution that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page
lists all report distributions in the Platform.
d. Click the report distribution.
2. Click the Delivery tab.
3. In the Recipients section, select the users and groups to receive the
notifications:
a. In the Available section, use the Find box to find users and groups to send
the distribution to.
b. Double-click the group or user to display it in the Selected area.
You also can find and select groups to dynamically determine the recipients.
4. Verify that the users and groups that are displayed in the Selected section are
your intended recipients.
5. Click Save.

Delete a Scheduled Report Distribution

Complete this task to delete a scheduled report distribution no longer needed.

Procedure
1. Navigate to the Manage Scheduled Report Distributions page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage Scheduled Report Distributions.
The Manage Scheduled Report Distributions page is displayed. This page lists
all report distributions in the Platform.

Chapter 6: XML Notifications 57

 RSA Archer GRC Platform Notifications

2. Click the row of the notification that you want to delete.

The row expands to display a description of the notification.

3. Click for that scheduled report distribution.

A warning dialog box opens.
4. To confirm the deletion, click OK.

58 Chapter 6: XML Notifications

 RSA Archer GRC Platform Notifications

Chapter 7: Reports

Managing On Demand Notification Templates

When users click Email in an application, they access the On Demand notification
templates. Users select from a predefined list of templates that are generated
dynamically, inserting record or system page content directly into a predesigned
form. Use this feature to create the On Demand notification templates.
You can perform the following On Demand notification template tasks:
l Create an On Demand Notification Template
l Update the General Properties of an On Demand Notification Template
l Define the Layout of an On Demand Notification Template
l Select the Content to Display in an On Demand Notification Template
l Select the Recipients of an On Demand Notification Template
l Determine the Access Rights for an On Demand Notification Template
l Delete an On Demand Notification Template

Create an On Demand Notification Template

Complete this task to add an On Demand notification template by creating a new,
original template or copying an existing template, and naming and describing the
template. You also define the layout and content of the notification, as well as the
recipients. In addition, you define whether the template can be accessed by all
users and groups, or only by select users and groups.

Procedure
1. Navigate to the Manage On Demand Notification Templates page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
2. Click Add New.

Note: This link is displayed only if your user account has create rights for this
page.

The Add New On Demand Notification Template dialog box opens.

Chapter 7: Reports 59
 RSA Archer GRC Platform Notifications

3. Do one of the following:

l To use the settings of an existing template as a starting point for your new
notification, select Copy an existing On Demand Notification Template
and select the existing template from the list.
l To create a new On Demand notification, select Create a new On Demand
Notification from scratch and select an application to associate the
notification in the Available Applications list.
4. Click OK.
If the selected application is a leveled application, an additional dialog box
opens in which you select the level to associate the notification.

Next Steps

Update the General Properties of an On Demand Notification Template

Update the General Properties of an On Demand Notification

Template
Complete this task to set basic properties of an On Demand notification template,
including name, description, folder location, and status.

Before You Begin

Create an On Demand Notification Template

Procedure
1. Select the On Demand notification template that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
d. Click the On Demand notification template.
The Manage On Demand Notification Templates page is displayed. On this
page, you can specify the properties for that On Demand notification
template.
2. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the notification.
b. To prevent anyone from using this notification, select Inactive from the
Status list; otherwise, select Active.
c. In the Description field, describe the notification.

60 Chapter 7: Reports
 RSA Archer GRC Platform Notifications

3. From the Folder list, select the folder in which to store the notification. To
create a new folder, click Edit and click Add New on the Manage Folders
page. After naming the new folder, click OK to return to the previous page.
4. Review the information in the remaining fields in this section.
5. Click Apply.

Next Steps
Define the Layout of an On Demand Notification Template

Define the Layout of an On Demand Notification Template

Complete this task to choose the letterhead that displays on an On Demand
notification template and to define its page layout.

Before You Begin

Create an On Demand Notification Template

Procedure
1. Navigate to the Manage On Demand Notification Templates page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
2. On the General tab, scroll down to the Template Design section.
3. From the Letterhead list, select the desired letterhead.
4. In the Body Layout field, click Select to open the Body Layouts dialog box.
Select a layout and click OK.
The preview displayed in the Preview field is updated based on your selection.
5. Verify that the preview displayed in the Preview field meets your needs.
6. Click Apply.

Next Steps
Select the Content to Display in an On Demand Notification Template

Chapter 7: Reports 61
 RSA Archer GRC Platform Notifications

Select the Content to Display in an On Demand Notification Template

Complete this task to define the content of an On Demand notification template,
using both static and dynamic content. Static content is text that remains the same
for every notification, while dynamic content is content that changes based on the
unique parameters.

Before You Begin

Create an On Demand Notification Template

Procedure
1. Select the On Demand notification template that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
d. Click the On Demand notification template.
The Manage On Demand Notification Templates page is displayed. On this
page, you can specify the properties for that On Demand notification
template.
2. Click the Content tab.
The Template Design section is displayed.
3. In the Subject field, enter the text that you want to display in the email subject
line.
You also can include fields (but not reports or links) in the subject line as
dynamic information. To enter a field, place your cursor in the desired location
of the Subject field and select the appropriate field from the Toolbar list.

Note: You cannot include the following fields in the subject line: Attachment,
Cross-Application Status Tracking, Image, Record Permissions, Risk
Assessment, Sub-Form, Questionnaire Reference, Access History, and History
Log.

4. In the Body fields, enter the text that you want to display in the body of the
message.
You can use the options in the rich text editor toolbar to modify the appearance
of the text.
5. (Optional) To enter dynamic information in the body, such as fields, reports, and
links, place your cursor in the desired location of a Body field and select the
desired information to insert from the Select a Field, Select a Report, or Select
a Link lists.

62 Chapter 7: Reports
 RSA Archer GRC Platform Notifications

Important: In version 5.0.2, you cannot display a statistical chart in a

notification.

6. (Optional) To define how the boxes that make up the Body fields are arranged
in the message, click the General tab and select a layout from the Body Layout
list in the Template Design section.
7. Click Apply.

Next Steps
Select the Recipients of an On Demand Notification Template

Select the Recipients of an On Demand Notification

Complete this task to define the default recipients of email messages generated by
an On Demand notification template. You can send the notification to a static listing
of users and groups, or dynamically determine the recipients based on the values of
User/Groups List and Record Permission fields or an email address stored in a
field.

Before You Begin

Create an On Demand Notification Template

Procedure
1. Select the On Demand notification template that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
d. Click the On Demand notification template.
The Manage On Demand Notification Templates page is displayed. On this
page, you can specify the properties for that On Demand notification
template.
2. Click the Delivery tab.
3. In the Recipients section, use the To, CC, and BCC fields to select the
recipients of the notification. You can enter dynamic or static email addresses:
l To enter dynamic email addresses, click Select in the appropriate Dynamic
field to open the selection box. In the Available section, select the groups,
users, and fields to receive notifications generated by this template. Click a
group, user, or field to display it in the Selected section and click OK.

Chapter 7: Reports 63
 RSA Archer GRC Platform Notifications

Note: To search for a specific user or group, expand the User or Group node
and click the value. Your selection is displayed in the Selected column.

l To enter static email addresses, enter the email address in the appropriate
Static field. Use a semicolon to separate multiple addresses.
4. Click Apply.

Next Steps
Determine the Access Rights for an On Demand Notification Template

Determine the Access Rights for an On Demand Notification

Template
Complete this task to specify the users and groups who have access to this On
Demand notification template. The users and groups selected have the ability to
select this template.

Before You Begin

Create an On Demand Notification Template

Procedure
1. Select the On Demand notification template that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
d. Click the On Demand notification template.
The Manage On Demand Notification Templates page is displayed. On this
page, you can specify the properties for that On Demand notification
template.
2. Click the Access tab.
This tab is displayed only for On Demand notifications.
3. Do one of the following:
l To enable all application users to have access to this template, select Public.
l To grant specific rights to selected users and groups, select Private. In the
Available section, select the groups and users to assign to this access role.
The selected groups and users are displayed in the Selected section.

64 Chapter 7: Reports
 RSA Archer GRC Platform Notifications

Note: To search for a specific user or group, expand the User or Group node
and click the value. Your selection is displayed in the Selected column.

4. Click Save.

Delete an On Demand Notification Template

Complete this task to delete an On Demand notification template no longer needed.

Procedure
1. Navigate to the Manage On Demand Notification Templates page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage On Demand Notification Templates.
The Manage On Demand Notification Templates page is displayed. This
page lists all existing On Demand notification templates in the Platform.
4. Click the row of the notification that you want to delete.
The row expands to display a description of the notification.

5. Click for that notification.

A warning dialog box opens.
6. To confirm the deletion, click OK.

Chapter 7: Reports 65
 RSA Archer GRC Platform Notifications

Chapter 8: XML Notifications

Managing XML Notifications

Use XML-based notifications to transmit information from the Platform to an
external system or to an integration component.
You can perform the following XML notification tasks:
l Create an XML Notification
l Update the General Properties of an XML Notification
l Select the Content to Display in an XML Notification
l Define the Email Properties of an XML Notification
l Configure the Delivery Schedule of an XML Notification
l Select the Recipients of an XML Notification
l Establish Filter Criteria of an XML Notification
l Delete an XML Notification

Create an XML Notification

Complete this task to add an XML notification by creating a new, original template
or copying an existing template, then naming and describing the template, and
finally selecting an application for the template from a list of applications for which
you have been assigned ownership rights.

Procedure
1. Navigate to the Manage XML Notifications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
2. Click Add New.

Note: This link is displayed only if your user account has create rights for this
page.

3. Do one of the following:

Chapter 8: XML Notifications 67

 RSA Archer GRC Platform Notifications

l To use the settings of an existing XML notification as a starting point for

your new notification, select Copy an existing XML Notification and select
the notification from the list.
l To create a new XML notification, select Create a new XML Notification
from scratch and select an application to associate the notification in the
Available Applications list.
4. Click OK.

Next Steps
Update the General Properties of an XML Notification

Update the General Properties of an XML Notification

Complete this task to set basic properties of an XML notification, including name,
description, folder location, and status.

Before You Begin

Create an XML Notification

Procedure
1. Select the XML notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
d. Click the XML notification.
2. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the notification.
b. To prevent anyone from using this notification, select Inactive from the
Status list; otherwise, select Active.
c. In the Description field, enter a description of the notification.
3. From the Folder list, select the folder in which to store the notification.
To create a new folder, click Edit and click Add New on the Manage Folders
page. After naming the new folder, click OK to return to the previous page.
4. Review the information in the remaining fields in this section.
5. Click Apply.

Next Steps
Select the Content to Display in an XML Notification

68 Chapter 8: XML Notifications

 RSA Archer GRC Platform Notifications

Select the Content to Display in an XML Notification

Complete this task to enhance your notification template by including text and fields
in the subject line of your XML notifications.

Before You Begin

Create an XML Notification

Procedure
1. Select the XML notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
d. Click the XML notification.
2. Click the Content tab.
The Template Design section is displayed.
3. In the Subject field, enter the text that you want to be displayed in the email
subject line.
You also can include fields in the subject line as dynamic information. To enter
a field, place your cursor in the desired location in the Subject field and from
the Toolbar list, select the field.

Note: You cannot include the following fields in the subject line: Attachment,
Cross-Application Status Tracking, Image, Record Permissions, Risk
Assessment, Sub-Form, Questionnaire Reference, Access History, and History
Log.

4. In the Body field, select the fields that are to be included in the notification in
the Available section.
The fields that are included in the notification are displayed in the Selected
section.
5. Click Apply.

Next Steps
Define the Email Properties of an XML Notification

Chapter 8: XML Notifications 69

 RSA Archer GRC Platform Notifications

Define the Email Properties of an XML Notification

Complete this task to define the From address for the notification and to enter an
alias for the address, as needed. You also can select the importance of the email
and determine whether to allow read-receipt functionality.

Before You Begin

Create an XML Notification

Procedure
1. Select the XML notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
d. Click the XML notification.
2. Click the Delivery tab.
3. In the Email Properties section, do the following:
a. In the From Address field, enter the "From" address.
b. In the From Alias field, enter the appropriate alias .
c. From the Importance list, select the appropriate importance level .
d. From the Read Receipt list, select to enable or disable return receipts.

Note: This option is available only if you have enabled Read Receipt
functionality in Global Notification Settings. For more information on
enabling this functionality, see Define Read Receipt Properties.

4. Click Apply.

Next Steps
Configure the Delivery Schedule of an XML Notification

Configure the Delivery Schedule of an XML Notification

Complete this task to configure the frequency and delivery schedule of an XML
notification.

Before You Begin

Create an XML Notification

70 Chapter 8: XML Notifications

 RSA Archer GRC Platform Notifications

Procedure
1. Select the XML notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
d. Click the XML notification.
2. Click the Delivery tab.
3. In the Delivery Schedule section, from the Frequency list, select the
frequency.
Depending on your selection, additional fields may be displayed in this section.
Use these fields to set the specific time to send the notification.
4. Complete any additional fields in the Delivery Schedule section.
5. Click Apply.

Next Steps
Select the Recipients of an XML Notification

Select the Recipients of an XML Notification

Complete this task to specify who receives the email messages generated by an
XML notification.

Before You Begin

Create an XML Notification

Procedure
1. Select the XML notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
d. Click the XML notification.
2. Click the Delivery tab.
3. In the Recipients section, enter the email address or addresses to send the

Chapter 8: XML Notifications 71

 RSA Archer GRC Platform Notifications

notifications. Use a semicolon to separate multiple email addresses.

4. Click Apply.

Next Steps
Establish Filter Criteria for an XML Notification

Establish Filter Criteria of an XML Notification

Complete this task to select the filtering options generated by an XML notification.
Only records that match the specified filter criteria generate a notification.

Before You Begin

Create an XML Notification

Procedure
1. Select the XML notification that you want to edit:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
d. Click the XML notification.
2. Click the Filter Criteria tab.
Each row on this page represents one set of filter criteria.
3. Complete the following steps:
a. In the Field To Evaluate column, select the field to evaluate for one or
more specific values.

Note: To create additional conditions, click Add New.

b. In the Operator column, select the filter operator.

c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic
to your search criteria.
4. Click Save.

Delete an XML Notification

Complete this task to delete an XML notification no longer needed.

72 Chapter 8: XML Notifications

 RSA Archer GRC Platform Notifications

Procedure
1. Navigate to the Manage XML Notifications page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Notifications.
c. Click Manage XML Notifications.
The Manage XML Notifications page is displayed. This page lists all
existing XML notifications in the Platform.
2. Click the row of the notification that you want to delete.
The row expands to display a description of the notification.

3. Click for that notification.

A warning dialog box opens.
4. To confirm the deletion, click OK.

Chapter 8: XML Notifications 73

 RSA Archer GRC Platform Notifications

Chapter 9: Reports

Notification Reports
The following table describes the system reports in the Notifications application.
You can find these reports by clicking Navigation Menu > Administration >
Notifications > View Notification Reports.

Report Description

Notification Engine Provides the number of successful and failed notification email
Recent Activity - Last deliveries within the last 24 hours.
24 Hours

Notification Provides the notification templates to which users have

Subscriptions subscribed. The report displays the template, user name,
recipient email address, notification type, and application for
each notification.

Notifications Failed Provides a list of notification emails that delivery failed. It lists
Email Attempts the users whose mailbox the email attempted to reach, the
email address of the recipient, the date and time of the last
email attempt, and the total number of delivery failures.

Notification Return Provides the status of emails triggered by notification templates

Receipts that are configured to request read receipts. The report shows
when each email was sent, whether the user who received each
email responded to the read-receipt request, and the date and
time of each response.

Notifications Sent Provides a list of all notification emails that have been sent. It
lists the email ID, the user who received the email, the email
address of the recipient, and the From address for the email. The
report also shows the notification template that triggered each
email, the subject line of each email, and the date and time
each email was sent.

Chapter 9: Reports 75
 RSA Archer GRC Platform Notifications

Chapter 10: Troubleshooting

Determine Point of Failure

The following table provides information to help troubleshoot issues related to
notifications.

Notifications are not being sent or received.

Cause Solution

The Notifications feature is Configure Notifications in the module. Enable

not enabled in the module. Notifications on the General tab of the applicable
module in Application Builder.
Ensure the notification blueprint is active.

The job engine is not running Start the Job Engine in the Windows Services.
in the Windows Services.

The Notifications feature is Configure Notifications in the RSA Archer Control

not configured properly in Panel. For more information, see Configuring
the RSA Archer Control Notifications for the Instance in Configuring
Panel. Notifications.

77 Chapter 10: Troubleshooting

 RSA Archer GRC Platform Notifications
Cause
The wrong type of
notification blueprint is used
for the triggering data.
The record in the data feed
does not trigger the
notifications.
The notification jobs are not
prioritized properly.
There are many jobs ahead of Change the priority of the SendNotificationJob or
the notification job types. SendMessagesJob notification job types.
The user cannot view the record.
Cause
The user does not have
permissions to view the record.
Filter Criteria for Reminder Notifications
Filter criteria can be defined in the delivery schedule of a reminder for the
following notifications:
l Subscription notification
Chapter 10: Troubleshooting
Solution
Ensure you are using the correct type of notification
blueprints for the data that is being triggered.
Subscription notifications are triggered when a record is
updated. Records can be updated manually or through a
data feed.
Reminder notifications are based on specific criteria. All
criteria must be met to trigger a notification.
Ensure the data feed is configured for sending
notifications. Select Send Notifications in the
Additional Properties of the data feed.
DDE Generate Notification action and On-Demand
notifications are not triggered from data feed.
Use Subscription Notifications in a data feed so that
data is access on the schedule of the notifications.
Reminder notifications are based on specific criteria. All
criteria must be met to trigger a notification.
Set the job priority in the Job Engine Manager. For
more information, see "Set Filters" in the RSA Archer
Control Panel Help.
Solution
Check the Access Roles of the user to ensure that
the user has access rights to the module of that
record.
Ensure that the user has access rights to view that
record, including Cross-Reference fields and related
records.
78
 RSA Archer GRC Platform Notifications

l XML notification
l DDE Generate Notification action

Records do not have to be saved or updated to send a reminder notification. Records

are evaluated at the specified time according to the delivery schedule. The reminder
notification is sent when a record meets all the defined filter criteria.
The following scenarios provide the filter criteria for sending reminder notifications
before the current data and after the current date.

Before Current Date

Scenario 1. Notification is evaluated and sent every day for all records where
"Date Field 1" is more than 1 day before the current date.

Field Operator Days Occurrence Target

Date Field 1 Greater Than 1 Daily Before Date

Scenario 2. Notification is evaluated and sent every day for all records where
"Date Field 1" is less than 999 days before the current date.

Field Operator Days Occurrence Target

Date Field 1 Less Than 999 Daily Before Date

Scenario 3. Notification is evaluated and sent only once for all records where
"Date Field 1" is 1 day before the current date. The Occurrence is defined as Once
because the Target date cannot be continually equal to the number of days before
the current date.

Field Operator Days Occurrence Target

Date Field 1 Equals 1 Once Before Date

Scenario 4. Notification is evaluated and sent only once for all records where
"Date Field 1" is 999 days before the current date. The Occurrence is defined as
Once because the Target date cannot be continually equal to the number of days
before the current date.

Field Operator Days Occurrence Target

Date Field 1 Equals 999 Once Before Date

79 Chapter 10: Troubleshooting

 RSA Archer GRC Platform Notifications

After Current Date

Scenario 5. Notification is evaluated and sent every day for all records where
"Date Field 1" is greater than 1 day after the current date.

Field Operator Days Occurrence Target

Date Field 1 Greater Than 1 Daily After Date

Scenario 6. Notification is evaluated and sent every day for all records where
"Date Field 1" is less than 999 days after the current date.

Field Operator Days Occurrence Target

Date Field 1 Less Than 999 Daily After Date

Scenario 7. Notification is evaluated and sent only once for all records where
"Date Field 1" is equal to 1 day after the current date. The Occurrence is defined
as Once because the Target date cannot be continually equal to a number of days
after the current date.

Field Operator Days Occurrence Target

Date Field 1 Equal To 1 Once After Date

Scenario 8. Notification is evaluated and sent only once for all records where
"Date Field 1" is equal to 999 days after the current date. The Occurrence is
defined as Once because the Target date cannot be continually equal to a number of
days after the current date.

Field Operator Days Occurrence Target

Date Field 1 Equal To 999 Once After Date

Notification Reports
Notification reports provide the success and failure status of notifications.
Notifications still in the queue are not reported. To access these reports, click
Navigation Menu > Administration > Notifications > View Notification Reports.
The following table provides information to help troubleshoot issues using the
Notification Engine Recent Activity - Last 24 Hours Report.

Chapter 10: Troubleshooting 80

 RSA Archer GRC Platform Notifications

Message
Problem Solution
Status

Successful The notifications are Check the Junk E-Mail folder or other email
sent successfully, but folders of the recipient.
the recipient does not
If the notification is not in another folder,
receive it.
generate the Notifications Sent report to view
that the Recipient Email Address is correct.

There are fewer Recipients did not receive all notifications. If

notifications shown in this is happening:
the report than should
1. Check the modules record permission
have been sent.
fields to be sure the recipient is allowed to
see the records.
2. Check the rights of the roles assigned to
the groups to which the recipient belongs.
3. Check the rights of the roles assigned to
the recipient.
4. Modify the rights and permissions
appropriately and resend the notifications.

The recipient only sees Recipients do not have permission to view the
part of the content. record. If this is happening:
1. Check the modules record permission
fields to be sure the recipient is allowed to
see the records.
2. Check the rights of the roles assigned to
the groups that the recipient belongs.
3. Check the rights of the roles assigned to
the recipient.
4. Modify the rights and permissions
appropriately and resend the notifications.

Failed The notifications failed Ensure that the Server Address is correct in the
to be sent. RSA Archer Control Panel > General Settings
of the instance.
Ensure the user account of the recipient has an
email address. See "Managing Users" in the
Help Center.

N/A If the report does not Check the notification rules to be sure that
show any notifications, they are valid and will trigger. If that is the
the notifications did issue, modify the rules and send again.
not trigger.

81 Chapter 10: Troubleshooting

RSA Archer GRC Platform 5.4
Packaging
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Packaging

Contents

Preface 5
About this Guide 5
Mapping Process Rules 6
Supported Objects 7
Unsupported Objects 7
Product Documentation 8
Support and Service 8
Chapter 1: Packages 11
Packaging Processes 11
Manage Packages Process 11
Map Objects Process 12
Install Packages Process 12
Packaging Rules 14
Audit Fields 14
Calculations 14
Data Driven Events 14
Default Value 15
Documentation Attachments 15
Fields 15
Filter Criteria 16
Key Fields 16
Levels in Applications 16
Personal Reports 16
Record Permissions 16
Status Field 17
Trending Charts 17
Users and Groups 21
Values Lists 22
Workflow 22
Packaging Considerations 22
Authoritative Source and Control Standard References 23
Database Back Up and Recovery 23
How Packaging Jobs Are Executed 23
Installing Packages from Previous Versions 23
Licensing Issues 24
Recommended Development Environment 24
Packaging Terminology 24
System Performance 25
Package File Size 25
Virtual Memory Size 25
Chapter 2: Package Management 27
Manage Packages: Administrative Overview 27
Create a Package 28
Update the General Information of a Package 29

3
 RSA Archer GRC Platform Packaging

Add Components to a Package 30

Generate a Package 31
Delete a Package 32
Chapter 3: Package Installation 33
Install Package: Administrative Overview 33
Package Installation Process 33
Installation Rules 34
Object Installation Order 35
Download a Package 36
Import a Package 36
Install a Package 37
Package Installation Log Messages 39
Failure Messages 39
Warning Messages 40
View the Package Installation Log 43
Chapter 4: Package Mapping 45
Advanced Package Mapping 45
Advanced Package Mapping Objects 47
How Objects Are Identified 47
Objects that Use System IDs 47
Export Mapping Settings 48
Import and Export Mapping Information 48
Import Mapping Settings 49
Object Mapping 50
Application Objects 51
Sub-Form Objects 52
Questionnaire Objects 52
Standalone Root Objects 54
Mapping Objects 54
Mapping Process Rules 55
Mapping Values Lists 56
Map Objects 56
Mismatched System IDs 60
How System ID Mismatches Occur 60
Cross-Reference Mismatches 61
Mapping Analyzer 62
Package Mapping Log Messages 64
Remediation 64
Object Remediation 65
Objects Properly Mapped 66
Objects Not Mapped 66
Objects Improperly Mapped 67
Review the Package Mapping Log 67
Undo Package Mapping Changes 68
Undo All Mapped Objects 68
Updating System IDs 69

4
 RSA Archer GRC Platform Packaging

Preface

About this Guide

Packaging provides the means for copying applications and other objects from one
Platform instance to another. Instead of manually recreating objects in a new
instance and updating their elements, Packaging can efficiently install objects and
then apply the changes in the new instance.
Packaging is useful in the following scenarios:
l Supporting IT change control practices by enabling the transfer of large changes
from development to test to production instances. Packaging reduces the risk of
deploying changes and decreases manual configuration tasks, which also
decreases the total cost of ownership.
l Sharing applications and solutions on the RSA Archer Community.
l Receiving and installing updates to RSA Archer eGRC Solutions.
l Troubleshooting issues with Customer Support. Packaging enables customers to
more efficiently communicate error situations to Customer Support, improving
the ability to diagnose and solve issues.

A package can contain one or more objects. Multiple objects can be copied at the
same time. Elements in existing objects can be added or updated as well. The
instance from which objects are being copied is called the Source instance. The
instance to which objects are being copied is called the target instance.
Normally, objects or references are not deleted in the target instance. An exception
is with data driven event (DDE) notifications. Recipients in source instance replace
the recipients in the target instance. For all other objects, data from the source
instance is merged with the target instance.
Root objects can stand alone. A Level 1 object cannot exist without a root object.
Level 2 objects cannot exist without a Level 1 object. Some Level 1 objects have
child objects, for example, a Values List is a child of the custom Values List field.
The Values List includes individual Values List values. All objects and elements
are transferred within a package.

Preface 5
 RSA Archer GRC Platform Packaging

Root objects, Level 1 objects, and Level 2 objects are listed in the following figure.

Packaging includes the Advanced Package Mapping feature for mapping objects
from the source instance to the target instance. By default, this feature is activated
during the Platform installation. If you are not using Advanced Package Mapping,
you can deactivate this feature in the General Settings of the RSA Archer Control
Panel.
When installing a package with a core module in to a target instance in which it
does not exist currently, that core module must be licensed prior to the package
installation in the target instance.

Mapping Process Rules

When mapping objects, the Advanced Package Mapping process follows these
rules:
l Does not change the system ID of objects that were mapped by the system.
l Does not change the system ID of system-protected objects.
l Does not change the system ID of objects in which Do Not Map was selected by
the user.
l Only maps to objects of the same type. For example, you cannot map a Text field
to a Date field or a custom Values List to a Global Values List.

6 Preface
 RSA Archer GRC Platform Packaging

Supported Objects
The following objects are supported in Packaging:

l Applications l Folders

l Dashboards l Solutions

l Questionnaires l Letterhead templates

l iViews l Workspaces

l Sub-forms l Global values lists

Note: Folders are used to organize certain user-created objects, such as iViews and
Mail Merge templates. iViews must exist in the package from the source instance.
Values List values is a child object of Global Values Lists.

Unsupported Objects
Packaging does not support all objects in an instance. The objects not supported
include, but are not limited to, the following:

l Record content l Training and Awareness Campaign

notification templates

l User and group creation l Personal reports

l Appearance themes l Discussion forums

l User-specific preferences and l Access roles

attributes

l Personal dashboards

Note: Email subscription preferences and Discussion Forum preferences are

examples of user specific preferences and attributes.

Preface 7
 RSA Archer GRC Platform Packaging

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

8 Preface
 RSA Archer GRC Platform Packaging

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 9
 RSA Archer GRC Platform Packaging

Chapter 1: Packages

Packaging Processes
The instance from which objects are being copied is called the source instance. The
instance to which objects are being copied is called the target instance. Multiple
objects can be copied at the same time. Elements in existing objects can be added
or updated as well. Normally, objects or references are not deleted in the target
instance. An exception is with data driven event (DDE) notifications. Recipients in
the source instance replace the recipients in the target instance. For all other
objects, data from the source instance is merged with the target instance.
The Packaging processes are:
1. Manage Packages
2. Map Objects
3. Install Packages

Manage Packages Process

This process is done in the source instance and includes creating, generating, and
downloading the package file. The package is generated as a .zip file with the
contents specified, which can include one or more of the following objects known
as root objects:
l Applications
l Dashboards
l Questionnaires
l iViews
l Sub-Forms
l Folders
l Solutions
l Letterhead Templates
l Workspaces
l Global Values Lists
l Access Roles

Chapter 1: Packages 11
 RSA Archer GRC Platform Packaging

Map Objects Process

This process is done in the target instance and consists of mapping the objects from
the source instance to the objects in the target instance that have the same names
(ID) but different unique system IDs. This phase is extremely important to ensure
that duplicate objects are not created in the target instance during installation.

Install Packages Process

This process is done in the target instances and includes importing the package file
from the source instance to the target instance. All objects from the source instance
are installed in the target instance unless the object cannot be found or flagged not
to be installed in the target instance. During this process, administrators can choose
the modules from the package to install. A list of conditions that may cause objects
not to be installed is provided in Log Messages.

12 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

The following figure shows the manage and installation processes.

Chapter 1: Packages 13
 RSA Archer GRC Platform Packaging

Packaging Rules
The Packaging process requires a large amount of rules and logic to determine how
the individual elements in applications and questionnaires are migrated from one
instance of the Platform to another. In general, Packaging does not delete objects or
permission settings. It only adds new or updates existing objects and permission
settings. Exceptions include layout and workflow, in which packaging replaces the
existing settings.
See the following topics for additional rules and logic:

Audit Fields
Packaging rules related to audit fields include:
l The Created By and Last Updated values for all elements created during the
package installation are attributed to the user who installed the package.
l The Last Updated value for all elements that are updated during the package
installation are attributed to the user who installed the package.

Calculations
Packaging does not update the ordering of calculations. New calculations are added
to the bottom of the order.

Data Driven Events

Packaging rules related to data driven events include:
l All rules in the package are installed regardless of association with any actions.
l All actions in the package are installed regardless of association with any rules.
l Existing rules and actions are not deleted by the package installation.
l The ordering of rules is not updated. New rules are added to the bottom of the
order. This rule is also true for calculation ordering, which can affect data driven
events.
l If the package disassociates a link between a rule and an action, the association
also is removed in the target instance.
l Rules related to Apply Conditional Layout actions include:
o If you select the Override Layout option when installing a package, and the
target instance includes Apply Conditional Layout actions that have different
objects than specified in the package, the package installation removes the
settings for the layout objects that are not applicable to the Apply Conditional
Layout actions.
o If you select the Do not Override Layout option when installing a package,
and the package includes Apply Conditional Layout actions that assume a new

14 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

layout is applied, the package installation removes the settings for the layout
objects that are no longer applicable.

Default Value
Packaging rules for Default Values abide by the following if a new field is created
with a default value, or if a default value is added to an existing field, the existing
content in the target instance is not updated with the default value.

Documentation Attachments
Packaging rules related to documentation attachments include:
l Packaging includes attachment files for objects that include a documentation
attachment attribute in the configuration. These include:
o Solutions documentation
o Applications documentation
o Questionnaires documentation
o Workspaces documentation
o Dashboards documentation
o iViews documentation (for all iView types)
o Mail Merge templates report template
l The user who installed the package is listed as the Creator for the attachments.
l Existing file attachments are not deleted during the installation process.
l Attachments in the package are not matched but added to the target instance. If
the attachment already exists in the target instance, a duplicate attachment is
created.

Fields
Packaging rules related to fields include:
l All attributes of fields can be updated by the package installation, with the
following exceptions:
o Type
o Created By
o Key Field Designation
o Related Module
o Associated Values List
l An existing private field is not changed to a public field.

Chapter 1: Packages 15
 RSA Archer GRC Platform Packaging

Filter Criteria
Packaging rules for Filter Criteria include the following attributes that are updated
during installation:
l Values. If the system cannot map a Values List Value in the target instance, that
item is removed from the Values field for the condition.
l Field to Evaluate. If the system cannot map the field in the target instance, the
condition is migrated as a null condition.
l Condition Order Number
l Operator
l Relationship
l Advanced Operator Logic

Key Fields
Packaging rules for Key Fields abide by the condition if the Key Field in the
package is different from the Key Field in the target instance, the target instance
retains the same Key Field attribute as before the installation.

Levels in Applications
Packaging rules related to levels in applications include:
l Existing levels are not deleted by the package installation.
l The package installation cannot change a leveled application to a flat
application.
l If the levels in the target instance are arranged in a different hierarchy than the
levels in the package, the installation fails.

Personal Reports
Packaging rules for Personal Reports do no install personal reports in the package
installation. To include personal reports, promote the report to a global report before
creating the package in the source instance.

Record Permissions
Packaging rules related to record permissions include:
l User/Groups field population may be added to Record Permissions fields, but
existing ones are not removed by the package installation.
l New inherited fields may be added, but existing ones are not removed by the
package installation.
l If a User/Groups field in the target instance is configured as a Record
Permissions field in the package, the package installation changes the field to the
Record Permissions type.

16 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

Status Field
Packaging rules related to status fields include:
l If an existing application or questionnaire is updated, the current status in the
target instance is not changed by the package installation.
l If the package creates a new application or questionnaire and there are not
enough licenses, the new application or questionnaire is set to the Development
status and a warning is logged.

Trending Charts
You can add trending objects (fields and charts) to packages for migrating them to a
target instance. Certain rules apply when packaging trending objects. The main rule
is if the trended field is not added to the package, the layout object cannot be added
to the package.
Trending Rules for System ID-Matched Objects
The Platform uses the following rules when mapping trending objects, which are
explained in the following topics:
l Trending Rules - Trending Enabled
l Trending Rules - Duration Period
l Trending Rules - Referenced Field
l Trending Rules - Trending Chart Objects

Trending Rules - Trending Enabled

The following table demonstrates the trending rules when trending is enabled for the
source instance, the target instance, or both.

Source Target Install Method Layout Target Result

Yes Yes Create New and Update Any Trending enabled.

Yes No Create New and Update Any Trending enabled.

Yes No Create New Only Any Target field is not updated.

No Yes Create New and Update Any Trending enabled.

No Yes Create New Only Any Target field is not updated.

Trending Rules - Duration Period

The following table demonstrates the trending rules when the duration period of a
trended field in the source instance is the same or different for the trended field in
the target instance..

Chapter 1: Packages 17
 RSA Archer GRC Platform Packaging

Install Target
Source Target Layout
Method Result

Same as Same as Create New Any No change; remains the same.

Target Source and Update

Shorter than Longer than Create New Any Retains the duration period
Target Source and Update specified in the Target.

Longer than Shorter than Create New Any Retains the duration period
Target Source and Update specified in the Source.

Trending Rules - Referenced Field

The following table demonstrates what occurs when:
l Trending is enabled or disabled for the field.
l Trended field is deleted.

Install Target
Source Target Layout
Method Result

Trending Trending Create New Do Not Neither field is updated.

enabled enabled Only Override
Layout

Trending Field Create New Do Not Target instance is updated to reference

enabled different and Update Override the field from the Source instance.
than the Layout
field from
the Source
instance.

Trending Field Create New Do Not Field exists in both places. The chart
enabled different Only Override object is updated to reference the field
than the Layout in the Source instance.
field from
the Source
instance.

Trending Field dif- Create New Do Not Field does not exist in the Target
enabled ferent than Only Override instance. The field from the Source
the field Layout instance is created in the Target
from the instance, and then referenced by the
Source trending chart object in the Target
instance instance.

18 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

Install Target
Source Target Layout
Method Result

Trending Trending Create New Do Not Target instance is updated with any
enabled enabled and Update Override trending chart properties that exist in
Layout the Source instance. The layout is not
affected.

Trending Trending Create New Override Target instance is updated with any
enabled enabled and Update Field trending chart properties that exist in
the source. The position of the
trending chart object on the
application layout and the span
properties are affected.

Trending Trending Create New Override Position of the trending chart object on

enabled enabled Only Layout the application layout is affected. The
field and trending chart object
properties are not updated.

Trending Trending Create New Override The following message is displayed:

enabled disabled Only Layout Package Install Successful.
The trending chart cannot be created in
the Target instance for the following
reasons:
l Referenced field is not trended.
l The packaging operation does not
enable trending in the Target
instance when Create New Only is
selected.

Trending Trending Create New Override Trending chart object and referenced
enabled disabled and Update Layout field are created in the Target instance.
Application layout matches the Source
instance.
Field in the Target instance is now
trending-enabled, and the associated
trending chart is created in the Target
instance.

Trending Field Create New Do Not Trending chart object and referenced
enabled deleted Only Override field are created in the Target instance.
Layout Application layout is not overridden.

Trending Field Create New Do Not Trending chart object and referenced

Chapter 1: Packages 19
 RSA Archer GRC Platform Packaging

Install Target
Source Target Layout
Method Result

enabled deleted and Update Override field are created in the target.
Layout Application layout is not overridden.

Trending Rules - Trending Chart Objects

The following table demonstrates what occurs when the trending object (field or
chart) or placeholder object is added to the layout.

Install Target
Source Target Layout
Method Result

Trending Trending Create New Do Not Neither field is updated.

object object on Only Override
on layout Layout
layout

Trending Trending Create New Do Not Target instance is updated to reference

object object on and Update Override the field from the Source instance.
on layout Layout
layout

Trending Trending Create New Do Not Referenced field exists in both places
object object on Only Override and maps. The trending object is
on layout Layout updated to reference the field in the
layout Source instance.

Trending Trending Create New Do Not Referenced field does not exist in the
object object on Only Override Target instance. The field from the
on lay- layout Layout Source instance is created in the Target
out instance, and then referenced by the
trending object in the Target instance.

Trending Trending Create New Do Not Target instance is updated with any
object object on and Update Override trending chart properties that exist in
on layout Layout the Source instance. The application
layout layout is not changed.

Trending Trending Create New Override Target instance is updated with any
object object on and Update Layout trending chart properties that exist in
on layout the Source instance. The position of the
layout trending object on the application
layout and the span properties are
updated to match the Source instance.

20 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

Install Target
Source Target Layout
Method Result

Trending Trending Create New Override Position of the trending object on the

object object on Only Layout application layout is updated. The field
on layout and trending object properties are not
layout updated.

Trending Placeholder Create New Override The following message is displayed:

object on layout Only Layout Package Install Successful.
on
The trending chart cannot be created in
layout
the Target instance for the following
reasons:
l Referenced field is not trended.
l Packaging operation does not enable
trending in the Target instance when
Create New Only is selected.

Trending Placeholder Create New Override Trending object and referenced field are
object on layout and Update Layout created in the Target instance.
on Application layout matches the Source
layout instance.
Field in the Target instance is now
trending-enabled, and the associated
trending chart is created in the Target
instance.

Trending Placeholder Create New Do Not Trending object and referenced field are
object on layout Only Override created in the Target instance.
on Layout Application layout is not overridden.
layout

Trending Placeholder Create New Do Not Trending object and referenced field are
object on layout and Update Override created in the target. Application layout
on Layout is not overridden.
layout

Users and Groups

Packaging rules related to users and groups include:
l The package installation process attempts to match all users in the package by
user name and domain. The process ignores any users that do not match.

Chapter 1: Packages 21
 RSA Archer GRC Platform Packaging

l The package installation process attempts to match all groups in the package by
system ID. If no matches are found, the process then attempts to match groups
by group name and domain. The process ignores any groups that do not match.

Values Lists
Packaging rules related to values lists, which may include Global Values Lists,
Questionnaire Values Lists, or Custom Values Lists, include:
l If a Global Values List in the package file matches a Custom Values List in the
target instance, the Custom Values List is promoted to a Global Values List
during installation. However, the opposite is not true. A Global Values List in
the target instance is not demoted to a Custom Values list during installation.
l The following Values List Values attributes are not updated if settings already
exist in the target instance:
o Height
o Default text
l In Custom Ordered Values Lists, new values are added to the end of the list.

Workflow
Packaging rules related to workflow include:
l If a package includes workflow settings, all workflow settings from the package
are installed on the target instance and the prior workflow settings are
overwritten. However, if you select the Create New Only option when installing
a package and at least one stage already exists in the target instance, the
package installation does not make any changes to the existing workflow
settings. If no workflow stages have been defined in the target instance, and you
select the Create New Only option, the package installation updates all
workflow settings as specified in the package.
l If the package does not include any workflow settings, the package installation
does not delete or modify any existing workflow settings in the target instance.
l Any records in a workflow stage that is deleted by the package installation are
routed to the start point of the workflow process.

Packaging Considerations
The following items describe conditions other than packaging rules that can affect
packaging.
l Authoritative Source and Control Standard References
l Database Back Up and Recovery
l How Packaging Jobs Are Executed

22 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

l Installing Packages from Previous Versions

l Licensing Issues
l Recommended Development Environment

Authoritative Source and Control Standard References

Authoritative Source and Control Standard references may be added, but existing
ones are not removed by the package installation.

Database Back Up and Recovery

There is no Undo function for a package installation. Because packaging is a
powerful feature that can make significant changes to an instance, RSA Archer
strongly recommends backing up the instance database before installing a package.
This process enables a full restoration if necessary.
An alternate method for undoing a package installation is to create a package of the
affected objects in the target instance before installing the new package. This
package provides a snapshot of the instance before the new package is installed,
which can be used to help undo the changes made by the package installation. New
objects created by the package installation must be manually deleted.

How Packaging Jobs Are Executed

The Generate Package File and Install Package processes are queued into the
asynchronous job engine. These jobs may or may not run immediately, depending on
the jobs currently queued in the job engine.
The possible statuses of the processes in the job engine are:
l Queued
l Running
l Successful
l Partially successful
l Failed

The Generate Package File process runs as an Archer Service Account. The Install
Package process impersonates the user who runs the install, so any objects modified
or created during the package installation will be associated with that user.

Installing Packages from Previous Versions

Version 5.2 of the Platform added support for additional objects, including
workspaces, dashboards, iViews, notifications, and mail merge templates.
If the package was created on a version prior to 5.2, these objects are not included
in the package file and are not installed.

Chapter 1: Packages 23
 RSA Archer GRC Platform Packaging

Licensing Issues
The package installation verifies that core solutions and applications are licensed on
the target instance. If the target instance does not have the proper licenses, the
objects are not installed and errors are logged to the Package Log file. In some
cases, the package installation generates errors when installing packages that
contain core applications that are properly licensed but have not yet been installed
on the target instance.
The resolution is to reapply the license key after the package installation and then
install the package again.

Recommended Development Environment

The recommended development environment consists of three instances of the
Platform:
1. Development
2. Test
3. Production
When making changes to the Platform, the typical workflow involves first building
the changes in the Development instance, copying them to the Test instance for
testing and verification, and then copying them to the Production instance.
Instead of manually re-creating the objects in each instance, Packaging can
efficiently apply the changes to each instance.
Ideally, each of these instances would contain the same database. However, in
larger organizations or organizations with strict security policies, the development
and test instances have test databases with a smaller set of example data. As a
result, some tests cannot be fully validated until the objects are moved from the test
to the production instances.

Packaging Terminology
The following terms are exclusive to the packaging process.

Term Definition

Instance A single installation of the Platform and associated

database.

Source Instance The instance in which the package is created.

Target Instance The instance in which the package is installed.

24 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

Term Definition

Module Either an application or questionnaire.

Object Any entity within the Platform that Packaging supports,

for example, an application, a sub-form, or field within
an application. Objects can be root, level 1, or level 2.

System Performance
System performance may vary based on the size of package files. A large number
of cross-reference fields and questionnaires can affect system performance.
Advanced Package Mapping requires a considerable amount of memory, which can
result in loss of data input and IE errors when working with large applications. To
optimize your system for packaging, RSA Archer recommends upgrading to
Silverlight 5 for those users who will be mapping objects. For more information, see
Advanced Package Mapping.

Package File Size

If the modules in a package contain cross-reference fields, the package file
includes additional data to ensure that the cross references are properly maintained.
As a result, package files can get very large. Because a questionnaire contains
cross-references to the Findings application, and the Findings application references
other applications, a package file that includes even a single questionnaire can
become very large. Large package files can slow the performance of the
installation process.
To optimize performance for packaging:
l Increase the RAM on the servers.
l Install the 64-bit version of the Platform

Virtual Memory Size

The page file settings on the server running RSA Archer Services can have a
significant impact on performance. If the size of the page file is too small for all
current processes, the system generates an out-of-memory error that can result in a
loss of functionality or unexpected results.
Installing a large package file is one scenario that can cause this condition. The
resolution is to modify the virtual memory settings on the operating system to
provide more resources to the RSA Archer Services. RSA Archer recommends
configuring the operating system to automatically manage the paging file size for all
drives.
This setting is found in the System Properties > Performance Options > Virtual
Memory dialog box.

Chapter 1: Packages 25
 RSA Archer GRC Platform Packaging

When you select Automatically manage paging file size for all drives, the
operating system automatically takes steps during resource-intensive activities to
protect itself from running out of memory.
If the server in your organization is configured with a fixed size for the paging file,
you can still help prevent out-of-memory errors by configuring the system to
manage paging file sizes on other drives. Otherwise, if the page file is fixed, the
system can incur out-of-memory errors during resource-intensive activities.

26 Chapter 1: Packages
 RSA Archer GRC Platform Packaging

Chapter 2: Package Management

Manage Packages: Administrative Overview

This process is initiated from the Manage Packages feature in Application Builder.
A package can be created with applications, questionnaires, workspaces,
dashboards, and access roles.

This process creates the package and the package description, generates the
package file, and downloads the package file to a location accessible by the target
instance.

By default, the package file is stored in the file repository. When the download is
executed, a different location can be specified.
The following steps describe the Manage Packages process:
1. On the source instance of the Platform, the administrator creates a package.
The package defines which objects to include. The package contains only the
settings. It does not include information about the objects.
2. The administrator generates a package file, which saves the information about
the objects that are specified in the package. The administrator then selects a
network folder to save the package file.
3. On the destination instance of the Platform, the administrator imports and
installs the package file using the Install Packages feature.

Chapter 2: Package Management 27

 RSA Archer GRC Platform Packaging

Note: After a package file is generated, it is not automatically updated. If any

changes are subsequently made to the source instance, you will need to generate a
new package file to ensure that the information in the package file is current.

The following table describes the functions that can be performed.

Icon Description

Edits the package definition. The definition can be edited before the
package file is generated. After generation, the package file cannot be
edited.

Deletes the package definition in Manage Packages only. If the package

file has been generated or downloaded, the package file is still in the
designated locations (file repository).

Generates the package file in the file repository. The package file
contains a snapshot of the most current information from the source
instance. After generated, it cannot be updated. If subsequent changes are
made to the source instance, another package file must be generated to
include the changes.

Downloads the package file from the file repository to the desired
location. The package file can be downloaded in the source instance or
to the target instance.

You can perform the following tasks to manage packages:

l Create a Package
l Update the General Information of a Package
l Add Components to a Package
l Generate a Package
l Download a Package
l Delete a Package

Create a Package
Complete this task to create a package as the first step of the Manage Package
process. A package is a collection of settings that define the components that you
want to migrate. Once the package is defined, it can be generated into a package
file.

Note: To create a copy of an application in the same instance of the Platform,

create a new application and select the option to create a copy of an existing
application.

28 Chapter 2: Package Management

 RSA Archer GRC Platform Packaging

Procedure
1. Navigate to the Manage Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Packages.
2. Click Add New.
3. Do one of the following:
l To use the settings of an existing package as a starting point for your new
package, select Copy an existing Package and select the existing package
from the list.
l To select new settings for the package, select Create a new Package from
scratch.
4. Click OK.
The Manage Packages page appears. This page enables you to specify the
properties of the package.

Next Steps
Update the General Information of a Package

Update the General Information of a Package

Complete this task to update the name of the package, who it was prepared by, and
its description.

Before You Begin

Create a Package

Procedure
1. Select the package that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Packages.
c. Click the package.
2. Complete the General Information section:
a. In the Name field, enter a name for the package. This name does not have
to be unique.
b. In the Prepared By field, enter a name for the department or entity that
created the package.

Chapter 2: Package Management 29

 RSA Archer GRC Platform Packaging

This field is visible to the user after it is imported on the target instance of
the Platform.
c. In the Description field, enter a description for the package.
This description is for internal use only and is not visible to the end user.
3. Click Apply.

Next Steps
Add Components to a Package

Add Components to a Package

Complete this task to include any number of licensed applications, questionnaires,
dashboards, workspaces, or access roles in a package. Unlicensed applications are
not available for packaging.

Before You Begin

l Create a Package
l Update the General Information of a Package

Procedure
1. Select the package that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Packages.
c. Click the package.
2. In the Components section, review the list of applications, questionnaires,
dashboards, workspaces, or access roles currently included in the package.
3. To add a new component, click Lookup.
The Add Components dialog box opens.
4. On the Applications tab, select the applications that you want to include in the
package.
5. On the Questionnaires tab, select the questionnaires that you want to include in
the package.
6. On the Workspaces tab, select the workspaces that you want to include in the
package.
7. On the Dashboards tab, select the dashboards that you want to include in the
package.
8. On the Access Roles tab, select the access roles that you want to include in the
package.

30 Chapter 2: Package Management

 RSA Archer GRC Platform Packaging

9. Click OK.

Note: The components that you selected for the package are displayed in the
Components section.

10. Click Save.

The application is displayed in the Packages list. The date in the Last Updated
column indicates when the package was last updated. The date in the Last
Generated column, if present, indicates when the package file was last
generated.

Next Steps
Generate a Package

Generate a Package
Complete this task to create a package by generating a package file. When you
generate a package, the Platform creates a package file using the most current
information in the instance of the Platform. Once a package file is created, you can
save it to a network folder so that it is available for another instance of the Platform
to import and install.
All packages saved on this instance of the Platform are displayed on the Manage
Packages page. The Packages list includes important information for each package.
Be sure to review the dates listed in the Last Updated column and the Last
Generated column. The Last Updated column indicates when the package was
last modified. Any changes that were made to the source instance of the Platform
after this date are not reflected in the package. The date in the Last Generated
column indicates when the package file was generated. If the field is blank, the
package has not been generated and a package file has not been created. If a date is
listed, but does not match the date in the Last Updated column, the package file
may be out of date. You may need to generate the package again to ensure that any
recent changes to the package are reflected in the package file.

Before You Begin

l Create a Package
l Update the General Information of a Package
l Add Components to a Package

Procedure
1. Navigate to the Manage Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Packages.

Chapter 2: Package Management 31

 RSA Archer GRC Platform Packaging

2. Locate the package in the list that you want to generate and review the date
listed in the Last Updated column.
3. Review the date listed in the Last Generated column.
4. To generate the package and a new package file, click Generate for the
package that you want to generate.

Next Steps
Download a Package

Delete a Package
Complete this task to delete a package that is no longer needed. However, any
package files that were generated from the package may still be available. In
addition, deleting a package does not delete any log files that were generated during
package installation.

Procedure
1. Navigate to the Manage Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Packages.

2. Click in the row of the package that you want to delete.

A warning dialog box opens.
3. Click OK to delete the package.

32 Chapter 2: Package Management

 RSA Archer GRC Platform Packaging

Chapter 3: Package Installation

Install Package: Administrative Overview

This process is initiated from the Install Packages feature in Application Builder.
The package installation is done in the target instances and includes importing the
package file from the file repository or designated location.
All objects from the source instance are installed in the target instance unless the
object cannot be found or is flagged to not be installed in the target instance. See
Map Objects. A list of conditions that may cause objects not to be installed is
provided in the Log Messages section.

Package Installation Process

Package installation includes importing the package, mapping objects, and installing
the pages. Always back up the instance database before starting this process.
During this process, mapping and installation logs are created.
When installing a package with a core module into a target instance in which it
does not exist currently, that core module must be licensed prior to the package
installation in the target instance.
The following steps describe the Install Packages process:
1. An administrator on the destination instance of the Platform imports a package
file. Once imported, the package file is available for installation.
2. The administrator installs the package file. At this time, the objects in the
package file are migrated to the current instance. The system generates the
Package Installation Log.
3. The administrator reviews the Package Installation Log.

Chapter 3: Package Installation 33

 RSA Archer GRC Platform Packaging

The following figure shows the Install Packages process.

All objects in the package or only the ones selected during the package installation
can be installed on the target instance. The elements of the objects being installed
can be created only, or created and updated on the target instance. Additionally,
existing layout settings can be overridden in the target instance.
Log messages are displayed in the Object Details section of the Package
Installation Log tab. To ensure that objects are successfully installed, review this
log, which is generated after the installation is completed.

Installation Rules
To ensure a successful installation, consider the following guidelines when
installing a package:
l Always back up the Platform database before installing a package.
l The package installation cannot be reversed. The only way to reverse a package
installation is to restore the Platform database backup.
l If installing a package that contains Record Permissions fields, verify that users
and groups already exist in the target instance. If they do not, these fields may
not install properly. If necessary, create the users and groups in the target
instance before installing the package.
l The package installation does not delete fields or permissions. It only adds or
updates fields, and it only adds new permission settings without removing any
existing permission settings.

34 Chapter 3: Package Installation

 RSA Archer GRC Platform Packaging

l Access Roles of a custom iView are not updated during the package installation.
The user access should be updated manually after the package is installed.

Object Installation Order

Objects are installed in the following order:
1. Applications (and levels of the application)
2. Questionnaires
3. Sub-forms
4. Folders
5. Questionnaire values lists
6. Question filter properties
7. Fields
8. Reports
9. Layout
10. Navigation Menu items
11. Calculation formulas
12. Letterhead templates
13. Notifications
14. Workflows
15. Data Driven Event actions
16. Data Driven Event rules
17. Questionnaire campaigns
18. Questionnaire show/hide rules
19. iViews
20. Dashboards
21. Workspaces
22. Access Roles
You can perform the following tasks:
l Import a Package
l Map Objects
l Install a Package
l View the Package Installation Log

Chapter 3: Package Installation 35

 RSA Archer GRC Platform Packaging

Download a Package
Complete this task to download a package after it is generated and the package file
is created to a network folder. At that point, the package file can be imported and
installed on another instance of the Platform using the Install Packages feature.
For more information, see Install Packages: Administrative Overview.
You can also download a package using the Install Packages feature to retrieve a
package file that was imported on a target instance.

Before You Begin

l Create a Package
l Add Components to a Package
l Generate a Package

Procedure
1. Navigate to the Manage Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Packages.

Note: To download a package that was imported on a target instance, click

Install Packages and click Download for the package.

2. In the Packages list, locate the package that you want to download and review
the date listed in the Last Updated column.
3. Review the date listed in the Last Generated column.
4. Click Download and select a folder in which to save the package file.

Note: Be sure to save the file in a location that is accessible to the administrator
of the instance of the Platform who plans to import the package file.

Import a Package
Complete this task to import a package into the destination instance.
Before you can install a package file, you must import it to your instance of the
Platform. You create the package file on the source instance of the Platform using
the Manage Packages feature.

Before You Begin

Know the name and folder location of the package file that you want to import.

36 Chapter 3: Package Installation

 RSA Archer GRC Platform Packaging

Procedure
1. Navigate to the Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder.
c. Click Install Packages.
2. In the Available Packages section, click Import.
3. Click Add New and locate and select the package file that you want to import.
4. Click OK.
The package file is displayed in the Available Packages section and is ready
for installation.

Note: Only the package file has been imported; you must install the package file
to migrate the components to your instance of the Platform.

Next Steps
Install a Package

Install a Package
Complete this task to install a package after you have imported the package file.
You can queue multiple packages, however the Platform only installs one package
at a time.
When installing a package with a core module in to a target instance in which it
does not exist currently, that core module must be licensed prior to the package
installation in the target instance.

Important: When installing a package that updates a sub-form, the updates affect
all applications, questionnaires, workspaces, and dashboards that use the sub-form.

Before You Begin

l Import a Package.
l Back up the instance database. See Database Backup and Recovery.

Procedure
1. Navigate to the Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder.
c. Click Install Packages.

Chapter 3: Package Installation 37

 RSA Archer GRC Platform Packaging

2. In the Available Packages section, locate the package file that you want to
install, and click Install.
The Configure Package Installation page displays with information about the
package file.
3. Under Configuration, select the components of the package that you want to
install.
4. Under Install Method, select an option for each selected component:
l Create New Only. Only creates new fields and other elements in the
applications, questionnaires, workspaces, and dashboards specified in the
package file. This option does not modify any existing elements on your
instance of the Platform. This is useful when you want to add functionality to
an existing application, questionnaire, workspace, dashboard, or access role,
but you do not want to risk making any unwanted changes to the existing
elements of the applications, questionnaires, workspaces, or dashboards.
iViews that are not currently on the dashboards that are selected for the
package install are created.
l Create New and Update. Updates all elements in the applications,
questionnaires, workspaces, and dashboards as specified in the package file.
This includes adding new elements and updating existing elements. Existing
iViews on the dashboards that are selected for the package install are
updated, and iViews that are not currently on the dashboards that are
selected for the package install are created.
5. Under Layout, select an option for each selected component:
l Do not Override Layout. Installs the component, but does not change the
existing layout. This is useful if you have a lot of custom fields and
formatting in your layout that you do not want to risk losing.

Note: You may have to modify the layout after installing the package to use
the changes made by the package.

l Override Layout. Updates the layout as specified in the package file,

overwriting the existing layout.
6. Click Install.
A Warning dialog box opens.
7. Click OK.
The package is installed. A log entry is displayed in the Package Installation
Log section.

38 Chapter 3: Package Installation

 RSA Archer GRC Platform Packaging

Package Installation Log Messages

The Package Installation Log is generated after the package installation completes.
There are two categories of log messages, Failures and Warnings. Failures cause
the installation to quit. Warnings allow the installation to continue with items that
should be remediated.

Failure Messages
Package installation failure messages are classified as Catastrophic or Minor. The
following table describes the failure messages that may be in the Package
Installation Log.

Message Type Description

Catastrophic Failure Package installation failed. Unable to save <application or

questionnaire name> <level name>.

Catastrophic Failure Package installation failed. Unable to save <application or

questionnaire name>. No solutions available for the
questionnaire.

Catastrophic Failure Package installation failed. Target level for Questionnaire

<questionnaire name> was not found.

Catastrophic Failure Package installation failed. Unable to save <application or

questionnaire name> due to mismatching application levels.

Catastrophic Failure Package installation failed. Critical object failed to save due to
validation. The error Log Reference ID is: <log ID>.

Catastrophic Failure Package installation failed. Critical object failed to save due to
an exception. The error Log Reference ID is: <log ID>.

Minor Failure Object Installation Failed. Unable to save layout object

<layout object name>.

Minor Failure The level for Field Filter Property <field filter property name>
was not found. The property was not installed.

Minor Failure The module for Field Filter Property <field filter property
name> was not found. The property was not installed.

Chapter 3: Package Installation 39

 RSA Archer GRC Platform Packaging

Message Type Description

Minor Failure Unable to update <values list name>. Cannot change a Global
Values List to a Custom Values List.

Minor Failure Unable to update Navigation Menu <application or

questionnaire name>. Field <field name> not found.

Minor Failure The module for Questionnaire Campaign <questionnaire

campaign name> was not found. The campaign was not
installed.

Minor Failure The level for Questionnaire Rule <questionnaire rule name>
was not found. The rule was not installed.

Warning Messages
The following table describes the warning messages that may be in the Package
Installation Log.

Message Type Description

Warning The following access role referenced on the Access tab could
not be resolved: <access role name>.

Warning Cannot change the status of Application <application name>.

Updating the status of an application via package installation
is not allowed.

Warning Cannot change Values List Type of <values list type name>
from Questionnaire.

Warning Attempted to change system field type for field <field name>.
Field install was skipped.

Warning The calculated field <field name> in the application

<application name> cannot be verified.

Warning <application or questionnaire name> Apply Conditional

Layout Actions <action name> were updated due to page
layout discrepancies.

Warning Content <content ID> was not found and removed from a
collection.

Warning The following application or questionnaire referenced on the

Access tab could not be resolved: <application or questionnaire

40 Chapter 3: Package Installation

 RSA Archer GRC Platform Packaging

Message Type Description

name>.

Warning Field Filter Property Value <field filter property name> was not
found and removed from a collection.

Warning Field <field name> was not found and removed from a
collection.

Warning The following notification referenced in a Generate

Notification DDE action cannot be resolved: <notification
name>.

Warning Group <group name> was removed from <module

authorization>. The group could not be found.

Warning Level <level name> was not found and removed from a
collection.

Warning The following dashboard referenced in a link cannot be

resolved: <dashboard name>.

Warning The following application or questionnaire referenced in a

Quick Search iView could not be resolved: <application or
questionnaire name>.

Warning The following report referenced in a link cannot be resolved:

<report name>.

Warning The following solution referenced in a link cannot be resolved:

<solution name>.

Warning The following page referenced in a link cannot be resolved:

<page name>.

Warning The level for Navigation Menu <application or questionnaire

name> was not found.

Warning The following module referenced in the Navigation Menu

could not be resolved: <application or questionnaire name>.

Warning The following solution referenced in a workspace cannot be

resolved: <solution name>.

Chapter 3: Package Installation 41

 RSA Archer GRC Platform Packaging

Message Type Description

Warning There are no Solutions associated with <application or

questionnaire name>.

Warning <report name> report could not be created. There are no display
fields for this report.

Warning The following field referenced in a notification cannot be

resolved: <field name>.

Warning The following report referenced in a notification cannot be

resolved: <report name>.

Warning Numeric Range Value <numeric range value> was not found
and removed from a collection.

Warning <object name> Alias was changed from <old alias name> to
<new alias name>.

Warning Object was not saved due to an exception. The error Log
Reference ID is: <log ID>.

Warning Object was not saved due to failing validation. The error Log
Reference ID is: <log ID>.

Warning <field name> in the application <application or questionnaire

name> cannot be changed from a private field to a public field.

Warning The Notifications Enabled option for the <questionnaire name>

Questionnaire was changed.

Warning Cannot change the status of Questionnaire <questionnaire

name>. Updating the status of a questionnaire via package
installation is not allowed.

Warning Read Receipt disabled for <application name> application

<DDE action name> action.

Warning Unable to update workflow. Content records are tied to the

following workflow stages: <workflow stage names>.

Warning Unable to update the solution attribute for <application or

questionnaire name>.

42 Chapter 3: Package Installation

 RSA Archer GRC Platform Packaging

Message Type Description

Warning User <user name> was removed from <module authorization>.

The user could not be found.

Warning Values List Value <values list value name> was not found and
removed from a collection.

Warning The following notification referenced in a Workflow stage

cannot be resolved: <notification name>.

Warning Notifications Enabled option for <application name>

Application was changed.

View the Package Installation Log

Complete this task to view the Package Installation Log. When a package is
installed, the Platform saves a log file documenting the installation. A log file is
generated for all installations, both successful and unsuccessful.

Before You Begin

l Import a Package
l Install a Package

Procedure
1. Navigate to the Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder.
c. Click Install Packages.
2. Click Package Installation Log.
3. Click the package that you want to view.
The Package Installation Log page is displayed.
4. In the Object Details section, click View All Warnings.
The types of warnings are:
l Catastrophic failure. A global failure that stopped the installation and
rolled back all updates.
l Minor failure. A particular object failed to install.
l Warning. An attribute of an object could not be updated or otherwise needs
to be reviewed.
5. Click Close.

Chapter 3: Package Installation 43

 RSA Archer GRC Platform Packaging

Chapter 4: Package Mapping

Advanced Package Mapping

The primary purpose of Advanced Package Mapping is to ensure that duplicate
objects do not exist in the target instance. Mapping objects does not change the
target instance. Elements of objects can only be updated through the package
installation. Objects in the source instance are merged with objects in the target
instance. Elements of objects in the target instance can be created, or created and
updated, and layouts can be overridden during the installation process.
Advanced Package Mapping enables you to review and modify how individual
objects are mapped from the source instance to the target instance. With this
feature, objects with the same name, but with different system IDs in the target
instance, can be changed to match the system ID of objects in the source instance.
During the package installation, if the system ID of an object in the source package
does not match any system IDs in the target instance, the process creates a new
object. However, in some cases, the object may already exist in the target instance,
but with a different system ID. In this case, you do not want the package
installation to create a new object. Using Advanced Package Mapping, you can
change the system ID of an object in the target instance so that it matches the
system ID of an object in the source package. This process is called mapping
objects.
Mapping objects is vital to ensure all objects in the target instance match the
intended objects from the source instance. If objects are not mapped properly
unintended consequences will occur in the target instance. For example, changing
the system ID of a field can adversely affect any data feeds or calculations that use
this field. These issues can be difficult to identify and remediate later. Always back
up the instance database before importing and installing a package.
Advanced Package Mapping requires a considerable amount of memory, which can
result in loss of data input and IE errors when working with large applications.
System performance may vary based on the size of package files. To optimize your
system for packaging, RSA Archer recommends upgrading to Silverlight 5.06 for
those users who perform the role of packaging administrator.

Important: Advanced Package Mapping does not update data feeds and Web APIs.
Modifying the system ID of an object used by a data feed or Web API will break
the relationship with the object. The data feed or Web Service API will no longer
function properly. The resolution is to update the data feeds and Web Service APIs
to reference the new system IDs of those objects.

Chapter 4: Package Mapping 45

 RSA Archer GRC Platform Packaging

The following figure shows the process for using Advanced Package Mapping.

Advanced Package Mapping can create unintended consequences on the instance.

For example, changing the system ID of a field can adversely affect any data feeds
or calculations that use the field, and these issues can be difficult to identify and
remediate later. Before executing the mapping process, back up your database.
You can perform the following Advanced Package Mapping tasks:
l Map Objects
l Review the Package Mapping Log
l Export Mapping Settings

46 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

l Import Mapping Settings

l Undo Package Mapping Changes

Advanced Package Mapping Objects

An object is any entity within the Platform that Packaging supports, for example, an
application or a sub-form or field within an application. Objects can be root, level 1,
or level 2, as shown in the following figure.

Root Objects can stand alone. A level 1 object cannot exist without a root object.
Level 2 objects cannot exist without a Level 1 object. Some Level 2 objects have
child elements, for example, a Values List is a child of the custom Values List
field. The Values List includes individual Values List values. All elements of a root
object are copied in a package. Map the child elements before mapping the parent
object.

How Objects Are Identified

Objects are identified by a unique system ID. Nearly every object in the Platform
has a system ID, for example, applications, fields, and values lists.
The primary purpose of a system ID is to identify an object in the Platform database
whether internally or externally. For example, the Data Feed, Data Import, and
Web Services API features use system IDs to identify the objects to retrieve or
update.
Packaging uses system IDs to identify objects in the source and target instances. By
comparing the system IDs of objects in the source and target instances, Packaging
can determine whether an object already exists in the target and should be updated,
or whether to create a new object.

Objects that Use System IDs

All objects supported by Packaging use system IDs, with the following exceptions:

Chapter 4: Package Mapping 47

 RSA Archer GRC Platform Packaging

l Workflow
l Users

Workflow objects use system IDs, but Packaging does not match Workflow objects.
Instead, Packaging overwrites the workflow configuration.

Export Mapping Settings

Complete this task to export mapping settings to a file for the purpose of saving
them before executing the changes. You can then import the file at a later time to
resume working.

Before You Begin

l Import the package file that you want to map. See Import a Package.
l Log on to the Platform using an account with update rights to the Install
Packages page.

Procedure
1. Navigate to the Advanced Package Mapping page:
a. Click the Administration workspace.
b. From the Navigation Menu, click Application Builder > Install Packages.
c. In the Available Packages section, locate the package that you want to map.
d. In the Actions column, click for that package.
e. Map the objects as needed. For more information, see Map Objects.

2. To save the settings, click in the title bar.

The Save As dialog box opens.
3. Enter a filename and location, and click Save.
Important: Use as descriptive a filename as possible, to ensure that you do not
make any mistakes later when importing the file.

Next Steps
Import Mapping Settings

Import and Export Mapping Information

Mapping objects can be an involved process that takes time to complete. To ensure
mappings are not lost prior to completing the process, Advanced Package Mapping
includes Export and Import functions.

48 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

The Export function saves the current mappings to a .csv file. When exporting and
naming this file, it is important to use a detailed, logical filename. This .csv file is
exported to a designated location.
The Import function imports the saved mapping file so that the mappings can be
completed. When the file is imported, the Import Options are as follows.

Option Description

Override All Specifies that the mapping in the import file will be
applied and all current mappings will be overridden.

Add New Specifies that all current mappings will not be

altered and any additional mappings in the Import
file will be applied.

Add New/Override Existing Specifies that any existing mappings will be

overridden if they are mapped in the Import file;
otherwise, they will remain intact. All new mappings
in the Import file will be applied.

Import Mapping Settings

Complete this task to import mapping settings that were previously exported to a
file.

Before You Begin

l Import a Package.
l Log on to the Platform using an account with update rights to the Install
Packages page.
l Determine the location of the mapping file that you want to import.

Procedure
1. Navigate to the Advanced Package Mapping page.
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Install
Packages.
c. In the Available Packages section, locate the package that you want to map.
d. In the Actions column, click for that package.

2. Click in the title bar.

Chapter 4: Package Mapping 49

 RSA Archer GRC Platform Packaging

3. Select one of the following options.

Option Description

Override All Replaces all current mapping settings with the

settings in the file.

Add New Retains the current settings and adds only the new
settings from the file.

Add New/Override Existing Adds new settings, retains current settings, and
overrides any current settings with the settings in
the file.

4. Click OK.
The Open dialog box opens.
5. Select the file to import, and click Open.
The mapping settings are imported and displayed on the Advanced Package
Mapping page.

Next Steps
Map Objects

Object Mapping
Applications, Questionnaires, and Sub-forms are root objects that can include level
1 and level 2 objects. Sub-forms are always included in a package that includes
their parent root object. Because sub-forms can have level 1 and level 2 objects,
they are handled like other root objects.
When an object includes level 1 and level 2 objects, it is vital that the object is
mapped to its lowest level. For example, some fields include child elements. These
elements must also be mapped.
To ensure that objects are mapped appropriately, review the Package Mapping Log.
This log is generated after mapping is executed in Advanced Package mapping.
See the following topics for information on mapping root objects:
l Application Objects
l Sub-Forms Objects
l Questionnaire Objects
l Standalone Root Objects

50 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

Application Objects
An application has Level 1 objects of Level and Reports and Level 2 objects of
Fields, Layout, Event Rules, Event Actions, Notifications, and Mail Merge
Templates. Some fields have dependencies and child objects. These fields include
Cross-Reference fields, Related Record fields, Global Values List field, Sub-form
fields, Matrix fields, and CAST fields. Map the child elements before mapping the
parent object. Always map objects to their lowest level.
The following figure shows the object elements for an application.

Chapter 4: Package Mapping 51

 RSA Archer GRC Platform Packaging

Sub-Form Objects
A sub-form has a Level 1 object of Level and Level 2 objects of Fields and Layout.
Some fields have dependencies and child objects. These fields include Cross-
Reference, Related Record, Global Values List, and custom Values List. Map the
child elements before mapping the parent object. Always map objects to their
lowest level.
The following figure shows the object elements for a sub-form.

Questionnaire Objects
A questionnaire has Level 1 objects of Level, Reports, and Questionnaire Values
List and Level 2 objects of Fields, Layout, Event Rules, Event Actions,
Questionnaire Campaigns, Questionnaire Rules, Field Filter Properties, and
Notifications. Some fields have dependencies and child objects. These fields
include Cross-Reference, Related Record, Global Values List, Values List, Sub-
form, Matrix, and CAST. Map the child elements before mapping the parent object.
Always map objects to their lowest level.

52 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

The following figure shows the object elements for a questionnaire.

Chapter 4: Package Mapping 53

 RSA Archer GRC Platform Packaging

Standalone Root Objects

Some root objects stand alone and do not have level 1 or level 2 objects. Mapping
these objects is fairly straight forward. The exception is with Global Values List
objects. This object has a child object of Values List Values. These elements must
be mapped if a Global Values List exists in the package.
The following figure shows root objects that require mapping at the primary level.

Mapping Objects
Mapping objects is extremely important to ensure that duplicate objects are not
created in the target instance and must done before installing the package. This
process consists of mapping objects from the source instance to the objects in the
target instance with the same names but different unique system IDs. See Map
Objects.

54 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

Applications, Questionnaires, and Sub-forms are root objects that can include level
1 and level 2 objects. Sub-forms are always included in a package that includes
their parent root object. Because sub-forms can have level 1 and level 2 objects,
they are handled like other root objects.
When an object includes level 1 and level 2 objects, it is vital that the object is
mapped to its lowest level. For example, some fields include child elements. These
elements must also be mapped. These fields include Cross-Reference, Related
Record, Global Values List, Values List, Sub-form, Matrix, and CAST. Map the
child elements before mapping the parent object.
To ensure that objects are successfully mapped, review the Packaging Mapping
Log. This log is generated after mapping is executed in Advanced Package
mapping. See Package Mapping Log Messages.
The following figure shows the process of mapping objects.

Important: When mapping larger packages, RSA Archer recommends dividing the

mapping process into multiple, smaller portions, rather than mapping and executing
all of the changes at one time. You can use the Export Mapping Settings and Import
Mapping Settings features to save and load mapping settings if needed. However,
do not install the package until you have completed the entire mapping process.

Mapping Process Rules

When mapping objects, the Advanced Package Mapping process follows these
rules:
l Does not change the system ID of objects that were mapped by the system.
l Does not change the system ID of system-protected objects.
l Does not change the system ID of objects in which Do Not Map was selected by
the user.

Chapter 4: Package Mapping 55

 RSA Archer GRC Platform Packaging

l Only maps to objects of the same type. For example, you cannot map a Text field
to a Date field or a custom Values List to a Global Values List.

Mapping Values Lists

Values Lists can be confusing to map. The differences between the three
components are:
l Values List field. The field in the application that contains the values list.
l Values List. A field-specific, or Custom Values List, a Global Values List, or a
Questionnaire Values List.
l Values List values. The items within the values list.

Consider the following points when you map these components:

l When mapping Values Lists, be sure to map the Values List field, the Values
List, and the Values List values. If you do not map all three components, you
may have unexpected results that can be difficult to remedy.
Important: If you map only a Values List field and not the associated Values
List and Values List values, Packaging does not create a new Values List for
that field and a warning message is logged. Anything associated with that Values
List, such as calculations or data driven events, may not function properly until
the Values List values are added.
If you map a Values List field and its associated Values List, but none of the
Values List values, Packaging either updates the existing or creates new Values
List values under that Values List. This process can potentially create duplicate
values. Anything already associated with the Values List, such as calculations or
data driven events, are changed to point to the new, duplicate values.

l You cannot map to different types of Values List components. For example, you
cannot map a Custom Values List to a Global Values List. In the rare instance in
which you may want to map to a different type, RSA Archer recommends that
you update the object in either the source or target instance so that the objects
match. After making the updates, regenerate the package.

These recommendations also apply to the Values Lists in Matrix fields.

Map Objects
Complete this task to map objects to ensure that duplicate objects are not created in
the target instance. Objects must be mapped before installing the package. This
process consists of mapping objects from the source instance to the objects in the
target instance with the same names but different unique system IDs.
For more information, see Mapping Objects.

56 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

Before You Begin

l Back up your instance database.
l Log on to the Platform using an account with update rights to the Install
Packages page.
l Import a Package.
l Import Mapping Settings.

Procedure
1. Navigate to the Import and Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, click Application Builder > Install Packages.
2. In the Available Packages section, locate the package that you want to map.
3. In the Actions column, click for that package.
The analyzer runs and examines the information in the package. This process
can take several minutes or more, especially if the package is large. The
analyzer automatically matches the system IDs of the objects in the package
with the objects in the target instances. When completed, the Advanced
Mapping Page is displayed.
This page lists the objects in the package file and corresponding objects in the
target instance. The objects are divided into tabs, depending on whether they are
found within Applications, Solutions, Access Roles, Groups, Sub-forms, or
Questionnaires.

Important: During the mapping process, you may discover discrepancies in the
data, such as unwanted objects in the source or target instance. Before installing
the package, RSA Archer recommends fixing any discrepancies in the source or
target instances, then re-creating the package. Otherwise, any data
discrepancies will be retained after the package installation.
In addition, prior to executing any mapping changes, be sure to manually
remediate objects with parent/child relationships. See Remediation.

Chapter 4: Package Mapping 57

 RSA Archer GRC Platform Packaging

4. On each tab of the Advanced Mapping Page, review the icons that are displayed
next to each object name.

Icon Description

Indicates that the system could not automatically match the object or
children of the object to a corresponding object in the target instance.
New objects should not be mapped. This icon should remain visible.
The mapping process can proceed without mapping all the objects.
Objects marked with this symbol must be mapped manually through
the mapping process.

Indicates that the object and all child objects are mapped to an object
in the target instance. Nothing more needs to be done with these
objects in Advanced Package Mapping.

Indicates that the object does not exist in the target instance or the
object was not mapped through the Do Not Map option. These objects
will not be mapped through Advanced Package Mapping, and must be
remediated manually.

Indicates that a mapped object can be unmapped. This icon is

displayed in the Actions column of a mapped object or object flagged
as Do Not Map.

Note: You can execute the mapping process without mapping all the objects.

The icon is for informational purposes only.

5. Review the icons in the Actions column. To display additional information

about an object, click the icon. The Additional Information dialog box opens and
provides additional details on the source and target objects.

Icon Description

Indicates that the object and all child objects are mapped to an object in
the target instance. Nothing more needs to be done with these objects in
Advanced Package Mapping.

Indicates that the system could not automatically match the object or
children of the object to a corresponding object in the target instance.
New objects should not be mapped. This icon should remain visible. The
mapping process can proceed without mapping all the objects.
Objects marked with this symbol must be mapped manually through the
mapping process.

58 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

6. To automatically map objects with different system IDs but with the same
object name, click Auto Map.
The Map Criteria dialog box opens.
7. Select the appropriate options for mapping objects by name.

Option Description

Ignore case Select this option to match objects with similar names
regardless of the case of the characters in the object names.

Ignore spaces Select this option to match objects with similar names
regardless of whether spaces exist in the object names.

8. Click OK.
The Confirmation dialog box opens with the total number of mappings
performed. These mappings have not been committed to the database yet and
can be modified in the Advanced Package Mapping page.
9. Click OK.
The Advanced Package Mapping page is displayed.

10. Map the remaining objects that have the icon next to the object name. In
the Target column, select the object in the target instance to which you want to
map the source object. If an object is new or if you do not want to map an
object, select Do Not Map from the drop-down list.

The icon is displayed next to the object to indicate that the object will not
be mapped.

When all objects are mapped, the icon is displayed in the tab title.

Note: You can quickly set all objects displayed on the page to Do Not Map by
clicking Do Not Map.

11. To undo the mapping settings for an object, click in the Actions column.
12. To save your mapping settings so that you can resume working later, see Export
Mapping Settings.

13. Click .
The Warning dialog box opens.
14. Select I understand the implications of performing this operation and click
OK.

Chapter 4: Package Mapping 59

 RSA Archer GRC Platform Packaging

The Advanced Package Mapping process updates the system IDs of the objects
in the target instance as defined on the Advanced Package Mapping page. When
the mapping is complete, the Import and Install Packages page is displayed.

Important: Advanced Package Mapping modifies the system IDs in the target
instance. Any Data Feeds and Web Service APIs that use these objects will
need to be updated with the new system IDs.

Next Steps
Review the Package Mapping Log

Mismatched System IDs

During the package installation, if the system ID of an object in the source package
does not match any system IDs in the target instance, the process creates a new
object.
In some cases, the object may already exist in the target instance but with a
different system ID.
In this case, the package installation creates a new object, and if the object name is
the same in the source as it is in the target instance, a number will be appended to
the new object in the target. For example, if a field called "First Name" exists in
both the source and target instances and the system IDs do not match, the process
creates a new field called "First Name (1)" in the target instance with all of the
attributes of the field in the source instance.
In this example, you do not want the package installation to create a new object. To
prevent Packaging from creating a new, duplicate object, use the Advanced
Package Mapping feature to change the system ID of the object in the target
instance so that it matches the system ID of the object in the source package. When
the system IDs match, packaging updates the intended objects instead of creating
new, duplicate objects.

How System ID Mismatches Occur

System ID mismatches occur when a user manually creates an object in the source
instance and then manually re-creates the same object in another instance. Because
system IDs are assigned randomly to objects when they are created, the system IDs
of each of these objects will be different.
In version 4.x, this was a required practice because the application import/export
feature did not support additional objects. To avoid system ID mismatches in
version 5.x, use Packaging as much as possible to copy objects from one instance to
another.

60 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

Mismatches may also become apparent after upgrading to version 5.2 of the
Platform from a previous 5.x version. Version 5.2 adds support for additional
objects such as workspaces, iViews, notifications, and others. These objects may
not have matching system IDs across instances. Because Packaging now supports
these objects, the system IDs must match to install packages that include these
objects.
Because system ID mismatches occur when the same object is manually created in
multiple instances, the simplest way to avoid system ID mismatches is to use
Packaging to copy all changes from one instance to another.

Cross-Reference Mismatches
A common mistake when manually recreating Cross-Reference fields in multiple
instances is to accidentally switch the location of the Cross-Reference and Related
Records fields. For example, the following figure shows a Cross-Reference field
that was created in Application A and a Related Record field in Application B in
the source (Development) instance. In the target (Test) instance, the Cross-
Reference field was inadvertently created in Application B and the Related Record
field in Application A.

Chapter 4: Package Mapping 61

 RSA Archer GRC Platform Packaging

If you create a package in the source instance and install it in the target instance,
the package installation creates new Cross-Reference and Related Record fields in
the target instance. The existing Cross-Reference and Related Records fields are
not modified or deleted. The following figure shows duplicate fields created
because the original fields were switched in the target instance.

To prevent this situation, before creating and installing the package, manually
update the source instance (recommended) or the target instance so that both
instances match.

Mapping Analyzer
Immediately after the import process, the Mapping Analyzer examines the
information in the package. This process can take several minutes or more,
especially if the package is large, and may time out after 60 minutes. This time-out
setting temporarily overrides any IIS time-out settings set to less than 60 minutes.
The analyzer identifies objects from the package that are successfully mapped to
objects in the target instance, objects that are new or exist but are not mapped, and
objects that do not exist (the object is in the target but not in the source).

62 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

When the analyzer completes its examination, the results are displayed in the
Advanced Package Mapping dialog box, as shown in the following figure.

Root objects are represented in tabs for each root object in the package. One of the
following icons is displayed on each tab next to each object.

Icon Description

Indicates that the system could not automatically match the object
or children of the object to a corresponding object in the target
instance.
New objects should not be mapped. This icon should remain
visible. The mapping process can proceed without mapping all the
objects.
Objects marked with this symbol must be mapped manually
through the mapping process.

Indicates that the object and all child objects are mapped to an
object in the target instance. Nothing more needs to be done with
these objects in Advanced Package Mapping.

Indicates that the object does not exist in the target instance or the
object was not mapped through the Do Not Map option. These
objects will not be mapped through Advanced Package Mapping,
and must be remediated manually.

Indicates that a mapped object can be unmapped. This icon is

displayed in the Actions column of a mapped object or object
flagged as Do Not Map.

Never map new objects. These objects should remain unmapped, so that the
package installation can create the new object.

Chapter 4: Package Mapping 63

 RSA Archer GRC Platform Packaging

The Do Not Map feature flags the object so that it is not mapped and installed
during the package installation.
The Auto Map feature maps every object with the same name but different system
IDs. To help eliminate duplication, the case and spaces in names can be ignored by
using one of the following options:
l Ignore Case. Matches objects with similar names regardless of the case of the
characters in the object names.
l Ignore Spaces. Matches objects with similar names regardless of whether
spaces exist in the object names.

You can map trended chart objects in Mapping Analyzer.

Package Mapping Log Messages

The Package Mapping Log is generated when mapping is executed in Advanced
Package Mapping. The following log messages may be displayed in the Package
Mapping Log.

Log Message Description

The update failed due to a The mapping process attempted to change a system ID to
unique constraint violation. one that is already in use by another object. Two objects
of the same type cannot have the same system ID.

The target object was The object mapped from the source instance to the target
updated successfully. instance was successfully updated in the target instance.

The object you attempted to The object no longer exists. It may have been
update does not exist. inadvertently deleted in the time between mapping the
object and executing the mapping changes.

Remediation
Before executing changes to system IDs, manually remediate as many objects as
possible in the source instance. These objects are identified during the analysis.
It is vital to manually remediate objects with parent/child relationships. These
objects can have complex relationships in the instance. Always map objects to their
lowest level. Child elements must be mapped before parent objects.
Any mistakes in the package installation can be difficult to remediate later. For
more information, see Install Packages: Administrative Overview.
Manually remediate the following field types with parent/child relationships.

64 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

Field Type Remediation

Global Values Lists
Verify that the Global Values Lists (GVLs) match across
the source and target instances. If the package changes or
removes existing values in a GVL, verify that these
changes do not adversely impact other objects or features
that use the same GVL. Note that this is not a concern
when values are added to a GVL.

Cross-Reference Verify that the relationships match between the source and
target instances for Cross-Reference fields. It is possible to
map a Cross-Reference field to a different module, thus
creating error situations after package install. For more
information on how mismatches can occur, see Cross-
Reference Mismatches.

Sub-form Verify that the sub-form fields map to the same sub-form in
both the source and target instances.

Matrix Verify that the values lists referenced by the matrix field
match in both the source and target instances.

CAST Verify that the child objects match in both the source and
target instances. This mapping includes the associated
application, application level, and values list fields.

Object Remediation
When objects have child or related objects, a drill-down link is provided on the
parent object. For each parent object, the child or related objects must also be
mapped. See Mapping Objects.
The following icons identify whether these objects are mapped.

Icon Description

Indicates that the related or child objects are mapped to the same
objects.

Indicates that a related or child object does not match. For example, a
source and target Values List field may be pointing to different Global
Values lists, which if mapped would create errors in the package
installation.

Use these icons to determine whether objects are mapped properly.

Child objects must be mapped before parent objects are mapped.

Chapter 4: Package Mapping 65

 RSA Archer GRC Platform Packaging

Objects Properly Mapped

The following figure shows the proper mapping of the source object to the target
object.

Objects Not Mapped

The following figure shows an object that is not mapped.

The resolution is to map the object, unless the object is new. The package
installation creates a new object in the target instance if the object is not mapped.

66 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

Objects Improperly Mapped

The following figure shows an object that is mapped to two different Global Values
List fields. If these fields are mapped, errors will occur in the package installation.

The resolution is to review the mapping and to select the correct Global Values
List.

Review the Package Mapping Log

Complete this task to view the Package Mapping log on the Package Mapping Log
page or export a .csv file for review. The package mapping process creates a log
describing the changes made to the objects in the target instance.

Before You Begin

Map Objects

Procedure
1. Navigate to the Import and Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Install
Packages.
2. In the Package Mapping Log section, click the package that you want to view.

3. To export the report to a .csv file, click in the Action toolbar.

Chapter 4: Package Mapping 67

 RSA Archer GRC Platform Packaging

Undo Package Mapping Changes

Complete this task to undo individual changes or groups of changes made to system
IDs during the Package Mapping process.
Advanced Package Mapping includes an Undo feature for rolling back the mapping
of objects. This option is available from the Package Mapping Log. The Undo
Mapping Changes feature only reverts the mapping of the object. It does not undo
the package installation. To undo a package installation, restore the backup of the
database.
Undoing mapping changes creates a new Package Mapping Log, showing the last
state of the mapped object.

Important: This option only affects system IDs. It does not undo a package
installation. To undo a package installation, restore the backup of your database.

Before You Begin

Back up your instance database.

Procedure
1. Navigate to the Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder.
c. Click Install Packages.
2. Click the Package Mapping Log tab.
3. Click the package that contains the changes that you want to undo.
4. On the Package Mapping Log page, click Undo Mapping Changes.
5. Select the objects that you want to undo. To select all mappings, click Undo All
Mappings.
6. Click OK.
7. In the warning dialog, click OK.
When the mapping is complete, the Import and Install Packages page is
displayed. A new entry is displayed in the Package Mapping Log section with
Undo in the Type column.

Undo All Mapped Objects

Complete this task to undo all mapped objects at the same time during the Package
Mapping Process, regardless of how the objects were mapped. The following
objects are not affected:

68 Chapter 4: Package Mapping

 RSA Archer GRC Platform Packaging

l System mapped objects.

l Objects where no Target selections exist.

Advanced Package Mapping includes an Undo feature for rolling back the mapping
of objects. This option is available from the Package Mapping Log. The Undo
Mapping Changes feature only reverts the mapping of the object. It does not undo
the package installation.
Undoing mapping changes creates a new Package Mapping Log, showing the last
state of the mapped object.

Before You Begin

Map Objects

Procedure
1. Navigate to the Install Packages page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder.
c. Click Install Packages.
The Import and Install Packages page lists the package files that have been
imported and the installation logs that were created when packages were
installed.
2. On the Available Packages tab, select the package that contains the mapped
objects.

3. On the main toolbar, click to undo all object mappings. The Undo Mapping
Changes dialog box opens.
4. Do one of the following:
l Select All to undo changes for all mapped objects in the package.
l Select Current to undo changes for all mapped objects on the currently
selected tab.
5. Click OK.

Updating System IDs

After all objects are mapped, use the Execute function to update the System IDs.
RSA Archer recommends that you back up the instance database before executing.

Note: Objects used by data feeds and web services APIs use system IDs to retrieve
and update data. If the system IDs of these objects are changed, the objects do not
behave as intended in the target instance. For more information on mapping objects,
see Map Objects.

Chapter 4: Package Mapping 69

 RSA Archer GRC Platform Packaging

A log file is created that shows the status of the mapped object update. Errors are
reported as failures or warnings. Failures stop the package installation. Warnings
allow the process to complete. For a complete list of log messages, see Package
Mapping Log Messages.

70 Chapter 4: Package Mapping

RSA Archer GRC Platform 5.4
Questionnaires
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Questionnaires

Contents

Preface 5
About This Guide 5
Questionnaire Assessment Process 7
1. Create and Configure Your Questions 8
2. Design Your Questionnaire 8
3. Assess Your Target 8
4. Evaluate Your Findings 8
5. Resolve Issues of Non-Compliance 9
Questionnaire Terminology 9
Product Documentation 12
Support and Service 12
Chapter 1: Question Library 15
Managing the Question Library 15
Add a Question to the Question Library 15
Add Answer Values to a Values List 19
Preparation for Importing Questions 20
Import Questions into the Question Library 21
Chapter 2: Questionnaires 23
Managing Questionnaires 23
Campaigns 24
Owners and Report Administrators 24
Create a Questionnaire 25
Configuring Questionnaires 27
Update the General Properties of a Questionnaire 27
Update the Options of a Questionnaire 28
Attach Documentation to a Questionnaire 30
Managing Fields in Questionnaires 30
System-Generated Questionnaire Fields 31
Add a Field to a Questionnaire 34
Changing the Layout of a Questionnaire 35
Configure the Navigation Menu Settings of a Questionnaire 36
Configuring Data Driven Events for a Questionnaire 38
System-Generated Questionnaire Events 38
Work with Questionnaire Values Lists 39
Questionnaire Display Rules 41
Configure Show and Hide Rules for Questionnaires 42
Create a Campaign to Launch a Questionnaire 44
Assign Questionnaire Owners and Report Administrators 47
Import Data into a Questionnaire 48
Modify a Questionnaire During an Assessment Cycle 48
Delete Content from a Questionnaire 49
Deleting a Question from a Questionnaire 50
Chapter 3: Questions 51
Managing Questions 51

3
 RSA Archer GRC Platform Questionnaires

Record Save Validation 51

Field Validation Configuration 52
Field Type Validation Rules 53
Reference Field Validation 53
Question Types 54
Attachment Question 55
Cross-Reference Question 55
Date Question 55
Numeric Question 56
Text Question 56
Values List Question 57
Copy Questions from the Question Library 57
Create a New Question in a Questionnaire 59
Configuring Questions 60
Update the General Properties of a Question 61
Update Question Options 62
Attachment Question Options 62
Cross-Reference Question Options 64
Date Question Options 69
Numeric Question Options 71
Text Question Options 74
Values List Question Options 76
Update Question Text 86
Update Question Filter Properties 87
Update the Help Text for a Question 88
Categorize a Question 89
Chapter 4: Findings 91
Managing Findings 91
Configuring Findings 92
Auto-Generate Findings for a Questionnaire 92
View Findings from a Questionnaire 94
Remediate a Finding 94
Accept the Risk of a Finding 95
Chapter 5: Reports 97
Questionnaire Reports 97

4
 RSA Archer GRC Platform Questionnaires

Preface

About This Guide

Note: The Questionnaire feature is available only if your organization has licensed
the Audit Management, Risk Management, Vendor Management, or Compliance
Management solution. Questionnaires can be configured to run on mobile devices.
This feature must be licensed with the Platform.

The Questionnaire feature enables you to build and deliver targeted assessment
campaigns for any type of organizational object, such as your assets, business
processes, or vendors. A part of the Application Builder, the Questionnaire feature
allows you to:
l Create a library of questions linked to authoritative sources and control
standards.
l Build questionnaires by selecting questions from the Question Library for
inclusion and assigning the questionnaire to a target application, such as
Applications or Facilities.
l Define question display rules that dynamically show or hide questions to end
users based on attributes of the target they are assessing.
l Launch questionnaires online through assessment campaigns.
l Automatically score questionnaire records and generate findings for each
incorrect answer.
l Monitor and report on inherent and residual risk, and measure compliance.

Before creating a questionnaire, configure your application structure by preparing

the target application and by configuring risk register and metrics. Then ensure that
all necessary policies, control standards, and authoritative sources are available.
In addition, you can build or import questions in the Question Library application for
use in any questionnaire. Available question types include Text, Numeric, Date,
Attachment, and Values List. You can assign questions to categories and apply
filter properties that you can later use to create question display rules. For Values
List questions, you also can assign correct answers, numeric answer values, and
question weighting, and you can link Values List questions to authoritative sources
and control standards to measure and report compliance.

Preface 5
 RSA Archer GRC Platform Questionnaires

After you build your questions in the Question Library, you can generate
questionnaires in Application Builder. Select the application that contains the
targets you want to assess, and then select the questions from the Question Library
that you want to include in the questionnaire. From the Manage Questionnaires page
in the Application Builder, you have complete control over the layout of your
questionnaire, just as you do with any application. You can also tailor questions that
you imported from the Question Library to suit the purposes of your questionnaire,
and you can create new, questionnaire-specific questions.
The Questionnaire feature enables you to define question display rules to show or
hide questions to end users based on attributes of the target they are assessing. For
example, if a user is filling out a questionnaire to assess a payment processing
application, the rules you define could automatically customize the questionnaire
record to show questions related to the Payment Card Industry (PCI) Data Security
Standard.
By default, questionnaires include two User/Groups List fields: Submitter and
Reviewer. These fields facilitate a two-stage workflow process. You can define the
users and groups available for selection in these fields, and you can promote the
fields to Record Permissions fields if you want to use them to control access to
questionnaire records. In addition, you can add User/Groups List or Record
Permissions fields to expand the content review process according to your
organization's risk management methodologies.
The final step in the questionnaire creation process is to launch the questionnaire to
end users. Through an assessment campaign, you can automatically generate
questionnaire records for specific assessment targets. For example, if you are
managing a questionnaire that targets your Vendor Profiles application, you can
launch a campaign that creates questionnaire records for all vendors who provide
payment processing services for your organization. If you have defined question
display rules, the questionnaire records for each specific vendor contain only those
questions that are applicable to that vendor based on its attributes, such as criticality
to your business or risk rating.
As end users complete their assigned questionnaire records, those records
automatically are scored to determine the inherent risk of the assessment target. If
you have configured the questionnaire to auto-generate findings, the system creates
a record in the Findings application for every question that is incorrectly answered
within individual questionnaire records. Using the Task Management feature, you
then can assign tasks to resolve those findings.
As findings are addressed, the questionnaire automatically calculates the residual
risk score, which shows the risk that remains as the target of the assessment moves
closer and closer to compliance. The residual score is displayed in the Quantitative
Summary in a questionnaire record. This quantitative summary enables you to
monitor changes to the score over time as findings are closed.

6 Preface
 RSA Archer GRC Platform Questionnaires

The Platform provides various system reports for each questionnaire that you
create. These reports provide results and details at the question, questionnaire,
authoritative source, and category levels. End users also can create ad hoc reports
for questionnaires from the Advanced Search page, just as they do for applications.

Important: When a data driven event includes a rule with a Set Date action and is
used in a questionnaire, the Review Date and Submit Date must be included in the
General section of the questionnaire. By default, these fields are included in this
section.

For more information on the Question Library, see Managing the Question Library.
You can perform the following questionnaire-related tasks:
l Create a Questionnaire
l Update the General Properties of a Questionnaire
l Update the Options of a Questionnaire
l Attach Design Documentation to a Questionnaire
l Add a Standard Field to a Questionnaire
l Change the Layout of a Questionnaire
l Configure the Navigation Menu Settings of a Questionnaire
l Configure Data Driven Events for a Questionnaire
l Auto-Generate Findings for Questionnaires
l Work with Questionnaire Values Lists
l Configure Show and Hide Rules for a Questionnaire
l Create a Campaign to Launch a Questionnaire
l Assign Questionnaire Owners and Report Administrators
l Delete Content from a Questionnaire
l Delete a Question from a Questionnaire
l Import Data into a Questionnaire
l Modify a Questionnaire During an Assessment Cycle

Questionnaire Assessment Process

Through the Questionnaire feature, you can build and deliver targeted assessments
for any type of organizational object, such as your assets, business processes, or
vendors. During the risk assessment life cycle, you can use a variety of predefined
reports to gain visibility into the status of your risk profile. The following five
phases provide a general overview for building and delivering an online
questionnaire to assess risk within your organization.

Preface 7
 RSA Archer GRC Platform Questionnaires

Important: The Questionnaire feature is available only if your organization licenses

the Archer Risk, Vendor, Compliance, or Audit Management solutions.

1. Create and Configure Your Questions

Create new questions or import your existing questions through the Question Library
application. When configuring your questions, select the appropriate question type
to ensure the correct data is collected, determine the weighting of individual
questions, include the appropriate answer selections and determine the correct
answer to the question.

2. Design Your Questionnaire

Design your questionnaire according to your requirements. Some of the steps
include:
l Create your questionnaire and select the application that contains the targets that
you want to assess, such as applications, facilities, or vendors.
l Copy your questions from the Question Library and tailor them to suit the
purposes of this specific assessment.
l Define rules to determine the questions that are displayed based upon the
properties of the specific target.
l Enable the automatic generation of Findings records for incorrectly answered
questions.
l Create an assessment campaign to launch the questionnaire to the appropriate
end users.

Important: Configure the questionnaire completely before releasing it to users. If

you change a questionnaire during an assessment cycle, you may lose data that has
already been gathered by the questionnaire. For more information, see Modify a
Questionnaire During an Assessment Cycle.

3. Assess Your Target

End users complete their assigned assessments through the Platform web-based
interface. While assessing a target, the end user can include question-specific
comments to support their answers, attach supporting evidence, and delegate
additional users to an assessment as needed.

4. Evaluate Your Findings

As end users complete their assigned questionnaire records, you can view reports to
determine the risk associated with specific targets. With the Findings feature
enabled, the Platform automatically generates Findings records for each incorrectly
answered question to identify areas of noncompliance.

8 Preface
 RSA Archer GRC Platform Questionnaires

5. Resolve Issues of Non-Compliance

To help resolve issues of non-compliance, the Exception Requests and Remediation
Plans applications are tied to Findings. In addition, as findings are discovered, you
can assign, track, and manage open and completed activities associated with
specific findings through the Task Management application.
For information on questionnaire terminology and reports, see:
l Questionnaire Terminology
l Questionnaire Reports

Questionnaire Terminology
The following table defines terms related to the Questionnaires feature.

Term Definition

Campaign Campaigns automate the creation of questionnaire records for assessment

targets based on the properties of target records. For example, if the
target of the questionnaire is a Devices application, the campaign can
auto-create questionnaire records for all devices in a production
environment. Campaigns may be configured to populate questionnaire
records with the year, quarter, and due date of the assessment, along with
the assigned submitter and reviewer. Recurring campaigns can be
launched, and multiple campaigns may be created for each questionnaire.

Findings Findings document incorrect answers to questions in a questionnaire

record. Findings are managed through the Findings application and can
be automatically generated when findings rule criteria are satisfied. Users
can also create findings manually. Using the Findings application,
administrators can document, categorize, and remediate issues of non-
compliance. Findings are not a required component of the assessment
process, but by enabling findings, administrators can gain valuable
insight into areas of non-compliance within their organization.

Inherent The inherent score is the sum of all question scores for a questionnaire
Score record. This score represents the natural risk associated with the target in
absence of any remediation activities or changes in the environment.

Preface 9
 RSA Archer GRC Platform Questionnaires

Term Definition

Question A question is a specific field type that serves as the functional

component of an assessment. The following question types are available:
Attachment, Cross-Reference, Date, Numeric, Text, and Values List.
Values List questions can be included in assessment scoring and utilized
in automated findings generation.

Question Question display rules automatically show or hide questions within a

Display Rule questionnaire record based on attributes of the assessment target. Using
display rules, a single questionnaire can be used to assess all targets of
one type (such as all servers) even though those targets vary in their
individual attributes.

Question Administrators can assign properties to questions that they cannot assign
Properties to standard fields. Questions include a name (such as "Encryption
Question 1") and question text (such as "Is all sensitive data
encrypted?"). In addition, questions can be grouped into specific
categories, and administrators can define filter properties that determine
whether a question is displayed in a questionnaire record for a specific
target. Values List questions include additional properties that allow
administrators to determine correct and incorrect answers and to assign a
numeric score to each answer and a numeric weight to the question.

Question A question score is a calculated value determined for each Values List
Score question. The value is determined by the following formula:
[question weight] * [numeric value assigned to selected answer] =
question score
or (for multi-select Values List questions):
[question weight] * SUM ([numeric value assigned to selected answer1],
[numeric value assigned to selected answer2]) = question score
Question scores are rolled up to determine a questionnaire score.

10 Preface
 RSA Archer GRC Platform Questionnaires

Term Definition

Question Question weighting is a numeric attribute that can be assigned to any

Weighting Values List question. The question weight is used to generate the
question score.

Questionnair A questionnaire is structurally similar to an application but with unique

e qualities that enable administrators to better create and support risk
assessment processes. A questionnaire is tied to a target application, such
as Assets, Vendors, Business Processes, and so on to facilitate the
assessment of specific target objects. Questionnaires are composed of
system-generated fields that calculate the progress, status, and scoring of
individual questionnaire records. These system fields also enable
administrators to assign submitters and reviewers for questionnaire
records and to specify due dates. Administrators can add an unlimited
number of questions to a questionnaire based on the type of target the
questionnaire is designed to assess.

Questionnair A questionnaire record is a collection of fields and questions linked to a

e specific target application record. Questionnaire records are stored within
Record questionnaires.

Residual The residual score represents the risk that remains in a target after
Score findings are remediated. This score is calculated as Inherent Risk –
Remediation Changes = Residual Risk. While inherent risk is calculated
only once, residual risk changes over time as findings are remediated.

Target Questionnaires are used to assess a specific set of items, such as servers,
vendors, or business processes. The target is the application that contains
those items. For example, a Data Security questionnaire might have the
Devices application as its target. The questionnaire records within the
Data Security questionnaire would pertain to individual records in the
Devices application, such as a specific database server.

Tasks Tasks are action items that have been assigned to a user in relation to a
finding. All tasks are created and managed through the Task
Management application, which can be used to document the
remediation activities associated with items identified in the Findings
application.

Preface 11
 RSA Archer GRC Platform Questionnaires

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

12 Preface
 RSA Archer GRC Platform Questionnaires

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 13
 RSA Archer GRC Platform Questionnaires

Chapter 1: Question Library

Managing the Question Library

The Question Library is an application in the Platform that stores assessment
questions that you can reference and copy into a questionnaire. Each question is
stored as an individual record, and each record contains information including the
question and answer text as well as information necessary to display and score the
question. Depending on the solution that you have licensed, the Question Library
contains a large set of pre-built questions by default. In addition, you can add new
questions and store them in the Question Library.
When you create a questionnaire, you can copy any number of questions from the
Question Library to the questionnaire. Once copied, you can modify and configure
that question as needed, without affecting the original question record stored in the
Question Library.
You can use the Question Library application to build a consistent, centralized
library of questions for any type of assessment. For each question in the library, you
can assign correct answers, numeric score values, weighting, and other attributes.
These settings enable you to dynamically filter the questions that are presented in
specific assessments. Additionally, you can easily link questions to authoritative
sources, control standards, and corporate policies to measure and report
compliance. If your organization uses the Policy Management solution as the
foundation to an enterprise risk and compliance management program, you can link
individual questions directly to relevant internal controls and authoritative sources.
While this linkage is not required, it enables you to measure compliance with
controls and regulations for any type of target, such as a vendor, business process,
or facility.
You can perform the following tasks:
l Add a Question to the Question Library
l Add Answer Values to a Values List
l Import Questions into the Question Library

Add a Question to the Question Library

You can add questions to the Question Library. Each record within the Question
Library application represents a single question. Once saved in the library, this
question can be copied and used within a questionnaire. You also can import
multiple questions at the same time.
For more information on importing questions, see Import Questions into the
Question Library.

Chapter 1: Question Library 15

 RSA Archer GRC Platform Questionnaires

Procedure
1. Locate a workspace that includes the Question Library application within the
Navigation Menu.
2. Expand the Question Library application in the Navigation Menu and click Add
New.
3. In the Status field, select a status.
A question set to Inactive is not available to copy into a questionnaire.
4. In the Question Name field, enter a name for the question.
This name labels and identifies the question. It also is the key field for the
Question Library record.
5. From the Category list, select a category.
This field determines the section in which the question is displayed. It also
determines whether a question is displayed to an end user when Question
Display Rules have been established for the questionnaire. If your user account
has edit privileges, you can click Edit and add additional categories to the list.
6. In the Question Text field, enter the question.
This is the text that is displayed to the user.
7. From the Question Type list, select a question type.
This value cannot be changed after you have created and saved the question.
For more information, see Question Types.
8. In the Display Format field, select how the question is displayed.
You can provide the answer text horizontal to the question text or you can
provide the answer text under, or vertical to, the question text. This value cannot
be changed after you have created and saved the question.
9. In the Help Text field, enter any supporting information that helps the user
understand the question.
10. In the Help Text Display - View Page field, select a display option.
11. In the Help Text Display - Edit Page field, select a display option.
12. If you selected Values List in the Question Type field, complete the fields in
the Values List Question Type section.

16 Chapter 1: Question Library

 RSA Archer GRC Platform Questionnaires

Field Action

Display Type Specify how you want users to select answers for the
question. Options include Drop-down lists, Radio buttons,
Check Boxes, Listbox, and Values Popup.

Display Order Specify the display order for the answer values associated
with this question. If you select Custom, the Question Library
record references the value contained in the Order field in the
Answer Values section.

Question Weight Specify the weight of the question for scoring purposes. Enter
a numeric value.

Column Layout Specify the number of columns to use for the layout of a
Values List question that uses radio buttons or checkboxes.
Select a value from between 1 and 6.

Minimum Selection Specify the minimum number of answer values that can be
selected for the question.

Maximum Selection Specify the maximum number of answer values that can be
selected for the question. This field is set to 1 for drop-down
list and radio button questions.

Authoritative Specify the content records linked to the question that

Sources provide support or background information for your question.
The applications available for selection in this list are
determined in the Manage References field.

Manage References Enables you to add applications for selection in the

Authoritative Sources field.

Control Standards Specify the content records linked to the question that are
identified as Control Standards. The records available for
selection are determined by the records available within your
Control Standards application. This option is not available if
you have not licensed the Policy Management solution.

Chapter 1: Question Library 17

 RSA Archer GRC Platform Questionnaires

13. If you selected Values List in the Question Type field, complete the fields in
the Answer Inheritance Type section.

Field Action

Inherit Answers Enables you to reference the answer values for another
From Another question.
Question?

Related Question(s) If you select to inherit answers, use this field to select the
specific record from which to inherit answers.

Answer Values If you select not to inherit answers, use this field to add
answer values. Click Add New to add new answer values. For
more information, see Add Answer Values to a Values List.

14. If you selected Text in the Question Type field, in the Text Field Height field
in the Text Question Type section, specify the height of the text field displayed
to the user.
15. If you selected Numeric in the Question Type field, complete the fields in the
Numeric Question Type section.

Field Action

Minimum Value Specify the minimum numeric value that can be entered for
the answer.

Maximum Value Specify the maximum numeric value that can be entered for
the answer.

Decimal Places Specify the number of decimal places that can be entered for
the answer.

Numeric Format Specify whether the answer includes commas to separate units
of numbers, for example, 1,000,000.

16. If you selected Date in the Question Type field, in the Time Information field
in the Date Question Type section, specify whether to include time information
in the answer.

18 Chapter 1: Question Library

 RSA Archer GRC Platform Questionnaires

17. If you selected Attachment in the Question Type field, complete the fields in
the Attachment Question Type section.

Field Action

Maximum File Size Specify the maximum file size of the attachments.

Maximum Number Specify the maximum number of attachments that can be

of Attachments uploaded for the question.

18. If you are creating a Values List question, be sure to add answer values. See
Add Answer Values to a Values List.
19. Click Save.

Add Answer Values to a Values List

The Values List question type includes a list of possible answers to provide to the
user. If the question is not configured to inherit answer values from another
question, you must specify the answer values using the Answer Values sub-form,
which is included in the Question Library application. The Answer Value sub-form
enables you to specify the unique attributes for that answer.

Procedure
1. Open the question record in the Question Library application.
2. In the Answer Inheritance Type section, in the Answer Values sub-form
field, click Add New.

Note: If you selected to inherit answers from another question, you can edit
those answers using the Answer Values sub-form. Changes to the answers do
not affect the Question Library record from which you are inheriting answers.

3. In the Sort Order field, select the display order for the answer value.
For example, the value of 2 in this field would display this answer as the second
option in the question. This field only is available if you selected Custom in the
Display Order field.
4. In the Answer field, enter the text of the answer.
5. In the Description field, enter a description, such as the logic and reasoning
behind the answer.
6. From the Correct list, select whether to designate the answer as correct. You
can designate one or more answers to be correct.
7. Select whether to set the answer as the default selection for the question. Only
one answer can be the default.

Chapter 1: Question Library 19

 RSA Archer GRC Platform Questionnaires

8. From the Other list, select whether users can enter an explanation for the
answer. Only one answer can be designated as Other.
9. If you selected Yes in the Other list, from the Other Height list, select the
display height for the text box that will display next to the answer value.
10. If you selected Yes in the Other field, in the Other Text field, enter the default
text that you want displayed in the text box. For example, enter, "Please explain
your selection".
11. Select the numeric value to associate with this answer.
Using the Calculations feature, you can reference these numeric values in
calculated fields for custom questionnaire scoring.
12. Click Save.

Preparation for Importing Questions

To ensure that the data is correctly and efficiently copied into the application,
examine both your external data file and the Question Library application before
importing questions into the Question Library. Taking a few minutes now to plan a
successful data import reduces the amount of time spent resolving import errors
later.
Consider the following points as you examine your import file and the Question
Library application into which you are importing data:
l Your file must be a delimited-values data file. The Data Import Wizard requires
you to specify the primary and secondary delimiters used in your data file. Know
these characters before you begin the data import.
l Many fields in the Question Library application are required. These fields,
including their values, must be present in your data import file for a successful
data import. In addition, only certain types of values are accepted in the Question
Library fields. Base the structure of your import file on the fields described in
Add a Question to the Question Library.
l The import process copies data from the import file into the Question Library; it
does not create any new fields. The data within your import file must map to an
existing field within the Question Library application.
l Mapping fields from your data file to fields in the application is much easier if
the corresponding fields have the same name. The application automatically
maps import fields to application fields when they have the same name, which
can save time in manually mapping fields.
l If your data import includes Values List questions, you must perform two
separate operations. First, import data into the Question Library records. Second,
import the associated Answer Values sub-form on a subsequent data import. You

20 Chapter 1: Question Library

 RSA Archer GRC Platform Questionnaires

cannot import the Answer Values information at the same time as the initial data
import.
Important: Your import data file for the Answer Values sub-form must contain
the unique identifier from the parent Question Library record. For example, if
you are importing answer values for the question, "Does this application contain
customer data?" you need to include the unique identifier for this question. This
practice ensures that your answer values are associated with the correct
question. You can use values from either the Question ID or the Question Name
field as unique identifiers for a Question Library record.

Import Questions into the Question Library

If you have a large number of questions to add to the Question Library, you can use
the Data Import feature instead of manually entering the questions through the
Platform interface. The Data Import feature includes a set of configuration options
to import data from a file to the appropriate fields and records in the Question
Library.

Before You Begin

Examine both your external data file and the Question Library application. See
Preparation for Importing Questions.

Procedure
1. To import the data file that contains the questions, use the Data Import Wizard.
2. If your data import includes Values List questions, you need to import the
associated Answer Values sub-form on a subsequent data import.

Note: You cannot import the Answer Values information at the same time as
the initial data import.

Chapter 1: Question Library 21

 RSA Archer GRC Platform Questionnaires

Chapter 2: Questionnaires

Managing Questionnaires
The Questionnaire feature enables you to build and deliver targeted assessment
campaigns for your assets, business processes, vendors, or other organizational
object.
Questionnaires include elements that determine certain behaviors as described in
the following topics:
l Campaigns
l Owners and Report Administrators
l Mobile Ready Questionnaires

You can perform the following tasks to manage questionnaires:

l Create a Questionnaire
l Update the General Properties of a Questionnaire
l Update the Options of a Questionnaire
l Attach Documentation to a Questionnaire
l Manage Fields in Questionnaires
l Change the Layout of a Questionnaire
l Configure the Navigation Menu Settings of a Questionnaire
l Work with Questionnaire Values Lists
l Configure Show and Hide Rules for Questionnaires
l Create a Campaign to Launch a Questionnaire
l Auto-Generate Findings for a Questionnaire
l Assign Questionnaire Owners and Report Administrators
l Import Data into a Questionnaire
l Modify a Questionnaire During an Assessment Cycle
l Delete Content from a Questionnaire
l Delete a Question from a Questionnaire

Chapter 2: Questionnaires 23
 RSA Archer GRC Platform Questionnaires

Campaigns
You can create any number of campaigns for a questionnaire, enabling you to reuse
the questionnaire many times. When you create a campaign, the only property that
you must define is the campaign name. You can configure the campaign to populate
questionnaire records with certain values, for example, year, quarter, due date,
submitter, and reviewer. In addition, you can create rules that determine which
specific records in the target application require the creation of a questionnaire
record. For example, you can define a rule that generates questionnaire records only
for vendors with an active status. If you do not define any target generation rules,
the campaign creates questionnaire records for every record in the target
application.
You can create campaigns that are generated automatically or manually.
l Automatic campaigns can be recurring or scheduled. A recurring campaign
creates a campaign that is evaluated when the specified target record is saved. A
scheduled campaign creates a campaign that is executed on a schedule.
l Manual campaigns are initiated by a user, which triggers the creation of
questionnaire records.

Prior to launching a campaign, you can make any necessary changes to the
campaign, including adding or editing target generation rules. After a manual
campaign is launched, you cannot make further changes. If you need to modify a
manual campaign after it is launched, you must create a new campaign.

Owners and Report Administrators

Questionnaire owners have full editing rights to their designated questionnaires and
can customize questionnaire properties. This ownership includes adding and
arranging questions and creating and launching campaigns. Questionnaire Owners
must also have Read and Update permissions to Manage Questionnaires in
Application Builder. Report administrators can add global reports to share with
other questionnaire users. By default, questionnaire owners have global report
creation rights for their questionnaires.
Questionnaire owners also have unrestricted access to all record content in their
questionnaires. In relation to record content, questionnaire owners are permitted to:
l Create new questionnaire records
l View the full content of all records in the questionnaire, regardless of record-
level or field-level permissions
l Update all records in the questionnaire
l Delete any existing records in the questionnaire

24 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

If you have been assigned as a questionnaire owner for one or more questionnaires,
you can open those questionnaires for editing from the Manage Questionnaires
page. When you access this page, you can view all questionnaires that have been
created, but you can only edit the questionnaires for which you have been assigned
ownership rights. You must have Read and Update access to Manage
Questionnaires in Application Builder. If no users are assigned ownership for a
questionnaire, only users who have the System Administrator access role can edit
the questionnaire.
You can also assign permissions to users and groups for creating and editing global
reports in a specific questionnaire. Global reports can be shared with any user in
the questionnaire, but only users with access to the questionnaire can see the
contents of the report. Users who do not have global report creation rights only can
create personal reports, which cannot be shared with other users.

Note: When you create a new questionnaire, you are automatically granted
ownership and report administration rights to it. However, your rights can be
revoked by any other user who is subsequently granted ownership of the
questionnaire.

Create a Questionnaire
You can create a new questionnaire by naming and describing the questionnaire,
and assigning the questionnaire to an existing solution. For example, if you are
assessing technical assets for PCI compliance, you would group the questionnaire
into the Enterprise Management solution. You also select the target application that
houses the objects of your assessment, such as applications, business processes,
vendors, and so on.
For an overview of the steps involved in the configuration process, see Configuring
Questionnaires.
Another key step in the creation process is to determine whether you want to copy
questions from the Question Library into your questionnaire or create new questions
from scratch. If you select to copy questions, you can select any number of
questions from the Question Library, and those questions automatically are
displayed in the layout of your questionnaire and grouped into sections by category.
See Copy Questions from the Question Library.

Before You Begin

l Configure your application structure by preparing the target application and by
configuring risk register and metrics.
l Ensure that all necessary policies, control standards, and authoritative sources
are available.

Chapter 2: Questionnaires 25
 RSA Archer GRC Platform Questionnaires

Procedure
1. Navigate to the Manage Questionnaires page:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
2. Click Add New.
3. Do one of the following:
l To use the settings of an existing questionnaire as a starting point for your
new questionnaire, select Copy an existing Questionnaire and select the
existing questionnaire from the Questionnaires list.
l To select new settings for the questionnaire, select Create a new
Questionnaire from scratch.
4. Click OK.
The New Questionnaire dialog box opens.
5. Complete the General Information section:
a. In the Name field, enter a name for the questionnaire.

b. In the Solutions field, click , assign the questionnaire to one or more

solutions and click OK.

c. In the Target Application field, click , select an available application to

assign to the questionnaire and click OK.
6. If the application that you selected is leveled, the Target Level field is
displayed. Click and select a level from the list.
7. To copy questions from the Question Library into the questionnaire, select the
option from the Question Copy list.
8. Click OK.
9. If you did not choose to copy questions from the Question Library, the Manage
Questionnaire page is displayed for the new questionnaire. Use the tabs and
fields on this page to provide additional information necessary for the
questionnaire.

Next Steps
Update the General Properties of a Questionnaire

26 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Configuring Questionnaires
Create and configure a questionnaire by performing the following steps:
l Create a Questionnaire.
l Update the General Properties of a Questionnaire.
l Update the Options of a Questionnaire.
l Attach Design Documentation to a Questionnaire.
l Add a Standard Field to a Questionnaire.
l Change the Layout of a Questionnaire.
l Configure the Navigation Menu Settings of a Questionnaire.
l Configure Data Driven Events for a Questionnaire.
l Auto-Generate Findings for Questionnaires.
l Work with Questionnaire Values Lists.
l Configure Show and Hide Rules for a Questionnaire.
l Create a Campaign to Launch a Questionnaire.
l Assign Questionnaire Owners and Report Administrators.

Update the General Properties of a Questionnaire

You can modify the general properties of a questionnaire, configure options, and
attach documentation.

Before You Begin

Create a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. On the General tab, complete the General Information section:

a. In the Name field, enter a name for the questionnaire.
b. In the Description field, enter a description.
This description is for internal use only and is not visible to the end user.

Chapter 2: Questionnaires 27
 RSA Archer GRC Platform Questionnaires

c. In the Solutions field, click , add or remove solutions and click OK.
d. To change the status, in the Status field, select the appropriate status.

Status
Description
Option

Producti Production questionnaires can be launched to end users through

on assessment campaigns. Users can execute searches in these
questionnaires and save those searches as reports. In other words,
production questionnaires are available for use.

Develop A development questionnaire has all of the characteristics of a

ment production questionnaire, except that it is displayed to end users with
a watermark.

Archive When you archive a questionnaire, end users can continue to search
d and view questionnaire content, but that content is read-only. You
cannot launch archived questionnaires to end users through
assessment campaigns. The Edit and Data Import options are disabled
for archived questionnaires, and calculated fields and record
permissions are not recalculated.

Retired Retired questionnaires are not available to end users. You cannot
launch retired questionnaires through assessment campaigns, nor can
end users view existing questionnaire content. If you retire a
questionnaire that is displayed in a Questionnaire Reference field
within a target record (such as an Asset or Vendor record), the
questionnaire is removed. Although retired questionnaires are hidden
from end users, administrators can continue to modify retired
questionnaires from the Manage Questionnaires page.

3. Click Apply.

Next Steps
Update the Options of a Questionnaire

Update the Options of a Questionnaire

You can enable task management, notifications, and spell check. You also can
specify how search results are displayed, whether to display question names, and
the question format style.

28 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. To enable task management, select the option in the Task Management field.
3. To enable notifications, select the option in the Notifications field.
When notifications are enabled, the system can automatically notify end users
about new assessment campaigns or changes to a questionnaire's responses.

Note: You also need to create a notification template using the Notifications
feature. When you create a notification blueprint for a questionnaire, end users
can subscribe to that notification and thereafter receive email alerts.

4. To enable spell check, select the option in the Spell Check field.
5. To allow users to click a record in Search Results to open the record for editing,
select Direct to Edit.
6. To change the default format for search results, select the option in the Search
Results field.
Search results are generated from the Display All link in the Navigation Menu
and from the Advanced Search page.
7. To set the design language for the questionnaire, select the language in the
Language field.
8. To provide the name of the question field next to the question text, select
Visible in the Question Name Display section. To provide only the question
text, select Hidden.
9. From the Question Format Style Override list, select Horizontal or Vertical to
override the formatting of questions in the questionnaire.
The horizontal style places the question text and available answers on a single
row. The vertical style places the question text above the available answers. If
you select None, you can mix horizontal and vertical questions in a
questionnaire.
10. Click Apply.

See Also:
Attach Documentation to a Questionnaire

Chapter 2: Questionnaires 29
 RSA Archer GRC Platform Questionnaires

Attach Documentation to a Questionnaire

You can attach documentation to a questionnaire, such as design specifications or
approval forms. These documents are only available to administrators from the
Manage Questionnaires page.

Before You Begin

Create a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. On the General tab, in the Documentation section, click Add New.

3. In the Files to Upload field, select the file that you want to add to the
questionnaire, click Add New and browse for the file that you want to add to
the application. In the Open dialog box, select the file and click Open.
4. Click OK.
The Platform attaches the file to the field.
5. Click Apply.

Next Steps
Add a Standard Field to a Questionnaire

Managing Fields in Questionnaires

In addition to the questions themselves, questionnaires contain several standard
fields for collecting data on the assessment. Standard fields differ from questions in
that they do not include question text or weighting, they cannot be filtered using
question display rules, and they are not included in progress calculations for
questionnaire records and campaigns. However, standard fields offer more variety
for data collection than questions do, and you can control user access to fields,
whereas all questions are inherently public.

30 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

For additional information on the standard fields that you can add to a questionnaire,
see:
l System-Generated Questionnaire Fields
l Add a Standard Field to a Questionnaire

System-Generated Questionnaire Fields

When you create a questionnaire, the system-generated fields described in the
following table are added to the questionnaire. You can configure the properties of
some of these fields, while others must remain in their original state.

Field Configurat
Name Description
Type ion

% Correct Calculated Field access The percent of Values List questions that were
Numeric only answered correctly rounded to the nearest whole
number.

All Calculated Field access The number of findings related to the

Findings Numeric only questionnaire record.

Campaign Values Field access The name of the campaign to which the
Name List only questionnaire record belongs.

Comments Sub-Form Fully A sub-form that captures comments made for

configurable individual questions.

Correct Calculated Field access The number of Values List questions that were
Numeric only answered correctly.

Created User/Grou Fully The user who created the questionnaire record.
By ps List configurable

Created First Fully The date the questionnaire record was created.
Date Published configurable

Due Date Date Fully The date by which the questionnaire record
configurable should be completed and submitted.

Findings Cross- Fully Findings associated with the questionnaire

Reference configurable record.

Chapter 2: Questionnaires 31
 RSA Archer GRC Platform Questionnaires

Field Configurat
Name Description
Type ion

Findings Values Fully The status of findings-generation activity for the

Generatio List configurable questionnaire record.
n Status

History History Fully A history log that tracks the following fields:
Log Log configurable Due Date, Year, Quarter, Submitter, Submission
Status, Submit Date, Reviewer Review Status,
and Review Date.

Incorrect Calculated Field access The number of Values List questions that were
Numeric only answered incorrectly.

Inherent Calculated Field access The sum of all Values List question weighted
Score Numeric only scores.

Last Last Fully The date the questionnaire record was last
Updated Updated configurable updated.
Date

Maximum Calculated Field access The maximum potential score for the
Score Numeric only questionnaire, calculated by summing the
question scores for every Values List question
displayed in the questionnaire record.

Open Calculated Field access The number of findings related to the

Findings Numeric only questionnaire record that have a status of
"Open."

Overall Calculated Fully The overall status of the questionnaire based on

Status Values configurable the Submission Status and the Review Status
List (values include In Process, Awaiting Review,
Approved, and Rejected).

Progress Calculated Field access The number of questions that have been
Text only answered and the total number of questions in
the questionnaire record, for example, "13 of
30."

Progress Calculated Field access Percent of the questionnaire record that is

Status Values only complete rounded to the nearest 20% (values
List include 0%, 20%, 40%, 60%, 80%, and 100%).

Quantitati Calculated Field access The results of the completed questionnaire in an

ve Text only HTML table with the following information

32 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Field Configurat
Name Description
Type ion

Summary grouped by category: correct questions, incorrect

questions, percent correct, inherent score,
residual score, and open findings.

Note: This field will only be populated if you

enable findings for the questionnaire.

Quarter Values Fully The calendar quarter of the assessment.

List configurable

Questionn Tracking Fully The unique tracking ID for the questionnaire

aire ID ID configurable record.

Questions Calculated Field access The number of Values List questions in the
Scored Numeric only questionnaire record.

Queue Values Fully Tracks the success or failure of findings

Status List configurable generation for a questionnaire.

Remediati Calculated Field access The maximum potential score for all findings
on Score Numeric only that are closed, calculated by subtracting the
score for each incorrectly answered question
from the maximum possible score for each of
those questions, and then adding the resulting
values together. For example, suppose you have
a question that was incorrectly answered,
resulting in a score of 1. If the question were
answered correctly, the score would have been
5. The difference is 4. If you have five questions
that follow this same pattern, and the finding for
each of these questions is closed, your
remediation score would be 20.

Residual Calculated Field access The remaining inherent risk after the closure of
Score Numeric only some or all of the findings associated with the
questionnaire record.

Review Date Fully The date the completed questionnaire record is

Date configurable reviewed.

Chapter 2: Questionnaires 33
 RSA Archer GRC Platform Questionnaires

Field Configurat
Name Description
Type ion

Review Values Fully The questionnaire's review status (values include

Status List configurable Awaiting Review, Approved, and Rejected).

Reviewer User/Grou Fully The user who is responsible for reviewing the
ps List configurable questionnaire record once it is submitted.

Submissio Values Field access The questionnaire's submission status (values

n Status List only include In Process, Submitted, and Re-
Submitted).

Submit Date Fully The date the completed questionnaire record is

Date configurable submitted.

Submitter User/Grou Fully The user who is responsible for answering the
ps List configurable questions in the questionnaire record.

Target Cross- Fully The specific target of the assessment, located in

Reference configurable your target application.

Year Values Fully The year of the assessment.

List configurable

Add a Field to a Questionnaire

You can add standard fields to a questionnaire to collect information from end
users.
The process for adding a field to a questionnaire is the same as adding a field to an
application, except that you work from the Manage Questionnaires page rather than
the Manage Applications page.
If you add a required field to a mobile questionnaire, you cannot save the field. Do
either of the following to add a required field to a mobile questionnaire:

Option 1 Option 2

1. Add the field, but do not make it
required.
2. Move the field onto the layout.
3. Make the field required.
1. Go to the questionnaire to which you
are adding the field, and clear the
Mobile Ready option.
2. Add the required field.
3. Move the required field onto the layout.
4. Change the questionnaire to Mobile
Ready.

34 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Before You Begin

Create a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab.

3. Click Add New Field.
4. Select to create an original field or to create a copy of an existing field.
5. If you selected to create an original field, select the type of field that you want
to create.
6. Click OK.
7. Click Save.
The field is displayed in the list on the Fields tab of the Manage Questionnaire
page.

Next Steps
Change the Layout of a Questionnaire

Changing the Layout of a Questionnaire

You can add questions and fields to a questionnaire and arrange its layout using the
Layout tab of the Manage Questionnaires page. The steps for arranging the layout
of a questionnaire are the same as arranging the layout of an application, except
that you work from the Manage Questionnaires page rather than the Manage
Applications page.
In addition, the questionnaire already includes a variety of system-generated fields
arranged in sections within the layout. These fields enable you to assign submitters
and reviewers, to specify due dates and to identify the year and quarter for all
questionnaire records in an assessment campaign. Some of the system fields are
read-only calculated fields that contain the status of a questionnaire record, the
score of the completed record and links to findings that were generated for incorrect
answers. For more information on these fields, see System-Generated
Questionnaire Fields.

Chapter 2: Questionnaires 35
 RSA Archer GRC Platform Questionnaires

When adding questions, try to group your questions into sections, especially if you
have a large number of questions. Sections help to visually organize a questionnaire
for the benefit of the users.
You can create rules that show or hide questions within a questionnaire record
based on the specific target of the assessment. For more information on question
display rules, see Configure Show and Hide Rules for a Questionnaire.
You also can use data driven events to dynamically display sections of questions
based on the selection of one or more items in another field. Creating a Section
Display event for a questionnaire is the same as creating this event type for an
application, except that you work from the Manage Questionnaires page rather than
the Manage Applications page. For more information, see Configuring Data Driven
Events for a Questionnaire.
To configure how the questionnaire is displayed in the Navigation Menu, see
Configure the Navigation Menu Settings of a Questionnaire.

Configure the Navigation Menu Settings of a Questionnaire

You can configure which links display in the Navigation Menu for a questionnaire.
Links that you can provide include:
l Advanced Search
l Add New
l Display All
l Data Import
l By [field name]
l Reports

The By [field name] link is a quick filter for questionnaire records that include a
specific field value. For example, you could expand the "Submission Status" quick
filter in the Navigation Menu and click the value "Submitted" to search for
questionnaire records that contain this field value.
The following field types support quick filtering from the Navigation Menu:
l Cross-Reference
l Matrix
l Record Permissions
l Record Status
l User/Groups List
l Values List

36 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

In addition to configuring links, you can define default settings for searches
executed from the Navigation Menu, including the fields that are displayed and the
sort order of those fields.

Before You Begin

l Create a Questionnaire
l Add a Field to a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Navigation Menu tab.

The available menu items are listed in the Navigation Menu Configuration
section.
3. To display a specific link in the Navigation Menu, select the corresponding
option in the Show Item column. To hide a link, clear the checkbox.
4. To edit additional properties of a link, click the name in the Menu Item column.
The Menu Item Configuration dialog box opens.
5. To provide the link, under General Information, select Display the item in the
Navigation Menu. If selected, the following options become available:
l To display alternate text in the Navigation Menu as the link, enter the text in
the Display Alias field.
l To expand the link, select Expand this folder by default.
6. Under Fields to Display, select the fields that are displayed in the search
results when a user clicks either the Display All or By [field or data level] link:
a. From the Available list, select the fields that you want to include in the
search results.
b. Use the below the Selected list to arrange the fields in the correct
display order.
c. To remove a field from the search results for a menu item, click Remove to
the right of the field name in the Selected list.
7. Under Sorting, specify the sort order for search results when a user clicks
either the Display All or By [field or data level] link. From the Field list, select
the field by which search results should initially be sorted and select the sort

Chapter 2: Questionnaires 37
 RSA Archer GRC Platform Questionnaires

direction (Ascending or Descending). If necessary, click Add New and select

additional fields by which sort the results.
8. Click OK.
9. Click Save.

Next Steps
Configure Data Driven Events for a Questionnaire

Configuring Data Driven Events for a Questionnaire

By creating data driven events (DDEs) within a questionnaire, you can automate a
variety of actions based on values or dates within individual questionnaire records.
Data driven events, which are configured on the Events tab of the Manage
Questionnaires page, provide two types of conditional actions: the ability to change
certain parameters of the user interface based on specific field values and the
ability to generate email notifications based on date information.
The process for creating data driven events for a questionnaire is the same as
creating events for an application, except that you work from the Manage
Questionnaires page rather than the Manage Applications page.
When you create a questionnaire, a series of data driven events are generated by
the system and added to your questionnaire. For more information on these events,
see System-Generated Questionnaire Events.
An event is made up of two parts: a rule and an action.
For instructions on creating actions in a questionnaire, see the following Data
Driven Event topics:
l Create a Generate Notification Action
l Create an Apply Conditional Layout Action
l Create a Set Data Action
l Create a Set Values List Selection Action
l Create a Filter Values List Action

To configure a questionnaire to automatically generate findings when a user

answers one or more questions incorrectly while filling out the questionnaire, see
Auto-Generate Findings for a Questionnaire.

System-Generated Questionnaire Events

When you create a questionnaire, a series of data driven events are generated by
the system and added to your questionnaire. These data driven events help your
organization automate some of the manual processes involved in submitting and
reviewing questionnaire records. Each rule is described in the following table.

38 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Rule Action Type Description

Hide Apply This action hides the Findings section when no findings
Findings Conditional have been associated with the questionnaire record.
Grid Layout

Quantitativ Apply This action provides the Quantitative Summary Section

e Summary Conditional when all the questions displayed within the questionnaire
Section Layout record have been answered.
Display

Set Review Set Date This action sets the Review Date field within a
Date questionnaire record to the current date when the value in
the Review Status field changes to Approved or Rejected.

Set Review Set Values This action sets the Review Status field to Awaiting
Status List Selections Review when the value in the Submission Status field
Upon Re- changes to Re-Submitted.
Submission

Set Set Date This action sets the Submission Date field within a
Submission questionnaire record to the current date when the value in
Date the Submission Status field changes to Submitted or Re-
Submitted.

Set Set Values These actions limit the values available for selection in
Submission List Selection the Submission Status field to In Process and Re-
Status List Submitted when the value of the Review Status field
Filter Values
Values changes to Rejected.
List Items

Work with Questionnaire Values Lists

Complete this task to create questionnaire values lists that you can reuse for any
values list question within the questionnaire.
For example, you could create a questionnaire values list with the answers "Yes,"
"No," and "I don't know," and you could use this list for questions such as "Is
sensitive cardholder data securely disposed of when no longer needed?" and "Are
all but the last four digits of the account number masked when displaying cardholder
data?" By creating questionnaire values lists that you can reuse, you can save a
significant amount of time in the creation and management of Values List questions
within your questionnaire.

Chapter 2: Questionnaires 39
 RSA Archer GRC Platform Questionnaires

Questionnaire values lists are different from global values lists in that you cannot
share them between questionnaires. The questionnaire values lists are restricted to
individual questionnaires but can be shared among questions in that questionnaire.
You can export a list from one questionnaire to another. Keep in mind that if you
export a questionnaire values list to another questionnaire, the two values lists are
not connected in any way. If you make a change to one list, that change is not
reflected in the other.

Before You Begin

Create a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Properties tab.

3. Click the Lists tab.
4. Do one of the following:
l To create a new questionnaire values list, click Add New and select whether
to make an original list or copy an existing list. To select new settings for the
values list, select Create a new Values List from scratch. To use the
settings of an existing values list, select Copy an existing Values List and
select the existing values list from the list. Click OK.
l To edit the properties of an existing list, click the name of the list in the
Name column.
The Manage Questionnaire Values List page is displayed.
5. Complete the General Information section:
a. In the Name field, enter the name for the list.
b. In the Description field, enter a description.
c. In the Alias field, update the alias for the list.
6. In the Values section, add or edit the values in a values list.
7. Click Apply.

Next Steps
Configure Show and Hide Rules for a Questionnaire

40 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Questionnaire Display Rules

Using display rules allows you to utilize a single questionnaire for all targets of one
type (such as all vendors), even if those targets vary in their individual attributes.
Without display rules, you would have to create separate questionnaires for each
variation of your target type. For example, you would have to create one
questionnaire for vendors that have access to your confidential data and another
questionnaire for vendors that do not. Display rules give you the flexibility to
centralize all questions for a target type in a single questionnaire, which saves you
time and enables you to use your additional questionnaire licenses to assess other
types of targets (such as assets, controls, business processes, and so on).
The Manage Questionnaires page provides two display rule options:
l Show Rules. Enables you to display specific questions within a questionnaire
record based on the attributes of your questions and of the assessment target. For
example, you could create a show rule specifying that when a target vendor
provides payment handling services to your company, the questionnaire record
for that vendor should show questions related to access authorization, encryption
and intrusion detection, along with all questions related to the Payment Card
Industry (PCI) Data Security Standard. When you define show rules, it is
important to note that only the questions that meet your rule criteria are
displayed. All other questions are omitted from the questionnaire.
l Hide Rules. Allow you to hide specific questions within a questionnaire record
based on attributes of your questions and of the assessment target. For example,
suppose you have created a hide rule specifying that when a target application is
used to manage internal accounting processes, the questionnaire record should
exclude questions related to encryption but display all other questions related to
applications. When you define hide rules, it is important to note that all questions
in the questionnaire except for those you select to hide are displayed in
questionnaire records for targets that meet the rule criteria. Questions that are
hidden within a questionnaire record are not counted when the score for the
questionnaire is calculated, nor are they counted when the system calculates the
overall completion status of the assessment campaign.

Question display rules are evaluated only one time for each questionnaire record.
Each show rule and hide rule is evaluated individually at the time of record creation
to determine the appropriate questions to display in the questionnaire. The system
first evaluates the show rules and generates a list of questions to show based on
attributes of the assessment target. Then the system evaluates the hide rules,
generates a list of questions to hide, and removes those questions from the show
list. Finally, a questionnaire record is created that includes only those questions that
are applicable to the assessment target.

Chapter 2: Questionnaires 41
 RSA Archer GRC Platform Questionnaires

If the assessment target changes after the questionnaire record for that target has
been created, the display rules are not re-evaluated for the questionnaire. For
example, if the target is an application that is changed from Development to
Production status, the questionnaire record is not updated to include questions
related to production environments. To include these questions in a questionnaire for
the application, you would need to create a new questionnaire record for the
application.
For information on defining question properties that you can use in question display
events, see:
l Categorize a Question
l Update Question Filter Properties
l Link a Values List Question to Authoritative Sources
l Link a Values List Question to Control Standards

For instructions on configuring show and hide rules, see Configure Show and Hide
Rules for Questionnaires.

Configure Show and Hide Rules for Questionnaires

You can define rules to display or hide questions within a questionnaire record
based on attributes of the assessment target.
For example, if a vendor manager is filling out a questionnaire to assess a vendor
that does not have access to your organization's confidential data, the rules you
define could automatically customize the questionnaire record to omit questions
related to data confidentiality. Display rules enable you to dynamically tailor
questionnaires to present end users with only those questions that apply to the
specific target of their assessment.
For more information on display rules, see Display Rules for Questionnaires.

Before You Begin

Create a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

42 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

2. Click the Properties tab.

3. Click the Rules tab.
4. In the Show Rules or Hide Rules section, click the Add New link, depending
on the type of rule that you want to create.
5. Complete the General Information section:
a. In the Name field, enter a name for the rule.
b. In the Description field, enter a description for the rule.
6. In the Target Application Conditions section, define the conditions within the
assessment target that will cause the rule to prove true. For example, you might
select the "Business Unit" field to display or hide specific questions in an asset
questionnaire record based on the business unit of the asset.
a. In the Field To Evaluate column, select the field to evaluate for one or
more specific values.
To create additional conditions, click Add New.
b. In the Operator column, select the filter operator.
c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic
to your search criteria.
7. Add more conditions, if needed, to the Target Application Conditions section.
To add more conditions, click Add New.
8. In the Question Display Actions section, define which questions to show or
hide in the questionnaire record when the rule evaluates to true for the target of
the assessment. In the Filter Property column, select the question property that
you want to use to determine which questions to show or hide when the rule
criteria are met.
For more information on Filter Properties, see Categorize a Question.
9. In the Operator column, select one of the following operators to define the
relationship between the question property and the specific filter values that will
cause a question to be shown or hidden when the rule proves true:
l Contains. If the question is configured with the filter property and value, the
question will be shown or hidden. The question may also have other values in
the same filter property. For example, if you specify the filter
"Confidentiality: High" where "Confidentiality" is the filter property and
"High" is the value, a question that includes the filter "Confidentiality: High"
and the filter "Confidentiality: Medium" will be shown or hidden.
l Does not Contain. If the question is not configured with the filter property
and value, the question is shown or hidden.
l Equals. If the question is configured with the filter property and only the
value you specify, the question is shown or hidden. For example, if you

Chapter 2: Questionnaires 43
 RSA Archer GRC Platform Questionnaires

specify the filter "Confidentiality: High" and a question includes the filters
"Confidentiality: High" and "Confidentiality: Medium," that question is not
displayed or hidden because it is not an exact match.
l Does not Equal. If the question is not configured with the exact filter
property and value, the question is shown or hidden. The question may have
the filter property and value you specify, but if it also has other values in the
same property, it is not an exact match. For example, if you specify the filter
"Confidentiality: High" and a question includes the filters "Confidentiality:
High" and "Confidentiality: Medium," that question is shown or hidden.
10. In the Value(s) column, select the specific filter values that should trigger a
question to be shown or hidden.
For example, if you selected the Criticality property in the Filter Property
column, you could select the value "High" in the Value(s) column. All questions
created with this specific filter value are shown or hidden, depending on the
type of display rule that you are creating.
11. Add more conditions, if needed, to the Question Display Actions section.
12. Click Save.
The rule is displayed on the Rules tab.
13. Click Apply on the Manage Questionnaire page.

Next Steps
Create a Campaign to Launch a Questionnaire

Create a Campaign to Launch a Questionnaire

You can create a campaign to automatically generate questionnaire records for
specific assessment targets.
For example, if you are managing a questionnaire where the target is your vendor's
application, you can define a campaign that creates questionnaire records for all
vendors who provide payment processing services for your organization. If you have
defined question display rules, the questionnaire records for each specific vendor
contain only those questions that are applicable to the vendor based on its attributes,
such as service type, criticality to your business, or risk rating. For more
information on display rules, see Configure Show and Hide Rules for a
Questionnaire.

Note: Launching a campaign is not the only way to create questionnaire records.

Before You Begin

Create a Questionnaire

44 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Properties tab.

3. Click the Campaigns tab.
4. Do one of the following:
l To create an automated campaign, click Add New in the Automated
Campaigns section. In the Type list on the Manage Questionnaire Campaign
page, select one of the following options.

Option Description

Recurring Campaign Creates a campaign that is evaluated when the

specified target record is saved.

Scheduled Campaign Creates a campaign that is executed on a scheduled

basis.

l To create a manual campaign that must be launched by the user, click Add
New in the Manual Campaigns section.
The Manage Questionnaire Campaign page is displayed.
5. Complete the General Information section:
a. In the Name field, enter a name for the campaign.
b. To activate the campaign, select Active from the Status list.
c. In the Description field, enter a description to be displayed for internal use
only.
6. In the Optional Campaign Attributes section, you can select default values
that are populated in the corresponding fields of the questionnaire records. To
set these options, select from the following lists:
l From the Year list, select the year that you want populated in the Year field
of the questionnaire.
l From the Quarter list, select the quarter that you want populated in the
Quarter field of the questionnaire.

Chapter 2: Questionnaires 45
 RSA Archer GRC Platform Questionnaires

l From the Due Date list, select the date that you want populated in the Due
Date field of the questionnaire. You can generate an email reminder to send
automatic reminder email messages to appropriate personnel as this date
approaches.
l From the Submitter list, select the user that you want assigned as the
submitter for the questionnaire record triggered by the campaign. The target
application must contain a User/Groups List or Record Permissions field to
assign the submitter for each questionnaire record triggered by the campaign.
When the campaign triggers the creation of a questionnaire record for a
specific asset, such as a database server, the owner of that asset
automatically is assigned as the submitter for the questionnaire record.
l From the Reviewer list, select the user that you want assigned as the
reviewer for the questionnaire record triggered by the campaign. The target
application must contain a User/Groups List or Record Permissions field to
assign the reviewer for each questionnaire record triggered by the campaign.
You can automatically assign reviewers for questionnaire records just as you
assigned submitters.
7. Create a target generation rule to filter the list of specific targets that need to be
assessed, thereby reducing the number of questionnaire records generated by the
campaign. In the Target Generation Conditions section, complete the
following steps:
a. In the Field To Evaluate column, select the field to evaluate for one or
more specific values.
To create additional conditions, click Add New.
b. In the Operator column, select the filter operator.
c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic
to your search criteria.
8. If you are creating a Scheduled campaign, in the Schedule Properties section,
select values from the Frequency, Time, and Time Zone lists.
An additional field for you to complete may be displayed depending on the value
that you select from the Frequency list.
9. Click Save on the Manage Questionnaire Campaign page.

Note: After a campaign has run, you can view the Campaign Execution History
report by clicking the Report icon for that campaign.

10. Click Apply.

Next Steps
Assign Questionnaire Owners and Report Administrators

46 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Assign Questionnaire Owners and Report Administrators

You can select the users who can administer, or own, questionnaires.

Before You Begin

Create a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Administration tab.

3. To designate owners for this questionnaire:
a. In the Administration section, in the Questionnaire Owners field, click
.
b. From the Available list, select the users or groups who you want to serve as
owners for the application.
c. To revoke a user or group, click to the right of the appropriate name in
the Selected list.
d. Click OK to close the Select User/Group(s) dialog box.
4. To designate report administrators for this questionnaire:
a. In the Administration section, in the Report Administrators field, click
.
b. From the Available list, select the users or groups who should serve as
owners for the application.
c. To revoke a user or group, click to the right of the appropriate name in
the Selected list.
d. Click OK to close the Select User/Group(s) dialog box.
5. Click Save.

Chapter 2: Questionnaires 47
 RSA Archer GRC Platform Questionnaires

Import Data into a Questionnaire

You can use the Data Import feature to import data into a questionnaire from an
external data file. This is a great way to prepopulate questionnaire records with
data from a previous assessment campaign, enabling end users to simply update
their previous answers rather than filling out a new questionnaire record.
The data import process for a questionnaire is exactly the same as the process for
applications. Because questionnaire records must be linked to a target application, a
reference to the target application content record must be included in the external
data file when creating new questionnaire records.

Before You Begin

See Data Import Preparation.

Procedure
Perform the steps detailed in Importing Data Into Leveled Applications.

Modify a Questionnaire During an Assessment Cycle

RSA Archer recommends that you configure a questionnaire completely before
releasing it to users. However, you may need to make minor changes during an
assessment cycle. Depending on the change, there may be an impact on content
records created prior to the change.
Changes to the following properties of a questionnaire impact content records
created prior to the change:

l Question text l References to authoritative sources and control

standards
l Answer text
l Data driven events
l Question name
l The default selection option for an answer
l Question field options
l The correct option for an answer
l Question weighting
l The numeric value of an answer
l Category
l The text color and image of an answer
l Standard fields

Note: You can review changes made to the configuration of a question by viewing
the History Log.

The following changes do not impact content records created prior to the change:
l Adding a new question
l Changing question filter properties

48 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

l Inactivating an answer
l Creating a new campaign
l Changing the findings options

The following steps describe how to modify a question in an active questionnaire

without impacting the content records that already exist for that question.

Procedure
1. Add a filter property for the Retired question and select the property as True.
See Update Question Filter Properties.
2. Add a rule to hide questions with the Retired filter property. See Configure
Show and Hide Rules for Questionnaires.
Because hide rules take precedence over show rules, the question is hidden
regardless of any other question filter properties or question display rules.
3. Add a new question to the questionnaire with the desired changes. See Create a
New Question in a Questionnaire.

Delete Content from a Questionnaire

You can quickly delete all records from a questionnaire. This feature is useful if
you have created a large number of records to test the functionality and
performance of a new questionnaire.
Prior to deleting a questionnaire's content, you must retire the questionnaire (see
step 2 in the following procedure). The content delete feature is available only for
retired questionnaires.

Important: Use extreme caution when deleting content from a questionnaire. Once
the content is deleted, it cannot be recovered. RSA Archer highly recommends that
you create a backup of your data before deleting questionnaire content.
Do not import data into a questionnaire until the content delete process is complete.
If the questionnaire contains a large number of records, this process could take
several minutes. To determine whether all content has been deleted from the
questionnaire, reactivate the questionnaire and run a search to display all records.
When your search returns zero records, you can initiate a data import.

Before You Begin

Back up your data.

Chapter 2: Questionnaires 49
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. On the General tab, select Retired from the Status field and click Apply.
3. Click the Administration tab.
4. In the Delete Questionnaire Content section, click Delete Content.

Note: If this button is unavailable, the questionnaire is not retired. See step 2.

5. In the Warning dialog box, select "I understand the implications of

performing this operation."
6. Click OK.
The delete process may take several minutes to complete.

Note: You cannot import data into the questionnaire until the content delete process
has finished.

Deleting a Question from a Questionnaire

You can delete a question from a questionnaire. Once deleted, that question is
removed from all questionnaire content records created prior to the deletion. It
removes the question from the layout, deletes any answers previously provided, and
modifies the question count and scoring appropriately. It does not modify any
existing findings related to the deleted question.
RSA Archer recommends deleting a question only when you need to remove it from
previous and future questionnaire content records. To keep the questionnaire content
records created prior to the deletion, inactivate the existing answer values and leave
only the N/A option available, selected by default with a value of zero. You cannot
inactivate a question, only the answers.
RSA Archer does not recommend moving a question off the questionnaire layout.
This does not change the question count or scoring records. Once it is removed from
the layout, users cannot complete the questionnaire and save the questionnaire
content record.

50 Chapter 2: Questionnaires
 RSA Archer GRC Platform Questionnaires

Chapter 3: Questions

Managing Questions
A question is a special field type available only within questionnaires. Questions
enable users to evaluate the specific item being assessed, such as an asset, business
process, vendor, facility, and so on. Each question has a configurable set of
properties that govern how the question is displayed in the questionnaire and how
(or whether) the user is to interact with it. In addition to the properties associated
with standard fields, questions can be filtered through specific question display
rules, linked to authoritative sources, included in assessment scoring, and utilized in
automated findings generation.
You can create questions with predefined answers that users can select from, or
you can allow users to enter free-form text, dates, or numeric entries. You can also
allow users to attach documents, pictures, diagrams, and other types of files to a
questionnaire to provide supporting information or evidence. For a description of
each question type available in a questionnaire, see Question Types.
To configure and arrange questions within a questionnaire, use the Layout tab on
the Manage Questionnaires page. This tab provides point-and-click, drag-and-drop
tools for adding, editing, configuring, and arranging questions within a
questionnaire. For instructions on arranging the layout of questions in a
questionnaire, see Change the Layout of a Questionnaire.
In addition, you can use the Question Library application to build a centralized
library of questions that you can rference and copy into a questionnaire. For more
information on the Question Library, see Managing the Question Library.
You can perform the following question-related tasks:
l Copy Questions from the Question Library
l Create a New Question in a Questionnaire
l Update the General Properties of a Question
l Update Question Options
l Categorize a Question

Record Save Validation

The Validate Always option on the Options tab of the Manage Field page causes
the field to validate when any field has changed when the user saves a record. If
the Validate Always option is not selected, the field is validated only when the
value in that field has changed.

Chapter 3: Questions 51
 RSA Archer GRC Platform Questionnaires

Field Validation Configuration

The minimum and maximum values are now validated for relationships between
field types.
The validation rules that apply to the Cross-Reference, Date, Numeric, Text, and
Values List field types are displayed in the following table.

Field Type Applicable Rule

Cross-Reference l Required
l Minimum Selections
l Maximum Selections

Date l Required
l Unique
l System Minimum Value

Numeric l Required
l Unique
l Minimum Value
l Maximum Value
l Maximum Precision
l System Maximum Value
l System Minimum Value

Text l Required
l Unique
l Maximum Characters
l Email Format

Values List l Required

l Minimum Selections
l Maximum Selections
l Values List Other Text

52 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Field Type Validation Rules

Three new field type validation rules are now applied for the minimum and
maximum selections for the following reference fields:
l Reference Related Field Minimum Selections
l Reference Related Field Maximum Selections
l Reference Related Field Required

The following field types are associated with these rules:

l Cross-references
l Related records

When validating the three new rules for the related record, the system only
validates records that were added to or removed from the reference field of the
original relationship. For example, a user in Application A creates a Cross-
Reference field, and then removes related record B1 in Application B. The only
record that is validated is B1, because it changed.

Reference Field Validation

The relationship between a reference field and an original (published) record does
not count toward Minimum, Maximum, and Required validation when both of the
following apply:
l The reference field has workflow enabled.
l The original record has a copy enrolled into a workflow.

Relationships to records enrolled into a workflow without a copy are counted as

regular records.
Example

Chapter 3: Questions 53
 RSA Archer GRC Platform Questionnaires

Scenario Set-up A user creates a Cross-reference field in Application A, which

has workflow enabled.
The user sets the Maximum Selections value to 2 for the
associated Related Record field in Application B.
Record B1 is related to original Records A1 and A2 in
Application A.

Scenario A
Scenario The user enrolls Record A2 into a workflow and
creates Copy A2C.

Results The Maximum Selections rule for Record B1 is

not violated because only the original Record
A1 and Copy A2C count against the maximum
selections.

Scenario B
Scenario The user removes Record B1 from the Cross-
Reference field A2C.
The user enrolls Record A3 into a workflow and
creates Copy A3C.
The user edits Copy A3C and adds Record B1 to
the Cross-Reference field.

Results Again, the Maximum Selections rule for Record

B1 is not violated because only the original
Record A1 and Copy A3C count against the
maximum selections.

Scenario C
Scenario The user edits Copy A2C again and adds Record
B1 to the Cross-Reference field.

Results The attempt to save Copy A2C fails because

there are now potentially three records to count
against the maximum selections: original Record
A1, Copy A3C, and Copy A2C.e

Question Types
You can add the following types of questions to a questionnaire:
l Attachment Question
l Cross-Reference Question

54 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

l Date Question
l Numeric Question
l Text Question
l Values List Question

Attachment Question
The Attachment question type enables users to upload documents, pictures,
diagrams, and other types of files to a questionnaire record to provide supporting
information or evidence. When configuring an Attachment question, you can specify
the total number of files that can be uploaded (attached), as well as the size
(between 1 and 100 MB) permitted for each file. You also can enable end users to
keyword search into attached documents. The following file types are supported for
document searching:
l Microsoft Word
l Microsoft Excel
l PDF
l Text

Cross-Reference Question
The Cross-Reference question type enables users to associate records from other
applications or questionnaires with a questionnaire record. For example, users could
answer the question "Who is responsible for monitoring the security of the server
room?" by selecting a user from your related Contacts application.
When you create a Cross-Reference question, a Related Records field
automatically is added to the related application or questionnaire. The Related
Records field provides a mirror image of the Cross-Reference question, meaning
that within an individual record in the related application or questionnaire, you can
see all records that have been cross-referenced to that record.
For example, if you have a Cross-Reference question within an vendor
questionnaire that is related to an Vendor Managers application, users can select
vendor managers for individual questionnaire records through the Cross-Reference
question. Then, if users access a record in the Vendor Managers application, they
can view all vendor questionnaire records that have been cross-referenced to that
particular vendor manager in the Related Records field.

Date Question
The Date question type accepts only a valid date entry and is displayed to users
with a calendar icon. Users can either enter dates directly or click to select a
date from the Date Range dialog box. When configuring the properties of a Date
question, you can enable users to enter a time of day to associate with the date, as
shown below.

Chapter 3: Questions 55
 RSA Archer GRC Platform Questionnaires

In addition to the basic question configuration options, the Date question type also
supports a default date value. The default date value is set when a questionnaire
record is created. When configuring the default value, you can select to display the
date of questionnaire record creation, a date that is a specific number of days after
the date of record creation, or a static, specific date. You also can select to display
no default value.

Numeric Question
The Numeric question type allows only numeric-value entries. Numeric questions
can accept both positive and negative values and, by default, accept values of any
size. However, when configuring a Numeric question, you can choose to apply
minimum and maximum value constraints. You can also specify the number of
decimal places permitted for the value.
In addition to these basic question configuration options, the Numeric question type
also supports the following specialized options:
l Numeric Ranging. If you enable this option, you can define a set of numeric
ranges and apply a descriptive name to each range. For example, a range named
"High" might be mapped to the numeric range "8 - 10." The range name you
define for the question is then displayed in the Filter by Value section of the
Advanced Search page for the questionnaire. This allows users to search across
a range of values for your Numeric question by selecting the range name as part
of their filter criteria.
For example, suppose you have a Numeric question asking "What is the distance
to the CO-LO facility?" and you define the numeric ranges "0 - 5 Miles," "5-15
Miles" and "More than 15 miles." A user could execute a search in the
questionnaire and select the range "5-15 Miles" as a search filter to search for
only those records that contain a value in the Numeric question that is between 5
and 15.
l Format. By selecting this option, commas are used to separate units of numbers.
For example, if you enter the value "10000" in the Edit mode of the record, the
value would be displayed as "10,000" in the View mode of the record.
l Prefixes and Suffixes. By selecting one or both of these options, you can insert
text (up to 10 characters, including special characters) before or after the value
in a Numeric question to provide context for end users. For example, you can
enter a dollar sign as a prefix or a distance unit as suffix.
Prefixes and suffixes display in the View and Edit modes of the record as well
as in search results.

Text Question
The Text question type accepts both alphabetic and numeric entries. It can be
displayed to users in a single-line or a multi-line (scrolling) text area. If the question
is configured as a text area, you can specify the height (in lines) for the control.

56 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

By default, entries in this question type are not restricted. However, when
configuring this question type, you can choose to set a maximum character length
for entries. In addition, you can restrict users from entering a value in the Text
question that is identical to a value entered in another record within the
questionnaire, thereby ensuring that all values in the Text question are unique.

Values List Question

The Values List question type provides users with a list of predetermined values
from which to choose. This field type can be expressed using one of several
interface control types:
l Drop-down
l Radio buttons
l Checkboxes
l Listbox
l Values pop-up

You can choose to use a list or radio buttons when configuring a Values List
question. If you choose one of the other control types for the question, you can
specify the minimum and maximum number of selections users are permitted to
make. In addition to configuring the interface, you also can add a numeric weight to
a question and assign a numeric value to the individual selections available within
the question. These numbers are used to compute the score for a questionnaire.
During the configuration process, you can populate a Values List question with
either a custom or a questionnaire values list. If you choose to use a custom answer
list, you must define the answers for the question. Custom answer lists cannot be
used to populate any other Values List question. For more information, see Define
Answers for a Values List Question.
You also can create questionnaire values lists that you can reuse for any Values
List question within the questionnaire. For example, you could create an answer list
with the values "Yes," "No," and "I don't know," and you could use this list for
questions such as "Is sensitive cardholder data securely disposed of when no longer
needed?" and "Are all but the last four digits of the account number masked when
displaying cardholder data?" For more information, see Work with Questionnaire
Values Lists.

Copy Questions from the Question Library

When you create a questionnaire, you can copy questions from the Question Library
into your questionnaire. You also can copy questions at any time using the Fields or
Layout tab of the Manage Questionnaires page.

Chapter 3: Questions 57
 RSA Archer GRC Platform Questionnaires

Note: Once you copy a question from the Question Library into your questionnaire,
it no longer is connected to the original question in the Question Library. As a
result, you can modify the question without affecting the version in the Question
Library. This enables you to tailor questions for a specific type of assessment. For
example, you can change the question weighting, relate a question to additional
authoritative sources, add new answer options, and more.

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and then click the Question Library link in the top-right
corner of the page.
The Record Lookup page is displayed listing the available questions.

Note: You also can access the Record Lookup page from the Layout tab. Click
the Add New Field arrow and select Add from Question Library.

3. On the Record Lookup page, select the checkbox for each question that you
want to copy into your questionnaire.

Note: To limit the types of questions that you see on the Question Lookup page,
enter the values that you want to filter by in the filter boxes for that column.
Click Filter in the column header to refine your search results. You can also
select all questions within the Search Results page by selecting the checkbox at
the top of the Question Name column.

4. Click Apply to copy the selected questions into your questionnaire. When
prompted to confirm your selections, click Continue to complete the copy
operation.
When you leave the Question Lookup page, the Administrators tab is displayed
on the Manage Questionnaires page. In the Last Question Library Copy control
group at the bottom of the page, you can see the status of your copy operation.
When it is complete, click the Layout tab to view your questions in the
questionnaire layout. The questions automatically are grouped in sections by
question category.
5. Click Apply.

Related Topics
Create a New Question in a Questionnaire.

58 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Create a New Question in a Questionnaire

You can create a new question for a questionnaire from the Fields tab and the
Layout tab on the Manage Questionnaires page.
For an overview of the configuration process, see Configuring Questions.
When you create a new question in a questionnaire, you can select from the
following question types:
l Attachment
l Cross-Reference
l Date
l Numeric
l Text
l Values List

For more information, see Question Types.

Note: To protect data integrity, the Questionnaire feature prohibits question type
changes, for example, changing a Date question to a Text question, once a question
has been created.

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab.

3. Click Add New in the top-right corner of the page.
The Add Field dialog box opens.
4. Do one of the following:
l To use the settings of an existing question as a starting point for your new
question, select Copy an existing field and select the question from the
Fields list.
l To select new settings for a question, select Create a new Field from
scratch and under Question, select the question type in the Field Types
section.

Chapter 3: Questions 59
 RSA Archer GRC Platform Questionnaires

5. Click OK.
The New Field page is displayed.
6. In the Name field, enter a name for the question.
7. Click Apply.

Next Steps
Update the General Properties of a Question

Configuring Questions
You can create and configure a question by performing the following steps in order:
1. Create a Question.
2. Update the General Properties of a Question.
3. Update Question Options.
4. Update Question Text.
5. Update Question Filter Properties.
6. Update the Help Text for a Question.
Based on the filter properties that you assign to a question, you can define rules that
will display or hide the question when an end user fills out the questionnaire based
on attributes of the target the user is assessing, such as a specific asset, vendor,
business process, and so on.
For example, suppose you have defined a question display rule for a questionnaire
that assesses targets in your Vendors application. The question display rule
specifies that if a vendor handles your customer's financial information, the
questionnaire should display all questions with the following filter properties:
l Customer Data: Yes
l Financial Data: Yes

When a vendor relationship manager in your organization fills out the questionnaire
to assess a vendor that handles your customer's financial information, the manager
is prompted to answer all questions with these filter properties, as determined by
the question display rule that you defined. For more information on question display
rules, see Configure Show and Hide Rules for a Questionnaire.

60 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

You can create and assign any number of filters to a question. When you create a
filter, you must provide a name and a list of values. For example, the name of your
filter could be "Customer Data," and the available values could be "Yes" and "No."
When you assign the filter to a question, you will select the filter and the specific
filter value that applies to the question. For example, you would apply the
"Customer Data: Yes" filter to the following question: "Do you have a documented
program in place to dispose of customer data when you no longer need to handle
it?"

Update the General Properties of a Question

You can update the name and description of a question.
For an overview of the complete configuration process, see Configuring Questions.

Before You Begin

Create a New Question in a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab.

3. In the Field column, click the question that you want to configure.
4. Complete the General Information section:
a. In the Name field, enter a name for the question.
b. From the Status list, select Active or Inactive.
c. In the Description field, enter a description of the question.
This description is for internal use only and is not visible to the end user.
5. Click Apply.

Next Steps
Update Question Options

Chapter 3: Questions 61
 RSA Archer GRC Platform Questionnaires

Update Question Options

You can define the display and functionality of a question. Because the options
provided on this tab vary significantly among the various question types, this topic
first explains how to access the Options tab on the Define Fields page, and then it
provides links to specific instructions for each field type.
For an overview of the complete configuration process, see Configuring Questions.

Before You Begin

Create a New Question in a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab.

3. In the Field column, click the question that you want to configure.
4. Click the Options tab.
5. Specify options.
The options on this tab vary depending on the type of question. For detailed
descriptions of the options, see one of the following:
l Attachment Question Options
l Cross-Reference Question Options
l Date Question Options
l Numeric Question Options
l Text Question Options
l Values List Question Options
6. Click Save.

Next Steps
Update Question Text

Attachment Question Options

You configure the display and functionality of an Attachment question using the
Options tab of the Manage Field page.

62 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

The following table describes the display and functionality options for the
Attachment question.
For instructions on updating these options, see Update Question Options.

Option Description

Display Control Section

Grid The Grid option contains a grid containing the name of the
file, the size of the file, the file type, and the upload date for
each attachment added to the record.

Single Column The Single Column option contains the name of the
attachment as a single column. Users can click the name of the
file to access the file.

Options Section

Required Field Select this option to require users to supply a value for the
field when adding or editing a record in the application.
Required fields are indicated with an icon (selected in the
Appearance feature) to alert users that they must supply a
value. If this checkbox is not selected, users can skip this field
when adding or editing a record in the application.

Auditing Information Select this option to display auditing information next to the
field each time that its value is changed. The auditing
information includes only the name of the user who made the
change and the date and time of the change. If this checkbox
is not selected, auditing information is not displayed with the
field in the user interface.

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent users
from removing the field from the Search Results page. Users
can click Modify in the toolbar and remove the field from the
Fields to Display section of the application's Advanced Search
page.

Chapter 3: Questions 63
 RSA Archer GRC Platform Questionnaires

Option Description

Keyword Searching Select this option to enable users to search documents attached
to the field. File types supported for document searching
include Microsoft Word, Microsoft Excel, .pdf, and text. If a
user does not have access to the field but the field is
configured to allow document searching, the field will still be
searched when the user executes a keyword search in the
application. However, the field will not display in the search
results.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always option
is not selected, the field is validated only when the value in
that field has changed. See Managing Questions.

Configuration Section

Minimum Attachments Enter the minimum number of attachments that you want to
require for the field.

Maximum Attachments Enter the maximum and minimum number of attachments that
you want to require for the field.

Maximum Size Select the maximum size, up to 100 MB, that you want to
allow for each file uploaded to the Attachment field. This
setting does not restrict the total size of all files uploaded to
the field.

Display Fields Select which fields of information you want to display along
with your attachment file.

Cross-Reference Question Options

You configure the display and functionality of a Cross-Reference question using the
Options tab of the Manage Field page.
The following table describes the display and functionality options for the Cross-
Reference question.
For instructions on updating these options, see Update Question Options.

64 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Action

Display Control Section

Grid Select this option to display a grid containing the name of

the file, the size of the file, the file type, and the upload date
for each attachment added to the record.

Single Column Select this option to display the name of the attachment as a
single column. Users can click the name of the file to access
the file.

Options Section

Required Field Select this option to require users to supply a value for the
field when adding or editing a record in the application.
Required fields are indicated with an icon (selected in the
Appearance feature) to alert users that they must supply a
value. If this checkbox is not selected, users can skip this
field when adding or editing a record in the application.

Auditing Information Select this option to display auditing information next to the
field each time that its value is changed. The auditing
information includes only the name of the user who made
the change and the date and time of the change. If this
checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Search Results Select this option to make this field available for display in
search results. If this checkbox is not selected, you cannot
include this field in search results or reference the values in
the field in search filters.

Search Default Field Select this option to include the field by default in search
results for the application. This option does not prevent
users from removing the field from the Search Results page.
Users can click Modify in the toolbar and remove the field
from the Fields to Display section of the Advanced Search
page for the application.

Lookup Select this option to allow users to access a Lookup control

to select existing records from the related application. Clear
this checkbox if you only want to allow users to create new
records for cross-referencing, assuming they have been
granted appropriate record creation rights in the related
application.

Chapter 3: Questions 65
 RSA Archer GRC Platform Questionnaires

Option Action

Add New If you selected the Grid display control, you can also select
the Add New checkbox to allow users to add new records to
the related applications from a record in View mode. Users
will not have to open a record in Edit mode to create new
related records. If a user does not have rights to create
records in the related application, the link will not be
displayed for that user.
When a user creates a new related record from View mode,
that record will be selected in the Cross-Reference field just
as it would if it were created from Edit mode. For example,
if a user opens a Vendor record in View mode and creates a
record in the related Audits application by clicking Add
New in the Cross-Reference field, that new Audit record will
be selected in the Vendor record's Cross-Reference field,
even though the user did not open the Vendor record for
editing.

Validate Always Select this option to validate the field when any field has
changed when saving a record. If the Validate Always
option is not selected, the field is validated only when the
value in that field has changed. See Managing Questions.

66 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Action

Record Lookup Configuration Section

Display Fields If you selected the Grid or Single Column display control,
you can define the fields of data from the relationship
application that should display in the Record Lookup page
for end users when they select related records in the Cross-
Reference field.

To select fields for display, click in the Display Fields

field and select the fields that you want to display from the
Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list display
as the left-to-right order of fields in the Record Lookup
page.

Note: If the relationship application is a leveled

application, and you selected fields from two or more
levels to be displayed in the Cross-Reference field, you
can only arrange those fields on a level-by-level basis.
You cannot intermix fields from separate data levels.

Filters To limit the records users can select in the Cross-Reference

question to only those records that contain specific field
values, apply filter criteria to the records.

Sorting If you selected the Grid or Single Column display control,

you can define the fields by which cross-referenced records
should be sorted within the Lookup control. For example, in
an "Investigators" Cross-Reference field, you could sort the
display of referenced records alphabetically by investigator
name.

Chapter 3: Questions 67
 RSA Archer GRC Platform Questionnaires

Option Action

Display Format Select how you want the cross-referenced records displayed
on the Record Lookup page:
l Column Hierarchical. Displays the records in a
columnar layout where fields are displayed across the
page from left to right, and the field values are presented
showing relationships.
l Column-Flat. Displays the records in a simple columnar
layout without any grouping of values.

Grid Display Properties Section

Use Record Lookup Select this option to apply the values selected in the Record
Configuration Lookup Configuration section to the corresponding
View/Edit Display control group fields.

Display Fields If you selected the Grid or Single Column display control,
you can define the fields of data from the relationship
application that should display in the Lookup control for
end users when they select related records in the Cross-
Reference question.

To select fields for display, click in the Display Fields

field and select the fields that you want to display from the
Available list.

Use the below the Selected list to arrange the fields.

The top-to-bottom order of fields in the Selected list display
as the left-to-right order of fields in the Lookup control.

Note: If the relationship application is a leveled

application, and you selected fields from two or more
levels to be displayed in the Cross-Reference field, you
can only arrange those fields on a level-by-level basis.
You cannot intermix fields from separate data levels.

68 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Action

Sorting If you selected the Grid or Single column display control,

you can define the fields by which cross-referenced records
should be sorted within the Lookup control.
For example, in an "Investigators" Cross-Reference question,
you could sort the display of referenced records
alphabetically by investigator name.

Configuration Section

Minimum and Specify the minimum and maximum number of records that
Maximum Selections users can select in the question.

Field Height If you selected the Single Column display control, you can
configure the height of the question in lines.
This setting impacts the display of the question only when
users add or edit records in the questionnaire. For example, if
you set the question height to three lines, and a user makes
four selections in the question, a scroll bar is displayed.

Default Records If you selected the Grid display control, you can configure
Display the number of cross-referenced records that display within
the grid. If this option is selected, only the first X records are
displayed, where X is the selected value for the Default Grid
Display field. If the number of records exceeds the default
display number, a View All link is displayed. A user can
click this link to view all of the associated records.

Date Question Options

You configure the display and functionality of a Date question using the Options tab
of the Manage Field page.
The following table describes the display and functionality options for the Date
question.
For instructions on updating these options, see Update Question Options.

Chapter 3: Questions 69
 RSA Archer GRC Platform Questionnaires

Option Description

Display Control Section

Select one of the following display controls:

l Text Box - Date Only
l Text Box - Date and Time
l Dropdown - Date Only
l Dropdown - Date and Time

Options Section

Required Field Select this option to require users to supply a value for the field
when adding or editing a record in the application. Required fields
are indicated with an icon (selected in the Appearance feature) to
alert users that they must supply a value. If this checkbox is not
selected, users can skip this field when adding or editing a record
in the application.

Auditing Select this option to display auditing information next to the field
Information each time that its value is changed. The auditing information
includes only the name of the user who made the change and the
date and time of the change. If this checkbox is not selected,
auditing information is not displayed with the field in the user
interface.

Search Results Select this option to make this field available for display in search
results. If this checkbox is not selected, you cannot include this
field in search results or reference the values in the field in search
filters.

Search Default Select this option to include the field by default in search results
Field for the application. This option does not prevent users from
removing the field from the Search Results page. Users can click
Modify in the toolbar and remove the field from the Fields to
Display section of the application's Advanced Search page.

70 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Description

Unique Field Select this option to prevent users from entering an identical value
in the field within two separate records. If a user attempts to save a
value in the field that has already been saved in the field for
another record, the user is prompted to enter a unique value.

Key Field Select this option if you want the field to serve as the key field for
the application. Only one field can serve as the key field for an
application. You can select the key field values in search results,
and users can click the values to open individual records. Once
saved, you can only clear this checkbox by selecting the Key Field
checkbox for another field in the application. Also, when you
select the Key Field checkbox for a field and save your changes,
the Required Field, Search Results, and Search Default Field
checkboxes are automatically selected.

Validate Select this option to validate the field when any field has changed
Always when saving a record. If the Validate Always option is not
selected, the field is validated only when the value in that field has
changed. See Managing Questions.

Configuration Section - Select the default date value that is displayed in the Date
field when a user adds a new record in the application. The default date value is set
on the date of record creation; the value is not affected by record edits.

None Select this option if you do not want to place a default value in the
Date field.

Current Date Select this option to display the date of record creation in the Date
field.

Future Date Select this option to display a default date value that is a specific
number of days after the date of record creation. Then enter the
specific number of days in the field to the right.

Specific Date Select this option to display a static date as the default value for
the Date field. Then enter the date in the adjacent field or click
to select the date from the Date Range dialog box.

Numeric Question Options

You can configure the display and functionality of a Numeric question using the
Options tab of the Manage Field page.
The following table describes the display and functionality options for the Numeric
question.
For instructions on updating these options, see Update Question Options.

Chapter 3: Questions 71
 RSA Archer GRC Platform Questionnaires

Option Description

Options Section

Required Select this option to require users to supply a value for the field when
Field adding or editing a record in the application. Required fields are
indicated with an icon (selected in the Appearance feature) to alert
users that they must supply a value. If this checkbox is not selected,
users can skip this field when adding or editing a record in the
application.

Auditing Select this option to display auditing information next to the field each
Information time that its value is changed. The auditing information includes only
the name of the user who made the change and the date and time of the
change. If this checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Search Select this option to make this field available for display in search
Results results. If this checkbox is not selected, you cannot include this field in
search results or reference the values in the field in search filters.

Search Select this option to include the field by default in search results for the
Default application. This option does not prevent users from removing the field
Field from the Search Results page. Users can click Modify in the toolbar and
remove the field from the Fields to Display section of the application's
Advanced Search page.

Unique Select this option to prevent users from entering an identical value in
Field the field within two separate records. If a user attempts to save a value
in the field that has already been saved in the field for another record,
the user is prompted to enter a unique value.

Key Field Select this option if you want the field to serve as the key field for the
application. Only one field can serve as the key field for an application.
You can select the key field values in search results, and users can click
the values to open individual records. Once saved, you can only clear
this checkbox by selecting the Key Field checkbox for another field in
the application. Also, when you select the Key Field checkbox for a
field and save your changes, the Required Field, Search Results, and
Search Default Field checkboxes are automatically selected.

72 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Description

Sum Field Select this option to provide a total of all values entered in the field on
the Search Results page for the application. An additional row will
appear at the bottom of the search results page that provides a total
value in the Numeric field column. The summation value represents a
grand total in all records displayed in the search results; subtotals are
not shown per page.

Numeric Select this option to enable users to filter search results in the
Ranging application based on specific ranges of values in the Numeric field. The
field will be displayed in the Field to Evaluate list in the Filters section
of the application's Advanced Search page.

Format Select this option to format the value using thousand separators.

Validate Select this option to validate the field when any field has changed
Always when saving a record. If the Validate Always option is not selected, the
field is validated only when the value in that field has changed. See
Managing Questions.

Configuration Section

Decimal Specify the number of decimal places that you want to require for
Places values entered in the field. The largest value available for this field is 6.
If a user enters a value in the Numeric field with fewer decimal places
than the number you have required, the value will be padded with
zeros. For example, if you require 3 decimal places and a user enters a
value of "4.1" in the field, the value will be displayed as "4.100" when
the record is saved. If a user enters a value in the field with more
decimal places than the number you have required, the user will not be
permitted to save the record and will be prompted to limit the number
of decimal places in the value to fit the field's requirements.

Negative Select how you want negative numbers to display. Options include the
Display following:
l (1234.56) font color = red; default option
l -1234.56 font color = red
l (1234.56) font color = black
l -1234.56 font color = black

Minimum To require users to enter values that fit within a defined range (such as
Value and between 1 and 100), enter the minimum and maximum values allowed
Maximum in the field in the Minimum Value and Maximum Value fields.
Value

Chapter 3: Questions 73
 RSA Archer GRC Platform Questionnaires

Option Description

Prefix Enter up to 10 characters of text that you want to display in front of the
numeric value. For example, you could enter a $ symbol to label the
values as dollars.

Suffix Enter up to 10 characters of text that you want to display after the
numeric value. For example, you could enter "miles" to label the values
as a measurement of distance.

Increment Select a value to add an up or down arrow control adjacent to the

By Numeric field that allows users to increment or decrement the value
entered in the field. Available options are .01, .1, 1, 10, 100, 1000, or
No Increment.

Text Question Options

You configure the display and functionality of a Text question using the Options tab
of the Manage Field page.
The following table describes the display and functionality options for the Text
question.
For instructions on updating these options, see Update Question Options.

Option Description

Display Control Section

Select one of the following display controls:

l Text Field
l Text Area

Options Section

Required Select this option to require users to supply a value for the field when
Field adding or editing a record in the application. Required fields are
indicated with an icon (selected in the Appearance feature) to alert
users that they must supply a value. If this checkbox is not selected,
users can skip this field when adding or editing a record in the
application.

Auditing Select this option to display auditing information next to the field each
Information time that its value is changed. The auditing information includes only
the name of the user who made the change and the date and time of the
change. If this checkbox is not selected, auditing information is not
displayed with the field in the user interface.

74 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Description

Search Select this option to make this field available for display in search
Results results. If this checkbox is not selected, you cannot include this field in
search results or reference the values in the field in search filters.

Search Select this option to include the field by default in search results for
Default the application. This option does not prevent users from removing the
Field field from the Search Results page. Users can click Modify in the
toolbar and remove the field from the Fields to Display section of the
application's Advanced Search page.

Unique Select this option to prevent users from entering an identical value in
Field the field within two separate records. If a user attempts to save a value
in the field that has already been saved in the field for another record,
the user is prompted to enter a unique value.

Key Field Select this option if you want the field to serve as the key field for the
application. Only one field can serve as the key field for an
application. You can select the key field values in search results, and
users can click the values to open individual records. Once saved, you
can only clear this checkbox by selecting the Key Field checkbox for
another field in the application. Also, when you select Key Field for a
field and save your changes, the Required Field, Search Results, and
Search Default Field checkboxes are automatically selected.

Validate Select this option to validate the field when any field has changed
Always when saving a record. If the Validate Always option is not selected, the
field is validated only when the value in that field has changed. See
Managing Questions.

Configuration Section

Chapter 3: Questions 75
 RSA Archer GRC Platform Questionnaires

Option Description

Maximum To restrict the number of characters a user can enter in the Text field,
Characters enter the maximum number of allowable characters in the Maximum
Characters field.

Input Mask If you selected the Text Field display control, you can select masked
text fields that require end users to enter data in defined formats. Select
from the following options:
l SSN. The format is ###-##-####. The mask will be configured so
the entire SSN is confined to one field.
l Telephone. The format is ###-###-#### The mask will be
configured so the entire phone number is confined to one field.
l Zip Code. The format is #####.
l Zip+4. The format is #####-####.
l IP Address v4. The format is ###.###.###.###.
l IP Address v6 Full. The format is
####.####.####.####.####.####.####.####.
l IP Address v6 Shorthand. The format is any appropriate shorthand
notation.
l Email Address. The mask is configured to require the @ character
in the text entry.

Default To prepopulate your Text field with default text, enter the default text
Value in the Default Value text box. If you want this default text to disappear
once an end user selects the Text field in Edit mode, select Remove the
default text on mouse click.

Note: Default text with the "Remove" option enabled should be used
for only instructional and informational purposes. The text will not be
saved with the record. If you would like your default text to be treated
as a standard text field entry, do not select the Remove the default text
on mouse click checkbox.

Default Select this option to remove the default text when the user clicks the
Behavior field.

Values List Question Options

You can configure the display and functionality of a Values List question using the
Options tab of the Manage Field page.
The following table describes the display and functionality options for the Values
List question.
For instructions on updating these options, see Update Question Options.

76 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Option Description

Display Control Section

Select one of the following display controls:

l Dropdown list
l Radio buttons
l Check Boxes
l Listbox
l Values popup

Options Section

Required Select this option to require users to supply a value for the field when
Field adding or editing a record in the application. Required fields are
indicated with an icon (selected in the Appearance feature) to alert
users that they must supply a value. If this checkbox is not selected,
users can skip this field when adding or editing a record in the
application.

Auditing Select this option to display auditing information next to the field each
Information time that its value is changed. The auditing information includes only
the name of the user who made the change and the date and time of the
change. If this checkbox is not selected, auditing information is not
displayed with the field in the user interface.

Search Select this option to make this field available for display in search
Results results. If this checkbox is not selected, you cannot include this field in
search results or reference the values in the field in search filters.

Search Select this option to include the field by default in search results for
Default the application. This option does not prevent users from removing the
Field field from the Search Results page. Users can click Modify in the
toolbar and remove the field from the Fields to Display section of the
application's Advanced Search page.

Chapter 3: Questions 77
 RSA Archer GRC Platform Questionnaires

Option Description

Description Select this option to display the selected value for the field as a
Links hyperlink when users view records in the application. Users can click
the linked value to read a description of the value from a pop-up
window.

Validate Select this option to validate the field when any field has changed
Always when saving a record. If the Validate Always option is not selected, the
field is validated only when the value in that field has changed. See
Managing Questions.

Configuration Section

Minimum If you selected the Check Boxes, Listbox, or Values Popup display
Selections control in the Display Control section, you can specify the minimum
and and maximum number of values that can be selected in the field. Enter
Maximum the desired number of values in the Minimum Selections and Maximum
Selections Selections fields.

Column If you selected the Radio Buttons or Check Boxes display control in
Layout the Display Control section, you can configure the number of columns
in the field by selecting the desired number of columns.

Field If you selected the Listbox display control in the Display Control
Height section, you can configure the height of the field in lines by entering
the desired number of lines in the Field Height field. If more values are
available for selection in the field than the number of lines you
specified for the field height, a vertical scroll bar will appear in the
field to enable users to view all available values.

Update Question Weighting

You can change the weight assigned to a question. The question weight is used to
generate the question score.
Question weighting is a numeric attribute that can be assigned to any Values List
question. You cannot assign a weight to other question types, such as Text,
Numeric, Date, Attachment, and Cross-Reference. When a user completes a
questionnaire, the question weight is multiplied by the numeric value of the selected
answer to produce a question score. The question scores are then combined to
determine the questionnaire score.
For more information on question weighting, see the appropriate section in
Questionnaire Terminology.

78 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab.

3. In the Field column, click the question that you want to configure.
4. Click the Question tab.
5. In the Question section, enter a value in the Weighting field.
6. Click Apply.
Link a Values List Question to Authoritative Sources
You can link a Values List question to authoritative sources with which your
company must comply, such as regulations, industry standards, common practices
and state laws. If your organization licenses the Policy Management solution, you
can link directly to records within the Authoritative Sources application. If you do
not license Policy Management but have a custom application that includes
authoritative sources, you can link to records in this application.

Important: If you do not manage authoritative source data in the Platform, disregard
the Authoritative Source References section on the Define Fields page. You cannot
use this feature.

When you link a Values List question to an authoritative source, the authoritative
source becomes a filter property for the question that you can utilize in the creation
of question display rules. These rules enable you to show or hide questions based on
the attributes of an assessment target. For example, suppose you create a Values
List question and link it to the Payment Card Industry (PCI) Data Security Standard.
You can create a question display rule specifying that questions related to PCI
should display in questionnaires for all vendors that provide payment processing
services. For more information on question display rules, see Configure Show and
Hide Rules for a Questionnaire.
Linking a question to an authoritative source also enables you to search completed
questions for instances of non-compliance with a particular regulation, industry
standard, and so on. Also, if you enable findings for the questionnaire you are
managing, the system automatically creates Findings records for questions that are
answered incorrectly, and each finding includes the associated authoritative source,
enabling you to search and sort findings by source. For more information on
findings, see Auto-Generate Findings for Questionnaires.

Chapter 3: Questions 79
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field column, click the question that you want to
configure.
3. Click the Question tab.
4. If the application that contains your authoritative sources does not display in the
Application column, click the Manage References link in the Authoritative
Source References section and perform the following steps to create a
reference to your authoritative source application:
a. In the Authoritative Sources section, click Add New.
The Manage Authoritative Source List page is displayed.
b. Click Add New.
A listing of applications is displayed.
c. Select one or more applications.
d. Click OK to return to the Manage Authoritative Source List page.
e. Click Save.
The Manage Field page is displayed.
c. Click the Question tab if it is not already displayed.
5. To link the question to a specific record within your designated authoritative
sources application, click Select in the Authoritative Source References
section.
The Record Lookup dialog box opens.
6. Select the authoritative source that you want to link to your question:
a. Scroll through the list of available authoritative sources, or click Show
Filters, and enter keywords to narrow the list.
b. Once you locate the authoritative source that you want to link to your
question, select the checkbox for that source. You can select multiple
checkboxes.
7. Click OK to return to the Manage Field page.
8. To remove a selected authoritative source reference, click in the Reference

80 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

column
9. Click Apply.
Link a Values List Question to Control Standards
You can link a Values List question to control standards, which are mandatory
directives for carrying out corporate security policies and are used to measure
policy compliance.

Important: This option is available only if your organization licenses the Policy
Management solution, which includes a Control Standards application. If you do not
license Policy Management, the Control Standards control is not displayed, and you
cannot use this feature.

When you link a Values List question to a control standard, the standard becomes a
filter property for the question that you can utilize in the creation of question display
rules. These rules enable you to show or hide questions based on the attributes of an
assessment target. For example, if you create a Values list question and link it to
your Password Changes control standard. You can create a question display rule
specifying that questions related to Password Changes should display in
questionnaires for all applications that require user logon. For more information on
question display rules, see Configure Show and Hide Rules for a Questionnaire.
Linking a question to a control standard also enables you to search completed
questions for instances of non-compliance with a particular standard. Also, if you
enable findings for the questionnaire that you are managing, the system will
automatically create Findings records for questions that are answered incorrectly,
and each finding will include the associated control standard, enabling you to search
and sort findings by standard. For more information on findings, see Auto-Generate
Findings for Questionnaires.

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

3. Click the Fields tab and in the Field column, click the question that you want to
configure.
4. Click the Question tab.

5. In the Control Standards section, click in the Reference column.

The Record Lookup dialog box opens.

Chapter 3: Questions 81
 RSA Archer GRC Platform Questionnaires

6. Select the control standard that you want to link to your question:
a. Scroll through the list of available control standards, or click Show Filters
and enter keywords to narrow the list.
b. Once you locate the control standard that you want to link to your question,
select the checkbox for that standard. You may select multiple checkboxes.
7. Click OK to return to the Manage Field page.

8. To remove any selected control standard references, click and in the Record
Lookup dialog box, clear the checkboxes or any record references that you want
to remove and click Apply.
9. Click Apply.
Define Answers for a Values List Question
You can define answers for a Values List question, either by adding answers
manually or importing them from an .xml file. You can create any number of
answers for a single question, and each answer can have a unique set of attributes,
including a default status, an assigned numeric value, text color, and more.
For more information on questionnaire-level answer lists, see Work with
Questionnaire Values Lists.
For example, suppose that you are managing the question, "Are intrusion alarms in
place and monitored by appropriate authorities in case of unauthorized access to
your facilities?" You could create the following answers for assessors to choose
from:
l Yes, all facilities have monitored intrusion alarms in place.
l Yes, but not at all facilities.
l No, we have not implemented intrusion alarms at our facilities.

Important: The Answers tab enables you to create and edit custom answers that are
unique to the question you are managing. If you have selected to use a questionnaire
values list rather than a custom list for the question, you also can create and edit
answers in that shared list. Be aware that any changes that you make to a
questionnaire values list impacts every question that uses the list. If you need to add
or edit answers for a question that uses a questionnaire values list but you do not
want your changes to impact other questions, RSA Archer recommends that you
delete the question and recreate it to use a custom answer list. You can then create
the appropriate answers for the question without affecting any others.

82 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field Name column, click the field whose
properties you want to define.
3. Click the Answers tab.
4. Do one of the following:
l To add a new answer, click Add New.
The fields in the Properties area are reset.
l To edit an existing answer, click the answer in the Text Value column.
The fields in the Properties area display the attributes of the selected
answer.
5. In the Text Value field, enter the answer text, for example, "Yes".
6. In the Description field, enter a description for the answer.
7. To make the answer unavailable for selection, clear the Active checkbox.
If users have already selected the answer within a questionnaire, those
selections are reserved. Inactivating an answer is a good way to retain historical
data while limiting future selections. By default, the Active checkbox is
selected and the answer is available for selection in the questionnaire.
8. Select the Default Selection checkbox to configure this answer as the default
selection for users.
9. To associate a numeric value with the answer, in the Numeric Value field,
enter the appropriate number in this field.
For example, you could associate the number 10 with the answer "Yes." The
Numeric Value field accepts positive, negative, and decimal values. You can
reference these numeric values in calculated field formulas for custom
questionnaire scoring. This value also is factored into the standard questionnaire
scoring.

10. To display the answer in a specific color, click in the Text Color field
and select the color.
If you associate a color with an answer, the color is displayed in questionnaire
records in view mode. Answers are not displayed in color when users fill out a
questionnaire.

Chapter 3: Questions 83
 RSA Archer GRC Platform Questionnaires

11. To set the answer as the correct answer for all questions that utilize the list,
select the checkbox in the Correct field.
12. To include an image to represent the answer, such as a green checkmark for the
value "Yes," click Add in the Image field, select a graphic and click OK.
If you associate an image with an answer, the image is displayed in
questionnaire records in view mode in place of the value name. Answers are not
displayed as an image when users fill out a questionnaire.
13. To require users to enter an explanation when they select the answer, select the
checkbox in the Other field.
When selected, a text box is displayed next to the question when the user
selects this answer. The user must then enter comments in this text box.

Important: You may select Other for only one answer per answer list. If you
create another answer and select the Other checkbox, the checkbox is cleared
for the first answer. If users have already provided comments for the first
answer while filling out a questionnaire, those comments will be lost.

14. Click Save in the Properties area.

The answer is displayed in the tree in the Structure area.
15. Click Apply.
Change the Display Order for Values in a Questionnaire Values List
You can define the order in which the answers in Values List questions are
displayed in questionnaires.
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field Name column, click the field whose
properties you want to define.
3. Click the Answers tab.
4. From the Sort Order drop-down list, select one of the following options:
l Custom. Answers display in the specific order you define. To adjust the
order of answers, drag and drop the answers in the Structure area.
l Ascending. Answers display in ascending alphanumeric order. For example,
the answers "High," "Medium" and "Low" would be displayed in the
following order: High, Low, Medium.

84 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

l Descending. Answers display in descending alphanumeric order. For

example, the answers "High," "Medium" and "Low" would be displayed in
the following order: Medium, Low, High.
l Random. Answers display in a different order within every questionnaire
record. This prevents the user from recognizing patterns in the display of
answers or making assumptions about answers due to their presentation
order.
5. Click Apply.
Import Values into a Questionnaire Values List
If there is a questionnaire values list in another questionnaire that you want to reuse
in the questionnaire that you are currently managing, you can export those answers
and their properties to an .xml file and import them. You also can export global or
field-specific values lists from applications for reuse in a questionnaire. You then
can import the values into your questionnaire values list by clicking Import on the
Manage Questionnaire Values List page and selecting the .xml file that contains the
values and attributes that you want to import.

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field Namecolumn, click the field whose
properties you want to define.
3. Click the Answers tab.
4. Click Import.
The File Upload dialog box opens.

Note: To export a values list for use in another questionnaire, click the Export
link. Save the resulting XML to a location where you can easily find it later.

5. Click Add New.

6. In the Open dialog box, select the .xml file that you want to import and click
Open.
The file displays in the File Upload dialog box.
7. Click OK.
The file is uploaded and the values list is imported.

Chapter 3: Questions 85
 RSA Archer GRC Platform Questionnaires

8. Click Save.

Update Question Text

You can update the question text that is displayed to end users when they fill out a
questionnaire or view the results of a completed questionnaire. For example, you
could change the question "Is all data stored on this server encrypted?" to "Is all
confidential data stored on this server encrypted?"

Important: If you change the text of a question that has already been answered in
one or more questionnaire records, the question is updated in the existing saved
questionnaire records and may invalidate the answers. Take caution in modifying
question text if your changes alter the meaning of the question.

If you are working with a Values List question, the Question tab also provides a
control for applying a numeric weight to the question. (You cannot assign a weight
to other question types, including Text, Numeric, Date, Attachment, and Cross-
Reference). When a user completes a questionnaire, the question weight is
multiplied by the numeric value of the selected answer to produce a question score.
See Update Question Weighting.
For an overview of the complete configuration process, see Configuring Questions.

Before You Begin

l Create a New Question in a Questionnaire
l Update Question Options

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field Name column, click the field whose
properties you want to define.
3. Click the Questions tab.
4. In the Question Text field, make the appropriate changes to your question.
5. From the Category list, select an appropriate category for the question. If
necessary, click Edit to modify the list of categories.

86 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

6. In the Format Style field, select from the following options:

l Horizontal Display
l Horizontal Hide
l Vertical Display
l Vertical Hide
7. If you are working with a Values List question and want to assign a numeric
weight to the question, enter the appropriate value in the Weighting field.
This field accepts decimals and whole numbers but does not accept negative
values. For more information on how numeric weights are utilized in scoring a
questionnaire, see Questionnaire Terminology.
8. Click Apply.

Next Steps
Update Question Filter Properties

Update Question Filter Properties

You can create and assign any number of filters to a question. You can apply the
filters that you create for one question to any other question in the same
questionnaire. However, you cannot share filter properties between questionnaires.
For an overview of the complete configuration process, see Configuring Questions.

Before You Begin

Create a New Question in a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field Name column, click the field whose
properties you want to define.
3. Click the Questions tab.
4. Do one of the following:
l To apply an existing filter to the current question, in the Question Filter
Properties section, click in the Values column for that filter and select

Chapter 3: Questions 87
 RSA Archer GRC Platform Questionnaires

the specific filter value that applies to your question. To remove a filter from
the question, click to the right of the filter value.
l To add a new filter, click Add New.

Important: Do not click to remove a filter from the current question. Doing
so will permanently delete the filter for all questions that use it. Instead, use
to remove the filter from the current question while preserving its application to
other questions. If the Value column for a filter is blank, that filter is not applied
to the current question.

5. In the Name field, enter a name for the filter.

6. In the Description field, enter a description for how the filter should be used.
7. Click Apply to save the filter.
You now can add filter values.
8. In the Filter Values section, click Add New.
9. In the Value field, enter the value text and click Apply.
10. To add any additional values as needed, in the Filter Values section, click Add
New .
11. Click Save on the Edit Filter Property page to return to the Manage Field page.

12. In the Question Filter Properties section, click to the right of the filter that
you just created.
13. Select one or more filter values to apply to the question and click Apply.

Next Steps
Update the Help Text for a Question

Update the Help Text for a Question

You can configure the Help text that is displayed to users when working with a
field. Help text helps users understand what values should be provided for a field.
For an overview of the complete configuration process, see Configuring Questions.

Before You Begin

Create a New Question in a Questionnaire

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.

88 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab.

3. In the Field column, click the question that you want to configure.
4. Click the Help Text tab.
5. In the Help Text field, enter the text that you want to be presented to the user.
This text should help the user understand what information to provide in the
field.
6. In the View Display Options field, select one of the following options to
indicate how the Help text should be displayed when the user displays a record
in View mode:
l None
l Above
l Below
l Tooltip
l Icon
7. In the Edit Display Options field, select one of the following options to indicate
how the Help text should be displayed when the user displays a record in Edit
mode:
l None
l Above
l Below
l Tooltip
l Icon
8. Click Save.

Categorize a Question
You can assign a question to a category for organizational and filtering purposes,
such as Access Control, Business Continuity, and Risk Management. This enables
you to group and view the results of a questionnaire by category.
If you enable Findings for the questionnaire that you are managing, the system
automatically creates Findings records for questions that are answered incorrectly,
and each finding includes the associated question category, enabling you to search
and sort findings by category. For more information on findings, see Auto-Generate
Findings for Questionnaires.

Chapter 3: Questions 89
 RSA Archer GRC Platform Questionnaires

A key use of question categories is in the creation of question display rules. You
can define rules to show or hide questions when end users fill out a questionnaire
based on attributes of the target they are assessing. For example, suppose you have
defined a question display rule for a questionnaire that assesses targets in your
Assets application. The question display rule specifies that if an asset contains
confidential customer data, the questionnaire should display all questions in the
Access Control category. When an asset manager in your organization fills out the
questionnaire to assess the security of a server that houses confidential customer
data, the asset manager will be prompted to answer the Access Control questions
you have selected for display. For more information on question display rules, see
Configure Show and Hide Rules for Questionnaires.

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Fields tab and in the Field Name column, click the field whose
properties you want to define.
3. Click the Question tab.
4. In the Category field, select the appropriate category for the question. A
question can belong to only one category.
5. To create a new category:
a. Click Edit to the right of the category field.
The Edit Filter Property: Category page is displayed.
b. In the Filter Values section, click Add New.
c. In the Value field, enter the category name and click Apply.
d. Close the Edit Filter Property page.
6. Click Save.

90 Chapter 3: Questions
 RSA Archer GRC Platform Questionnaires

Chapter 4: Findings

Managing Findings
Findings is an application that is used to auto-generate records from questionnaires.

Important: The Control Standards application must be licensed for findings to be

generated for core questionnaires.

When the Findings feature is enabled, a record is created in the Findings application
each time a user answers a question incorrectly in the questionnaire. This enables
you to view reports to determine the risk associated with specific targets.
Findings are not a required component of your assessment process, but by enabling
findings, you gain valuable insight into areas of non-compliance within your
organization. Each finding generated by the system is prepopulated with the:
l Question that was incorrectly answered.
l Incorrect answer the user selected.
l Specific target of the assessment.
l Questionnaire record in which the question was incorrectly answered.
l Authoritative source related to the question that was incorrectly answered (if
applicable).
l Control standard related to the question that was incorrectly answered (if
applicable).

This prepopulation of Findings records enables you to report on areas of non-

compliance by target, questionnaire, question, authoritative source, and control
standard. As you remediate findings, you also can monitor areas of improvement in
your organization's compliance posture.
Findings can be generated only for Values List questions since this is the only type
of question that can have correct and incorrect answers. All findings are stored in a
central Findings application, and this application is automatically cross-referenced
to your questionnaire when you select to enable findings, which enables you to view
all findings related to a specific questionnaire record.

Note: Consider adding the Findings application to the same solution as your
questionnaire. This allows you to access the Findings application from the
Navigation Menu for the purposes of searching and managing records.

For information about configuring findings, see Configuring Findings.

Chapter 4: Findings 91
 RSA Archer GRC Platform Questionnaires

Configuring Findings
When you configure findings generation for a questionnaire, you must define the
specific conditions within the questionnaire that should trigger findings creation. By
default, findings are created for a questionnaire record when the value in the
Submission Status field is changed to Submitted. You can change this default
condition, or you can create additional conditions that will trigger findings creation.
For example, you can generate findings when a questionnaire record is submitted
and when it is approved. If multiple conditions are defined, all of them must be met
in order to trigger findings creation. Note that a finding is created only once for
each incorrectly answered question. So if a finding is created for a question when
the questionnaire is submitted and that same question is still incorrectly answered
when the questionnaire record is marked Approved, the system does not create
another finding for that question.
As an optional step, you can create static or dynamic content that is displayed in the
Description field in all findings generated for the questionnaire. For example, you
could enter the following: "The question '[Question]' was answered incorrectly. The
answer provided was '[Answer].'" The [Question] and [Answer] elements in this
text display the specific question that was answered incorrectly and the answer the
user provided. So the text might be displayed in a Findings record as: "The question
'Is strong encryption used for restricted information?' was answered incorrectly.
The answer provided was 'No'."
You can perform the following Findings-related tasks:
l Auto-Generate Findings for Questionnaires
l Categorize a Question
l View Findings from a Questionnaire
l Remediate a Finding
l Accept the Risk of a Finding

Auto-Generate Findings for a Questionnaire

You can configure a questionnaire to automatically generate findings when a user
answers one or more questions incorrectly while filling out the questionnaire.
Your organization then can remediate individual findings through tasks or
exceptions, according to your risk and compliance management processes. For more
information on findings, see Managing Findings.

Before You Begin

Create a Questionnaire

92 Chapter 4: Findings
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the questionnaire that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Questionnaires.
c. Click the questionnaire.

Note: If the name is not linked, you cannot edit the questionnaire.

2. Click the Properties tab.

3. Click the Findings tab.
4. In the Generation section, select Enable automatic generation of findings
based upon answers within the questionnaire.

Note: If you do not enable findings for a questionnaire, the Quantitative

Summary section within individual questionnaire records are not included in the
Findings column.

5. In the Findings Generation Condition section, specify the conditions that

should trigger findings generation:
a. In the Field To Evaluate column, select the field to evaluate for one or
more specific values.
To create additional conditions, click Add New.
b. In the Operator column, select the filter operator.
c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic
to your search criteria.
6. In the Findings Generation section, enter the default text to be displayed in the
Description field of Findings records.
By default, the Description field within individual Findings records is populated
with information about the question that was answered incorrectly. You can
modify the default text using any of the following dynamic elements:
l [Question Name]. This element is the question label, not the question text.
For example, the question name might be "Encryption 1" for the following
question text: "Is strong encryption used for restricted information?"
l [Question]. This element is the question text, such as "Is sensitive
cardholder data securely disposed of when no longer needed?"
l [Answer]. This element is the incorrect answer the user provided, such as
"No, we do not dispose of cardholder data."

Chapter 4: Findings 93
 RSA Archer GRC Platform Questionnaires

l [Weighted Score]. This element is the weighted score for the question,
which the system generates by multiplying the question weight and the
numeric value associated with the incorrect answer.
7. Click Apply.

Next Steps
Work with Questionnaire Values Lists

View Findings from a Questionnaire

If you enabled Findings for a questionnaire (see Auto-Generate Findings for a
Questionnaire), you can view the related findings from the questionnaire record
page. Findings are displayed in the Quantitative Summary section of the
Questionnaire as well as in the Findings cross-reference field.

Important: To work with Findings, your user account must have access to both the
questionnaire and to the Findings application.

Procedure
1. Select the finding that you want to manage:
a. In the Navigation pane, expand the questionnaire and click Display All.
The individual questionnaires associated with that questionnaire are
displayed on the Search Results page.
b. Click the questionnaire for which you want to display findings.
2. Expand the Findings section.
3. Click the Finding ID for the Finding record that you want to view.
The Findings page is displayed with information for that record.
4. To close a finding, you must do one of the following:
l Remediate a Finding.
l Accept the Risk of a Finding.

Remediate a Finding
To remediate and close a Finding, associate the Finding record to a Remediation
Plan record. These steps apply to a default questionnaire. Your administrator may
have customized the questionnaire.

Important: To work with Findings, your user account must have access to both the
questionnaire and to the Findings application.

94 Chapter 4: Findings
 RSA Archer GRC Platform Questionnaires

Procedure
1. Select the finding that you want to manage:
a. In the Navigation pane, expand the questionnaire and click Display All.
The individual questionnaires associated with that questionnaire are
displayed on the Search Results page.
b. Click the questionnaire for which you want to display findings.
2. Expand the Findings section.
3. Click the Finding ID for the Finding record that you want to view.
The Findings page is displayed with information for that record.
4. Click Edit.
5. In the Description section, click the Response field and click Remediate
Risk.
6. Complete the fields in the Remediation section:
a. To add a new Remediation Plan record, click Add New.
b. Complete the fields provided and click Save to save the Remediation Plan to
the Findings record.
c. In the Remediation Validated field, select Yes.
7. Continue to update the Findings record as needed. Depending on your
organization, you may also need to update the values in the Workflow section.
8. Click Save.
The status of the Findings record is changed to Close.

Accept the Risk of a Finding

To accept the risk of a finding and close the Finding record, link it to an Exception
Request record.

Note: These steps apply to a default questionnaire. Your administrator may have
customized the questionnaire.

Important: To work with findings, your user account must have access to both the
questionnaire and to the Findings application.

Procedure
1. Select the finding that you want to manage:
a. In the Navigation pane, expand the questionnaire and click Display All.
The individual questionnaires associated with that questionnaire are

Chapter 4: Findings 95
 RSA Archer GRC Platform Questionnaires

displayed on the Search Results page.

b. Click the questionnaire for which you want to display findings.
2. Expand the Findings section.
3. Click the Finding ID for the Finding record that you want to view.
The Findings page is displayed with information for that record.
4. Click Edit.
5. In the Description section, click the Response field and click Accept Risk.
The Exception Request section is displayed.
6. To link the Finding record to an existing Exception Request, in the Exception
Request section, click Lookup, select the appropriate record and click OK.
The Findings page is displayed with the Status field set to Closed.
7. To create a new Exception Request record:
a. In the Exception Request section, click Add New and complete the fields
on the Exception Request page.
b. Click Save to save the Exception Request record.
The Findings page displays with the Status field set to Closed.
8. Click Save.

96 Chapter 4: Findings
 RSA Archer GRC Platform Questionnaires

Chapter 5: Reports

Questionnaire Reports
The following table describes the reports available for each questionnaire within the
Platform. You can find these reports by clicking for the questionnaire on the
Manage Questionnaires page.

Report Description

Question Detail This report lists each question within a questionnaire, along with their
attributes. For Values List questions, the report also shows each
answer and its attributes.

Questionnaire This report presents a bar chart indicating the answers for each Values
Answer List question and the distribution across all responses. You can filter
Distribution by the report by questionnaire, category, or question. You also can click
Question the question to view the Questionnaire Results By Question Detail
report, which contains information about each question.

Questionnaire This report shows the configuration, including the formula, for each
Calculation calculated field within a questionnaire.
Summary

Questionnaire This report presents a bar chart of the compliance percentage for each
Compliance by authoritative source within one questionnaire or across questionnaires.
Authoritative You can filter the report by questionnaire. You also can click the
Source Chart category to view the Questionnaire Results by Authoritative Source
report.

Questionnaire This report presents a bar chart of the compliance percentage for each
Compliance by category within a questionnaire. You can filter the report by
Category Chart questionnaire. You can click the category to view the Questionnaire
Results by Category report.

Questionnaire This report presents a bar chart of the compliance percentage for each
Compliance by question within a questionnaire. You can filter the report by
Question Chart questionnaire or category. You also can click the category to view the
Questionnaire Results by Question report.

Questionnaire This report lists the custom objects and their associated content
Custom Object within a questionnaire.
Summary

Chapter 5: Reports 97
 RSA Archer GRC Platform Questionnaires

Report Description

Questionnaire This report lists the data driven events within a questionnaire,
Data Driven including the description, action types, and status.
Events
Summary

Questionnaire This report provides detailed information about each field within a
Detail questionnaire.

Questionnaire This report shows the configuration of each field within a

Field Detail questionnaire.

Questionnaire This report shows the notification templates associated with a

Notification questionnaire and the configuration for each, including the assigned
Detail users and groups.

Questionnaire This report provides a summary of the access control rights for private
Private Fields fields within a questionnaire. It lists all private fields that give a user
or group full access, cascade, or read-only privileges.

Questionnaire This report shows the record permissions configurations within a

Record questionnaire for manual selection, inherited permissions, and
Permissions automatic selection Record Permissions fields.
Summary

Questionnaire This report lists the results associated with each authoritative source
Results by attributed to one questionnaire or across questionnaires. You can filter
Authoritative the report by questionnaire, category, or authoritative source. You
Source also can click the key field to view general and reference content
information about the field.

Questionnaire This report lists the results associated with each category within a
Results by questionnaire. You can filter the report by questionnaire or category.
Category You also can click the category to view the Questionnaire Results by
Question report.

98 Chapter 5: Reports
 RSA Archer GRC Platform Questionnaires

Report Description

Questionnaire This report lists the results associated with each question within a
Results by questionnaire. You can filter the report by questionnaire, category, or
Question question. You also can click the question name to view the
Questionnaire Results by Question Detail report, which contains more
information about the question.

Questionnaire This report presents a bar chart of the score for each authoritative
Score by source within one questionnaire or across questionnaires. You can
Authoritative click the authoritative source to view the Questionnaire Results by
Source Chart Authoritative Source report.

Questionnaire This report presents a bar chart of the score for each category within a
Score by questionnaire. You can filter the report by questionnaire. You also
Category Chart can click the category view the Questionnaire Results by Category
report.

Questionnaire This report lists all field types within a questionnaire. It includes a
Summary by count of each field type and the calculated fields as well as the total
Field Type number of standard and calculated fields.

Questionnaire This report lists the values and configuration for each Values List
Values List field within a questionnaire.
Summary

Chapter 5: Reports 99
RSA Archer GRC Platform 5.4
Solutions
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Solutions

Contents

Preface 5
About this Guide 5
Product Documentation 7
Support and Service 7
Chapter 1: Solutions 9
Create a Solution 9
Update the General Properties of a Solution 9
Select Applications and Questionnaires for a Solution 10
Attach Documentation to a Solution 11
Chapter 2: Reports 13
Solution Reports 13
Solution Diagram Abbreviations 17

3
 RSA Archer GRC Platform Solutions

Preface

About this Guide

The Application Builder provides the ability to create solutions, which are groups of
related applications that work together to address a particular business need. The
RSA Archer Policy, Asset, Threat, and Incident Management products are all
examples of solutions that your organization may already be using. However, you
also can create your own solutions to organize custom applications into “application
groups.” For example, you could create a Customer Relationship Management
solution that houses the following applications: Accounts, Contacts, Opportunities,
and Projects. By grouping these applications into a solution, you can access the
applications together from the Navigation Menu, keyword search the applications as
a single entity from the Quick Search feature, access reports for the applications
using a Solution filter on the Master Reports Listing, and more.

Note: A single application can be grouped into multiple solutions. For example, a
Contacts application could be placed in a Vendor Management solution, a Customer
Relationship Management solution, and a Service Request solution. By grouping a
single application into multiple solutions, you can reuse the same information for a
variety of purposes.

Solutions are displayed as branches in the Navigation Menu on the left side of the
screen. When you click a solution branch, the Navigation Menu displays all
applications grouped in that solution, as shown in the following figure.

Preface 5
 RSA Archer GRC Platform Solutions

The Navigation Menu can be further customized to display only solutions related to
a particular workspace. For example, if you have a Policy Management workspace
that displays information related to the Policy Management solution, the Navigation
Menu could be configured to display only the Policy Management solution when
users view this workspace, as shown in the following figure.

In addition to the Navigation Menu, the Quick Search feature in the top frame of the
user interface also makes use of solutions. By entering keywords and selecting a
solution from the adjacent list, you can keyword search in all applications housed
within a solution.
The process of creating a solution involves selecting applications for inclusion and
attaching documentation to it, such as design specifications, sign-off forms, and so
on.
You can perform the following tasks to manage solutions:
l Create a Solution to Group Applications
l Attach Documentation to a Solution
l Update the General Properties of a Solution
l Select Applications and Questionnaires for a Solution

6 Preface
 RSA Archer GRC Platform Solutions

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

Preface 7
 RSA Archer GRC Platform Solutions

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

8 Preface
 RSA Archer GRC Platform Solutions

Chapter 1: Solutions

Create a Solution
You can create a solution to group-related applications. For example, RSA Archer
created a Policy Management solution to group the following applications:
Corporate Objectives, Policies, Control Standards, Authoritative Sources,
Baselines, Exception Requests, and the Question Library.
When creating a solution, you select the applications that you want to be grouped in
that solution and determine which applications display in the Navigation Menu.

Note: A single application can be grouped into more than one solution.

Procedure
1. Navigate to the Manage Solutions page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Solutions.
2. Click Add New in the toolbar.
The Add Solution dialog box opens.
3. Do one of the following:
l To use the settings of an existing solution as a starting point for your new
solution, select Copy an Existing Solution and select the existing solution
from the Solution list.
l To select new settings for a solution, select Create a new Solution from
scratch.

Note: When you create a solution, a workspace is also automatically created to

support the solution. A system-specific iView for the new workspace is
displayed by default.

4. Click OK.
The Manage Solution page is displayed.

Next Steps
Update the General Properties of a Solution

Update the General Properties of a Solution

You can set basic properties of a solution, including name, description, and status.

Chapter 1: Solutions 9
 RSA Archer GRC Platform Solutions

Before You Begin

Create a Solution

Procedure
1. Select the solution that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Solutions.
c. In the Solution name column, click the solution.
2. Complete the General Information section:
a. In the Name field, enter a name for the solution.
b. In the Description field, enter a description of the solution.
This description is displayed on the Manage Solutions page.
c. In the Status field, select Inactive to prevent anyone from using this
solution. Otherwise, select Active.
3. Click Apply.

Next Steps
Select Applications and Questionnaires for a Solution

Select Applications and Questionnaires for a Solution

You can specify the applications and questionnaires in a solution, which is a group
of related applications and questionnaires that work together to address a particular
business need.

Before You Begin

l Create a Solution
l Update the General Properties of a Solution

Procedure
1. Select the solution that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Solutions.
c. In the Solution name column, click the solution.
2. In the Applications section, click Add New.
3. Click the Applications tab and select the application that you want to include in
the solution.

10 Chapter 1: Solutions
 RSA Archer GRC Platform Solutions

4. Click the Questionnaires tab and select the questionnaire that you want to
include in the solution.
5. Click OK.
The applications and questionnaires that you selected are displayed in the
Applications section.
6. (Optional) If you do not want an application or questionnaire that is grouped in
the solution to display within the Navigation Menu, clear the Menu Display
checkbox in the Applications section. By default, all applications and
questionnaires grouped in a solution are displayed beneath the solution branch in
the Navigation Menu.
7. (Optional) If you do not want an application or questionnaire that is grouped in
the solution to be searchable through the Quick Search feature in the top frame
of the user interface, clear Quick Search in the Applications section. By
default, all applications and questionnaires grouped in a solution are searchable
from the top frame.

Note: Because a single application can be grouped into more than one solution,
you can enable Quick Search for an application in one solution while disabling
Quick Search for the same application in another solution.

8. Click Apply.

Next Steps
Attach Documentation to a Solution

Attach Documentation to a Solution

You can attach documentation to a solution, such as design documents, sign off
information, and so on. For each file that you attach, you can view the name, size,
type, and upload date.

Before You Begin

l Create a Solution
l Update the General Properties of a Solution
l Select Applications and Questionnaires for a Solution

Procedure
1. Select the solution that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Solutions.
c. In the Solution name column, click the solution.

Chapter 1: Solutions 11
 RSA Archer GRC Platform Solutions

2. Click Add New in the Documentation section.

The File Upload dialog box opens.
3. Click Add New and in the File Upload dialog box, select the file or files to
upload .
4. Click OK.
The file or files are attached.
5. Click Save.

12 Chapter 1: Solutions
 RSA Archer GRC Platform Solutions

Chapter 2: Reports

Solution Reports
The following table describes the reports available for each solution in the Platform.
You can access these reports by clicking Reports on the Manage Solutions page.

Important: To view the Solution Diagram reports, you must have a copy of
Microsoft Office Visio or Visio Viewer installed on your computer. Select to
enable macros the first time a drawing is opened, which ensures proper placement
of the connectors on the drawing. Once the drawing is saved after enabling macros
the first time it was opened, the settings are saved and the drawing is displayed
properly on subsequent openings regardless of your choice to enable or disable
macros when opening the file.

For a description of the abbreviations that are used in the solution diagram reports,
see Solution Diagram Abbreviations.

Chapter 2: Reports 13
 RSA Archer GRC Platform Solutions

Report or Diagram Description

Roles by Solution This report provides a summary of the access

control rights assigned to the applications in the
solution. For each application, you can view all of
the associated roles and their respective content
access. You can filter this report by solution,
application or role.

Solution Diagram - All This diagram produces a Visio diagram that

Fields contains the applications in a solution with all of
the fields listed. Arrows in the diagram represent
cross-reference relationships among applications and
fields, along with the following information for
each application:
l Application name
l Application ID and GUID
l Application status (Production, Development,
and so on)
l Number of records by data level
l Names of the key fields
l Names of all fields with their field type
l Names of all global Values List fields with the
name of the global values list

Arrows in the diagram represent relationships

among applications and questionnaires across
solutions.

Solution Diagram - All This diagram shows the solutions contained in the
Solutions system with their IDs and GUIDs, and a listing of
all applications contained in each solution. Arrows
in the diagram represent relationships among
applications and questionnaires across solutions.

14 Chapter 2: Reports
 RSA Archer GRC Platform Solutions

Report or Diagram Description

Solution Diagram - This diagram shows the solutions contained in the

Application system with their IDs and GUIDs, and a listing of
Relationships by all applications contained in each solution. Arrows
Solution in the diagram represent cross-reference
relationships among applications and questionnaires
contained in the solutions.

Solution Diagram - This report produces a Visio diagram that shows the
Application Summary solution name, instance name, and Platform version
number, along with the following information for
each application:
l Application name
l Application ID and GUID
l Application status (Production, Development,
and so on)
l Number of records by data level

Arrows in the diagram represent cross-reference

relationships among applications.

Chapter 2: Reports 15
 RSA Archer GRC Platform Solutions

Report or Diagram Description

Solution Diagram - This report produces a Visio diagram that shows the
Field Statistics solution name and Platform version number, along
with the following information for each application:
l Application name
l Application ID and GUID
l Application status (Production, Development,
and so on)
l Number of records by data level
l Total number of fields
l Number of fields by type (Date: 2, Numeric 3,
and so on)

Arrows in the diagram represent cross-reference

relationships among applications.

Solution Diagram - This report produces a Visio diagram that shows the
Relationship Fields solution name, instance name, and Platform version
number, along with the following information for
each application:
l Application name
l Application ID and GUID
l Application status (Production, Development,
and so on)
l Number of records by data level
l Names of the key fields
l Names of all relationship fields (Cross-Reference,
Related Records, and Cross-Application Status
Tracking) with their field type
l Names of all global Values List fields with the
name of the global values list

Arrows in the diagram represent cross-reference

relationships among applications.

16 Chapter 2: Reports
 RSA Archer GRC Platform Solutions

Report or Diagram Description

Solution Diagram - This diagram shows the solutions contained in the

System Solution system with the solution IDs and GUIDs. Arrows in
Summary the diagram show the relationships among
applications and questionnaires across solutions.

Solution Summary This report provides a listing of applications and

questionnaires in the solution and their descriptions.
For leveled applications, the level names and
descriptions also are listed.

Solution Diagram Abbreviations

The following table lists the abbreviations used for field types within the Solution
Diagram reports.

Field Type Abbreviation

Attachment Att

Cross-Application Status Tracking CAST

CAST Scorecard (ID: 1001) SC

Cross-Reference XRef

Field-specific Values List VL

Date D

Discussion Disc

External Links EL

First Published FP

Global Values List GVL

History Log HL

Image Img

Internal reference IRef

Chapter 2: Reports 17
 RSA Archer GRC Platform Solutions

Field Type Abbreviation

IP Address IP

Last Updated LU

Matrix M

Numeric N

Record Permissions RP

Record Status RS

Related Records RR

Sub-Form SF

Text T

Tracking ID ID

User/Groups List U/G

Values List VL

For more information on generating a Solution Diagram report, see Solution

Reports.

18 Chapter 2: Reports
RSA Archer GRC Platform 5.4
Solutions User Guide
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Solutions User Guide

Contents

Preface 9
About this Guide 9
Product Documentation 9
Support and Service 10
Chapter 1: About RSA Archer GRC Platform 11
Document Conventions 11
Product Terminology 11
Displaying Information 13
RSA Archer Community 13
Community Features 15
RSA Archer Exchange 16
Exchange Components 17
Chapter 2: Managing User Preferences 19
User Preferences 19
Update Your User Profile 19
Set Your Time Zone 21
Change Your Password 21
Update Your Workspace Display 22
Manage Your Email Subscriptions 22
Subscription Notifications 23
Manage Your Discussion Forum Preferences 24
Update Discussion Forum Email Subscriptions 24
Access a Discussion Forum Bookmark 25
View Your Logon History 25
Review Job Queues 26
Chapter 3: Managing Searches and Reports 27
Searching and Reporting 27
Searches 27
Reports 27
Run a Quick Search 28
Advanced Search 28
Search by Keyword 29
Keyword Search Operators 30
Keyword Search File Types 34
Select Fields to Display in Search Results 34
Search Across Multiple Applications 35
Multiple Application Search Options 37
Run a Statistics Search 37
Statistical Report Functions 39
Report Functions by Field Type 41
Set Statistics Drill Down Options 43
Filter Search Results 47
Filter Operators 48
Search Filter Examples 51

3
 RSA Archer GRC Platform Solutions User Guide

Time-Based Filtering 52
Advanced Operator Logic 54
Determine the Sort Order for Search Results 56
Configuring Display Options for Search Results 58
Display Format Types 59
Display Search Results in Column Format 61
Display Search Results in Row Format 63
Display Search Results in Summary Format 64
Display Search Results in Calendar Format 65
Display Search Results in Card Format 66
Display Search Results in Map Format 67
Modifying Search Results 70
Delete Records from Search Results 71
Edit a Record from Search Results 71
Charting 72
Statistical Search Query 72
Single-Series Charts 72
Multi-Series Charts 73
Charting Toolbar 73
Charting Terminology 74
Supported Chart Types 75
Managing Charts 86
Charting Toolbar Options 96
Change the Display Format 99
Choose a Chart Type 99
Display a Chart in 3D 99
Configure Display Variations 100
Set Chart Colors 100
Define the Chart Transparency 101
Apply Shading to the Data Series 102
Enable Smart Breaks 104
Create Threshold Markers 104
Add Range Markers for Gauge Charts 105
Identify Data Point Markers for Gauge Charts 106
Configure Heat Map Display Properties 107
Configure the Chart Labels and Legend 108
Modify Chart Results with Filters 110
Drilling Down into Chart Data 110
Master Reports Listing 114
View Personal and Global Reports 114
Add a Report 115
Update a Report 115
Delete a Report 117
Working with Trended Data 117
Trending 117
Add a Trending Chart to an Application Layout 119
Enable Trending for a Field 120
View a Trending Chart in a Record 120
Chapter 4: Using the Navigation Menu 123
Navigation Menu 123

4
RSA Archer GRC Platform Solutions User Guide

Expand or Collapse the Navigation Menu 124

Expand or Collapse a Navigation Menu Node 125
Add a Record from the Navigation Menu 125
Application Search Operations of the Navigation Menu 126
Import Data from the Navigation Menu 127
Chapter 5: Working with Workspaces and Dashboards 129
Workspaces and Dashboards 129
Workspaces 129
Dashboards 129
iViews 129
Update Your Workspace Display 130
Update Your Personal Dashboard Display 131
Delete a Personal Dashboard 132
Update Your iView Display 132
Chapter 6: Working with Records 135
Records 135
Rich Text Editor Toolbar for Applications 136
Data Entry 140
Text Entry 141
Numeric Data Entry 141
Date Entry 142
Values from a Values List Selection 142
Cross-Reference Selection 143
Multiple Reference Selection 144
File or Image Attachment 145
Sub-Form Data Entry 146
User and Group Selection 147
Record Permissions Assignment 147
Matrix Value Selection 148
External Link Entry 148
IP Address Entry 149
Add a New Record 149
Copy an Existing Record 150
Edit an Existing Record 150
Format Text in a Record 151
View a History of Changes for a Record 151
Change the Status of a Task 152
Email a Record Link 153
Exporting Records 153
Standard Method 154
Mail Merge Method 155
Export a Record 155
Export a Record Using Mail Merge 156
Print a Record 157
Calculations Process Overview 158
Execute Calculations 158
Force Content Recalculation 159
Immediately Applied Calculations 160
Recalculation Conditions 160

5
 RSA Archer GRC Platform Solutions User Guide

Recalculations in View Mode 161

Recalculations in Edit Mode 161
Accept, Reject, or Reassign a Record 163
Data Imports 164
File Formats 164
Prepare for a Data Import 164
Data Import Preparation 164
Alias Names 165
File Formats for Data Imports 166
Importing Data Into Leveled Applications 167
Supported Import Data Field Types 168
Using Excel as a .CSV Editor 171
Enable End Users to Perform Data Imports 171
Importing Data Using the Data Import Wizard 172
Access the Data Import Wizard 173
Select the Data File and Import Options 173
Select Unique Record Identifiers 175
Map Import Data to Application Fields 176
Review Data Import Wizard Settings 177
Initiate Data Validation and Import 177
Data Validation Errors 179
Field Types for Data Imports 183
Chapter 7: Completing Questionnaires 187
Questionnaire Records 187
Question Formats 187
Add a New Questionnaire Record 187
Fill Out a Questionnaire Record 188
Review a Questionnaire Record 189
Chapter 8: Managing Tasks 191
Tasks 191
Create and Assign a Task 191
View Tasks Associated with a Record 192
View Your Tasks 193
Complete a Task 193
Chapter 9: Using Discussion Forums 195
Discussion Forums 195
Discussion Forums Icon Legend 196
Discussion Forums Terminology 196
Explore the Discussion Community Listing 199
Explore the Discussion Forums Listing 200
Participating in a Discussion Forum 201
Post a Message to a Discussion Forum 201
Edit a Discussion Forum Post 202
Delete a Discussion Forum Post 204
Email a Discussion Forum Post 204
Print a Post or Topic 205
Export the Contents of a Discussion Forum 206
Lock or Unlock a Topic 207
Filter and Sort Topics in a Discussion Forum 208

6
RSA Archer GRC Platform Solutions User Guide

Search for Posts in a Discussion Forum 208

Bookmark a Topic 209
Manage Discussion Forum Subscriptions 210

7
 RSA Archer GRC Platform Solutions User Guide

Preface

About this Guide

In this guide, you will find step-by-step instructions for basic navigation and system
use, including adding and editing records, searching, creating reports, customizing
workspaces, and managing notification subscriptions and contact information.

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Preface 9
 RSA Archer GRC Platform Solutions User Guide

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

10 Preface
 RSA Archer GRC Platform Solutions User Guide

Chapter 1: About RSA Archer GRC Platform

Document Conventions
The following table describes the document conventions used in the RSA Archer
Help Center.

Convention Description Example

Clear Deselect the checkbox or option If you do not want to define a

button. refresh rate for the iView, clear
Automatic Refresh.

Click Use the mouse to choose a Click the Access tab.

command or option.

Click, Drag, and Use the mouse to choose an
Drop object and then move it to the
appropriate location.
To add a field to the sub-form's
layout, select the field from the
Available Fields list, drag the
selection to the appropriate spot
in the layout and release the
mouse button.

Drill Down Obtain more information by Click the pie piece to drill down
clicking an object. into the chart data.

Enter Use the keyboard to input Enter instructional or descriptive

information. text for the field in the Help
Text field.

Select Choose the checkbox or option To set the current theme as the
button. active appearance theme for the
application, select Active
Theme.

Product Terminology
The following tables provide definitions and examples for frequently used terms in
the Platform.

Chapter 1: About RSA Archer GRC Platform 11

 RSA Archer GRC Platform Solutions User Guide

Term Definition Example

Value The smallest unit of data in the Platform.

Values can be selections from an established
list, text entries, dates, and a variety of other
formats.

Field A data collection device that stores a specific

type of value, such as a date or numeric entry.
Fields are displayed as interface controls on the
create/update record page in an application.
The Platform offers a diverse selection of field
types to support a variety of needs.

Record A collection of related field values. Records

can be used to perform a number of tasks
including tracking security incidents, providing
the latest contact information, and
documenting company policies.

Application A collection of related records, for example,

incidents, contact information, or policies. All
records in an application have the same layout,
field types, and structure, but may contain
distinct content.

Solution A grouping of applications that work together

to solve a particular business need. For
example, the RSA Archer Incident
Management Solution includes the Contacts,
Facilities, Incidents, Response Procedures, and
Whistleblower applications.

Platform A system feature that enables administrators to

Feature customize the Platform and control access to
the Platform. Examples of Platform features
include Access Control, Application Builder,
and Notifications.

12 Chapter 1: About RSA Archer GRC Platform

 RSA Archer GRC Platform Solutions User Guide

Displaying Information

Term Definition Example

Report A group of records that meet saved search criteria. When

users save search results as a named report, the users are
not actually saving the records displayed in the search
results. Instead, the search criteria that resulted in the
display of those records is saved. When a user runs a
report, all records that meet the report's search criteria at
that moment are displayed.

Chart A graphical display of a report's statistical information.

iView A small window of information that can be presented to

users. iViews can contain embedded URLs, lists of
internal and external links, reports, and other custom
content.

Dashboard A container for a distinct set of iViews. Using

dashboards, administrators can organize iViews into sets
of related content for delivery to specific user audiences.

Workspace Displayed as tabs across the top of the screen, providing

users with quick access to information relevant to job
functions.

RSA Archer Community

The RSA Archer Community is a powerful online social network that promotes
collaboration among RSA Archer product experts, clients, and partners. The
Community enables the broad user base to interact and share ideas throughout the
year, extending the value and excitement of our User Group summits to an online
environment. Join the RSA Archer Community today to network, ask questions,
share ideas and drive the future development of enterprise solutions built on the
Platform.

Chapter 1: About RSA Archer GRC Platform 13

 RSA Archer GRC Platform Solutions User Guide

The following figure shows the home page of the RSA Archer Community.

14 Chapter 1: About RSA Archer GRC Platform

 RSA Archer GRC Platform Solutions User Guide

Community Features
The following table describes the contents of the pages that you can access in the
RSA Archer Community.

Feature Description

Discussions Offers a place for members to ask questions, post comments, and
exchange best practices about product use and configuration.
Discussions are moderated by the Product Support team to ensure
that clients are able to receive quick answers to their inquiries and
that all discussion strings are professional in nature.

Documents Supplies members with an easily accessible resource library for the
latest product collateral, documentation, and training, as well as
installer packages for recent releases of the product.

Blog Provides news on industry issues and a variety of RSA Archer

topics, ranging from product enhancements to upcoming events.
Members of the RSA Archer Community can post commentary to
the Blog and rate the quality and relevance of the content.

Polls Lists the active polls with which you can be involved. Results of
each poll are also available on this page.

Events Gives Community members quick visibility into product training

programs, webcasts, summits, and other events. Community members
are encouraged to visit the this page regularly to stay up to date.

Ideas Is the primary vehicle for clients to submit product enhancement

requests. Community members can post ideas and vote on
enhancement requests that would benefit their organizations. This
easy-to-use feature is the cornerstone of the RSA Archer Community
and the driving force behind our product road map. Currently, more
than 200 of the 900 ideas submitted have been included within a
release of the Platform, with more on the way.

Videos Provides access to all of the videos available through RSA Archer.

Tags Lists the tags assigned to content on the Community. You can filter
the content list by selecting a tag from the list.

To visit the RSA Archer Community site, go to

https://community.emc.com/community/connect/grc_ecosystem/rsa_archer. If you
do not have access to this site, contact Archer Support.

Chapter 1: About RSA Archer GRC Platform 15

 RSA Archer GRC Platform Solutions User Guide

RSA Archer Exchange

The RSA Archer Exchange is a marketplace for on-demand applications, services,
content, and enterprise integration solutions developed for the Enterprise GRC. The
Exchange puts Archer clients in contact with other Platform users, product experts,
and top-tier product and service providers with the industry knowledge, professional
experience, and technical skills to deliver best-of-breed solutions to their business
problems. Through the RSA Archer Exchange, clients have an easy way to expand
their use of the Platform into new areas to unleash the full potential of the Platform.
The following figure shows the home page of the RSA Archer Exchange.

16 Chapter 1: About RSA Archer GRC Platform

 RSA Archer GRC Platform Solutions User Guide

Exchange Components
The following table describes the contents that you can access in the RSA Archer
Exchange.

Component Component

Content Exchange Allows clients to download GRC content from industry-leading

providers to power applications that rely on specialized
information. This content includes authoritative sources, question
packs, policies, business procedures, and more. Through the
Exchange, clients can quickly search, download, and import the
content they need to fuel their GRC applications.

Application Allows clients to search and download on-demand business

Exchange applications to expand their enterprise governance, risk, and
compliance (GRC) program. All applications in the Exchange
undergo stringent testing to ensure that they provide the quality,
performance, and ease of use.

Service Exchange Provides direct access to Archer-certified consultants who can assist
clients in building and enhancing applications in their GRC
environment. Representing top-tier companies, these consultants
have the industry knowledge and technical expertise to automate
complex business processes using the Platform.

Integration Provides tools for integrating external data repositories, data feeds,
Exchange and point solutions with the Platform. The Exchange provides
integration instructions and gives direct access to data feed and
solution providers whose products feed dynamic content into GRC
applications to support business processes.

To visit the RSA Archer Exchange, go to

https://community.emc.com/community/connect/grc_ecosystem/rsa_archer_
exchange. If you do not have access to this site, contact Archer Support.

Chapter 1: About RSA Archer GRC Platform 17

 RSA Archer GRC Platform Solutions User Guide

Chapter 2: Managing User Preferences

User Preferences
User preferences include user account settings, options to customize your work
environment, and access to your logon history. You can access pages that enable
you to change your preferences from the User Preferences menu.

Note: The options listed in the User Preferences menu depend on the access
privileges of your user account.

You can perform some or all of the following tasks, depending on your access
privileges:
l View Your User Profile
l Update Your Contact Information
l Change Your Password
l Update Your Localization Settings
l Set Your Time Zone
l Set Your Locale
l Set Your Language
l Update Your Workspace Display
l Manage Your Email Subscriptions
l Manage Your Discussion Forum Preferences
l View Your Logon History
l View Your Data Import History

Update Your User Profile

Complete this task to view and change your user profile properties on the View
Your User Profile page. Your user profile is the collection of user account
properties that enables you to log on to and interact with the Platform:
l General information
l Contact information
l Password
l Localization settings
l Account notes

Chapter 2: Managing User Preferences 19

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. Click Preferences in the menu strip in the top frame and select View Your
User Profile.
2. (Optional) Complete the fields in the Contact Information section.

Field Action

Address Enter your primary home address.

Company Enter your company's name.

Title Enter your job title.

Email Enter one or more email addresses. For each email address, select an
address type from the related list.

Note: The value in Default Email is used throughout the Platform

when a user's email is required, for example, when instructions are
sent for resetting your password from the User Login page.

Phone Enter one or more phone numbers. For each phone number, select a
phone type from the related list.

3. (Optional) If you have update permission, you can change your password. See
Change Your Password.
4. (Optional) If you have update permission, you can update your time zone,
locale, and language to non-default settings. Complete the fields in the
Localization section.

Field Action

Time Zone Select your preferred time zone.

Locale Select your preferred locale (language and country).

Note: The default locale set by the instance administrator is used if

the locale setting is empty or if the language associated with the
locale is not active.

Override Select and then select your preferred language for Platform
Language navigation from the Language list.
Unselect to see Platform navigation in the language to which your
associated locale is assigned.

20 Chapter 2: Managing User Preferences

 RSA Archer GRC Platform Solutions User Guide

5. (Optional) In the Account Notes section, in the Notes field, enter or update the
note text.
6. Click Apply.

Set Your Time Zone

You can update the time zone associated with your user account if you have update
permission for your account.

Procedure
1. Click Preferences in the top frame of the instance.
2. Select View Your User Profile.
3. In the Localization section, in the Time Zone list, select the time zone that
matches your physical location.
4. Click Apply.

Change Your Password

You can change your password when you are working in the Platformif you have
the Update permission for your user account. Use the following instructions to
change your password when in the Platform.
You can also change your password from the User Login page by clicking the
Reset Password? link. Follow the instructions on the User Login page to change
your password from there.

Note: For information about the password-creation rules for your user account, see
your Platform administrator.

Procedure
1. Navigate to the View Your User Profile page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select View Your User Profile.
2. In the Password section, click Change Password.

Note: The Change Password link is unavailable if you do not have the Update
permission for your user account.

3. In the Change Your Password dialog box, enter the requested information.
4. Click OK.

Note: If you enter an invalid current password or a new password that does not
meet the security parameters for your account, a message provides instructions
to help you correct the error.

Chapter 2: Managing User Preferences 21

 RSA Archer GRC Platform Solutions User Guide

Update Your Workspace Display

Complete this task to customize your workspace tab strip to only show the
workspaces that you use. You can also remove workspaces that you no longer want
to view.

Before You Begin

Learn about Workspaces and Dashboards.

Procedure
1. Navigate to the Personalize Workspace Display page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select Update Your Workspace
Display.
2. In the Select Workspaces section, from the list of available workspaces, select
each workspace that you want to display. Or, clear the checkboxes of
workspaces that you want to remove.

Note: If a checkbox is unavailable, the workspace is required. You cannot

remove required workspaces.

3. Click Apply.

Manage Your Email Subscriptions

Complete this task to subscribe to email alerts to be notified of application-related
events and activities. For example, you might want to receive an email when a
record is added or updated within a specific application.

Note: Platform administrators set up notification templates and grant permissions to

them. If you have access permissions to both the application and the notification
template, you can subscribe to receive email alerts from the application.

Before You Begin

Learn about Subscription Notifications.

Procedure
1. Navigate to the Manage Your Email Subscriptions page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select Manage Your Email
Subscriptions.

22 Chapter 2: Managing User Preferences

 RSA Archer GRC Platform Solutions User Guide

The Manage Your Email Subscriptions page shows the list of available
email notification templates. Notifications to which you are currently
subscribed are selected.
2. In the Email Subscriptions section, select each notification to which you want
to subscribe. Or, to unsubscribe from a notification, clear the checkbox.
3. For each subscription, select the email address or addresses to receive the
email:

a. In the Email field, click .

Note: Your user profile specifies the email addresses that are displayed in
this list. To update your contact information, see Update Your User Profile.

b. In the Selected list, associate one or more email addresses with the
subscription.
c. Click OK.
4. Click Apply.

Subscription Notifications
Subscription notifications enable users to receive email alerts of events or activities
related to applications.
Platform administrators use templates to configure the following characteristics of a
notification:
l Name of the application that is related to the notification
l Layout and content of the notification email
l Delivery methods and delivery frequency
l Recipients
l Filter criteria that define the trigger condition
l Read receipt request

Note: A notification template that requests a read receipt from the recipient
allows managers to track whether users are reading the notifications that they
receive.

For example, the notification template for an Issue Tracker application might
specify that an alert email be sent to all members of the Risk Response team each
time the application reports a new issue. To limit the volume of alert emails, filters
can be applied that only trigger email messages if the values "Urgent" and "High"
are selected in the Priority field.
Users can select which notifications to receive and can receive notifications on any
email-enabled device.

Chapter 2: Managing User Preferences 23

 RSA Archer GRC Platform Solutions User Guide

Manage Your Discussion Forum Preferences

Complete this task to review and update the following discussion forum
preferences:
l Email subscriptions
l Bookmarks

Before You Begin

Learn about Discussion Forums.

Procedure
1. Navigate to the Manage Your Discussion Forum Preferences page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select Manage Your Discussion
Forum Preferences.
2. (Optional) In the Discussion Forum Email Subscriptions section, you can do
the following:
l To see the description of a forum, click the row of the forum.
l To delete a subscription, in the Actions column of the row of the forum, click
.
3. (Optional) In the Discussion Forum Bookmarks section, you can do the
following:
l To see the description of a bookmark, click the row of the bookmark.
l To access a bookmarked topic, click the name of the topic.
l To delete a bookmark, in the Actions column of the row of the bookmark,
click .

Update Discussion Forum Email Subscriptions

Complete this task to subscribe to an entire forum or to individual topics or posts in
a forum in order to receive email notifications when users post new messages.
When you subscribe to a discussion forum, you receive an email each time a user
posts a message in any of the forum's topics. When you subscribe to a topic, you
receive an email each time a reply is posted anywhere in the topic thread. When
you subscribe to an individual post in a topic thread, you receive an email when any
forum member replies to that post.

24 Chapter 2: Managing User Preferences

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. Navigate to the Manage Your Discussion Forum Preferences page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select Manage Your Discussion
Forum Preferences.
The Manage Your Discussion Forum Preferences page is displayed. This
page lists your discussion forum email subscriptions and discussion forum
bookmarks.
2. In the Discussion Forum Email Subscriptions section, click the row to display
a description of the forum.
3. To delete a subscription, click Delete in the Actions column.

Access a Discussion Forum Bookmark

Complete this task to bookmark topics in the discussion forum. Your bookmarks are
stored on the Manage Discussion Forum Bookmarks page, and from this page, you
can open any bookmarked topic or delete a bookmark.

Before You Begin

Bookmark a Topic

Procedure
1. In the top frame of the Platform interface, click Preferences.
A menu of User Preference pages is displayed.
2. Click Manage Your Discussion Forum Preferences.
The Manage Your Discussion Forum Preferences page is displayed. This page
lists your discussion forum email subscriptions and discussion forum bookmarks.
3. Click the row to display a description of the bookmark.
4. Click the topic that you want to display.

5. To delete a bookmark, click in the Actions column.

View Your Logon History

Complete this task to view information about each logon session that is associated
with your user account.

Procedure
Navigate to the Login History page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select View Your Login History.

Chapter 2: Managing User Preferences 25

 RSA Archer GRC Platform Solutions User Guide

The Login History page shows the details of each logon session that is
associated with your user account.
The following table describes the information that the system captures for each
logon session.

Column Description

Date Logon date and time of the session.

Length Active Duration of the session, or, Active if the session is currently active.

Session Type User Initiated. A session that you started by logging on to the
system.
System Impersonated. A session that the system started by using
your account to perform an action, such as importing data.

Review Job Queues

Complete this task to view the Review Job Queues page which lists the current
status of data imports for the Platform.

Procedure
1. Navigate to the Review Job Queues page:

As Platform Administrator As End User

a. Click the Administration workspace.
b. In the Navigation Menu, click
Integration > Review Job Queues.
a. From the menu strip in the top
frame, click Preferences.
b. From the User Preferences menu,
click View Your Data Import
History.

The Review Job Queues page is displayed, which lists current status of data
imports for the Platform.
2. Locate the data import that you want to view.

3. Click to display the Run Detail dialog box for that data import.
This page contains application-specific data regarding the last run of the data
feed.

26 Chapter 2: Managing User Preferences

 RSA Archer GRC Platform Solutions User Guide

Chapter 3: Managing Searches and Reports

Searching and Reporting

The Search feature provides a variety of options for searching records and
generating real-time reports. From searching with simple keywords to complex,
multi-application searches using multiple filter options, you can locate data relevant
to your business needs. You can save the search criteria as a report, which allows
you to re-run the search criteria at a future date for current status of the data.

Searches
The Platform provides two methods for searching:
l Quick Search (from the top frame)
l Advanced Search (from the Navigation Menu)

With advanced searches, you can configure the appearance of the search results by:
l Selecting the fields of data to display
l Specifying the sort order
l Selecting a search results format, for example, column, row, or summary

Filtered searches that look for matches in selected fields can find and display
matched content in any language in which users enter content. Keyword searches
can be set up by an administrator to find content in only the design language of an
Archer component, or in the design language and all other languages in which users
enter content. To enable multi-lingual keyword searches, an administrator must
adjust the setting for search index contents in the RSA Archer Control Panel to
include all languages.
In addition to advanced keyword searching, you can create statistical reports by
grouping specific field values in the search results, and by applying aggregate
functions, such as Group by, Count of, Average, Median, Mode, and Sum,
Minimum of, or Maximum of, to other field values.
After running a statistics search, you can view the search results as a chart or graph
in addition to text. Charting enables users to grasp the full scope of the data without
paging through hundreds or thousands of records. Additionally, users can click any
portion of a chart to view details of the underlying data. Because you can configure
your charts, you have control over their size, color palette, and labeling.

Reports
Once you complete running a search, you can save the search criteria as a report.
Reports can be shared with other users and incorporated into a system dashboard
for easy access to the latest data.

Chapter 3: Managing Searches and Reports 27

 RSA Archer GRC Platform Solutions User Guide

Run a Quick Search

Complete this task to run a keyword search across all applications in a single
solution using the Quick Search feature, located in the top frame of the user
interface. To help narrow your search results, the Platform search engine supports a
variety of keyword operators, such as "Or" and "Not."

Important: To run a search in which you can control more input and output
parameters, use the Advanced Search feature. For more information, see Advanced
Search.

The Quick Search Results page lists the results of a Quick Search by relevance.
Those records that are most relevant for your keyword search string are displayed
at the top of the search results, and those that are least relevant are displayed at the
bottom. A relevancy ranking also is displayed for each record. The Quick Search
Results page enables you to filter the records by application. By default, records
from all of the applications within the selected solution are intermixed in the search
results. However, by clicking an application link in the Results filter bar, you can
view records for one application at a time.

Procedure
1. In the Quick Search field in the top frame of the user interface, enter the term
or phrase you want to search for.
You can also incorporate one or more of the Keyword Search Operators.

2. Click to the right of the search field.

3. Select the solution in which you want to run the keyword search.

4. Click .
The Quick Search Results page displays up to 50 records meeting the search
criteria.

Advanced Search
On the Advanced Search page, you can search for records across a single
application or search for records across a related chain of applications.
You can use the following options for finding the records you want in search
results:
l Specify terms for a keyword search.
l Define the fields to display within the search results.
l Configure the relationships for applications included within the search
parameters.

28 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

l Filter the records based on stored values.

l Determine the sort order for records within the search results.
l Format the display of your search results,

Once your search is complete, you can save the results of a search operation as a
named report that you can re-run in the future. When you save search results as a
named report, you are saving the search criteria, but not the specific records in your
search results. Therefore, each time you open a report, all records that meet the
report's search criteria are displayed, regardless of whether those records were
included in the original search results.
You can perform the following advanced search tasks:
l Search by Keyword
l Search Across Multiple Applications
l Run a Statistics Search
l Select Fields to Display in Search Results
l Filter Search Results
l Determine the Sort Order for Search Results
l Configure the Display Options for Search Results
l Modify Search Results
l Add a Report
l Manage Charts

Search by Keyword
You can search for records that contain specific terms or phrases.
To help narrow the search results, the Platform search engine supports a variety of
keyword operators, such as "Or" and "Not." For more information, see Keyword
Search Operators.
Also, when running a keyword search, you can search by keywords in files that are
attached to records through an Attachment field. For information on the file types
that can be searched by keywords, see Keyword Search File Types.
If the application in which you are searching is related to other applications, you
can search fields in the related applications. For more information about searching
related applications, see Search Across Multiple Applications.

Procedure
1. Navigate to the Advanced Search page for the application in which you want to
search:

Chapter 3: Managing Searches and Reports 29

 RSA Archer GRC Platform Solutions User Guide

a. From the Navigation Menu, expand the application you want to search in.
b. Click Advanced Search.
2. In the Keyword Search field, enter the term or phrase that you want to search
for.
You can also incorporate one or more of keyword search operators or include
fields from related applications.
3. Click Search.
Up to 50 records meeting the search criteria are displayed in the Search Results
page.

Next Steps
Modify Search Results
Add a Report

Keyword Search Operators

To help narrow search results, the Platform search engine supports a variety of
keyword operators. The following search string examples show how you can
combine several query types to produce complex keyword searches.

Example 1: ("method starting"~10) AND token

Results: Returns records that contain the terms "method" and "starting"
within 10 words of each other and also contain the term "token".

Example 2: "buffer overflow" AND NOT (remote OR local)

Results: Returns records that contain the exact phrase "buffer overflow"
only if the records do not contain either the terms "remote" or "local."

Example 3: (document AND urgent) OR alert*

Results: Returns records that contain the terms "document" and "urgent"
or contain the terms "alert", "alerts", "alerting", and so on.

30 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

The following table lists the available operators for refining the keyword search
results.

Query Type Example Description

Single Term document Returns all records that contain the term
"document."

Phrase "important document" Returns all records that contain the phrase
“important document.” Enclose your
phrase in quotation marks. If you do not,
your search returns all records that contain
the term “important” or the term
“document.”

Wildcard Search a?ert Returns all records that contain the terms
“alert,” “avert” and so on. The question
mark (?) is a single-character wildcard,
meaning that it can represent any letter of
the alphabet within your search term. The
question mark cannot serve as the first
character in the search term. It can replace
any other character in the term, however,
and it also can be placed after the term, for
example, alert?.

document Returns all records that contain the terms

“document,” “documentation,”
“documenting” and so on. The asterisk (*)
is a multi-character wildcard, meaning that
it can represent any suffix for your search
term. The asterisk cannot serve as the first
character in the search term. It can replace
any other character in the term, however,
and it also can be placed after the term, for
example, alert*.

Fuzzy Search receive~ Returns all records that contain the term
“receive” and any other term that is similar
in spelling. Fuzzy searching enables you
to search for keywords that may be
misspelled within records. For example, if
you search for "receive~", the search
returns records that contain "receive,"
"reseive" and so on. Place the tilde (~)
directly after the term with no space
between the term and the tilde.

Chapter 3: Managing Searches and Reports 31

 RSA Archer GRC Platform Solutions User Guide

Query Type Example Description

Proximity Search "important Returns all records that contain the terms
document"~5 “important” and “document” within five
words of each other. You can use any
number for the required proximity. Enclose
your phrase in quotation marks with no
space between the closing quotation mark,
the tilde (~) and the number.

AND Operator important AND Returns all records that contain both the
document term “important” and the term "document.”
Capitalize the AND operator. You can use
the && symbol in place of the AND
operator, for example, important &&
document.

OR Operator important OR Returns all records that contain one or

document both of the terms “important” and
"document.” Capitalize the OR operator.
You can use the || symbol in place of the
OR operator, for example, important ||
document.

NOT Operator important NOT Returns all records that contain the term
document “important,” but do not contain the term
“document.” Capitalize the NOT operator.
You can use an exclamation point (!) in
place of the NOT operator, for example,
important ! document.

32 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Query Type Example Description

+ Operator +important document Returns all records that contain the term
“important.” The records also may contain
the term “document,” but they don’t have
to. Place the plus sign (+) before the
required term or phrase with no space
between the plus sign and the term that
follows it.

- Operator document-"important Returns all records that contain the term

document" “document,” but do not contain the phrase
“important document.” Place the minus
sign (-) before the prohibited term or
phrase with no space between the minus
sign and the term that follows it.

Grouping (important OR urgent) Returns all records that contain the term
AND document “document” and either or both of the terms
“important” and “urgent.” Note the use of
parentheses in this example. Without the
parentheses, the search returns all records
that contain both the terms “urgent” and
“document,” but it does not return records
that contain both the terms “important”
and “document.”

Escaping Special "11:02" Returns all records that contain "11:02.”

Characters The colon (:) in this search term is a
special character, and unless the search
term is surrounded in quotes, it does not
return any search results because of this
special character. The following are the
special characters that affect your search
results if they are not properly escaped:
+ - && || ! ( ) { } [ ] ^ " ~ * ? : \
If your search string contains any of these
special characters, enclose your term or
terms in quotation marks (for example,
"warning!") to achieve the search results.

You cannot search on terms that contain decimal points, for example, 10.5. In this
case, the system translates the decimal point as "AND" and returns records that
contain both the number 10 and the number 5. Additionally, you cannot do a
keyword search on dates, for example, 12/01/2011.

Chapter 3: Managing Searches and Reports 33

 RSA Archer GRC Platform Solutions User Guide

Keyword Search File Types

When running a keyword search, you can search for records that contain specific
terms or phrases, and also by keyword in files that are attached to records through
an Attachment field.
For example, if a Microsoft Word document that contains the term "password" is
attached to a content record, you search for "password," that content record is
included within the search results.
The following is a list of file types that the search engine can review:

l Microsoft Word l PDF

l Microsoft Excel l Text
l HTML l CSV

If your keyword is displayed in the name of a file included in an Attachment or

Image field, you also can search the file name by keyword. In addition to the
previous list, the following file types support file naming searching:

l HTM l GIF
l JPG l PNG
l JPEG l BMP

You can search by keyword in files in Attachment fields only when a Platform
administrator enables the Keyword Searching option for the field.

Select Fields to Display in Search Results

Complete this task to select the fields of data that you want to view in your search
results. Once you have selected the fields, you can arrange those fields to be
displayed in the correct order.

Before You Begin

Complete one of the following tasks:
l Search by Keyword
l Run a Statistics Search

Procedure
1. On the Advanced Search page, expand the Field to Display section and
complete the following:
a. From the Available list, select the fields that you want to include in your
search results.

34 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Note: If the application in which you are searching is related to other

applications, you can include fields from the related applications. For more
information, see Search Across Multiple Applications.

b. (Optional) To remove fields from your search results, click to the right of
the field in the Selected list.
c. (Optional). To reorder the fields in the Selected list, click a field and use the
to move it up or down in the list.

Note: If you select to view fields from related applications or data levels, or
fields from within a History Log or Sub-Form field, you can reorder how
these fields are displayed in their respective grouping. However, you cannot
mix fields contained in these items with fields from your primary
application. All contained Sub-Form fields must be displayed together.

2. (Optional) Complete any of the following:

l Add additional criteria to your search, such as filters or sorting options.
For more information see Filter Search Results and Determine the Sort Order
for Search Results.
l Define the display format to customize the display of your search results.
For more information, see Configuring the Display Options for Search
Results.

Note: If your search results are to be displayed in column format or summary

format, the top-to-bottom order of the fields in the Selected list is the left-to-
right order of the field in the search results. If your search results are to
display in row format, the top-to-bottom order of the fields in the Selected list
is the top-to-bottom order of the fields in the search results.

3. Click Search.

Next Steps
Modifying Search Results
Add a Report

Search Across Multiple Applications

Complete this task to search across multiple applications when the applications are
related by a Cross-Reference, Related Record, CAST or CAST Scorecard field
type connecting two or more applications.
An application can be either flat or leveled, and can be displayed as either a
primary application or a secondary application within a defined chain.
For more information, see Multiple Application Search Options.

Chapter 3: Managing Searches and Reports 35

 RSA Archer GRC Platform Solutions User Guide

Before You Begin

Set up a keyword search. For more information, see Search by Keyword.

Procedure
1. On the Advanced Search page, complete the following in the Fields to Display
section:
a. In the Available list, click Add New Relationship.
b. In the Add New Relationship dialog box, select the related application that
you want to include in the search.
c. In the Available list, find the list of fields for the related application and
select the fields that are to be included in the search.
d. (Optional) Continue adding fields and related applications as needed.
2. (Optional) Complete any of the following tasks.

Task Action

Specify that the search results contain a. Click Configure Relationships.

only records that form a relationship The Advanced Search Configuration
between the associated applications or dialog box opens.
data levels.
b. For each associated application or
data level that you want included in
the search results, select Enforce
Relationships.

Click OK.
c.

Specify that the search results contain a. Click Configure Relationships.

higher levels of directly matched records
from secondary applications. With this
option, during the building of the search
results, lower-level records that meet the
search criteria are included even if they
do not have a primary application that
meets the search criteria. Additionally,
primary application records are included
in the results if they contain lower-level
records that match the search criteria.
The Advanced Search Configuration
dialog box opens.
b. For each associated application or
data level you want included in the
search results, select Enforce
Relationships and click Add Higher
Levels To Record Lookup.
Click OK.
c.

Add any additional criteria to your See Filter Search Results and Sort Order
search, such as filters or sorting. for Search Results.

Define the display format to customize See Configuring the Display Options for
the display of the search results. Search Results.

36 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

3. Click Search.

Next Steps
Modifying Search Results
Add a Report

Multiple Application Search Options

The following table describes the two options for searching across multiple
applications, which may run in tandem.

Options Description

Multiple Application Search Each secondary application has a direct relationship to

the primary application. The system ignores any
relationships between the secondary applications.

N-Tier Search The primary application has a direct relationship to a

secondary application. The secondary application in turn
has a direct relationship to another secondary
application, and so on.

The primary application is the application from which you originate your search,
and secondary applications are any number of subsequent applications linked to the
primary application and sometimes to each other. Cross-references contained within
sub-form records are not supported. In addition, an application or questionnaire can
be displayed in a search tree only once.
Permissions still apply, regardless of the structure of the search. In other words, you
cannot view records for which you do not have access.

Run a Statistics Search

Complete this task to use the grouping and aggregate functions in the Fields to
Display section to view search results as statistical reports or charts.
For information on these functions, see Statistical Report Functions.

Procedure
1. Navigate to the Advanced Search page for the application in which you want to
search:
a. From the Navigation Menu, expand the application you want to search in.
b. Click Advanced Search.

Chapter 3: Managing Searches and Reports 37

 RSA Archer GRC Platform Solutions User Guide

2. Expand the Fields to Display section and select Statistics Mode.

The Selected list is cleared so you can create your statistical search from
scratch.
3. From the Available list, select the fields to which you want to apply grouping
and aggregate functions.
You can add the same field to the Selected list multiple times to apply different
functions to the same field.
4. In the Selected list, click the drop-down arrow to the left of each field name to
select the grouping or aggregate function that you want to apply.
5. (Optional) Complete any of the following tasks.

Task Action

Rename a field label for the a. In the previous step 4, select a grouping or
Selected list. aggregate function other than "Group by."
b. Click the field name.
c. Enter the label that you want to display.

Reorder the fields in the Selected a. Select a field.

list.
b. Use the .
c. Repeat repositioning the fields until they
are organized in the correct order.

Note: The order of the fields determines the

relationship among multiple groups. For
example, if you apply the Group by function
to two or more fields, the second Group by
field in the list becomes nested beneath the
first field.

Add any additional criteria to your See Filter Search Results and Determine the
search, such as filters or sorting. Sort Order for Search Results.

View totals for each grouping a. Expand the Display Options section.
within the search results.
b. Select Display Totals.
In the search results, a Totals row
can be listed for each unique
group.
For example, if you are running a
statistics search in the Facilities
application using the Display
Totals function combined with the

38 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Task Action

Group by and Count of functions,

you can set the search results to list
the number of facilities in each of
your organization's regions and the
total number of facilities in all
regions.

Define the display format to
customize the display of your
search results.
See Configuring the Display Options for
Search Results.
Note: If your search results are to be displayed
in column format or summary format, the top-
to-bottom order of the fields in the Selected
list is the left-to-right order of the field in the
search results. If your search results are to be
displayed in row format, the top-to-bottom
order of the fields in the Selected list is the
top-to-bottom order of the fields in the search
results.

Display the records in a data point
when a user drills into a chart.
a. Expand the Statistics Drill Down Options
section.
b. Set options to specify how you want to
display the records.
For more information, see Set Statistics
Drill Down Options.

Note: The Statistics Drill Down Option

section is available only after selecting the
Statistics Mode option.

6. Click Search.

Next Steps
Modifying Search Results
Add a Report

Statistical Report Functions

The following table describes the functions that are available when generating
statistical reports.

Chapter 3: Managing Searches and Reports 39

 RSA Archer GRC Platform Solutions User Guide

Function Description

Group by Returns a single record for each distinct value stored in the specified
field. This function is intended to be used in combination with one of
the aggregate functions, such as Count of, Average of, or Sum of.
For example, if you are performing a statistics search in the Facilities
application, and you apply the Group by function to the Region field
and apply the Count of aggregate function to the Facility Name field,
you can produce a report listing the number of facilities by region.
Additionally, if you apply the Group by function to two or more
fields in the Selected list, the statistical report is grouped by the first
Group by field in the list. All other fields with the Group by function
are nested in the previous Group by field in the list. Therefore,
building on your statistical search in the Facilities application, you
can nest the Type field with the Group by function under the Region
field, which produces a report that lists both the number and type of
facilities by region.

Group by (Date Groups data in date-based fields (for example, Date, First Published,
Range) and Last Updated) into specific date ranges, such as "by Week" or
"by Day." It returns a single record for each distinct value stored in
the specified field. This function is intended to be used in
combination with one of the aggregate functions.
For example, if you are performing a statistics search in the Incidents
application, and you apply the Group by Month function to the Date
Reported field and apply the Count of function to the same field, a
report listing the number of incidents reported by month is produced.

Count of Returns a count of each distinct value returned for a specified field.
(aggregate function)

Average Returns the average of all numeric values for a specified field. When
you drill down on the value in the Average of [Selected field]
column, you see the records that were calculated to the average value.
(aggregate function)

Median Returns the middle value of all numeric fields in a list of records.
When there is an even set of records, a calculated value shows as the
average of the two middle values.
For example, suppose that the list of values is 1, 2, 3, 4, 5, 6, The
value shown is 3.5 ([3 + 4] / 2). When you drill down on the value in
the Median of [Selected field] column, you see the records that were
calculated to the median value. (aggregate function)

Mode Returns the value that occurs most often of all numeric fields in a list

40 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Function Description

of records. When you drill down on a value shown in the Mode of

[Selected field] column, you see the records that were calculated to
the mode value or multi-modal values. If no value occurs multiple
times, (no value) is shown in this column. If the list of records have
multiple values that occur more than once, the values that occur most
often are listed.
For example, suppose that the multi-modal results are 6, 15, and 25.
When you drill down on 6, you see only the records where 6 appears
most often. The same is true for 15 and 25. Charting is not available
for a multi-modal result. (aggregate function)

Sum Returns the total of all numeric values for a specified field.
(Aggregate function)

Minimum of Returns the minimum numeric value for a specified field. (Aggregate
function)

Maximum of Returns the greatest numeric value for a specified field. (Aggregate
function)

Note: To render a chart from a statistical report, the results of a statistical query
must properly form a series. For more information, see Managing Charts.

Not all functions are available for every field type. For more information on the
functions supported for each field type, see Report Functions by Field Type.

Report Functions by Field Type

Not all functions are available for each field type. For example, it is not possible to
return a "Minimum of" for the Text field type.

Note: While the Sub-Form field type is not supported for statistics searches, fields
within an embedded sub-form are supported. In other words, you cannot apply a
grouping or aggregate function to a Sub-Form field, but you can apply these
functions to fields within the sub-form.

For descriptions of the supported functions, see Statistical Report Functions.

Chapter 3: Managing Searches and Reports 41

 RSA Archer GRC Platform Solutions User Guide

The following table identifies the functions supported for each field type.

Field Type Supported Functions

Attachment Not applicable

Content Access History Not applicable

Cross-Application Status Tracking Group by

Count of

Cross-Reference Group by
Count of

Date Group by
Group by [Date Range]
Count of
Minimum of
Maximum of

Discussion Not applicable

External Links Not applicable

First Published Date Group by [Date Range]

Count of
Minimum of
Maximum of

History Log Not applicable

Image Not applicable

IP Address Group by
Count of

Last Updated Date Group by [Date Range]

Count of
Minimum of
Maximum of

Matrix Group by
Count of

42 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Field Type Supported Functions

Multiple Reference Display Control Not applicable

Numeric Group by
Count of
Average
Median
Mode
Sum
Minimum of
Maximum of

Questionnaire References Group by

Count of

Record Permissions Group by

Count of

Record Status Group by

Count of

Sub-Form Not applicable

Text Group by
Count of

Tracking ID Group by

User/Groups List Group by

Count of

Values List Group by

Count of

Voting Group by
Count of
Average
Median
Mode
Sum
Minimum of
Maximum of

Set Statistics Drill Down Options

Complete this task to specify how the records are to be displayed for a user to drill
into a chart.

Chapter 3: Managing Searches and Reports 43

 RSA Archer GRC Platform Solutions User Guide

When a statistics search is rendered as a chart, you can drill into a section of the
chart to review the specific records that are contained in the search results of that
data point. For more information on drilling into chart data, see Drilling Down into
Chart Data.

Before You Begin

Run a Statistics Search.

Procedure
1. On the Advanced Search page, expand the Statistics Drill Down Options
section and complete the following tasks.

44 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Task Action

Configure the fields a. From the Available list, select the fields that you want
in the search results. included.

b. (Optional) To remove a field, click to the right of the

field in the Selected list.
c. (Optional) To reorder the fields in the Selected list,
select a field and use the to reposition the field.

Chapter 3: Managing Searches and Reports 45

 RSA Archer GRC Platform Solutions User Guide

Task Action

Set the sorting a. Under Sorting, in the Field column, select the field that
options for the search is the primary sort.
results.
b. In the Order column, select from the following options:
l Ascending. Text values are sorted A to Z. Numeric
values are sorted smallest to largest. Data values are
sorted oldest to newest.
l Descending. Text values are sorted Z to A. Numeric
values are sorted largest to smallest. Data values are
sorted newest to oldest.

Note: Null (blank) values are listed first in ascending

sorts. Prefixes and suffixes are not evaluated when
determining a sort order.

c. In the Grouping column, select whether to enable

grouping.

Note: If you select to enable grouping, you can expand

and collapse sections of the data point search results
based on the values in the sorting field. This option is
available for only the Column-Hierarchical display
format.

d. (Optional) In the second row of the Field column, select

a field by which results should be sorted after the initial
sort.
e. (Optional) Select the order and grouping preferences for
this field.
f. (Optional) to add more fields for sorting, click Add New.
An additional row is added to the sorting display, where
you can select the field, the order and grouping
preferences.

Set the display a. From the Display Format list, select how the search
options. results of the data points are to be displayed.
For more information, see Display Format Types.
b. From the Results per Page list, select the number of
records that should be displayed on each page of the
data point search results.
If the search results include more records than can be
displayed on a single page, a set of arrows appears at the
top of the Search Results page, enabling you to move
from one page to the next.

46 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

2. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
See Filter Search Results and Determine the Sort Order for Search Results.
3. Click Search.

Next Steps
Modifying Search Results

Filter Search Results

You can establish field-value criteria for filtering records. Records that match the
selected field values are included in the search results, and records that do not are
omitted.
The Filters section supports a variety of operators and allows you to develop
advanced logic for determining which records should be included within your search
results.

Before You Begin

Complete one of the following tasks:
l Search by Keyword
l Run a Statistics Search

Procedure
1. On the Advanced Search page, expand the Filters section.
2. To select filtering options, complete the following:
a. In the Field to Evaluate column, select the field to evaluate for one or more
specific values.
To create additional conditions, click Add New.
b. In the Operator column, select the filter operator.
For more information see Filter Operators.
c. In the Value(s) column, select the values for the condition.
For information on operators and values based on time filters, see Time-
Based Filtering.
d. If you have created more than one condition, you can apply logic to your
search criteria.
For more information, see Advanced Operator Logic.
3. (Optional) Complete any of the following:
l Add any additional criteria to your search, such as sorting options. For more
information, see Determine the Sort Order for Search Results.

Chapter 3: Managing Searches and Reports 47

 RSA Archer GRC Platform Solutions User Guide

l Define the display format to customize the display of your search results. For
more information, see Configuring the Display Options for Search Results.

Note: If your search results are to be displayed in column format or summary

format, the top-to-bottom order of the fields in the Selected list is the left-to-
right order of the field in the search results. If your search results are to
display in row format, the top-to-bottom order of the fields in the Selected list
is the top-to-bottom order of the fields in the search results.

4. Click Search.

Next Steps
Modifying Search Results
Add a Report

Filter Operators
To help narrow your search results to the desired information, the Platform search
engine supports a variety of filter operators, such as "Equals" and "Contains." You
can build filters through a series of conditional statements. Filter values are not
case sensitive.
Additionally, you can then relate your statement through the use of advanced
operator logic. The following examples of search strings show how you can use
operators to form your filter conditions:
l Example 1: [Product and Services] CONTAINS "IT Development"
Result: This search returns any records where the Product and Services field
contains the value "IT Development." If there are other values selected in the
field for a record, that record is still returned in the search results.
l Example 2: [Product and Services] EQUALS "IT Development"
Result: This search returns any records where the Product and Services field
includes only the value "IT Development." If there are other values selected in
the field for a record, that record is not returned in the search results; the value
must match the filter criteria exactly.
l Example 3: [Contract Amount] GREATER THAN "1,000,000"
Result. This search returns any records where the Contract Amount field
includes any value greater than 1,000,000.
l Example 4: [First Publishes] LAST "10 Hours"
Result: If the current time is 10:00 p.m., 10:15 p.m., 10:59 p.m., or any other
value during the 10 o'clock hour, this search returns all records where the time
value for the First Published field is equal to one of the values between 12:00
a.m. and 9:59 p.m. (the last 10 hours not including the current hour). The search
will not return any records where the First Published field falls in the current 10
o'clock hour.

48 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

The following table describes all of the available operators for filtering your search
results.

Filter Type Description

Contains Includes any record that has a value that matches the specified
filter values.

Does Not Contain Includes any record that does not have a value that matches the
specified filter values.

Equals Includes records with values that exactly match to the specified
filter values. For Date fields, date and time values can be
included in the filter. For more information, see Time-Based
Filtering.

Does Not Equal Includes only the records with values that do not match the
specified filter values. For Date fields, date and time values can
be included in the filter. For more information, see Time-Based
Filtering.

Current Includes only records of the current interval. Available intervals

include:

l Minute l Month
l Hour l Quarter
l Day l Year

For more information, see Time-Based Filtering.

Chapter 3: Managing Searches and Reports 49

 RSA Archer GRC Platform Solutions User Guide

Filter Type Description

Last Includes records based on the selected interval previous to the

current interval. Available intervals include:

l Minutes l Months
l Hours l Quarters
l Days l Years

This filter does not include records of the current interval. For
example, if you filter "Last" "3" "Days", the results include the
previous three days, but do not include the current day. To
include the current day, add another filter condition to the
search criteria that includes the "Current" "Day".
For more information, see Time-Based Filtering.

Next Includes records based on the selected interval after the current
interval. Available intervals include:

l Minutes l Months
l Hours l Quarters
l Days l Years

This filter does not include records of the current interval. For
example, if you filter "Next" "3" "Days", the results include the
next three days, but do not include the current day. To include
the current day, add another filter condition to the search criteria
that includes the "Current" "Day".
For more information, see Time-Based Filtering.

Greater Than Includes only records with values greater than the specified filter
value. for Date fields, date and time values can be included in
the filter. For more information, see Time-Based Filtering.

Less Than Includes only records with values less than the specified filter
value. For Date fields, date and time values can be included in
the filter. For more information, see Time-Based Filtering.

50 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Filter Type Description

Between Includes only records with values within the specified date
range, or date and time range, including the date and time
selected. For more information, see Time-Based Filtering.

Time Interval Includes only records with values within the specified time
range. Dates can also be specified to further filter the search.
Search results include the selected times and dates.
For more information, see Time-Based Filtering.

After Today Includes records of all dates after the current day, but does not
include the current day.

Prior to Today Includes records of all dates before the current day, but does not
include the current day.

Special Situations

Blank Values A blank value is acceptable only when the ‘Equals’ or ‘Does Not
Equal’ operator has been selected for non-list-based fields, such as
Text, Numeric, Date, and IP address. In this case, if no value is
entered, the system translates that to mean either an empty string or a
null value. A blank/null value is not the same as an explicitly entered
value of 0.

Note: Unless a specific time is selected, the Platform uses the "All
Times" option.

For list-based fields, such as Values List, Cross Reference, Related

Record, Users/Groups, Record Permissions, and Matrix, there is a 'No
Selection' value that represents the blank value.

Search Filter Examples

The following examples provide common scenarios for using search filters:
l If you are searching for records in the Devices application, you can use field-
value filter criteria to return only those records where the value "Accounting" is
selected in the “Business Unit” field, and where the value “Desktop” is selected
in the “Type” field. The Filters feature also enables you to exclude records from
your search results if they contain certain values. For example, you can run a
search in the Devices application that returns all device records, excluding those
where the value "Laptop" has been selected for the "Type" field.
l If you are creating a report in an application with a User/Groups List or Record
Permissions field, you can filter your search results so that they display only

Chapter 3: Managing Searches and Reports 51

 RSA Archer GRC Platform Solutions User Guide

records relevant to the user who is viewing them. The "Current User" filter
allows you to create a report that dynamically adjusts content based on the user
generating the report. For example, you can create a “My Incidents” report for
your Investigators team. When "Incident Investigator A" runs the report, only the
incidents assigned to this user are displayed. When "Incident Investigator B"
runs the report, only the incidents assigned to this user are displayed.
l If you are trying to locate the records that fall within a specific date range, you
can search for records based on date values that fall within a given number of
days of the current date, date values that fall between two dates with specific
times included or not, or date values relative to the current date. You also can
perform date-range searches against a Date field in an application or against
Date fields in applications that are linked through a Cross-Reference or a Cross-
Application Status Tracking field.
l If you are trying to locate the records that fall within a specific time range, you
can search for records based on time values that fall within a given number of
minutes or hours of the current time, time values that fall between two time
intervals with specific dates included or not, or time values relative to the current
minute or hour. You also can perform time-range searches against a Time field
in an application or against Time fields in applications that are linked through a
Cross-Reference or a Cross-Application Status Tracking field.

Time-Based Filtering
For an advanced search to return search results to a level smaller than a single day,
you can set time filters to your search criteria. Using specific filter operators and
values, you can configure time filters, with or without dates. For more information
on available filter operators, see Search Filter Operators.
Time-based filtering requires several rules and logic to determine the correct search
results. The following general rules apply to the time filter options:
l The time filter options are available only when a Date field is configured to
show time.
l Unless a specific time is selected, the Platform uses the "All Times" option.
l Where available, a specific time zone can be selected, or the local time zone of
the user performing the search can be used when the search is saved and run by
another user.
l A time must be selected before a specific time zone can be selected.
l Daylight saving time is accommodated.

The following table describes the other rules and logic by filter type.

Filter Type Rules and Logic

Equals If you enter 09/12/2012 1:15 p.m., the search returns records that

52 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Filter Type Rules and Logic

Does Not Equal meet that exact date and time for an "Equals" search, or records
that do not equal that exact date and time for a "Does Not
Equal" search.
If the field is not configured to show time, you can only select a
date.
You must select a date before you can select a time.
You must select a time before you can select a time zone.
If you leave the date and time values empty, the results return
all records that have blank values in the field on which the filter
was configured. If a date is selected, but you do not select a
time value, the filter acts as a date-only filter.

Current If you select the current hour, all records with a time in the
(Minute or Hour) current hour are included in the search results. For example, if
the time value is 10:14, all records in the 10:00 hour are
included.
Time zone options are not available on this filter type. The local
time zone of the user performing the search is used.

Last If you filter "Last" "3" "Hours", the results include the previous
three hours, but do not include the current hour.
(Minutes or Hours)
The time zone options are not available on this filter type. The
local time zone of the user performing the search is used.
This filter types does not include the current minute or hour.

Next If you filter "Next" "3" "Days", the results include the next three
(Minutes or Hours) days, but do not include the current day.
The time zone options are not available on this filter type. The
local time zone of the user performing the search is used.
This filter types does not include the current minute or hour.

Greater Than If the field is not configured to show time, you can only select a
date.
Less Than
You must select a date before you can select a time.
If you leave the date and time values empty, the results return as
blank values. If a date is selected, but you do not select a time
value, the filter acts as a date-only filter.

Between Search results include selected dates and times.

You must select a date before you can select a time.

Chapter 3: Managing Searches and Reports 53

 RSA Archer GRC Platform Solutions User Guide

Filter Type Rules and Logic

You must select a time before you can select a specific time
zone.
You must select a date in each Date field.
If a date is selected, but you do not select a time value, the filter
acts as a date-only filter with selected dates included.

Time Interval Search results include selected dates and times.

You must select a time in both Time fields.
You must select a time before you can select a specific time
zone.
You can configure the filter based on two Time values for all
dates, or filter the search to a specific date range in addition to
the time range.
If you do not select dates, the filter is not restricted to a date
range, and the Platform searches for all records that occur within
the selected times, including the selected times.

Advanced Operator Logic

When creating filters, you can use custom operator logic to form relationships
between the individual filters. By default, multiple conditions are related with the
AND operator, as are multiple actions. However, by creating custom operator
logic, you can also use the OR and NOT operators, as well as parenthetical
groupings. Operator logic statements are evaluated left to right with parenthetical
groupings evaluated first. By using advanced operator logic with your filters, you
can eliminate extraneous data that may be imported with your data feed or included
in your search results.
You enter the custom operator logics in the Advanced operator logic field.

Important: Custom operator logic must validate before you can save or apply
changes to your data filter. If your custom operator logic does not validate, you are
prompted with an "Invalid Operator Logic" error message.

54 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Examples
Single operator. Suppose you are importing assets from an external source into the
Assets application. You want to import assets from your external file only if they
are labeled as being in a production environment or if they are customer impacting.
To set up this process, you define data filters to evaluate both the System
Environment and Security Class elements in your external data file for the desired
values. Without using operator logic, your conditions are related with the AND
operator, and the data feed imports items that are both in a production environment
AND have a high security class. By using operator logic with the OR operator, you
achieve the desired result: Assets that are in a production environment OR have a
high security class are imported into the Assets application.

Multiple operators with a parenthetical expression. You can use additional

operators by incorporating parentheses in your operator logic, as shown in the
following example.

Based on the above criteria, the following table details the result of the operator
logic.

(1) System
(2) Security Class (3) Manufacturer Result
Environment

Production Medium IBM Imported

Testing High IBM Imported

Production High Dell Not Imported

Testing Medium IBM Not Imported

The system evaluates the parenthetical expression first. In the last example in the
previous table, since neither 1 or 2 evaluate to "TRUE," the entire condition fails
even if 3 evaluates to "TRUE".

Chapter 3: Managing Searches and Reports 55

 RSA Archer GRC Platform Solutions User Guide

Multiple operators with nested parenthetical expressions. You also can use
nested parenthetical expressions in your operator logic. Nested parenthetical
expressions allow you to combine the results of two separate logical conditions,
thereby creating an additional logical condition, as shown in the following example.

Based on the above criteria, the following table details the result of the operator
logic.

(1)
(3)
System (2) Security (4) Operating (5) Server
Manufactu Result
Environm Class System Room
rer
ent

Production Medium IBM RHEL 4.0 Denver Imported

Facility

Testing High Dell Windows Denver Imported

Server 2003 Facility

Testing High Dell Windows Chicago Not Impor-

Server 2003 Facility ted

Production Medium Dell CentOS Denver Not

Facility Imported

The Data Feed Manager evaluates the nested parenthetical expressions first. In the
last example in the previous table, since neither 3 or 4 evaluate to "TRUE" in the
nested parenthetical expression, the primary parenthetical expression evaluates to
"FALSE," and thus the entire logical condition fails and the data is not imported,
even though all of the other conditions are met.

Determine the Sort Order for Search Results

Complete this task to configure how records are sorted in search results. For
example, if you are working with the Vendor Profile application, you may want to
produce a listing of all profiles in alphabetical order. Using the sorting functionality,
you can select to have the records ordered, ascending by the values in the Vendor
Name field.

56 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

The sorting interface supports sorting on multiple fields. Adding fields for sorting is
useful when the search results yield a "one-to-many" relationship between the
initial sorting field and the additional sorting fields. For example, if you select to
sort records in the Vendor Profile application records by the values in the Risk
Rating field, multiple records may have the same value. By including an additional
sorting field, you can sort how records appear within the initial sort. When sorting
by multiple fields, numeric indicators show the sort order.

Before You Begin

Complete one of the following tasks:
l Search by Keyword
l Run a Statistics Search

Procedure
1. On the Advanced Search page, expand the Sorting section and complete the
following:
l In the Field column, select the field that is the primary sort for the search
results.

Note: Even fields that are not displayed in the search results can be selected
for sorting. For more information on how to include a field in the search
results, see Select Fields to Display in Search Results.

l In the Order column, select from the following options.

Option Description

Ascending Text values are sorted A to Z. Numeric values are sorted

smallest to largest. Date values are sorted oldest to newest.

Descending Test values are sorted Z to A. Numeric values are sorted largest
to smallest. Date values are sorted newest to oldest.

Note: When values in a value list have been custom ordered, the order is
used for the ascending or descending sort, not the actual alphabetical sort of
the value. Null (blank) values are listed first in ascending sorts. Prefixes and
suffixes are not evaluated when determining a sort order.

l In the Grouping column, select whether to enable grouping for the search
results.
If you select to enable grouping, you can expand and collapse sections of the
search results based on the values in the sorting field. This option is available
for only the Column-Hierarchical display format. For more information, see
Display Search Results in a Column Format.

Chapter 3: Managing Searches and Reports 57

 RSA Archer GRC Platform Solutions User Guide

l (Optional) In the second row of the Field column, select a field by which
results are sorted after the initial sort.
l (Optional) Select the order and grouping preferences for this field.
l (Optional) To add additional fields for sorting, click Add New in the Sorting
section.
An additional row is added to the sorting display, where you can select the
field, the order, and grouping preferences.
2. (Optional) Complete any of the following tasks.

Task Action

Add any additional criteria to your See Filter Search Results.

search, such as filters.

Define the display format to customize See Configuring the Display Options for
the display of the search results. Search Results.

Note: If the search results are to be

displayed in column format or summary
format, the top-to-bottom order of the
fields in the Selected list is the left-to-
right order of the field in the search
results. If the search results are to be
displayed in row format, the top-to-
bottom order of the fields in the Selected
list is the top-to-bottom order of the
fields in the search results.

3. Click Search.

See Also:
Modifying Search Results
Add a Report

Configuring Display Options for Search Results

You can customize the display of your search results by defining the display format.
Defining the display format allows you to present information in a format that is
clear and easy to read.
For more information on the available format types, see Display Format Types.

58 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

To configure the search results display, you can do any of the following:
l Display Search Results in Column Format
l Display Search Results in Row Format
l Display Search Results in Summary Format
l Display Search Results in Calendar Format
l Display Search Results in Card Format
l Display Search Results in Map Format

Display Format Types

The following table describes the display options available for search results.

Chapter 3: Managing Searches and Reports 59

 RSA Archer GRC Platform Solutions User Guide

Format Type Description

Column-Hierarchical Shows the search results in columnar layout where fields are
displayed across the page from left to right. The Hierarchical
option groups the results by the values in the search fields. For
more information, see Display Search Results in a Column
Format.

Note: The top-to-bottom order of the fields in the Selected list

in the Advanced Search page is the left-to-right order of the
field in the search results. For more information, see
Determine Sort Order for Search Results.

Column-Flat Shows the search results in a columnar layout where fields are
displayed across the page from left to right. The Flat format
displays field values in a simple column layout. For more
information, see Display Search Results in Column Format.

Note: The top-to-bottom order of the fields in the Selected list

in the Advanced Search page is the left-to-right order of the
field in the search results. For more information, see
Determine Sort Order for Search Results.

Row Displays the search results in a row layout where fields are
stacked vertically, and records are separated by horizontal lines.
This format does not display field labels for empty fields. For
more information, see Display Search Results in Row Format.

Note: For this format, the top-to-bottom order of the fields in

the Selected list in the Advanced Search page is the top-to-
bottom order of the fields in the search results. For more
information, Determine Sort Order for Search Results.

60 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Format Type Description

Summary Shows the search results in a simple "block" record format in

which all field names are omitted. The key field serves as a
heading for each record block. The additional specified fields
are displayed in a single paragraph with each field value
separated by a diamond symbol. For more information, see
Display Search Results in Summary Format.

Note: The top-to-bottom order of the fields in the Selected list

in the Advanced Search page is the left-to-right order of the
field in the search results. For more information, see
Determine Sort Order for Search Results.

Card Shows the search results in a series of rectangular boxes, with a

maximum of four records that are displayed across the page.
The page vertically expands to accommodate more records. This
view displays fields from the primary application in flat
searches or fields from the first level of the primary application
in leveled searches. For more information, see Display Search
Results in Card Format.

Calendar Renders search results in a calendar display. This format is

available for Date fields in leveled and flat applications. You
can toggle between day, week, and month views. You also can
create events in 1-hour blocks or all-day events. For more
information, see Display Search Results in Calendar Format.

Map Plots search results in a map. The format is available for

locations related to the primary application in flat searches, or
the first level in the primary application in leveled searches.
You can define varying pin colors to geographic locations,
showing visual differentiation of the data. Statistics mode is not
available with the Map format. For more information, see
Display Search Results in Map Format.

Display Search Results in Column Format

Complete this task to format your search results in a columnar layout, where fields
are displayed across the page from left to right. This format offers two options:
l Flat
l Hierarchical

The Flat format displays field values in the search results in a simple column
layout. This format shows records from related applications in a grid with rows
spanning to indicate the relationship.

Chapter 3: Managing Searches and Reports 61

 RSA Archer GRC Platform Solutions User Guide

When configuring the Hierarchical format, there is an option in the Sorting section
that groups search results by the values within search results fields. If this option is
selected, the search results show the related or referenced records in a grid
underneath the higher level record.

Before You Begin

Complete one of the following tasks:
l Search by Keyword
l Run a Statistics Search

Procedure
1. On the Advanced Search page, expand the Display Options section and
complete the following:
a. From the Display Format list, select Column-Flat or Column-
Hierarchical.
b. From the Record Count list, select the number of records to be returned.
When this value is set, the search returns no more than the specified number
of records. If you select the All Records option, all records meeting the
search criteria are returned. Record count is applied to primary application
records only. Records returned from related applications are not included in
this number.
c. From the Results Per Page list, select the number of records that you want
to be displayed on each page of the search results.
If the search results include more records than can be displayed on a single
page, a set of arrows is displayed at the top of the Search Results page,
enabling you to move from one page to the next.
d. (Optional) In the Headings section, select one or more of the following
options:
l Criteria - To display the search criteria that you entered in order to
produce the search results.
l Date - To display the current date and time at the top of the Search
Results page.
2. (Optional) If you selected the Column-Hierarchical display format, select
Expand All Results to automatically expand all content in grid controls for
related applications.
3. (Optional) Select Fix Headers to display a static header row that remains in
view as you scroll down a report or iView.
4. (Optional) Add any additional criteria to your search, such as filters or sorting
options.

62 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

For more information see Filter Search Results and Determine the Sort Order
for Search Results.
5. Click Search.

Next Steps
Modifying Search Results
Add a Report

Display Search Results in Row Format

Complete this task to display your search results in a row layout where fields are
stacked vertically and records are separated by horizontal lines. This format does
not display field labels for empty fields.

Before You Begin

Complete one of the following tasks:
l Search by Keyword
l Run a Statistics Search

Procedure
1. On the Advanced Search page, expand the Display Options section and
complete the following:
a. From the Display Format list, select Row.
b. From the Record Count list, select the number of records to be returned.
When this value is set, the search returns no more than the specified number
of records. If you select the All Records option, all records meeting the
search criteria are returned. Record count is applied to primary application
records only. Records returned from related applications are not included in
this number.
c. From the Results Per Page list, select the number of records that you want
to be displayed on each page of the search results.
If your search results include more records than can be displayed on a single
page, a set of arrows is displayed at the top of the Search Results page,
enabling you to move from one page to the next.
d. (Optional) In the Headings section, select one or more of the following
options:
l Criteria - To display the search criteria that you entered in order to
produce the search results.
l Date - To display the current date and time at the top of the Search
Results page.

Chapter 3: Managing Searches and Reports 63

 RSA Archer GRC Platform Solutions User Guide

e. To automatically expand all content in grid controls for related applications,

sub-forms, and levels, select Expand All Results.
2. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
For more information see Filter Search Results and Determine the Sort Order
for Search Results.
3. Click Search.

Next Steps
Modifying Search Results

Display Search Results in Summary Format

Complete this task to display your search results in a simple “block” record format
in which all field names are omitted. The key field serves as a heading for each
record block while the additional fields specified in the search are displayed in a
single paragraph with each field value separated by a diamond symbol.

Before You Begin

Set up a keyword search. For more information, see Search by Keyword.

Procedure
1. On the Advanced Search page, expand the Display Options section and
complete the following:
a. From the Display Format list, select Summary.
b. From the Record Count list, select the number of records to be returned.
When this value is set, the search returns no more than the specified number
of records. If you select the All Records option, all records meeting the
search criteria are returned. Record count is applied to primary application
records only. Records returned from related applications are not included in
this number.
c. From the Results Per Page list, select the number of records that you want
to be displayed on each page of the search results.
If your search results include more records than can be displayed on a single
page, a set of arrows is displayed at the top of the Search Results page,
enabling you to move from one page to the next.
d. (Optional) In the Headings section, select one or more of the following
options:
l Criteria - To display the search criteria that you entered in order to
produce the search results.

64 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

l Date - To display the current date and time at the top of the Search
Results page.
2. To automatically expand all content in grid controls for related applications,
sub-forms, and levels, select Expand All Results.
3. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
For more information see Filter Search Results and Determine the Sort Order
for Search Results.
4. Click Search.

Next Steps
Modify Search Results

Display Search Results in Calendar Format

Complete this task to format your search results in a calendar display.
Using this format, you can quickly gain insight into the due dates of upcoming tasks,
pending assessments dates, and more. This format is available for applications with
at least one of the following date-type fields:
l Date
l First Published
l Last Updated.

When reviewing the search results, you can toggle between day, week, and month
views. You can also create events in one-hour blocks or all-day events.

Before You Begin

Set up a keyword search. For more information, see Search by Keyword.

Procedure
1. On the Advanced Search page, expand the Display Options section and
complete the following:
a. From the Display Format list, select Calendar.

b. In Date Display, click and select the date-based field from your
application that is to be used for placing records on the Calendar.
You can select more than one date field for each application or level.

c. For each selected field, click , select a display color for records on the
calendar and click OK.
d. Click OK.

Chapter 3: Managing Searches and Reports 65

 RSA Archer GRC Platform Solutions User Guide

e. (Optional) In the Headings section, select one or more of the following

options:
l Criteria - To display the search criteria that you entered in order to
produce the search results.
l Date - To display the current date and time at the top of the Search
Results page.
2. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
For more information, see Filter Search Results and Determine the Sort Order
for Search Results.
3. Click Search.

Next Steps
Modifying Search Results

Display Search Results in Card Format

Complete this task to format your search results in a series of rectangular boxes,
with a maximum of four records that are displayed across the page. The page
expands vertically to accommodate more records.
This view displays fields from the primary application in flat searches or fields
from the first level of the primary application in leveled searches. Print and export
for this format appear the same as the Column format.

Before You Begin

Set up a keyword search. For more information, see Search by Keyword.

Procedure
1. On the Advanced Search page, expand the Display Options section and
complete the following:
a. From the Display Format list, select Card.
b. From the Record Count list, select the number of records to be returned.
When this value is set, the search returns no more than the specified number
of records. If you select the All Records option, all records meeting the
search criteria are returned. Record count is applied to primary application
records only. Records returned from related applications are not included in
this number.
c. From the Results Per Page list, select the number of records that you want
to be displayed on each page of the search results.
If your search results include more records than can be displayed on a single
page, a set of arrows is displayed at the top of the Search Results page,
enabling you to move from one page to the next.

66 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

d. (Optional) In the Headings section, select one or more of the following

options:
l Criteria - To display the search criteria that you entered in order to
produce the search results.
l Date - To display the current date and time at the top of the Search
Results page.
2. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
For more information see Filter Search Results and Determine the Sort Order
for Search Results.
3. Click Search.

Next Steps
Modifying Search Results

Display Search Results in Map Format

Complete this task to render location information related to content records
dynamically as a plot on a visual map.

Important: To display results in Map format, your organization must purchase a

mapping license from Microsoft and configure that connection the RSA Archer
Control Panel. For more information, see your system administrator.
Also, the Statistics mode is not available with the Map format.

When building a Map format search, you specify the fields in your application that
contain the address information. These fields are used to plot the search results on
the map. For more information in storing address information in fields, see Address
Information in Map Format Searches.
When displaying the search results in the Map format, you can display the map in
road or aerial view. You can also assign varying pin colors to plotted locations,
allowing visual differentiation of the data represented within the map. Additionally,
you can save your map as a named report.

Note: Map search results may not render over an HTTPS connection because Bing
Maps geocode is received via HTTP. When attempting to display a map via an
HTTPS connection, many browsers flag this content as "mixed content" and do not
render the map search results. Depending on the browser, security settings, and
user selections to possible prompts, an error that may or may not be visible and
blank results will occur.

Before You Begin

Set up a keyword search. For more information, see Search by Keyword.

Chapter 3: Managing Searches and Reports 67

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. On the Advanced Search page, expand the Display Options section and
complete the following:
a. From the Display Format list, select Map.
b. From the Record Count list, select the number of records to be returned.
When this value is set, the search returns no more than the specified number
of records. If you select the All Records option, all records meeting the
search criteria are returned. Record count is applied to primary application
records only. Records returned from related applications are not included in
this number.
c. (Optional) In the Headings section, select one or more of the following
options:
l Criteria - To display the search criteria that you entered in order to
produce the search results.
l Date - To display the current date and time at the top of the Search
Results page.
2. To specify the address information fields, complete the following:

a. In the Map Configuration section, click in the Address Data field and
select one or more fields from your application that contain the address
information.

Note: Only fields from the primary application can be referenced for
address information. Also, if the primary application is leveled, only fields
from the first level of the application can be referenced.

b. (Optional) If you selected multiple fields, move the fields into the proper
order using the before the Selected list.
c. Click OK.
3. From the Display Mode list, select one of the following map types.

Option Description

Aerial Shows the terrain as viewed from a satellite. This view does not include
territorial borders and does not label roads.

Road Shows information on a map view. This view includes territorial borders
and identifies major roads.

4. From the Pin Color list, select the color of the identifier of records on the map.

68 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Note: The Custom (By Value) option enables you to use difference colored
identifiers on the map for records with specific field values. For example, if you
are displaying Incident records on a map, you can have incidents with a High
priority be displayed in red and incidents with a Low priority be displayed in
green.

5. (Optional). If you selected the Custom (By Value) option, complete the
following:
a. From the Values List, select the Values List field in the primary application
that contains the values you want to distinguish by color.

b. For each value, click , select the color for that value and click OK.
6. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
For more information see Filter Search Results and Determine the Sort Order
for Search Results.
7. Click Search.

Next Steps
Modifying Search Results
Address Information in Map Format
To display search results in a Map format, address information can be stored in a
single Text field or a combination of multiple fields. If you select multiple fields,
the fields must be positioned in the correct order. Also, successful generation of the
Map display depends on the designated fields containing sufficient address data.
The following table describes various scenarios and their results.

Field Type Field Value Result

Single Text Field 13200 Metcalf, Overland Park, KS 66213 Success

Single Test Field 13200 Metcalf Failed

(Address information is
not sufficient to plot
on a map.)

Multiple Fields l 13200 Metcalf Success

l Overland Park
l KS
l 66213

Multiple Fields l 66213 Failed

Chapter 3: Managing Searches and Reports 69

 RSA Archer GRC Platform Solutions User Guide

Field Type Field Value Result

l KS (Fields are not listed in

the correct order.)
l 13200 Metcalf
l Overland Park

Modifying Search Results

After you produce a set of search results, you can initiate a new search from the
Search Results page to modify the search results.

On the Search Results page, you can select Modify in the page toolbar to open
the Advanced Search page. Using this page, you can change the search results and
criteria by completing any of the following:
l Search by Keyword
l Search Across Multiple Applications
l Run a Statistics Search
l Select Fields to Display in Search Results
l Filter Search Results
l Determine the Sort Order for Search Results
l Configure the Display Options for Search Results

You can use the Options menu in the Search Results title bar to modify the display
of the search. The following table describes the options in this menu.

Option Description

Hide/Show Grouping Allows you to expand or collapse the Grouping toolbar.

Modify Results Per Page Allows you to select the number of search results to be
displayed on the Search Results page.

Change Report Format Allows you to present information in a format that is clear
and easy to read. For information on the available format
types, see Display Format Types.

Enable Delete Allows you to turn on the ability to delete records from
the Search Results list when the display format is
Column-Flat or Column-Hierarchical. The ability to
delete records remains active until you disable it or leave
the Search Results page.

70 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Application and permission settings determine what you can do with records in the
Search Results list. You can open a record to view or edit by clicking the record
link. If you have permission to delete records, you can enable the option to delete
records and then select records to delete in the Search Results list.

Delete Records from Search Results

You can delete records from a Search Results list if you have delete privileges for
the searched application or questionnaire and for its content records. Deleting a
record from search results deletes it from the Search Results list and from the
Platform content database.

Procedure
1. Run a search with the results display format set to Column-Flat or Column-
Hierarchical>
2. On the Search Results page, select Options > Enable Delete.
The page refreshes to add a column of checkboxes to the Search Results list.

Note: If the option is inactive, you do not have delete permission for the
application. If you enable the delete option, it remains active until you disable it
or leave the Search Results page.

3. In the Search Results list, select:

l One or more records by selecting the checkbox for each record.
l All records listed on the page by selecting the checkbox in the column header
row.

4. In the page toolbar, click Delete .

5. When prompted to confirm the deletion, click OK.
After the selected records are deleted, the Search Results page refreshes to
show remaining records. If any record deletions failed, a message lists those
records and the reasons they were not deleted.

Edit a Record from Search Results

Complete this task to edit a record from the list of search results if:
l The application owner or administrator enabled the Direct to Edit option for the
application.
l You have update privileges for content records in the application.

Chapter 3: Managing Searches and Reports 71

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. On the Search Results page, click the link for the record that you want to edit.

Note:  If the record does not open in edit mode, either the Direct to Edit option
is disabled or you do not have update privileges for the record.

2. Edit the record.

Charting
When running a statistics search, you can view your search results as a chart rather
than text. The charting functionality is designed for you to grasp the full scope of
data without paging through hundreds or thousands of records. Charts can provide a
snapshot of your business or can sum up large amounts of data. You can share
charts by exporting them to embed into presentations, by emailing them, or printing
them for paper distribution.
The Platform can render search results in different chart types. Most chart types
can be displayed in different styles. For chart type information, see Supported Chart
Types. With the system's drill-down capabilities, you can click on a data element of
a chart to view details of the underlying data. For more information, see Drill Down
into Chart Data.

Statistical Search Query

To display the results of a search in a chart, you must build a statistical search
query that supports charting. A statistical query allows you to use different options
to mine fields of records in an application and return data groupings based on the
desired searched results of the query. For more information, see Run a Statistics
Search.
To render a chart, the results of the statistical query must form a series (see
Charting Terminology). You use the functions that are offered in a statistical
search, for example "Group by" and "Count of," to define the series results for your
charts. For more information, see Statistical Report Functions.

Single-Series Charts
In a single-series chart, a single data point is plotted for each data value in the
specified data category. To produce a single-series chart, a statistical search must
contain only one Group by function and only one aggregate function. Certain chart
types support single-series charting. For more information, see Chart Type Report
Configurations.

72 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Multi-Series Charts
In a multi-series chart, multiple sets of data points are plotted for each data value
within one or more data categories. To produce a multi-series chart, a statistical
search must contain one of the following configurations.

Statistical Search Configuration Results

One Group by function with more than Plots a single group of data elements
one aggregate function resulting from the Group by function
against a grouping of data points resulting
from the aggregate functions.

Two Group by functions with one or two Plots the two groups of data elements
aggregate functions resulting from the Group by functions
against the grouping of data points
resulting from the aggregate functions.

Two Group by functions with more than No chart is rendered.

two aggregate functions

For more information, see Chart Type Report Configurations.

Charting Toolbar
Once a statistical query is created that can be used in a chart, the Charting toolbar
is displayed at the top of the Search Results page. After setting the report format to
Chart and Data or Chart Only, you can use the toolbar to select the chart type that
you want to display and configure the properties of the selected chart type.
For more information, see Charting Toolbar Options.

Chapter 3: Managing Searches and Reports 73

 RSA Archer GRC Platform Solutions User Guide

Charting Terminology
The following table defines terms relating to the Charting feature in the Platform.

Term Definition

Aggregate A function that returns a single value, calculated from the values of
each distinct value of a Group by function. The aggregate function
is intended to be used in combination with a Group by function.
For example, if you are performing a statistics search in the
Facilities application, and you apply the Group by function to the
Region field and apply the Count of function to the Facility Name
field, you can produce a report listing the number of facilities by
region.

Data Point A single numeric value displayed as a part of bar, pie slice, or other
shape associated with a given data element in a chart. For example,
for Risk Level, the data element "High" has a value of 23. This
numeric value translates into a data point for charting purposes.

Group by A function that returns a single record for each distinct value stored
in the specified field. This function is intended to be used in
combination with an aggregate function. For example, if you are
performing a statistics search in the Facilities application, and you
apply the Group by function to the Region field and apply the
Count of function to the Facility Name field, you can produce a
report listing the number of facilities by region.
Additionally, if you apply the Group by function to two or more
fields in the Selected list, the statistical report is grouped by the
first Group by field in the list, and all other fields with the Group
by function are nested in the previous Group by field in the list.
Therefore, building on your statistical search in the Facilities
application, you can nest the Type field with the Group by
function under the Region field, which produces a report that lists
both the number and type of facilities by region.

Marker A static line, needle, or shaded area that can be added to charts to
communicate a goal, requirement level, overload range, or
comparison figure.

Render To create a chart representing the results of a statistical search.

Series A group of data points, such as the entire line on a chart.

74 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Supported Chart Types

The following table describes the available chart types. Additionally, display
variations are listed for each chart type.

Chart Type Description

Vertical Bar Used to render a single-

series chart or multi-series
chart. The height of the
rectangular bars are
proportional to the values
they represents. In a
single-series chart, the
Group by function data
elements are plotted along
the X axis and the
aggregate values are
plotted along the Y axis.
In a multi-series chart, the
first Group by function
data elements are plotted
along the X axis, the
second Group by function
data elements are also
plotted along the X axis
as separate vertical bars,
and the aggregate values
are plotted along the Y
axis.
Display variations
include:
l Standard
l Stacked
l Full Stacked
l Cylinder
l Stacked Cylinder
l Full Stacked Cylinder
l Pareto

Horizontal Bar Used to render single-

series or multi-series
charts. The length of the
rectangular bars are

Chapter 3: Managing Searches and Reports 75

 RSA Archer GRC Platform Solutions User Guide

Chart Type Description

proportional to the values

they represents. In a
single-series chart, the
Group by function data
elements are plotted along
the Y axis and the
aggregate values are
plotted along the X axis.
In a multi-series chart, the
first Group by function
data elements are plotted
along the Y axis, the
second Group by function
data elements are also
plotted along the Y axis
as separate horizontal
bars, and the aggregate
values are plotted along
the X axis.
Display variations
include:
l Standard
l Stacked
l Full Stacked
l Cylinder
l Stacked Cylinder
l Full Stacked Cylinder
l Progress Bar

Pie Used to render single-

series charts. The data
points for each series are
plotted as slices (wedges).
Each slice of the pie is
measured by its size. The
larger the value of an
element's data point, the
larger the slice relative to
all other elements on the
chart. Pie charts do not
support multi-series

76 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Chart Type Description

charting.
Display variations
include:
l Standard
l Explode Largest
l Explode Smallest
l Explode All

Donut Used to render single-

series charts. The data
points for each series are
plotted as slices (wedges).
Each slice of the donut is
measured by the size of
the slice. The larger the
value of an element's data
point, the larger the slice
relative to all other
elements on the chart.
Donut charts do not
support multi-series
charting.
Display variations
include:
l Standard
l Explode Largest
l Explode Smallest
l Explode All

Gauge Used to render single-

series charts. Each data
point is represented by an
individual gauge. Gauge
charts do not support
multi-series charting.
Display variations
include:
l Standard
l Clipped

Chapter 3: Managing Searches and Reports 77

 RSA Archer GRC Platform Solutions User Guide

Chart Type Description

l Vertical Linear
l Horizontal Linear

Funnel Used to render single-

series charts. The funnel
represents a value of 100
percent, with each data
point in the stack
representing a portion of
the total percentage.
Display variations
include:
l Standard
l Squared

Line Used to highlight trends

by drawing connecting
lines between data points.
Display variations
include:
l Standard
l Rounded
l Stacked (multi-line)
l Rounded Stacked
(multi-line)

Radar Used for comparing the

aggregate values of
several data points. This
chart type displays single-
series or multi-series data
in the form of a 2D chart
of three or more data
elements represented on
axes starting from the
same point. A line
connects the data points
of each element until all
elements are connected,

78 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Chart Type Description

forming a complete shape.

Display variations
include:
l Standard
l Stacked Area
l Line Series

Bubble Used to show the

relationships between the
plotted data points that
have three numerical
values. The values that
are displayed on a bubble
chart indicate their size,
as well as their relative
positions with respect to
the value of each data
point and their numeric
axis. The size of the
bubble is indicated by the
third value, which is a
numeric data element.
Display variations
include:
l Standard

Heat Map - Standard Used to show data in a

tabular format with user-
defined color ranges, for
example, low, average,
and high. This chart type
displays series values in a
matrix of two categories.
The type of heat map that
is generated is based on
the combination of the

Chapter 3: Managing Searches and Reports 79

 RSA Archer GRC Platform Solutions User Guide

Chart Type Description

Group by functions and

Aggregate functions and
the specific field types.
For more information, see
Chart Type Report
Configurations.

Heat Map - Risk (Summary)

Heat Map - Risk (Scatter Overlay)

Scatter Used to show the

relationships among the
1 Group by (not Tracking ID field) and 2 aggregate
numeric values in several
functions
data series, or plots two
groups of numbers as one
series of XY coordinates.
The appearance of scatter
charts is based on the
field assigned to the
Group by function and
the number of aggregates.
For more information, see
Chart Type Report

80 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Chart Type Description

1 Group by on Tracking ID field and 2 aggregate functions Configurations.

2 Group by and 2 aggregate functions

Display Variations
The following table describes the display variations for each chart type.

Chart Type Display Variation Description

Vertical bar Standard Each data point is represented in the bar,

which makes up the series.

Vertical bar Pareto The combination chart has a single series

duplicated with one as a vertical bar and the
other as a line chart. In this display variation,
the line indicates the cumulative total as a
percentage at each data point of the bar. The
line forms a rising arc as it encounters more
data points whose percentage of the
cumulative total continues to add to the
value represented at each point of the line
chart.

Vertical bar Cylinder Each data point in a single or multiple series

Horizontal bar is represented as an individual vertical or

Chapter 3: Managing Searches and Reports 81

 RSA Archer GRC Platform Solutions User Guide

Chart Type Display Variation Description

horizontal cylinder.

Vertical bar Full Stacked The data points are stacked upon each other
Horizontal bar in a single bar, which is oriented vertically
or horizontally according to the selected
chart type. The bar represents a value of 100
percent, and each data point within that bar
represents a portion of the total percentage.

Vertical bar Full Stacked Cylinder The data points are stacked upon each other
Horizontal bar in a single cylinder, which is oriented
vertically or horizontally according to the
selected chart type. The cylinder represents a
value of 100 percent, and each data point in
the cylinder represents a portion of the total
percentage.

Vertical bar Stacked The data points are stacked upon each other
Horizontal bar in a single bar, which is oriented vertically
or horizontally according to the selected
chart type. The bar is divided based on the
number of records included in each data
grouping.

Vertical bar Stacked Cylinder The data points are stacked upon each other
Horizontal bar in a single cylinder, which is oriented ver-
tically or horizontally according to the selec-
ted chart type. The bar is divided based on
the number of records included in each data
grouping.

Horizontal Progress Bar Shows percentage of total number of records

matching the Group by function criteria. The
Y axis plots the Group by function, the X
axis represents 0 to 100 percent, and the
shaded portion of each bar represents the
actual percentage.

Horizontal Standard Each data point is represented as an indi-

vidual horizontal bar.

Pie Standard All slices of the chart are connected. Each

Donut slice renders the data points as a percentage
compared to the other values on the face of

82 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Chart Type Display Variation Description

the pie itself.

Pie Explode All All slices of the chart are separated from each
Donut other. Each slice has its data points rendered
as a percentage compared to the other data
points.

Pie Explode Largest The largest slice of the chart is separated

Donut from the rest of the slices. Each slice has its
data point rendered as a percentage compared
to the other data points. If there are multiple
largest slices, all slices of the pie are
exploded.

Pie Explode Smallest The smallest slice of the chart is separated

Donut from the rest of the other slices. Each slice
has its data point rendered as a percentage
compared to the other data points.If there are
multiple smallest slices, all slices of the pie
are exploded.

Gauge Clipped The gauge has an angled bottom compared

to standard gauges, which are completely
round.

Gauge Horizontal Linear The dial-type gauge is replaced as a hori-

zontal bar representing the data point.

Gauge Standard A single data point plotted within a dial-like

display. The scale values are distributed in a
clock-wise fashion on the face of the gauge.
A needle originates from the center of the
gauge and acts as the data point. If a stat-
istics search results in a series consisting of
two or more data points, a gauge is rendered
for each of the data points. Gauge charts do
not support multi-series charting.

Gauge Vertical Linear The dial-type gauge is replaced with a ver-

tical bar representing the data point.

Funnel Squared The chart uses straight lines with a square

base when viewed in 3D.

Chapter 3: Managing Searches and Reports 83

 RSA Archer GRC Platform Solutions User Guide

Chart Type Display Variation Description

Funnel Standard The chart is displayed in a rounded format.

Line Rounded The data points are displayed as symbols con-

nected by a curved line. If the chart is in 3D
format, the data points are connected by
curved ribbons.

Line Rounded Stacked The area under the rounded line is shaded.

Line Stacked The area under the straight line is shaded.

Line Standard The data points are displayed as symbols con-

nected by a straight line. If the chart is in 3D
format, the data points are connected by rib-
bons.

Radar Line Series The chart is created using lines instead of

areas.

Radar Stacked Area Each series is stacked on top of each other

and draws each radar proportionately smaller,
stacking each series largest to smallest. Each
series is filled with a unique color to dis-
tinguish it from other radars.

Radar Standard Each data point in a series uses a separate fill

color while the other data points in another
series are used to measure the points for the
radar. For example, in a multi-series chart, the
number of axes is determined by the number
of values in the field listed as the second
Group by function in the search criteria. If
this field has four values, the system renders
the data across four axes.

Bubble Standard Two of the quantitative values of the bubble

are plotted on the X and Y axes, while the
other value is represented by its diameter. A
fourth value can be added that is represented
by the color.

Chart Type Report Configurations

The options in the drop-down Chart Type list on the Charting toolbar are based on
the Group by and aggregate functions included in a statistical report.
For more information on setting up a statistics report, see Run a Statistics Search.

84 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

The following table identifies the available chart types according to the number of
Group by and aggregate functions.

1 Group by Function 2 Group by Functions

1 Aggregate Function Vertical Bar Vertical Bar

Horizontal Bar Horizontal Bar
Pie Line
Donut Radar
Gauge Bubble
Funnel Heat Map - Standard
Line Heat Map - Risk (Summary)
Radar Note: For Heat Map - Risk
(Summary), the Group by
functions must be Values
Lists and the aggregate
function must be a numeric
field.

> 1 Aggregate Function Vertical Bar Cannot chart

Horizontal Bar
Line
Radar
Bubble
Scatter

2 Aggregate Functions Heat Map - Risk (Scatter Scatter

Overlay)
Scatter

Note: The scatter chart

will plot differently
based on whether the
Group by function is the
Tracking ID field.

3 Aggregate Functions Bubble Cannot chart

For more information, see Supported Chart Types.

Chapter 3: Managing Searches and Reports 85

 RSA Archer GRC Platform Solutions User Guide

Managing Charts
When you run a statistics search, the results of your search are displayed as
statistical data in a table. You can display this data in chart form, which can
provide you with a more concise visual presentation of the information. An
application cannot render a chart if any of the following conditions exist:
l The statistics search yields more than 400 points.
l The statistics search is configured with more than two Group by functions or
more than three aggregate functions.
l The statistics search is configured to apply either the Minimum of or Maximum
of aggregate function to a date type field.
l The statistics search yields more than one value in a mode aggregate.
l The statistics search yields unchartable data. For example, if you include an
aggregate function for a sub-form contained in a field, and no sub-form records
are attached to any parent records, there is no data for the sub-form aggregate.
Therefore the chart is not rendered.

For more information on Group by and aggregate functions, see Statistical Report
Functions.
The Platform can render search results in different chart types, and each chart type
can be displayed in different styles. For chart type information, see Supported Chart
Types.
To work with charts, begin with any of the following tasks:

l Create a Vertical Bar Chart l Create a Line Chart

l Create a Horizontal Bar Chart
l Create a Pie Chart
l Create a Donut Chart
l Create a Gauge Chart
l Create a Funnel Chart
l Create a Radar Chart
l Create a Bubble Chart
l Create a Heat Map Chart
l Create a Scatter Chart

After creating the chart, you use the Charting toolbar to configure the chart. For
example, you can configure the chart to display in 3D or specify the color properties
of the data series, legend, and plot area. For more information, see Charting
Toolbar Options.
You can specify how the advanced search results can be displayed for a user to
drill into the chart. For more information, see Set Statistics Drill Down Options.
Create a Vertical Bar Chart
Complete this task to create a vertical bar chart to visually compare or contrast data
points as their actual values or as a comparative percentage in one or more series of
data elements.

86 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Vertical bar charts provide a visual representation of grouped data. The data
grouped by the possible values of the field appears along the X axis and the height
of the bar corresponds to the value of each grouping.
The following table identifies the report configurations and plotting results for
vertical bar charts.

Report Configuration Plotting Results

One Group by function Group by function plotted on X axis

with one or more aggregate Aggregate value plotted on Y axis
functions

Two Group by functions First Group by function plotted on X axis

with one aggregate
Second Group by function plotted as subset of first Group
function
by function on X axis and referenced in the legend
Aggregate value plotted on Y axis

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Vertical Bar.

Next Steps
To configure the vertical bar chart, complete any of the following tasks:

l Display a Chart in 3D l Apply Shading to a Data Series

l Configure Display Variations l Enable Smart Breaks
l Set Chart Colors l Create Threshold Markers
l Define the Chart Transparency l Configure the Chart Labels and Legend

Create a Horizontal Bar Chart

Complete this task to create a horizontal bar chart to visually compare or contrast
data points as their actual values or as a comparative percentage in one or more
series of data elements.
Horizontal bar charts provide a visual presentation of data that is grouped into
categories. The categories appear along the Y axis and the length of the bar
corresponds to the value of each category.

Chapter 3: Managing Searches and Reports 87

 RSA Archer GRC Platform Solutions User Guide

The following table identifies the report configurations and plotting results for
horizontal bar charts.

Report Configuration Plotting Results

One Group by function Group by function plotted on Y axis

with one or more aggregate Aggregate value plotted on X axis
functions

Two Group by functions First Group by function plotted on Y axis

with one aggregate
Second Group by function plotted as subset of first Group
function
by function on Y axis and referenced in the legend
Aggregate value plotted on X axis

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Horizontal Bar.

Next Steps
To configure the horizontal bar chart, complete any of the following tasks:

l Display a Chart in 3D l Apply Shading to a Data Series

l Configure Display Variations l Enable Smart Breaks
l Set Chart Colors l Create Threshold Markers
l Define the Chart Transparency l Configure the Chart Labels and Legend

Create a Pie Chart

Complete this task to create a pie chart to visually compare or contrast data points
as their actual values or as a comparative percentage in a single series of data
elements.
Pie charts are circular charts divided into slices, illustrating proportions. In a pie
chart, each data element from the Group by function is represented by its own slice
of the pie. The aggregate value is sized relative to its actual value compared to the
other values.

Note: To create a pie chart, the statistical search must be set up with one Group by
function and one aggregate function.

88 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Pie.

Next Steps
To configure the pie chart, complete any of the following tasks:

l Display a Chart in 3D l Define the Chart Transparency

l Configure Display Variations l Apply Shading to a Data Series
l Set Chart Colors l Configure the Chart Labels and Legend

Create a Donut Chart

Complete this task to create a donut chart to visually compare or contrast data
points as their actual values or as a comparative percentage in a single series of
data elements.
Similar to pie charts, donut charts show the relationship of parts to a whole. In a
donut chart, each data element from the Group by function is represented by its own
piece of the donut. The donut piece is sized by comparing the aggregate value to the
total value of the donut.

Note: To create a donut chart, the statistical search must be set up with one Group
by function and one aggregate function.

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Donut.

Next Steps
To configure the donut chart, complete any of the following tasks:

Chapter 3: Managing Searches and Reports 89

 RSA Archer GRC Platform Solutions User Guide

l Display a Chart in 3D l Define the Chart Transparency

l Configure Display Variations l Apply Shading to a Data Series
l Set Chart Colors l Configure the Chart Labels and Legend

Create a Gauge Chart

Complete this task to create one or more gauges for every data element in a single
series to individually compare and contrast each data point of a data element.
Gauge charts are often used to present key indicators to the end users, such as
statistics or measurement of a particular data point against a defined point or group
of points. A needle originates from the center of the gauge and acts as the data
point. In a gauge chart, each element of a Group by function is represented by its
own gauge. The aggregate value is the value of the gauge itself shown in a tooltip.

Note: To create a gauge chart, the statistical search must be set up with one Group
by function and one aggregate function.

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Gauge.

Next Steps
To configure the gauge chart, complete any of the following tasks:

l Configure Display Variations l Add Range Markers for Gauge Charts

l Set Chart Colors l Identify Data Point Markers for Gauge
Charts
l Apply Shading to a Data Series

Create a Funnel Chart

Complete this task to create a funnel chart, in which each element of the Group by
function is a piece of the funnel and the vertical height of each piece of the funnel
represents the aggregate value.

Note: To create a funnel chart, the statistical search must be set up with one Group
by function and one aggregate function.

90 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Funnel.

Next Steps
To configure the funnel chart, complete any of the following tasks:

l Display a Chart in 3D l Define the Chart Transparency

l Configure Display Variations l Configure the Chart Labels and Legend
l Set Chart Colors

Create a Line Chart

Complete this task to create a line chart to display information as a series of data
points connected by a line. A typical use of a line chart is to visualize a trend in
data over intervals of time, thus the line chart is often used for chronological data.
The following table identifies the report configurations and plotting results for line
charts.

Report Configuration Plotting Results

One Group by function Group by function plotted on X axis

with one aggregate
Aggregate value plotted on Y axis
function

One Group by function Group by function plotted on X axis

with more than one
Each selected aggregate function is plotted as a separate
aggregate functions
line containing points for each Group by value.

Two Group by functions First Group by function plotted on X axis

with one aggregate
Each element of second Group by function plotted in its
function
own line
Aggregate value plotted on Y axis

Before You Begin

Run a Statistics Search

Chapter 3: Managing Searches and Reports 91

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Line.

Next Steps
To configure the line chart, complete any of the following tasks:

l Display a Chart in 3D l Enable Smart Breaks

l Configure Display Variations l Create Threshold Markers
l Set Chart Colors l Configure the Chart Labels and Legend
l Define the Chart Transparency

Create a Radar Chart

Complete this task to create a radar chart to identify any trends across each data
point in one or more series.
Radar charts plot the values of each category along a separate axis that starts in the
center of the chart and ends on the outer ring. In a radar chart, the elements of the
Group by function are the "spokes" of the chart. The aggregate value for each
element is the value from the center outwards compared to the other aggregate
values.
The following table identifies the report configurations and plotting results for radar
charts.

Report Configuration Plotting Results

One Group by function Each element of the Group by function rendered as a

with one or more aggregate spoke in the radar
functions Each aggregate function rendered as a line

Two Group by functions Each element of the second Group by function rendered as
with one aggregate a spoke in the radar
function
Each aggregate functions plotted as a line

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.

92 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

2. From the Chart Type list, select Radar.

Next Steps
To configure the radar chart, complete any of the following tasks:

l Configure Display Variations l Define the Chart Transparency

l Set Chart Colors l Configure the Chart Labels and Legend

Create a Bubble Chart

Complete this task to create a bubble chart to visually compare and contrast data
points across multiple series.
Bubble charts display a set of numeric values as spheres. The spheres represent
different data values, with the diameter of a sphere corresponding to the value.
The following table identifies the report configurations and plotting results for
bubble charts.

Report Configuration Plotting Results

One Group by function Group by function represented by bubble size and shown
with two aggregate in legend
functions
Aggregate values plotted in X and Y axes

One Group by function Group by function shown in the legend

with three aggregate
Aggregate values plotted in X and Y axes with the third
functions
aggregate value represented by bubble size

Two Group by functions First Group by function plotted in X axis

with one aggregate
Second Group by function shown in legend
function
Aggregate value plotted in Y axis and represented by
bubble size

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Bubble.

Next Steps
To configure the bubble chart, complete any of the following tasks:

Chapter 3: Managing Searches and Reports 93

 RSA Archer GRC Platform Solutions User Guide

l Display a Chart in 3D l Apply Shading to a Data Series

l Set Chart Colors l Configure the Chart Labels and Legend
l Define the Chart Transparency

Create a Heat Map Chart

Complete this task to create a heat map chart to visualize risk across a department,
business unit, or the entire organization. Heat maps can also be used to understand
below or above average trends in the data or to see abnormalities.
Heat maps are graphical representations of data where the values taken by a
variable in a 2-dimensional map are represented as colors.
The following table identifies the report configurations and plotting results for heat
map charts.

Report Configuration Plotting Results

One Group by function Renders a risk chart with a scatter overlay.

with two aggregate
functions Note: If you switch between this chart type and the scatter
chart type, you will get similar scatter points.

Two Group by functions Renders the standard heat map chart.

and one aggregate function

Two Values Lists Group by Renders the standard heat map, which you can change to
functions with one the risk (summary) chart.
aggregate function

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Heat Map.

Next Steps
To configure the heat map chart, complete any of the following tasks:

94 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

l Set Chart Colors

l Configure Heat Map Display Properties (applicable for heat map - risk (with
scatter overlay) charts)
l Configure Axis Labels for Heat Maps

Create a Scatter Chart

Complete this task to create a scatter chart to quickly identify outliers, which are
data points that deviate markedly from other data points of the sample of data in
which it occurs.
Scatter charts have two value axes, showing one set of numerical data along the X
axis and another along the Y axis. These values are combined into single data
points, which are displayed in clusters.
The following table identifies the report configurations and plotting results for
scatter charts.

Report Configuration Plotting Results

One Group by function Group by function represented by data points

(not Tracking ID field) with
First aggregate value plotted on X axis
two aggregate functions
Second aggregate value plotted on Y axis

One Group by function (on All data points will be one color.
the Tracking ID field) with
two aggregate functions

Two Group by functions First Group by function represented by data points of

with two aggregate different color
functions
Second Group by function represented in label
First aggregate value plotted on X axis
Second aggregate value plotted on Y axis

Before You Begin

Run a Statistics Search

Procedure
1. On the Search Results page of the statistics search that you just ran, select
either Chart and Data or Chart Only in the Charting toolbar.
For more information on the Charting toolbar, see Charting Toolbar Options.
2. From the Chart Type list, select Scatter.

Next Steps
To configure the scatter chart, complete any of the following tasks:

Chapter 3: Managing Searches and Reports 95

 RSA Archer GRC Platform Solutions User Guide

l Set Chart Colors l Configure the Chart Labels and Legend

Charting Toolbar Options

Based on the combination of the number of Group by functions and aggregate
functions, the Charting toolbar is displayed at the top of the Search Results page for
a statistics search. For more information, see Chart Type Report Configurations.
The toolbar provides controls for selecting the type of chart that you want to view
and for configuring the properties of the selected chart type. These controls include
the color palette, transparency, shading, and labeling of charts.
To review a description of a particular option in the toolbar, click the toolbar option
in the following figure.

The following table describes the options available for configuring a chart.

Icon Description

Report Format Allows you to choose the format in which the resulting statistical
data is displayed. Available options include:
l Chart and Data. Displays both the chart and data results from
the statistical search.
l Chart Only. Displays only the rendered chart as a result from
the statistical search.
l Data Only. Displays only the rendered data as a result from
the statistical search. No charts are rendered or displayed when
you select this option. Also, this option is the only available
option if the statistical query cannot be rendered as a chart.

For more information, see Change the Display Format.

Chart Type Allows you to choose the chart that represents the results of a
statistical search data. Selecting a different chart causes the Search
Results page to refresh and display the new chart type.
Depending on the number of series in the statistical search, only
certain charts can be rendered.
For more information, see Choose a Chart Type.

3D Mode Allows you to toggle to 3D for the currently displayed chart, if

the chart type supports this option. When you select the 3D
option, the chart is redrawn in a 3-dimensional format. When the
checkbox is cleared, the chart reverts to a 2-dimensional format.

96 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Icon Description

Note: The gauge, radar, heat maps, and scatter chart types do not
support 3D rendering.

For more information, see Display a Chart in 3D.

Chart Options Allows you to select specific display variation available for the
currently displayed chart. For more information, see Display
Variations.
The purpose of these variations is to enhance the visual look and
feel of the chart, as well as to offer more clarity to the data being
presented. Any time that you change a chart type, the Chart
Options list dynamically updates with the available options for
the selected chart type.
For information, see Configure Display Variations.

Colors Dialog Allows you to customize the colors for the following elements of
a chart:
l Data Series. Allows you to select from predefined color
palettes (that is, themed collections of colors) or select a
specific color for each data series.
l Legend. Allows you to select the background and border
colors for charts that support these features. This option is not
available for gauge charts.
l Plot Area. Allows you to select the background and border
colors for charts that support these features. This option is not
available for gauge charts.

Note: For heat map - standard charts, you can define one or more
color thresholds. For heat map - risk (summary and scatter
overlay), you can select the color for each section.

For information, see Set Chart Colors.

Transparency Level Allows you to select from various levels of transparency for the
currently displayed chart. By default, charts do not have any
transparency applied.
For more information, see Define the Chart Transparency.

Chart Effects Allows you to set the following features of the currently
displayed chart:
l Shading. Allows you to select a shading effect that is applied
to a series based on the currently selected chart type.

Chapter 3: Managing Searches and Reports 97

 RSA Archer GRC Platform Solutions User Guide

Icon Description

l Smart Breaks. Allows you to create a break in a chart to

remove empty space between two data points that have a
percentage of difference between them. The vertical bar,
horizontal bar, and line chart types support the smart break
option. This option is not available for bar charts when
displayed in 3D.
l Threshold Markers. Allows you to configure one or more
visual threshold marker or range for a chart. These markers
indicate when a certain benchmark has been reached or the
progress of a particular item. By default, no threshold markers
or ranges are configured. Markers are available on vertical bar,
horizontal bar, and gauge charts. Ranges are only available on
gauge charts.
l Heat Map Display Properties. Allows you to define the
number of sections of a heat map - risk (scatter overlay) chart
and its thresholds.

For more information, see the following:

l Apply Shading to Data Series
l Enable Smart Breaks
l Create Threshold Markers
l Add Range Markers for Gauge Charts
l Identify Data Point Markers for Gauge Charts
l Configure Heat Map Display Properties

Value Labels Allows you to configure the following features of the currently
displayed chart:
l Position of the chart legend
l Display of value labels relative to series data points
l Display of the data labels in the chart representing the values.
l Display of X axis or Y axis value labels.

For more information, see Configure Chart Labels and Legend.

With heat map charts, you can only configure the axis labels. For
information on configuring these labels for heat map charts, see
Configure Axis Labels for Heat Maps.
Additionally this option is not available for gauge charts.

98 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Change the Display Format

Complete this task to choose the format of the resulting statistical data using the
Display Format list.
Display format options include:
l Chart and Data. Renders the chart above the data grid.
l Chart Only. Displays the chart, but not the data grid.
l Data Only. Displays the data grid, but not a chart.

Note: When this option is selected, all other tools on the Charting toolbar become
unavailable. Tools remain disabled until you select either the Chart and Data
option or the Chart Only option.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure
1. On the Search Results page of the chart that you created, click
and select the preferred display format.
2. To save your chart, click Save.

Choose a Chart Type

Complete this task to specify a chart type.
The Chart Type list identifies the available chart types for the statistical report.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure
1. On the Search Results page of the chart that you created, click
and select the preferred chart type.
2. To save your chart, click Save.

Display a Chart in 3D
Complete this task to toggle between a 2-dimensional and 3-dimensional rendering
of a chart. When you select the 3D option, the chart is redrawn in a 3-dimensional
format. When the checkbox is cleared, the chart reverts to a 2-dimensional format.

Important: The gauge, radar, heat map, and scatter chart types do not support 3-
dimensional rendering.

Chapter 3: Managing Searches and Reports 99

 RSA Archer GRC Platform Solutions User Guide

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure

1. On the Search Results page of the chart that you created, select to
enable the 3-dimensional effect.
2. To save your chart, click Save.

Configure Display Variations

Complete this task to choose the display variation for a chart.
The Chart Options list identifies the display variations available for the selected
chart type. Any time that you change the chart type, the Chart Options list
dynamically updates to include the correct options for the selected chart type.
When you change the chart type, the Platform automatically selects the Standard
option for the new chart. For more information, see Display Variations.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure

1. On the Search Results page of the chart that you created, click and
select the preferred display variation.
2. To save your chart, click Save.

Set Chart Colors

Complete this task to specify the color properties of the data series, legend, and plot
area of a chart.
In the Charting Colors dialog box, in the Data Series section, you can select from
predefined color palettes or select a specific color for each data series. In the
Legend and Plot Area sections, you can select the background and border colors.
For gauge chart types, you also can select the gauge color. For heat map - risk
(standard and scatter overlay) chart types, you can color each individual section.
For heat map - standard chart types, you can define one or more color thresholds.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

100 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Procedure

1. On the Search Results page of the chart that you created, click .
2. In the Data Series section, complete one of the following tasks.

Task Action

Choose colors from a a. Select Standard.

predefined palette.
b. Click the drop-down arrow and select one of
the available predefined palettes.

Create your own custom color a. Select Custom.

scheme.
b. For each item in the Series Name column,
click the color drop-down arrow and select a
color in the Color Picker dialog box.

3. In the Legend and Plot Area sections, click the color drop-down arrow for
Background Color and Border Color and select the preferred color in the
Color Picker dialog box.

Note: The Legend section is not available for the heat map -risk (summary) and
heat map - risk (with scatter overlay) chart types

4. (Optional) For gauge charts, click the color drop-down arrow for Gauge Color
in the Plot Area and select the preferred color in the Color Picker dialog box.
5. Click OK.
6. To save your chart, click Save.

Define the Chart Transparency

Complete this task to display the data series of the chart as solid or transparent to
some degree. By default, the data series are displayed as solid.

Important: Because the gauge chart type is always solid, the Transparency list is
not available for gauges. Additionally, heat map and scatter chart types do not
support the Transparency feature.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Chapter 3: Managing Searches and Reports 101

 RSA Archer GRC Platform Solutions User Guide

Procedure

1. On the Search Results page of the chart that you created, click and
select one of the following levels of transparency:
l 0%
l 25%
l 50%
l 75%
2. To save your chart, click Save.

Apply Shading to the Data Series

Complete this task to apply shading to a data series. The shading effect that you can
apply to data series is based on the selected chart type.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure

1. On the Search Results page of the chart that you created, click and
select the preferred shading effect. See Shading Options.
2. Click OK.
3. To save your chart, click Save.
Shading Options
The following table identifies which shading options are available for specific chart
types.

Shading Option Chart Types Exceptions

Standard All chart types except l 3D pie or 3D donut. Only

gauges standard shading.
l Vertical bar or horizontal
bar. Only standard shading
when using the cylinder
options.

Soft Vertical Bar

Horizontal Bar
Pie
Donut

Sharp Vertical Bar

102 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Shading Option Chart Types Exceptions

Horizontal Bar

Gradient Vertical Bar

Horizontal Bar

Glass Vertical Bar

Horizontal Bar
Pie
Donut

Sunburst Vertical Bar

Horizontal Bar

Brushed Metal Vertical Bar

Horizontal Bar

Muted Vertical Bar

Horizontal Bar

Glow Vertical Bar

Horizontal Bar

Shading for gauge chart types include the following options:

l African Sunset l Ice Cold Zone l Retro

l Clean White l Mechanical l Shining Dark
l Dark Night l Military l Silver Blur
l Gothic Mat l Pure Dark

The following chart types do not support changing shading from the standard option:

l Funnel l Heat Map

l Line l Scatter
l Radar

Chapter 3: Managing Searches and Reports 103

 RSA Archer GRC Platform Solutions User Guide

Enable Smart Breaks

Complete this task to create a break in a chart to remove empty space between data
points that have a significant percentage of difference between them.
The following chart types support the smart break option:
l Vertical bar
l Horizontal bar
l Line

This option is not available for any charts displayed in 3D mode.

For more information on chart types, see Supported Chart Types.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure

1. On the Search Results page of the chart that you created, click and
select Smart Breaks.
2. Click OK.
3. To save your chart, click Save.

Create Threshold Markers

Complete this task to create threshold markers to show how each data element
compares to the defined marker for the following chart types:
l Vertical bar
l Horizontal bar
l Line

You can have up to five markers in a chart. The marker name, value, color, and
style appear in the legend of the chart.

Note: If you set markers on a vertical bar chart, and then switch to a horizontal bar
chart or line chart, the markers are displayed. However, if you convert a vertical or
horizontal bar chart to any other chart type, the markers are not displayed.

For information on setting threshold markers on gauge charts, see the following:
l Add Range Markers for Gauge Charts
l Identify Data Point Markers for Gauge Charts

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

104 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Procedure

1. On the Search Results page of the chart that you created, click .
2. In the Marker Name field, enter a label for the marker.
When the chart is redrawn, the marker name is displayed beside the marker
line.
3. In the Value field, enter the numeric value for the maker.
This number represents the position of the marker on the chart.
4. In the Style field, select a line style for the marker.
5. In the Color field, click the color drop-down arrow to open the Color Picker
dialog box and click the preferred color
6. (Optional) To add more markers, repeat steps 3 through 5.
Important: For each marker that you want displayed on the chart, be certain to
select its corresponding checkbox.

7. To save your chart, click Save.

Add Range Markers for Gauge Charts

Complete this task to add range markers to gauge charts. This functionality allows
you to add one or more static markers to indicate value ranges that can
communicate a goal, requirement level, or overload range. When you select the
Range option, you can display one or more color-coded ranges on the inside edge of
one or more gauges.

Before You Begin

Create a Gauge Chart

Procedure

1. On the Search Results page of the chart that you created, click .
2. From the Type list, select Range.
3. From the first Group list, select the value to which you want to apply the
marker.

Note: Each value in the Group list, except for the All option, represents one
gauge. If the statistics search produced only one gauge, select the value that you
used to filter the search. If the statistics search produced multiple gauges, you
can configure markers to be displayed on each gauge by selecting a value in the
additional Group lists. Additionally, you can add a set of range markers to all
gauges by selecting the All option.

4. In the Marker Name field, enter a name for the marker.

When the chart is redrawn, the name is displayed in the chart legend.

Chapter 3: Managing Searches and Reports 105

 RSA Archer GRC Platform Solutions User Guide

5. In the Min field, enter the low value of the range that the marker should plot in
the gauge chart.
6. In the Max field, enter the high value of the range that the marker should plot in
the gauge chart.
7. In the Color field, click the color drop-down arrow to open the Color Picker
dialog box and select the color you want to use.
8. (Optional) To add more range markers, repeat steps 3 through 6.
Important: For each range marker you want displayed on the gauge, be certain
to select its corresponding checkbox.

For example, you can configure a marker that represents a low-risk range, one
that represents a medium-risk range, and another that represents a high-risk
range. If your statistics search produces multiple gauges, you can configure
range markers for each gauge by selecting values in the additional Group fields.
To add range markers to more than three gauges, click Add New.
9. Click OK.
10. To save your chart, click Save.

Identify Data Point Markers for Gauge Charts

Complete this task to display one or more static triangles on single or multiple
gauges.

Before You Begin

Create a Gauge Chart

Procedure

1. On the Search Results page of the chart that you created, click .
2. From the Type list, select Marker.
3. From the first Group list, select the value to which you want to apply the
marker.

Note: Each value in the Group list, except for the ALL group, represents one
gauge. If the statistics search produced only one gauge, select the value that you
used to filter the search. If the statistics search produced multiple gauges, you
can configure markers to be displayed on each gauge by selecting a value in the
additional Group lists. If you want the same marker to be applied to all of the
gauges, choose ALL instead of choosing a specific group.

4. In the Marker Name field, enter a name for the marker.

5. In the Value field, enter the value that the marker should plot in the gauge chart.

106 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

6. In the Color field, click the color drop-down arrow to open the Color Picker
dialog box and select the correct color.
7. Select the checkbox next to Marker Name to display the marker on the gauge
chart.
8. (Optional) To add more markers, repeat steps 3 through 7.
Important: For each marker you want displayed on the gauge, be certain to
select its corresponding checkbox.

If your statistics search produces multiple gauges, you can configure markers
for each gauge by selecting values in the additional Group fields. To more than
three range markers to a gauge, click Add New.
9. Click OK.
10. To save your chart, click Save.

Configure Heat Map Display Properties

Complete this task to define the number of sections of a heat map - risk (with
scatter overlay) chart and its thresholds. Doing so can help increase the
understanding of the level of severity of each data element or groups of data
elements impacting your organization.

Note: This task is not applicable for heat map - standard or heat map - risk
(summary) chart types.

Before You Begin

Create a risk heat map chart with a scatter overlay. For more information see,
Create a Heat Map Chart.

Procedure

1. On the Search Results page of the chart that you created, click .
2. Enter the number of sections that you want for each axis in the Rows and
Columns fields.
3. In the Y Axis Minimum Value, Y Axis Maximum Value, X Axis Minimum
Value, and Y Axis Maximum Value fields, set the minimum or maximum
number of rows and columns to be included in the chart.
4. Click OK.
5. To save your chart, click Save.

Chapter 3: Managing Searches and Reports 107

 RSA Archer GRC Platform Solutions User Guide

Configure the Chart Labels and Legend

Complete this task to configure any of the following settings based on the chart
type:
l Position of the chart legend
l Display of value labels relative to series data points
l Display of the data labels in the chart representing the values
l Display of X-axis or Y-axis value labels.

Note: This task does not pertain to heat map charts. With heat map charts, you can
only configure the axis labels. For information on configuring these labels for heat
map charts, see Configure Axis Labels for Heat Maps. Also, the Legend setting is
not available for heat map charts.
Additionally the Values Label settings are not available for gauge charts.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure

1. On the Search Results page of the chart that you created, click .
2. From the Legend list, select the positioning of the legend relative to the plot
area of the chart.
The No Legend option displays the numeric values in the chart. Data labels are
not displayed.
3. From the Value Labels list, select how the numeric value labels are to be
displayed relative to the series data points.

Option Description

Automatic The system automatically places value labels to minimize the

potential for label overlapping and collision.

None The labels are hidden from view.

Inside Series The labels are displayed inside each data point.

Outside Series The labels appear as callouts for each data point.

Any value that is not applicable for the selected chart type is not listed in the
Value Labels field. For example, options available for bar charts include
Automatic and None.

108 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

4. To display series labels in the chart that represent the value, select Smart
Labels.

Note: The Smart Labels checkbox does not work unless you have set the Value
Labels option to anything other than None.

5. To display the X-axis or Y-axis value labels on the chart, select Label X-Axis
or Label Y-Axis.
The X-axis option displays the data labels on the X axis for a vertical bar or line
chart. It is available when the statistics search contains a single Group by
function. The Y-axis option displays the data labels on the Y axis of a horizontal
bar chart. It is available when the statistics search contains a single Group by
function.

Note: This option is not available for the pie, donut, funnel, and scatter chart
types.

6. Click OK.
7. To save your chart, click Save.
Configure Axis Labels for Heat Maps
Complete this task to display and configure the axis labels on the chart for heat map
charts.

Before You Begin

Create a Heat Map Chart

Procedure

1. On the Search Results page of the heat map chart that you created, click
.
2. Complete the Axis Labels section according to the following heat map chart
types.

Heat Map - Heat Map - Heat Map -

Standard Risk (Summary) Risk (with Scatter Overlay)

To display both the a. To display both the a. To display both the X-axis
X-axis and Y-axis X-axis and Y-axis and Y-axis Value Labels on
Value Labels on Value Labels on the the chart, select Label Axis.
the chart, select chart, select Label
b. Enter the label names for each
Label Axis. Axis.
axis in the Y Axis and X
b. Enter the label names Axis fields.
for each axis in the Y
c. To define sections along each
Axis and X Axis
axis, enter the label names in
fields.
the Individual Labels fields.

Chapter 3: Managing Searches and Reports 109

 RSA Archer GRC Platform Solutions User Guide

3. Click OK.
4. To save your chart, click Save.

Modify Chart Results with Filters

Complete this task to re-run the statistics search using a search filter to limit or
increase the amount of data displayed in a chart.
When you apply filter criteria and re-run the statistics search, the chart is displayed
with the updated data, and all of the original properties that you assigned to the
chart are maintained whenever possible. However, if you modify the display fields,
the Platform may not be able to support the selected chart type or may either change
the chart type or set it to the Data Only display.

Before You Begin

Create one of the available charts. For more information, see Managing Charts.

Procedure

1. On the Search Results page of the chart you create, click .

The Advanced Search page is displayed listing all previous search criteria for
the statistics search.
2. Add filter criteria.
For more information, see Filter Search Results.
3. (Optional) Modify any additional search criteria.
For more information, see Run a Statistics Search.
4. Click Search.
The statistic search is re-run, and the chart is rendered to reflect the updated
search results.
5. To save your chart, click Save.

Drilling Down into Chart Data

When drill-down options are set up, you can click an individual data element, such
as a bar or pie piece, in a chart to perform a search for all records associated with
that data element. For example, if a bar chart contains a data element indicating
that you are responsible for one laptop, clicking that data element executes a search
for that laptop record in the Asset Management application. Depending on the value
set of the data element, multiple records can be returned in the search results.
Once the search results are displayed, you can return to the chart by clicking
on the drill-down search results page.
For information on setting up drill-down options, see Set Statistics Drill Down
Options.

110 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Set Statistics Drill Down Options

Complete this task to specify how the records are to be displayed for a user to drill
into a chart.
When a statistics search is rendered as a chart, you can drill into a section of the
chart to review the specific records that are contained in the search results of that
data point. For more information on drilling into chart data, see Drilling Down into
Chart Data.

Before You Begin

Run a Statistics Search.

Procedure
1. On the Advanced Search page, expand the Statistics Drill Down Options
section and complete the following tasks.

Chapter 3: Managing Searches and Reports 111

 RSA Archer GRC Platform Solutions User Guide

Task Action

Configure the fields a. From the Available list, select the fields that you want
in the search results. included.

b. (Optional) To remove a field, click to the right of the

field in the Selected list.
c. (Optional) To reorder the fields in the Selected list,
select a field and use the to reposition the field.

112 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Task Action

Set the sorting a. Under Sorting, in the Field column, select the field that
options for the search is the primary sort.
results.
b. In the Order column, select from the following options:
l Ascending. Text values are sorted A to Z. Numeric
values are sorted smallest to largest. Data values are
sorted oldest to newest.
l Descending. Text values are sorted Z to A. Numeric
values are sorted largest to smallest. Data values are
sorted newest to oldest.

Note: Null (blank) values are listed first in ascending

sorts. Prefixes and suffixes are not evaluated when
determining a sort order.

c. In the Grouping column, select whether to enable

grouping.

Note: If you select to enable grouping, you can expand

and collapse sections of the data point search results
based on the values in the sorting field. This option is
available for only the Column-Hierarchical display
format.

d. (Optional) In the second row of the Field column, select

a field by which results should be sorted after the initial
sort.
e. (Optional) Select the order and grouping preferences for
this field.
f. (Optional) to add more fields for sorting, click Add New.
An additional row is added to the sorting display, where
you can select the field, the order and grouping
preferences.

Set the display a. From the Display Format list, select how the search
options. results of the data points are to be displayed.
For more information, see Display Format Types.
b. From the Results per Page list, select the number of
records that should be displayed on each page of the
data point search results.
If the search results include more records than can be
displayed on a single page, a set of arrows appears at the
top of the Search Results page, enabling you to move
from one page to the next.

Chapter 3: Managing Searches and Reports 113

 RSA Archer GRC Platform Solutions User Guide

2. (Optional) Add any additional criteria to your search, such as filters or sorting
options.
See Filter Search Results and Determine the Sort Order for Search Results.
3. Click Search.

Next Steps
Modifying Search Results

Master Reports Listing

The Master Report Listing page displays global and personal reports. Each page
lists up to 50 reports. Reports provide a means of saving search criteria in a given
application that can be reused. A personal report is accessible only by the person
who created it. A global report can be made accessible to all users in an application
or to selected users and user groups.
Users can filter the reports displayed on the Master Report Listing page by name,
solution. application, or type. Because the page is directly linked to all advanced
search pages, users can also initiate searches from the Master Report Listing page
and save their search results as new personal reports. Users also can delete
personal reports on this page. In addition, users who have global report
administration rights can create, edit, and delete global reports from this page.
When working with reports, you can do the following:
l View Personal and Global Reports
l Add a Report
l Update a Report
l Delete a Report

View Personal and Global Reports

Complete this task to view personal and global reports on the Master Report Listing
page. The page provides a central point for locating and executing all reports that
are available to you, including your personal reports and global reports for which
you have been granted access.

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.
2. Using the Grouping and Filter toolbars, filter and sort the list as needed to
locate the report that you want to view.
3. Click the report to execute that report and view it.

114 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Note: If the Navigation Menu properties of an application are configured to show

reports, you can execute a report from the Navigation Menu. Also, you can open the
Master Report Listing page by clicking Master Reports Listing under Management
Reporting in the Administration solution.

Add a Report
Complete this task to create new personal reports. If you have global report
administration rights for an application, you can also create global reports.

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.
2. Click Add New to open the Add New Report dialog box.
3. Select the application that you want to run the report against and click OK.
The Advanced Search page is displayed, enabling you to specify criteria for the
report.
4. Enter your search criteria on the Advanced Search page and click Search.
Your report is displayed.
5. Click Save.
The Save Report page is displayed for the new report. This page enables you to
specify the properties of the report.

Next Steps
Update a Report

Update a Report
Complete this task to edit your personal reports. If you have global report
administration rights for an application, you also can edit global reports.

Before You Begin

Add a Report

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.
2. Click the report that you want to modify.
3. Click Modify in the record toolbar.
The Advanced Search page is displayed.

Chapter 3: Managing Searches and Reports 115

 RSA Archer GRC Platform Solutions User Guide

4. Enter updated search criteria on the Advanced Search page and click Search.
Your modified report is displayed.
5. Do one of the following:
l Click Save.
l Select Save as New Report from the list displayed to save a separate report
with your changes.
l Select Save Report Changes from the list displayed to save the changes to
the existing report.
6. Complete the Report Information section:
a. In the Name field, enter a name for the report.
b. In the Description field, describe the report.
This description is displayed on the Master Report Listing page.
7. In the Report Type section, select whether the report is a personal report or a
global report:
l Personal Report. Accessible only to the person who created it.
l Global Report. Accessible to all users in an application or to selected users
and user groups.
8. If you selected Global Report, access is granted to all users with access rights
to the current application by default. Assign access rights for the report
according to the following options:
l Current User. In the Available list, expand the Current User node and
select the user who you want to have access to the report.
l Groups. In the Available list, expand the Groups node and select the
groups whose members you want to have access to the report.
l Users. In the Available list, expand the Users node and select the users
who you want to have access to the report.
To revoke access rights for a user or group, click in the Selected list.
9. In the iView Caching section, define the caching behavior and duration for the
report. If caching is enabled, the refresh rate is disabled.
l Enabled iView Caching. Select to enable or unselect to disable iView
caching for the report. Caching requires configuration of a caching provider
before it can be enabled.
l Cache Duration. If you enable caching, set the amount of time to display
cached results instead of running a new search to update iView content. You
can set the duration to a minimum of 2 minutes up to a maximum of 30 days.
l Reset to default. Click to change iView caching settings to the global
defaults defined by the instance administrator.

116 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

10. From the Refresh Rate list, select how often you want the report to refresh. If
a refresh rate is set, iView caching is disabled.
11. Click Apply.
12. If you changed the cache duration from one time range to another, open and
refresh the Report iView to complete the change.

Delete a Report
Complete this task to delete your personal reports. If you have global report
administration rights for an application, you also can delete global reports.

Procedure
1. In the top frame of the user interface, click Reports.
The Master Report Listing page is displayed.

2. Click in the row of the report that you want to delete.

3. Click OK.

Working with Trended Data

Trending is a method of data tracking that enables you to track status changes for a
Numeric or Values List field when trending is enabled. Trending charts allow you
to observe patterns in the trending data over a specified period.
The chart reflects a plot point representing each time a field value is saved.
Viewing the trended data on the chart enables you to see trends in the data in order
to make informed business decisions.
You can perform the following tasks related to trending:
l View a trending chart in a record
l Print a record
l Export a record
l Add a Trending Chart to an Application Layout

Trending
Trending is a method of data tracking that enables you to track status changes for a
numeric or field-specific values list field when trending is enabled. Trending charts
allow you to observe patterns in the trending data over a specified period of time.
The chart reflects a plot point for each time a field value is saved. (For more
information, see Viewing a Trending Chart in a Record.) When a field is enabled
for trending with a duration period, the Platform captures trending data for the
specified field and retains the data for the duration period.
An administrator can perform any of the following tasks related to trending:

Chapter 3: Managing Searches and Reports 117

 RSA Archer GRC Platform Solutions User Guide

l Add a trending chart to an application layout

l Arrange elements in an application layout
l Enable trending for a field
l Disable trending on a trended field
l Delete a field

The trending data can be displayed on a chart in the content record after the Add
Trending Chart layout object is added to the application layout. Viewing the trended
data on the chart enables the user to see trends in the data in order to make
informed business decisions.
An end user can perform the following tasks related to trending:
l View a trending chart in a record
l Print a record
l Export a record

118 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Trending charts are similar to Text Box objects and Custom Objects in that they
have the following options: Use Default Settings, Display, and Do Not Display. For
more information, see Special Considerations - ACL.
You can add trending charts to packages that are generated, exported, or installed in
the target instance. There are some important rules that you should know when
packaging trended chart objects. For more information, see Trending Charts and
Trending Rules for System ID-Matched Objects. You can also map trended chart
objects in Mapping Analyzer. For more information, see Mapping Analyzer.
The following examples are intended to demonstrate the behavior of trending
functionality.
Example A: You might create a trending chart called "Safety Incidents" to track
the number of safety incidents that occur at a facility before safety policies are
instituted. If the duration period was specified as one year (365 days), the user
might view the trending chart and observe that the number of safety incidents at the
facility has decreased during the one year duration period. The user might conclude
that the safety policies are working.
Example B: To expand on Example A, suppose the duration period is changed from
one year to one month. The trending data on the chart now spans the one year
duration period plus the one-month duration (30 days). On the 31st day, the trending
data shows only the one-month period once an asynchronous job runs. This once-
daily cleanup job removes both expired trended data and any trended data for fields
that the user has disabled trending.
Example C: You might not update a trending-enabled field until after the period of
time specified in the duration period. When the update takes place after the duration
period ends, the chart reflects data for a longer time span, and any removal of data
will not occur until a new value is added.

Add a Trending Chart to an Application Layout

Complete this task to add a trending chart to an application layout.

Procedure
1. From the Administration workspace, navigate to Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.
3. Click the Layout tab.
4. Select Add New Layout Object in the left pane.
5. Click and drag the Add Trending Chart option to the layout area.
6. In the Name field, enter the heading that you want to display in the layout.
7. From the Trending Field list, select the trending-enabled field for which to
display chart data.
8. (Optional) To display the chart name as the title, select Show Title.

Chapter 3: Managing Searches and Reports 119

 RSA Archer GRC Platform Solutions User Guide

9. Click OK to close the Trending Chart Description dialog box.

10. Click Apply.

Enable Trending for a Field

Complete this task to enable trending for a Numeric or Values List field.

Procedure
1. From the Administration workspace, navigate to the Navigation Menu >
Application Builder > Manage Applications.
2. Select the application that you want to update.
3. On the Fields tab, select the Numeric or Values List field for which you want
to enable trending.
4. Select the Enable trending options for this field option.
The Duration Type and Duration Amount options are displayed.
5. From Duration Type, select the duration for which you want the Platform to
retain trending data.
6. In Duration Amount, enter a numerical value that specifies the number of
days, months, quarters, or years for which the Platform retains trending data.
7. Click Save or Apply.

View a Trending Chart in a Record

Complete this task to view a trending chart in a record.

Before You Begin

l Enable trending for a Numeric or Values List field. For more information, see
Enable Trending for a Field.
l Add a trending chart to the application layout. For more information, see Add a
Trending Chart to an Application Layout.

Procedure
1. Search for the record using one of the following methods:
l Quick Search
l Advanced Search

2. On the Quick Search Results page or Search Results page, open the record
that you want to view.
The trending chart is displayed. The chart title is displayed if the Show Title
option is selected in the Trending Chart Description dialog box. When a user
changes the value of the trended field and clicks Save or Apply, the chart is
updated to include the new data.

120 Chapter 3: Managing Searches and Reports

 RSA Archer GRC Platform Solutions User Guide

Note: If you are attempting to display a trending chart for a Values List field
that has a large number (approximately 2500) of historical changes, an error
may occur.

Related Topics
Viewing a Trending Chart in a Record
Trending
Adding a Trending Chart to an Application Layout

Chapter 3: Managing Searches and Reports 121

 RSA Archer GRC Platform Solutions User Guide

Chapter 4: Using the Navigation Menu

Navigation Menu
The Navigation Menu, an accordion-type menu located in the left frame, is the
primary navigational tool for the Platform. The hierarchy of the Navigation Menu
enables users to drill down into a solution node to reveal the list of related
applications, and into an application node to reveal the tree structure of that
application.
What you see in the Navigation Menu depends on the currently active workspace,
as configured by administrators. For example, if the active workspace is Risk
Management, you might see the Risk Management and Risk Assessments solutions.
If the active workspace is Policy Management, you might see only the Policy
Management solution.
Administrators configure the default behavior of the Navigation Menu for each
workspace, that is, expanded, collapsed, or hidden. When you click a node in the
Navigation Menu, the menu either expands to show the next lower level in the
hierarchy, or collapses to hide the contents below it.
When you expand an application node, the Navigation Menu displays a tree that
contains that application's operation links, such as Advanced Search, Add New, and
Display All, and folders that contain search filters and reports.
The following figure shows an expanded solution node, several collapsed
application nodes, and the tree structure of an expanded application node.

Chapter 4: Using the Navigation Menu 123

 RSA Archer GRC Platform Solutions User Guide

You can perform the following tasks to modify the display of the Navigation Menu:
l Expand or Collapse the Navigation Menu
l Expand or Collapse a Navigation Menu Node
l Add a Record from the Navigation Menu
l Import Data from the Navigation Menu

Expand or Collapse the Navigation Menu

Complete this task to expand or collapse the Navigation Menu as needed.
You can expand the menu when you need to access it. Collapsing the menu allows
more working space for the right pane.

Before You Begin

Learn about the Navigation Menu.

Procedure
Do one of the following:

l To expand the Navigation Menu, click or click anywhere in the collapsed

menu, as shown in the following figure.

124 Chapter 4: Using the Navigation Menu

 RSA Archer GRC Platform Solutions User Guide

l To collapse the Navigation Menu, click , as shown in the following figure.

Expand or Collapse a Navigation Menu Node

Complete this task to expand or collapse nodes within the Navigation Menu as
needed.

Before You Begin

Learn about the Navigation Menu.

Procedure
Do one of the following:
l To reveal the next level in a menu hierarchy, click a node to expand it.
An expanded solution shows one node for each related application.
An expanded application shows the tree structure of the application, as shown in
the following figure.

l To hide the contents of an expanded node, click the node to collapse it.

Add a Record from the Navigation Menu

Complete this task to add a record to an application if you have the Create privilege
for the application.

Chapter 4: Using the Navigation Menu 125

 RSA Archer GRC Platform Solutions User Guide

Before You Begin

Learn about the Navigation Menu.

Procedure
1. In the Navigation Menu, drill down to the application to which you want to add
a record.
2. Expand the application.
3. Click .
The application-specific Add New Record page is displayed.

Note: The name of the Add New operation link is configured for each
application by a Platform administrator, for example, Add New Device.
However, the link functions as indicated.

4. Enter the requested information.

5. Click Save.

Application Search Operations of the Navigation Menu

Complete this task to search for records from within an application in the
Navigation Menu.
For information about searching, see Searching and Reporting.

126 Chapter 4: Using the Navigation Menu

 RSA Archer GRC Platform Solutions User Guide

The following table describes the types of search operations that applications can
provide.

Operation Link
Description
Example

Advanced Search. Provides access to the Advanced Search page.

The Advanced Search feature enables you to use keyword searches
and filter criteria, to search across multiple applications, and to
format the display of the search results.
To use the same criteria for a future search, you can save an
advanced search as a named report. Named reports can be accessed
from the Reports folder.

Display All. Executes a search, within the application, for all of

the records to which you have Read access.

By [field name] or By [data level]. Enables you to execute a

predefined search of the records within the application based on
the value of a single field or data level. A Platform administrator
configures the search and determines which filters to include in
the Navigation Menu.
Expand the folder to see the list of available filters, or No Filters
Available.

Note: In the preceding table, the operation links shown are examples that you might
see. Platform administrators can rename operation links, for example, Display All
Devices. However, the links function as described.

Import Data from the Navigation Menu

Complete this task to import data into any application that provides the Data Import
feature to which have permission.

Before You Begin

Learn about the Navigation Menu.

Procedure
1. In the Navigation Menu, drill down to the application into which you want to
import data.
2. Expand the application.

3. Click .
The Data Import Wizard opens.

Chapter 4: Using the Navigation Menu 127

 RSA Archer GRC Platform Solutions User Guide

Note: The name of the Data Import operation link is configured for each
application by a Platform administrator. However, the link functions as
indicated.

4. Complete the steps in the Data Import Wizard.

128 Chapter 4: Using the Navigation Menu

 RSA Archer GRC Platform Solutions User Guide

Chapter 5: Working with Workspaces and

Dashboards

Workspaces and Dashboards

The Workspaces and Dashboards feature provides users with quick access to
information and tools related to their job functions.
You can perform the following tasks:
l Update Your Workspace Display
l Update Your Personal Dashboard Display
l Delete a Personal Dashboard
l Update Your iView Display

Workspaces
A workspace is a page that contains one or more dashboards, accessed from a tab
in the workspace tab strip. If a workspace offers more than one dashboard, users
can select a dashboard from the Dashboard list in the page toolbar.

Dashboards
A dashboard is a container for one or more iViews, typically for the purpose of
grouping related content. Platform administrators build global dashboards and can
enable users to build personal dashboards. Users who have permission can see
global dashboards. Users cannot see the personal dashboards of other users.
Users who have permission to create personal dashboards and iViews can add them
to workspaces, change the layouts of dashboards, and resize iViews.

iViews
An iView is a window that can display a report, a chart, links to internal pages and
external websites, an embedded web page, and custom content such as a Flash
presentation or graphic. iViews provide users with the information they need to
make decisions, complete tasks, and stay up to date.
The following are examples of practical uses for iViews:
l Links to security policies
l Links to industry or regulatory sites
l Content review queues
l Embedded web pages

Chapter 5: Working with Workspaces and Dashboards 129

 RSA Archer GRC Platform Solutions User Guide

l Recent vulnerability alerts

l Company financial information
l Technology-related links and news
l Logon information
l Security questions and answers

To improve performance, Report iViews can display cached search results. When
caching is enabled, cached Report iViews include a Cached Report message.
Caching requires configuration of a caching provider before it can be enabled.
Administrators can enable and disable the global caching behavior for Report
iViews in the Archer Control Panel. Users can adjust caching behavior for
individual Report iViews on the Save Report page. Users can also manually
refresh a cached Report iView to display updated results.
Users can click a Report iView window to open the list of records found by its
associated search. Selecting a record from the list opens the record for viewing or
editing based on the permissions of the user. Changes made to a record are
reflected in the iView immediately after the changes are saved.

Update Your Workspace Display

Complete this task to customize your workspace tab strip to only show the
workspaces that you use. You can also remove workspaces that you no longer want
to view.

Before You Begin

Learn about Workspaces and Dashboards.

Procedure
1. Navigate to the Personalize Workspace Display page:
a. From the menu strip in the top frame, click Preferences.
b. From the User Preferences menu, select Update Your Workspace
Display.
2. In the Select Workspaces section, from the list of available workspaces, select
each workspace that you want to display. Or, clear the checkboxes of
workspaces that you want to remove.

Note: If a checkbox is unavailable, the workspace is required. You cannot

remove required workspaces.

3. Click Apply.

130 Chapter 5: Working with Workspaces and Dashboards

 RSA Archer GRC Platform Solutions User Guide

Update Your Personal Dashboard Display

Complete this task to add a new personal dashboard to a workspace. You can also
modify the iView content and layout of existing personal dashboards, and remove
personal dashboards from a workspace.

Note: You can configure personal dashboards only if you have been granted access
by your Platform administrator.

Before You Begin

Learn about Workspaces and Dashboards.

Procedure
1. Click the workspace to which you want to add a personal dashboard.
2. Do one of the following:
l To add a new personal dashboard to the workspace, from the Options list in
the page toolbar, select Add New Personal Dashboard.
l To edit an existing personal dashboard, from the Options list in the page
toolbar, select Edit Personal Dashboard Properties.
3. Complete the following fields on the Manage Dashboards page.

Field Action

Name Enter or update the name for the dashboard.

Status To activate the dashboard, from the Status list, select Active.
To inactivate the dashboard, from the Status list, select Inactive.

Description Enter a description for the dashboard. This description is

displayed on the Manage Dashboards page in list mode.

Column Layout In the Layout Design section, select a layout from the drop-
down list.
The Preview field shows how the layout selection will be
displayed.

4. Click OK.
5. If you are adding a new personal dashboard to the workspace and want to
update the iView content, do the following:
a. On the iView Type Selection page, from the Name list, select the iViews
that you want to be displayed in your personal dashboard.
b. Click OK.

Chapter 5: Working with Workspaces and Dashboards 131

 RSA Archer GRC Platform Solutions User Guide

6. (Optional) If you are editing an existing dashboard and want to update the iView
content, do the following:
a. From the Options list in the page toolbar, select Add iView Content.
b. On the iView Type Selection page, from the Name list, select the iViews
that you want to be displayed in your personal dashboard.
c. Click OK.

Delete a Personal Dashboard

Complete this task to delete a personal dashboard from the Platform. The deletion
permanently purges the dashboard from the database as well as the personal iViews
associated with the dashboard. Global iViews associated with the dashboard are not
deleted.

Before You Begin

Learn about Workspaces and Dashboards.

Procedure
1. Click the workspace that contains the personal dashboard that you want to
delete.
2. Select the personal dashboard that you want to delete.
3. From the Options list in the page toolbar, select Delete Personal Dashboard.
CAUTION: This action deletes the currently selected dashboard and the
personal iViews associated with the dashboard. You cannot recover a deleted
dashboard or the iViews associated with that dashboard.

4. When prompted to confirm the deletion, click OK.

Update Your iView Display

Complete this task to perform operations on an individual iView, depending on the
type of iView that you are viewing and your access rights.
In addition, you can resize an iView, and you can drag and drop an iView to
another location within a dashboard.

Before You Begin

Learn about iViews. See Workspaces and Dashboards.

132 Chapter 5: Working with Workspaces and Dashboards

 RSA Archer GRC Platform Solutions User Guide

Procedure

1. In the iView title bar, click .

Note: The list of available menu options depends on the type of iView that you
are viewing and the access rights assigned to you by your administrator.

2. Select an option from the menu, if available.

iView Menu Option Action

Edit Properties If the iView is a global iView and you have permission to
edit it, edit the configuration properties of the iView.

Collapse or Expand Hide or show the iView content as needed.

Display Report If the iView runs a report, display the report in the search
results page.

Remove Remove the iView from the dashboard. When prompted to

confirm the deletion, click OK.

CAUTION: Deleting an iView permanently deletes it

and all data associated with it.

About Display the properties of an iView, such as who created it

and when it was last updated.

Refresh Run the search associated with the report to update the
iView with the latest available information. When you
change the cache duration, also refresh the Report iView
the next time you see it to complete the change.

3. To resize an iView, complete the following:

a. Click and hold the down arrow in one of the bottom corners of the iView.
b. Move the mouse to resize the iView.
c. When finished resizing, release the down arrow.
4. To rearrange the iViews, complete the following:
a. Click and hold the title bar of the iView.
b. Drag and drop the iView to where you want it placed on the personal
dashboard.

Chapter 5: Working with Workspaces and Dashboards 133

 RSA Archer GRC Platform Solutions User Guide

Chapter 6: Working with Records

Records
Managing records is a universal process in the Platform, meaning that the process is
the same for all applications. Record management involves the following activities:
l Adding records
l Modifying records
l Deleting records
l Exporting records
l Locating or searching specific records
l Reporting on records

Your ability to perform these activities depends on the rights an administrator has
granted you at the application, record, and field level. The following describes each
level of access:
l Application Level. On an application-by-application basis, administrators can
assign create, read, update, and delete permissions to you through your access
roles, which determine whether you can view, add, edit, delete, and search
records within an application. If you do not have any permissions to an
application, the application is not displayed in the Navigation Menu for you, and
you cannot access it in any way.
l Record Level. If an application contains a Record Permissions field, users can
only access the records in the application to which they have been assigned
permissions for each field. It is important to note that a user may not have access
to all records in an application when the user is assigned permissions to some
fields, but not all, of the application records.
l Field Level. Administrators can configure individual fields in an application as
either public or private. With public fields, all users who have create, read,
update, and delete permissions to an application also have create, read, update,
and delete permissions to public fields in the application. With private fields,
only selected users can view and enter data in those fields. Private fields can
also be designated as "read only" for any user, which allows the user to view the
field but not to add, edit, or delete its data.

Depending on your rights, you can perform some or all of the following record
creation and management tasks:
l Add a New Record
l Copy an Existing Record

Chapter 6: Working with Records 135

 RSA Archer GRC Platform Solutions User Guide

l Edit an Existing Record

l Edit a Record from Search Results
l Delete Records from Search Results
l Format Text in a Record
l View a History of Changes for a Record
l Change the Status of a Tracking Field
l Email a Record Link
l Export a Record
l Export a Record Using Mail Merge
l Print a Record
l Accept, Reject, or Reassign a Record

Rich Text Editor Toolbar for Applications

When you are working in a text box or a Text Area field of an application record,
the Rich Text Editor toolbar is displayed at the top of the page, enabling you to
format the appearance of field content, check spelling, add links, and more. The
toolbar supports standard keyboard shortcuts for most common tasks such as CTRL
+ X for cut, CTRL + C for copy, and CTRL + V for paste.
For information on a specific tool in the toolbar, click its icon in the figure below.

The following tools are available on the Rich Text Editor toolbar.

Icon Description

The Find and Replace tool enables you to search for a text string and
replace it with a different text string if desired.

The Cut tool deletes the currently selected text, but retains a copy of
the text in the system clipboard. Text that is cut from a field remains
available for pasting until the clipboard content is replaced by another
copy or cut operation.

The Copy tool enables you to place a copy of the currently selected
text in the system clipboard. Text that is copied from a field remains
available for pasting until the clipboard content is replaced by another
copy or cut operation.

The Paste tool enables you to paste the contents of the system
clipboard into the rich text field at the current insertion point.
Formatted text that is copied from a field retains the formatting when

136 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Icon Description

it is pasted into the rich text field.

The Spell Check tool allows you to perform spell checking across all
rich text fields on the current page. By clicking this tool, the Spell
Check dialog box is displayed, which contains traditional spell
checking and correction controls.

The Undo tool allows you to reverse the previous action or keystroke
from within the text area field.

The Redo tool allows you to reverse the effects of an “Undo”

command.

The Insert / Edit Image tool enables you to edit images and upload
them to the field. Upon clicking the tool, the Insert / Edit Image
dialog box opens where you can enter a URL to the image, type an
image description, and set the width and height of the image in pixels.
Click OK to save your changes or Cancel to discard your changes.

The Font Family tool provides a drop-down list that specifies font
types, which can be used to format the currently selected text.

Note: If the text is truncated when it is printed, you can adjust the font
size to ensure the text prints properly.

The Font Size tool provides a drop-down list that specifies a selection
of font sizes, which can be used to format the currently selected text.

The Bold tool allows you to apply bold formatting to the currently
selected text. If the selected text already is bold, clicking the Bold
tool removes the bold formatting from the text.

The Italics tool allows you to apply italic formatting to the currently
selected text. If the selected text already is italicized, clicking the
Italic tool removes the italic formatting from the text.

The Underline tool allows you to underline the currently selected text.
If the selected text already is underlined, clicking the Underline tool
removes the underlining from the text.

Chapter 6: Working with Records 137

 RSA Archer GRC Platform Solutions User Guide

Icon Description

The Strikethrough tool renders the currently selected text in a strike-

through appearance by applying a line through the middle of the text.
If the selected text already is in strikethrough appearance, clicking the
Strikethrough tool removes the line from the text.

The Superscript tool enables you to cause the currently selected text,
or the text entered following the insertion point after clicking the tool,
to appear slightly above the baseline. If the selected text already has
superscript formatting, clicking the Superscript tool removes this
formatting.

The Subscript tool enables you to cause the currently selected text, or
the text entered following the insertion point after clicking the tool, to
appear slightly below the baseline. If the selected text already has
subscript formatting, clicking the Subscript tool removes this
formatting.

The Background Color tool allows you to change the highlight color
of the currently selected text. The tool face always displays an
example "swatch" of the most recently applied text color. To change
the color selection, click the drop-down arrow to the right of the tool.
The Color Selector dialog box opens. Select a color, and click OK to
close the dialog box. Click Cancel to close the dialog box without
selecting a color.

The Text Color tool allows you to change the color of the currently
selected text. The tool face always displays an example "swatch" of
the most recently applied text color. To change the color selection,
click the drop-down arrow to the right of the tool. The Select Color
dialog box opens. Select a color, and click OK to close the dialog
box. Click Cancel to close the dialog box without selecting a color.

The Align Left tool allows you to align the currently selected
paragraphs with the left margin.

The Align Center tool allows you to center align the currently
selected paragraphs.

The Align Right tool allows you to align the currently selected
paragraphs with the right margin.

The Unordered List tool enables you to apply bullets to the currently
selected paragraphs. To change the appearance of the bullet, click the
drop-down arrow to the right of the tool. You can select from the
following bullet styles: Standard (Default), Circle, Disc, and Square. If

138 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Icon Description

the selected text is already bulleted, clicking the Unordered List tool
removes the bullets.

The Ordered List tool enables you to apply automatic paragraph

numbering to the currently selected paragraphs. To change the number
format style, click the drop-down arrow to the right of the tool. You
can select from the following number formatting styles; Standard
Number (Default), Lower Alpha, Lower Greek, Lower Roman, Upper
Alpha, and Upper Roman. If the selected text is already numbered,
clicking the Ordered List tool removes the numbering.

The Outdent tool allows you to decrease the current indenting for the
selected paragraphs by one step to the left. If the selected paragraph is
not indented, clicking this tool has no effect.

The Indent tool allows you to indent the selected paragraphs one step
to the right. To indent a paragraph more than one step, click the tool
again.

The Remove Formatting tool enables you to remove all formatting

from the currently selected text.

The Insert Date tool allows you to insert the current date at the current
insertion point.

The Insert Custom Character tool allows you to insert special symbols
into the field. Clicking the tool and then clicking a symbol from the
Select Custom Character dialog box inserts that symbol into the text at
the current insertion point. The dialog box includes currency, legal,
math, and other symbol characters. Select a custom character, and the
dialog box automatically closes.

The Insert/Edit Table tool allows you to insert an HTML table in a

text field at the current insertion point. When you click the tool, the
Insert/Edit Table dialog box opens. You can define the general
properties of the table in this dialog box, such as column and row
count, cell padding and spacing, width and height, border width, and
whether to enable captions. Click OK to save your changes or Cancel
to discard your changes.

The Insert/Edit Link tool enables you to link the currently selected
text to an external FTP, HTTP, or HTTPS site or an email address
(External Link tab), or to an internal page, record, or workspace
(Internal Link tab). When you click the tool, the Insert/Edit Link
dialog box opens, where you can enter a URL for an external

Chapter 6: Working with Records 139

 RSA Archer GRC Platform Solutions User Guide

Icon Description

hyperlink or select from a list of available internal links. You can also
enter a value in the Title field to modify the way the link is displayed.
Click OK to save your changes or Cancel to discard changes.

The Insert/Edit Horizontal Rule tool allows you to insert a horizontal

rule in the text field. When you click the tool, the Insert/Edit
Horizontal Rule dialog box opens. You can set the width and height
of the horizontal rule and add a shadow. To modify the properties of
an existing rule, click to select the rule first, and then click the
Insert/Edit Link tool to display the dialog box. Enter a value in the
Title field to modify the way the link is displayed, and then click OK
to save your changes or Cancel to discard changes.

The Edit HTML Source tool opens the HTML Source Editor dialog
box, where you can edit the HTML code of the text field. You can
select the Word wrap option to display the text in a wrapped format.
Click OK to save your changes or Cancel to discard your changes.

The Bidirectional Text tool enables you to enter bidirectional (BiDi)

text in Rich Text Area fields. Traditionally, BiDi languages, such as
Hebrew and Arabic, are written from right to left, but can also contain
text from other languages in a left-to-right format. By using the
Bidirectional Text tool, you can enter text from left to right, right to
left, or a combination of both. Additionally, you can search and sort
on any text that contains BiDi languages. The following functions are
currently not supported for BiDi languages:
l Calculations
l Notifications
l Print/Export
l Bullets and numbering in FireFox
l Bullets and numbering when the dir="rtl' tag is included on a list
item instead of the entire list

Note: Advanced Search and search filters do not accept BiDi

characters when using all supported versions of FireFox.

Data Entry
When you add or edit a record in an application, you are presented with a series of
fields for data entry. An application may contain a variety of field types, each
requiring you to enter or select a specific kind of information.

140 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

The following topics contain descriptions and examples of the type of data entry
fields in the Platform.

Text Entry
When adding or editing a record in an application, you can encounter a field that
requires you to input text values. Text fields can be displayed as one-line text boxes
or as multi-line text areas. You also can encounter a Text field that is displayed in
masked format, requiring you to enter text values, such as an IP address, a Social
Security number, a telephone number, an email address, or a zip code, in a defined
format.
The Rich Text Editor toolbar at the top of the record enables you to check the
spelling of any text that you enter in a Text field. If you are entering data in a multi-
line text area, you also can use the other tools in the Rich Text Editor toolbar to
format your text.
The following are data-entry restrictions that an administrator can place on a Text
field:
l You may be required to enter a value in the field before you can save a record.
l The number of characters that you can enter in the field may be limited.
l You may be required to enter a unique value in the field. If you enter a value that
has already been saved in the field within another record, you are prompted to
enter a new, unique value.
l If the administrator configures the field with default text, you may not be able to
enter any value in the field.

Numeric Data Entry

When adding or editing a record in an application, you can encounter a field that
requires you to input numeric values. Numeric fields do not accept text or special
characters, but they accept both positive and negative numbers. Negative numbers
may display in black text, red text, or in black or red text surrounded by
parentheses.
The following are data-entry restrictions that an administrator can place on a
Numeric field:
l You may be required to enter a value in the field before you can save a record.
l The number of numeric characters that you can enter in the field may be limited.
l You may be required to enter a unique value in the field. If you enter a value that
already has been saved in the field within another record, you are prompted to
enter a new, unique value.
l You may be required to use a specific number of decimal places. For example,
suppose that you are entering values in a Numeric field configured to require
three decimal places. If you enter the value "3.21," the value is changed to

Chapter 6: Working with Records 141

 RSA Archer GRC Platform Solutions User Guide

"3.210" when you save the record. If you enter the value "3.2125," you are
prompted to reduce the decimal places in the numeric value when you attempt to
save the record.

Date Entry
Date fields in a record accept date values in the following format: mm/dd/yyyy,
such as 10/15/2012. When entering a value in a Date field, you can either enter the
value or click to select the date from a calendar pop-up control. The Date field
may also display a that enables you to enter time information.
Depending on how an application administrator configures a Date field, you may
see a default value in the field when you create a new record. This default value
can be the date of record creation, a date that is a specific number of days after the
date of record creation, or a static date defined by the administrator. If you have full
access to the field (not read-only access), you can change this default date if
necessary.
The following are data-entry restrictions that an administrator can place on a Date
field:
l You may be required to enter a value in the field before you can save a record.
l You may be required to enter a unique value in the field. If you enter a value that
has already been saved in the field within another record, you are prompted to
enter a new, unique value.

Values from a Values List Selection

When adding or editing a record in an application, you may encounter a field that
provides a list of values from which you can select. A Values List field can display
in any of the following control types:
l Drop-down lists
l Radio buttons
l Checkboxes
l Listbox
l Values pop-up

If an application administrator configures a Values List field to display in a Values

Pop-up control, you also may see a Find field at the top of the control. The Find
field enables you to keyword search for a value in the values list, which can be
especially useful if the list contains a large number of values.

142 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

The following are data-selection restrictions that an administrator can place on a

Values List field:
l You may be required to select a value in the field before you can save a record.
l If the Values List field displays as Checkboxes, a Listbox, or a Values Pop-up
control (all of which enable you to select multiple values), you may be limited in
the number of values that you can select.

Cross-Reference Selection
When adding or editing a record in an application, you may encounter a Cross-
Reference or Related Record field that enables you to associate the record with one
or more records in the same application (resulting in internal references) or in a
related application (resulting in external references). The following are two
examples of how you can use a Cross-Reference field:
l Suppose that you are creating a record in a Trouble Tickets application, and that
application contains a Cross-Reference field designed to allow internal
references. Through the Cross-Reference field, you could select other trouble
tickets in the application that are related to the record that you are creating.
l Suppose that you are creating a record in a Violations application, and that
application contains a Cross-Reference field designed to allow external
references to records in an Investigators application. You could assign one or
more investigators to the violation record that you are creating by selecting those
investigators from the Cross-Reference field.

When you select record references through a Cross-Reference or Related Record

field, a Record Lookup page is displayed that enables you to select records from a
list or to keyword search for specific records in the related application. The
following formats of the Record Lookup depend on how the administrator
configured the Record Lookup options:

Column-Hierarchical Records are displayed in a columnar layout where fields are

displayed across the page from left to right, and the field
values are presented showing relationships.

Column-Flat Records are displayed in a simple columnar layout without any

grouping of values.

The following table describes the options for filtering the list of fields in the Record
Lookup page.

Chapter 6: Working with Records 143

 RSA Archer GRC Platform Solutions User Guide

Option Description

Search Allows you to enter a keyword to filter the list with only matching
records.

Level Allows you identify the level that should be searched for the
keyword.

Display Higher Allows you to include lower-level records that meet the keyword
Levels search criteria even if they do not have a primary application that
meets the search criteria. Also, primary application records are
included in the results if they contain lower-level records that
match the search criteria.

Expand All Allows you to expand a tree view if the application is a leveled
application. Top-level record references are shown as the top level
and record references in subsequent data levels are indented.

A Platform administrator can place the following data-selection restrictions on a

Cross-Reference field:
l You may be required to select a related record in the field before you can save a
record.
l If the references are displayed in a list, you can select only one record.
l If the Cross-Reference or Related Record field is configured to allow multiple
selections, you may be limited in the number of related records that you can
select.
l The application owner may filter down the list of related records that you can
select from to include only those records that contain specific field values. For
example, if you are selecting related records in a Trouble Tickets application,
you may be allowed to select only those records that contain the value High in
the application's Priority field.

Multiple Reference Selection

To streamline the user interface and centralize the display of related records, links
to associated records might be grouped in a Multiple Reference Display Control
(Multi-Reference) field. For example, suppose that you are creating a record in a
Devices application that contains a Multi-Reference field that displays references
to both the Facilities and Services-Level Agreements applications. Through the
Multi-Reference field, you could select the record for the facility that houses the
device as well as the record for the service-level agreement in place for the device.
This information would be displayed in a single location.

144 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

A Multi-Reference field includes the following two components:

l Drop-down List. This list allows you to select the Cross-Reference or Related
Records field that you want to display in this control. Fields appearing in this list
form a relationship between the application in which you are working and other
applications, allowing you to relate one record to another.

l Pop-up Control. By clicking , you can select records from the application
that you referenced in the drop-down list.

The Multi-Reference field can be configured to display references to a single

application or references to multiple applications. If the field is configured to allow
references to multiple applications, you see an Add New link above the field.
Clicking this link allows you to select related records from additional applications.
If the field is designed to allow references to only one application, you do not see
an Add New link above the field. While you cannot select related records from
multiple applications, you can select multiple records from a single application.

File or Image Attachment

If an application contains an Attachment field, you can attach documents or images
to individual records, one file at a time. When you attach a file to a record, the file
is uploaded to the server, and any user who has access to the record can open
and/or save the attached file.
You attach files in the Attachment field by clicking Add New and browsing through
your network for the file you want. The Platform displays a table within the record
with the filename, type (if recognized by the Platform), size, and upload date.
A second field type that enables you to attach files is the Image field. This field
provides an Add link that you can click to upload and display an image in a record.
After you attach an image file, the Platformdisplays a thumbnail of the image in the
field with a Delete link that you can click to delete the image. When you save a
record with an image file attached through an Image field, a thumbnail of the image
is displayed. If you click the image while in either Edit or View mode, the image
renders in full size in a new window.
The Platform administrator can place the following data-entry restrictions on the
Attachment and Image field types:
l You may be required to attach at least one file before you can save a record.
l You may not be able to attach files that are larger than a specific file size. If you
attach a file that is too big, you are notified that the file cannot be uploaded and
saved to the record.
l You may be limited in the number of files that you can attach to the field.

Chapter 6: Working with Records 145

 RSA Archer GRC Platform Solutions User Guide

Sub-Form Data Entry

A sub-form is a group of fields embedded in an application. The sub-form is
designed to collect multiple entries in the context of an individual record. When you
add or edit a record, you can fill out a sub-form several times, and each entry that
you make in the sub-form is displayed in a table in the record.
For example, suppose that you are adding a record in an application and you
encounter a "Comments" sub-form. When you click Add New to make an entry in
the sub-form, a new sub-form window opens, displaying three fields:
l User
l Comment
l Date

You fill out the fields in the sub-form, and click Save in the sub-form to save your
entry and return to the record. Later that day, you decide that you want to make
another comment about the same record, so you open the record for editing, click
Add New to make an entry in the sub-form and fill out the sub-form fields. When
you click Save in the sub-form, both the entry that you just made and the entry you
made earlier in the day is displayed in a table in the record. The table may also
display comments other users have made about the record.

Note: If you open a record in Edit mode, and click Add to add a sub-form record,
and then click Save to save the sub-form record and return to the parent record, the
sub-form data is displayed in the parent record’s sub-form field. However, if you
then exit the parent record without saving it, the sub-form record will not be linked
to the parent record and will be lost. The parent record must be saved or the sub-
form data will be lost.
You can add a sub-form record in View mode without having to save the parent
record.

The following are data-entry restrictions that an administrator can place on a sub-
form:
l You may be required to make at least one entry in the sub-form before you can
save a record.
l You may be limited in the number of entries that you can make in the sub-form.
For example, if the sub-form is configured to allow a maximum of five entries,
and those five entries have already been made by other users, you cannot save a
sub-form entry.
l Depending on how the sub-form is configured, you may be able to edit and delete
entries made by other users, you may be able to edit and delete only your own
entries, or you may not be able to edit or delete sub-form entries at all.

146 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

User and Group Selection

When adding or editing a record in an application, you may encounter a field that
enables you to select users and groups from within the application. A User/Groups
List field may be displayed in any of the following control types:
l Drop-down list
l Radio buttons
l Checkboxes
l Listbox
l Values pop-up

Depending on how an application administrator configures a User/Groups List field,

your name may be selected by default when you create a new record. If your name
is not displayed by default in the field, you can select your name along with the
names of other users or groups.
The following are data-selection restrictions that an administrator can place on a
User/Groups List field:
l You may be required to make at least one selection in the field before you can
save a record.
l An administrator may place limits on the minimum and maximum number of
users and groups that you can select in the field.
l An administrator may limit the users and groups that are available for selection
in the field.
l If you want to select groups of users, you may be able to select only groups for
which you are a member.

Record Permissions Assignment

If the application in which you are adding or editing a record includes a Record
Permissions field that is configured to allow manual selection, you can define the
users or groups of users who you want to have access to the record. For all users to
whom you do not grant record access through this field, the record entirely is
hidden.
A Record Permissions field can be displayed in any of the following control types:
l Drop-down lists
l Radio buttons
l Checkboxes
l Listbox
l Values pop-up

Chapter 6: Working with Records 147

 RSA Archer GRC Platform Solutions User Guide

The following are data-selection restrictions that an administrator can place on a

Record Permissions field:
l You may be required to make at least one selection in the field before you can
save a record.
l An application administrator may place limits on the minimum and maximum
number of users and groups that you can select in the field.
l An application administrator may limit the users and groups that are available for
selection in the field.
l If you want to assign record permissions to groups of users, you may be able to
select only groups for which you are a member.

Matrix Value Selection

When adding or editing records in an application, you may encounter a field that
contains values for selection in a two-dimensional array of checkboxes. This is a
Matrix field. In this field type, you can select values relative to two factors: a row
value and a column value.
The following are data-selection restrictions that an administrator can place on a
Matrix field:
l You may be required to make at least one selection in the field before you can
save a record.
l You may be limited in the total number of selections that you can make. When
configuring a Matrix field, an application administrator can specify a maximum
number of values that you can select in each column and each row. If you select
more than the maximum number of allowable selections, you are prompted to
limit your selections when you attempt to save the record.

External Link Entry

If an application contains an External Links field, you can enter named links in a
record that references websites, email addresses, and so. To enter an external link,
you must click Add New Link, and specify the link protocol and the target URL.
You can also specify link text (an alias) for the link, for example, "Google".
The following are supported link types:
l HTTP
l HTTPS
l FTP
l Mailto
l News

148 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

l Relative
l File

The link is displayed in a table in the record. You can enter multiple external links
in a single record by clicking the Add New link again. By default, the links are
displayed in alphabetical order in the table.

IP Address Entry
If you are adding or editing a record in an application that collects information about
technological assets, you may encounter an IP Address field. The format of this
field, which was determined when the field was created, allows you to enter one of
the following address types:
l IPv4 format. Divided into four adjoining sub-fields, which must contain a
numeric value between 0 and 255.
l IPv6 format. Divided into eight adjoining sub-fields and is displayed using either
the full syntax or the shorthand syntax.

Add a New Record

Complete this task to create privileges for an application through an access role,
you can add new records in that application. When creating a record, all fields
defined as public are displayed for you, along with any private fields for which you
have been granted access rights.

Procedure
1. Go to one of the following locations:

l Navigation Menu
l Search Results page
l An existing record in view or edit mode

2. Do one of the following:

l From the Navigation Menu, click the Add New operation link
under the appropriate application branch.

l From the Search Results page or an existing record, click in the

page toolbar.

3. Provide the required information for the new record.

4. Click Save.

Chapter 6: Working with Records 149

 RSA Archer GRC Platform Solutions User Guide

Copy an Existing Record

Complete this task to create privileges for an application through an access role by
copying an existing record. When copying an existing record, all of the original
record's field values, with the exception of read-only system values, are copied into
a new record. When you save the duplicate record, the read-only system values
(First Published Date, Tracking ID, and so on) are populated with new values.

Procedure
1. From an existing record in either view or edit mode, click in the page toolbar.
The Platform opens a new record that it populates with the original record's
values.
2. Edit the duplicate record.
3. Click .

Edit an Existing Record

Complete this task to edit the properties of existing records in that application. You
must have update privileges for an application through an access role.

Note: If the application contains a Record Permissions field, you may not have been
granted access to every record in the application. Also, if the application contains
private fields for which you have not been granted access, you cannot view or edit
those fields.

Procedure
1. View an existing record.
2. Click in the page toolbar.

Note:  If this icon is disabled, you do not have the appropriate rights to edit the
record.

In the rare case in which changes are made to a record by other processes while
you were modifying the record, the Platform opens the Record Conflicts dialog
box informing you of the conflict.

3. Select whether to:

l Keep your changes and discard the changes from the other processes.
l Discard your changes and keep the changes from the other processes.
l Let you choose which changes to keep and which changes to discard. If you
select this option, the dialog box expands to display the values that you

150 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

entered and the values that the system changed, and enables you to select
which ones to keep.

Format Text in a Record

Complete this task to format text in a new or existing record of that application.
You must have edit privileges for an application through an access role.

Procedure
1. Add a New Record or Edit an Existing Record.
2. Use the Rich Text Editor Toolbar to format text in a record.
See Rich Text Editor Toolbar for a description of this tool.

View a History of Changes for a Record

Complete this task to view the history of changes to individual records in the
application. Application owners can choose whether to embed the change
information in the actual record in grid format or to provide a View History Log
link, which you can click to view the information on a separate page.

Note: The application owner can select specific fields in the application to be
tracked in the History Log. Therefore, changes might not be tracked for every field.
Also, you may not have access to all fields in an application. If you have not been
granted access to a field, changes to that field are not displayed for you in the
History Log.

Procedure
1. Open an existing record.
2. View the History Log section.
3. Select the one of the following formats for the log:

l Detailed. This format displays the initial entries and the respective
changes to a record. Detailed format provides you with the date and
time of each change, the name of the user who made the change,
and a field-by-field description of each change. Deleted items are
shown in red text with strike-through formatting, while additions to
a field are shown in blue text. You can sort the information in this
format by Date or User by clicking a linked column heading.
l Record Version. This format displays the last saved value for
each tracked field, allowing you to quickly compare the progression
of changes in a record. You can sort the information in this format
by Date, Name, or Tracked Field by clicking a linked column
heading.

Chapter 6: Working with Records 151

 RSA Archer GRC Platform Solutions User Guide

4. On the View History Log page, click Compare Record Versions to compare a
previous version of the record to the current version.
The Platform sends you to a page on which you can compare the current record
with any logged version of the record.
5. Select the comparison version from the Compare Current Version field with
the drop-down list and click Continue.
The Platform displays the record View Detailed Version Format mode and
shows adds, edits, and deletes for tracked fields between the selected versions.
6. In the Format field, select a different display format to alter the display of the
comparison.

Note: The record comparison view displays all fields in View mode. However,
when you switch to a Detailed or Record Version format, only those fields that are
tracked by the History Log field are displayed.

You also can export and print the records from the View History Log. For
instructions, see:
l Export a Record
l Print a Record

Change the Status of a Task

Complete this task to track the completion status of tasks stored in one application
against records in another application. For example, you could track whether
security controls found in one application have been implemented for assets found
in another application.
From the Maintain [CAST Field Name] page, you can change the completion status
of a task from one application for an individual record in another application, and
you can record notes about the status change.

Procedure
1. Open the record for which you want to track the completion status of a task
(update, patch, fix, and so on).
2. Locate the Cross-Application Status Tracking (CAST) field and click
View/Edit [Related Application Name].
The following example shows a CAST field related to the Vulnerabilities
application.

A list of tasks related to the record opens.

152 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

3. Click the linked task whose status you want to change.

The record for that task opens.
4. Locate the CAST field in the record and click the linked status.
The following example shows a CAST field called "Implementation Status."

The Maintain [CAST Field Name] page is displayed.

5. From the Status list, select the appropriate status for the task. If desired, also
enter notes about the status change in the Notes field.
A log of all status changes for the task is displayed below these fields.
6. Click Save.

Email a Record Link

Complete this task to include a link to a record in an email.

Procedure
1. View or edit a record in an application.
2. Click in the page toolbar.
The Platform sends an email with a link to the record in the body of the
message. You can send this email to whomever you choose, but only users who
can be authenticated by the system and who have read access to the record can
view it.

If is unavailable, you do not have appropriate rights to email records.

Note: If you send an email with a link to a record that is enrolled in the application's
formal content review process, the recipient of your email must be a content review
administrator, ad hoc editor, or content reviewer for the content review stage at
which the record resides. Otherwise, the recipient cannot access the record
because it is not yet published for all system users.

Exporting Records
There are two options for exporting a record: standard and mail merge.

Chapter 6: Working with Records 153

 RSA Archer GRC Platform Solutions User Guide

Standard Method
In the standard method, you can export a record in any of the following formats.

File Description

Rich Text File Stores data in an RTF document as a Word table. The table is set
to "Automatic resize to fit content." The RTF document will
always fit to the width of one page. Also note that:
l If the width of a page is changed in Word (for example,
changing from Portrait to Landscape) the table is resized
automatically.
l If the file contains rows that are wider than the page, and a
compressed version would make the columns extremely small,
the right side of the report is truncated.
l If the file contains an HTML table with hard-coded widths
that extend beyond the width of the page, the report will be
truncated. To avoid this condition, define table widths as
percentages.

Use this export type when the exported file does not contain an
extended number of columns.

Adobe PDF Stores data in a PDF file. The content of this file is static, and
therefore cannot be resized after the document is created.
The content is rendered on multiple pages when a row extends
past the right margin. Columns are automatically sized so that a
column never expands multiple pages.
Use this export type when a record or report has a large number
of columns. The columns will not be truncated.

Microsoft Excel Stores data in an Excel spreadsheet. This export type does not
include the original formatting. The data will not look the same
as it does in the Platform.
Use this export type for performing computations, reporting or
charting data, or both when not possible in the Platform.

154 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

File Description

CSV Stores data in a comma-delimited file. This export type works

best for flat data. If you are exporting hierarchical data, use the
XML file type.
Use this export type for transferring data from the Platform to
another system.

HTML File Renders the content as an HTML document. The width of each
column is hard-coded to a static value. The HTML file cannot be
resized after the document is created.
The document can be printed even though the number of columns
exceeds a single page. The document can be manipulated to fit
onto a single page by changing the page layout from Portrait to
Landscape and scaling the document as low as 30 percent.
Use this export type when sending content by email and viewing
content in a browser or in any application capable of rendering
an HTML document. This export type works well for printing
documents that have a small number of columns.

XML File Stores the data in an XML file. The XML structure is best for
complex hierarchical data.
Use this export type when the exported data contains complex
data, such as attachments, sub-forms, or cross-references. The
XML format is used for transferring data from the Platform to
another system.

Mail Merge Method

In the mail merge method, a record is exported using a Mail Merge template
created in Microsoft Word. This template includes the fields that are being exported
in a specific format. The template must be defined. If a template exists, it is
displayed in the Export Templates section of the Export Options.

Export a Record
Complete this task to export a record to an external data file using the standard
output file types.
In most cases, this feature exports what is displayed on the screen. Some
exceptions include Calendar, Card View, and Map formats, in which the data is
exported in column format.
Records containing trending charts must be exported before the trending chart is
displayed in a printed format.

Chapter 6: Working with Records 155

 RSA Archer GRC Platform Solutions User Guide

Note: To use this Export a Record feature, you might need to change your browser
security settings to allow downloads and pop-ups for the Platform.

Procedure

1. Click in the page toolbar for an individual record or for multiple records in a
set of search results.
The Export Options dialog box opens, enabling you to select the format for the
export file.

Note: If is disabled, you do not have the rights to export records.

2. Select the applicable format for the export file.

l Rich Text File
l Adobe PDF
l Microsoft Excel
l CSV
l HTML File
l XML File
Important: Depending on your browser security settings, a security message
may display when attempting to download the file. To use the Export feature,
you may need to change your browser security settings to allow downloads and
pop-ups for the Platform. If you are using Microsoft Internet Explorer, be sure to
add the Platform to the Local intranet zone.

For more information, see Exporting Records.

Export a Record Using Mail Merge

Complete this task to export a record using a Mail Merge template that was created
in Microsoft Word and imported into the Platform. This template contains the fields
from the module that you are exporting.
To use this option, a mail merge template must exist and users must have an email
address associated with their user profiles.

Procedure

1. Click in the page toolbar for an individual record or for multiple records in a
set of search results.
The Export Options dialog box opens, enabling you to select the format for the
export file.

Note: If is disabled, you do not have the rights to export records.

156 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

2. In the Export Template section, click the template that you want to use. The
Export Document dialog box is displayed.
3. In the Method field, select the applicable method: Run job immediately or
Run job and send email notification when finished.
4. Log on to the Platform and go to the email containing the link to the exported
file.
5. Do one of the following:
l Click the link to open the file. Save and name the document in Word.
l Right-click the link to save and name the file.

Print a Record
Complete this task to print a record.

Procedure
1. View an individual record or multiple records in a set of search results.

2. Click in the page toolbar.

The Platform opens the print dialog box.
3. Select the destination printer.
The Print option renders the content as an HTML document that is displayed in
another window for printing. You cannot save the HTML document in this
window.
The width of each column is hard-coded to a static value. The HTML document
cannot be resized.
The document can be printed even though the number of columns exceeds a
single page. The document can be manipulated to fit onto a single page by
changing the page layout from Portrait to Landscape, and scaling the document
as low as 30 percent.

Note: Records containing trending charts must be exported before the trending
chart is displayed in a printed format. For more information, see Export a
Record.

Related Topics
Printing a Record

Chapter 6: Working with Records 157

 RSA Archer GRC Platform Solutions User Guide

Calculations Process Overview

Formulas of calculated fields are recalculated whenever there is a change in the
content of a field, related field, or sub-form. Calculations may occur immediately or
asynchronously as a queued or scheduled job. Immediate calculations are triggered
by a user saving a record that is either 'marked' or changing a field that is used by a
calculated field in the same level. Queued asynchronous jobs run based on the
number of jobs in the job queue. Scheduled asynchronous jobs run at a specified
time regardless of any current activity on the record.
'Marked' content is changed to an‘unmarked’ status when a user saves that content.
The following scenarios trigger calculations.

Scenario 1 Edit a record by changing a field that is tied to a calculated field in an

application.
Save the record.
Any calculated field dependent on that change is recalculated
immediately.

Scenario 2 Edit a record that has a dependent field in a related application.

Drill into a cross-reference application.
Change the dependent field in a related record.
Save the record.
Recalculations for the dependent fields are queued in an asynchronous
job that is processed based on the number of jobs in the job queue.

Execute Calculations
Calculations are executed either through administrative or user functions. A formula
executed from an administrative function runs in an asynchronous job. This job can
be queued to run during normal processing or scheduled to run at a specific time. A
formula executed from a user function is triggered from the Recalculate button in
View mode, or the Apply or Save button in Edit mode.

158 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Function Action Execution

Administrative Calculations Administrator updates a formula of a calculated

queued in an field and queues an asynchronous job. This job
asynchronous job runs during normal processing based on the
number of jobs in the queue.

Calculations 1. Administrator schedules an asynchronous

scheduled in an job to run a full module recalculation. The
asynchronous job job is queued with all fields in the module
for calculation.
2. Administrator schedules an asynchronous
job for recalculation to run at a specified
time. When job runs, all formulas with
NOW ( ) and TODAY ( ) functions and
any calculated fields set to Always
recalculate are calculated.

User Calculations User clicks the Recalculate button in View

recalculated inline mode. Content ‘marked’ for recalculation is
recalculated.

Calculations User clicks the Apply button in Edit mode

recalculated inline without making a change. Content ‘marked’ for
recalculation is recalculated.
User clicks the Save button in Edit mode after
making a change. Content is saved and
‘marked’ content is recalculated.

Force Content Recalculation

Normally, calculated fields only are updated when a record changes. However,
application owners and system administrators can force a recalculation of all
calculated fields in a record using .
The Recalculate feature is available in:
l A record that is in View mode.
l A cross-reference record that is opened in View mode from another record.
l A sub-form record that is opened in View mode from another record.

The following are restrictions to the Recalculate feature:

l The recalculate option only is available for the application owner and
administrators. If you do not see on a record in View mode, you are not the

Chapter 6: Working with Records 159

 RSA Archer GRC Platform Solutions User Guide

application owner or an administrator.

l When the recalculation is performed, the Platform only performs the
recalculation on the current record. The recalculation is not performed on cross-
reference or sub-form fields within the record.
l For the recalculate option to be available within a cross-reference record that is
in View mode, you must be either the cross-reference application owner or an
administrator.
l For the recalculate option to be available within a sub-form record that is in
View mode, you must be either the sub-form owner or an administrator.
l You cannot perform a recalculation on archived records.

Procedure
1. View an existing record.

2. Click in the page toolbar.

The Platform recalculates the content immediately, and after it completes the
recalculation, it saves the content of the record.

Note: As a result of the save, no notifications, generating findings, workflow, or

publishing events occur doing the recalculation.

Immediately Applied Calculations

An immediately applied calculation can be performed in a cross-referenced
application one level away. For example, Application A is dependent on a
calculated field in Application B. Application B has a cross-reference relationship
with Application A. When a record is updated in Application B, its related record in
Application A can be recalculated immediately when the user returns to
Application A and clicks Apply or Save.
Related records are updated when a user initiates the recalculation or the
recalculation is updated through an asynchronous job. When updated by the user,
the Last Updated field contains the identification of the user who updated the
record. When updated by an asynchronous job, the Last Updated field is not
updated.

Recalculation Conditions
Calculated fields can be recalculated in View or Edit mode. To initiate an
immediate recalculation, a user must have update permissions to the record. When
initiated from either mode, only the content that is 'marked’ is recalculated.
Content changes may result in outstanding calculations in a related level or
application.

160 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

The recalculation can be initiated when content is actually changed or for content
that has a status of ‘marked’ for recalculation. All calculated fields are recalculated
immediately within the current content. All related content affected by the change
is 'marked' and queued for recalculations in an asynchronous job. When save or
apply updates calculated fields and there are no other user changes, notification are
not sent.
When 'marked' content is calculated asynchronously, only the fields associated with
the executed job are calculated. Notifications are never sent. Notifications are only
sent when a user saves a record.
Calculated fields are only recalculated based on changes made directly in a data
feed, data import, web API, or scheduled recalculation jobs.

Recalculations in View Mode

When in View mode, a message is displayed stating that the content may not be
current. The Recalculate button is available.

Example 1: Cross-Referenced Field Updated

Scenario Calculated field is [Total Risk] in Application A. [Risk] is a cross-

referenced field. [Controls] is a level in the cross-reference multi-level
application and [Severity Rating] is a field in the Controls data level.
SUM(REF([Risk], [Severity Rating], [Controls]))

Action 1 User edits [Severity Rating] in Application B.

[Severity] = 12.
User changes value of [Risk] to 11 and clicks Save.
Content of [Total Risk] is ‘marked’ for recalculation.

Action 2 User with Read and Update permissions returns to Application A in

View mode and clicks Recalculate.

Action 3 User saves record in Application B.

Results [Total Risk] is recalculated immediately, and the updated value is

displayed.
[Total Risk]=23

Recalculations in Edit Mode

When in Edit mode, the Recalculate button is not available. The recalculation is
initiated from the Apply or Save button. The Apply button returns the same results
as the Recalculate button in View mode.

Chapter 6: Working with Records 161

 RSA Archer GRC Platform Solutions User Guide

Example 1: Cross-Referenced Field Updated

Scenario Calculated field is [Total Risk] in Application A. [Risk] is a cross-

referenced field. [Controls] is a level in the cross-reference multi-level
application and [Severity Rating] is a field in the Controls data level.
SUM(REF([Risk], [Severity Rating], [Controls]))

Action 1 User drills into [Severity Rating] in Application B.

[Severity] = 12.
User changes value of [Risk] to 11 and clicks Save.
Content of [Total Risk] is ‘marked’ for recalculation.

Action 2 User with Read and Update permissions returns to Application A in Edit
mode and clicks Save.

Action 3 User saves record in Application B.

Results [Total Risk] is recalculated immediately, and the updated value is

displayed.
[Total Risk]=23

Example 2: Calculated Field Updated by Data Feed

Scenario Application A has three fields Risk, Criticality, and Severity. Rating is a
related record in Application B.
[Total Risk] is dependent on the value of [Criticality].
SUM(REF([Risk], [Criticality]))
[Severity] is dependent on [Rating].
IF([Rating]=10, VALUEOF ([Severity],"High"),VALUEOF ([Severity],
"Low")

Action 1 User changes the value of Critically in Application B and clicks Save.

Results Related content in Application A is 'marked'.

162 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Action 2 Data feed updates [Rating] in Application A to a value of 10. Severity is

calculated upon content save initiated by the data feed.

Results [Total Risk] is not recalculated.

[Rating] is updated during the data feed.
[Severity] is changed to High.

Action 3 User view records and clicks Recalculate.

Results [Total Risk] is recalculated immediately.

Accept, Reject, or Reassign a Record

Complete this task to accept, reject, or reassign a record in a workflow process.
The Platform includes a feature called Workflow that enables organizations to
move a record through stages for review and validation before publishing it to end
users.
When you display a record in the workflow process, and you are a designated user
for that workflow stage, the Workflow toolbar is displayed.

Procedure
1. In the Navigation Menu, click the application.
A menu of options is displayed.
2. In the Navigation Menu, click My ApplicationName Assignments.
The My Assignments page is displayed with a list of records ready for your
review.
3. Click the record that you want to review.
The record is displayed along with the Workflow toolbar. The options available
on the Workflow toolbar may vary depending on the configuration of the
Workflow process.
4. Review the record and choose one of the available options in the Workflow
toolbar:
l To accept the record and move it to the next stage in the Workflow process,
click Accept.
l To reject the record and demote it to the previous stage in the Workflow
process, click Reject.
l To reject the record and leave a comment describing your decision, click
Comment.

Chapter 6: Working with Records 163

 RSA Archer GRC Platform Solutions User Guide

l To reassign the record to another user or group, click Reassign.

l To view a history of the record in the Workflow process, click History.

Data Imports
The Data Import feature enables you to import records into an application,
questionnaire, or sub-form from an external data file. Importing data through the
Data Import feature rather than entering it manually can save you a lot of time, and
with good preparation, a data import can be completed quickly and easily.

File Formats
Your import file must be a flat, delimited-values data file. A flat file contains all
data in a single table and does not include any hierarchical structure. In a delimited-
values file, each row is equal to one record, and field values are separated in each
record by a comma, tab, or some other designated character. For more information
on file formats for data imports, see File Formats for Data Imports.

Prepare for a Data Import

Before you begin the data import process, examine both your external data file and
the system component (application, questionnaire, or sub-form) that receives your
data import to ensure that the data is correctly and efficiently copied into the
application. For more information on planning for your data import, see Data Import
Preparation.

Data Import Preparation

Before you begin the data import process, examine both your external data file and
the system component (application, questionnaire, or sub-form) that receives your
data import to ensure that the data is correctly and efficiently copied into the
application. Taking a few minutes to carefully plan a successful data import can
save you a great deal of time in resolving import errors later.

Important: If you are importing data that uses a double-byte character set, such as
Japanese, the alias of each field must be set to a single-byte character set, such as
English. To do this, open the Manage Field page for each field, and rename the
Alias field using single-byte characters.

Consider the following points as you examine your import file and the application
into which you are importing data:
l Your file must be a delimited-values data file, and because the Data Import
Wizard requires you to specify the primary and secondary delimiters used in your
data file, it is important to know what these characters are before you begin the
data import.

164 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

l Importing data into an application copies data from an import file into existing
application, questionnaire, or sub-form fields. It does not create any new fields.
Therefore, your application must contain all necessary fields before you begin
the import process. If you import sub-form records, the application to which you
import must contain a Sub-Form field. This Sub-Form field must reference a sub-
form that contains the appropriate fields.
l Mapping fields from your external data file to fields in your application is much
easier if the corresponding fields have the same name. The system automatically
maps import fields to application fields when they have the same name, which
can save you a great deal of time in manually mapping fields.
l If you map a field from your external data file to a required field, each record in
your data file must include a value for this required field.
l If your import file contains date or date-time values, you are asked to specify the
format used for these values. Your import file must use a consistent format for
date and time values, and you must know what these formats are before you
begin the Data Import Wizard. Also, if your import file contains date-time
values, take note of the separator (hyphen, period, comma, space, or so on)
between the date and time values and between the time and the AM/PM
designation.
l When importing data into a leveled application, you must import each level's data
separately, starting with the top data level. Each level must be imported from a
separate external data file.
l When importing data into an application that contains a sub-form, you must
import application records and sub-form entries separately. You need one
external data file for your application records and another for your sub-form
entries. The sub-form data file must contain unique field values from the
application records, such as Tracking ID values, so the sub-form entries can be
appropriately mapped to the application records where they will reside.

Alias Names
Numerous operations in the Platform require references to objects—everything
from solutions, applications, and fields to individual values list values—to specify
the target for a particular activity. One example is mail merge, in which you must
create templates with unambiguous references to individual fields in an application.
Another example is the process of mapping external data to fields in the Data Feed
Manager. To provide a constant name that is also human readable, all Platform
objects, such as workspaces, applications, fields, and notification templates, support
an alias.
An alias is a short name for a unique object in the system that is human readable,
but also can be used in code or as a reference in configuration processes. All alias
names must contain only alphanumeric characters, beginning with a letter and
containing no spaces. The maximum length is 40 characters.

Chapter 6: Working with Records 165

 RSA Archer GRC Platform Solutions User Guide

An alias name must be unique in the entity type. The following are additional points
of consideration:
l Field aliases must be unique in the level.
l Values List Value aliases must be unique in a Values List.
l Level, Data Driven Event, Report, and Workflow Stage aliases must be unique
in an application.

You can edit the alias name for non-system provided entities. Alias name for
system-provided entities are read only.

Important: Applications cannot be named "ContentID". Applications with this name

are automatically changed to "Content_ID".

CAUTION: Alias name are used in configuration processes, system processes, and
web service API integrations. Modification of the alias name can cause these
functions to fail.

File Formats for Data Imports

Your import file must be a flat, delimited-values data file. A flat file contains all
data in a single table and does not include any hierarchical structure. In a delimited-
values file, each row is equal to one record, and field values are separated in each
record by a comma, tab, or some other designated character. If your file contains
multiple values in individual fields, those values are separated with a secondary
delimiter, such as a semicolon or pipe (|). In the Data Import Wizard, you specify
the primary (Field Delimiter) and secondary (Values Delimiters) delimiters used in
your data file, so it is important to know what these characters are before you begin
your data import.
Consider whether the selected characters are displayed anywhere in your field
values. For example, if you choose a comma as your Field Delimiter, examine your
data file to see if commas appear in individual field values, such as text strings. If
commas do occur in individual field values, the system reads those commas as
delimiters and separates the field data that comes before and after a comma into
two separate field values.
To solve this problem, you can use single or double quotes to enclose field values in
your data file, for example, "Server, Router". Characters enclosed in quotation
marks are not interpreted as delimiters.
A second way to solve this problem is to choose Field and Values Delimiters for
your data file that do not occur anywhere in your field values. The pipe (|) and
circumflex accent (^) characters are good examples of uncommon characters that
work well as delimiters.

166 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Importing Data Into Leveled Applications

When importing data into a leveled application, you must import each level's data
separately, starting with the top data level. Each level must be imported from a
separate external data file. You can create these separate source files by exporting
data from the leveled application that contains the data that you want to import. You
must export data one level at a time.
The following steps explain the process for importing data into a leveled
application:
1. Execute a search in your leveled application and select only level-1 fields for
display in the search results (using column format). Export those results.
2. Re-execute your search, and select level-2 fields for display in your search
results. Also select a field from the first data level to include in your search
results that associates your level-2 records with your level-1 records (The
values for that level-1 field must be unique for each record.). Export those
records.
3. Repeat step 2 for each subsequent data level, and include only an individual
level's fields along with a parent-level field in each search and export process.
Note that the parent level is the data level that directly precedes each child
level. For example, the third data level's parent level is the second data level.

Note: If you try to import each level by selecting specific columns of data to import
from a single master file, you have duplicate upper-level records and/or your lower-
level records are not associated with their parent records. You must use a separate
file for each level's data import.

Example
The following steps explain the process for importing data into a three-level
application:
1. Perform a new import or an import update of the level-1 field data.
2. Perform a new import or an import update of the level-2 field data. Your import
file must contain the level-2 field values along with unique values for a field in
level 1 of the application, such as the Tracking ID field. When you are mapping
values from your external data file to fields in your application in step 3 of the
Data Import Wizard, you map the level-2 data to the appropriate level-2 fields,
and you map the level-1 values to the appropriate level-1 field. This action
creates the association between level-1 and level-2 records.
3. Perform a new import or an import update of the level-3 field data. Your import
file must contain the level-3 field values along with unique values for a field in
level 2 of the application, such as the Tracking ID field. When you are mapping
values from your external data file to fields in your application in step 3 of the
Data Import Wizard, you map the level-3 data to the appropriate level-3 fields,

Chapter 6: Working with Records 167

 RSA Archer GRC Platform Solutions User Guide

and you map the level-2 values to the appropriate level-2 field. This action
creates the association between level-2 and level-3 records.

Supported Import Data Field Types

You can import external field data into any of the following field types:
l Cross-Application Status Tracking (only available for import updates)
l Cross-Reference
l Date (unless the field is configured as a calculated field)
l IP Address
l Matrix
l Numeric (unless the field is configured as a calculated field)
l Record Permissions (only if the field is configured to allow manual selection)
l Sub-Form
l Text (unless the field is configured as a calculated field)
l User/Groups List
l Values List (unless the field is configured as a calculated field)

The following field types are supported for sub-form data import:
l Cross Reference
l Date (unless the field is configured as a calculated field)
l IP Address
l Numeric (unless the field is configured as a calculated field)
l Text (unless the field is configured as a calculated field)
l User/Groups List
l Values List (unless the field is configured as a calculated field)

The following field types are not supported for data import:
l Attachment
l Discussion
l External Links
l First Published Date
l History Log
l Image
l Last Updated Date
l Multiple Reference Display Control

168 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

l Record Status
l Tracking ID
l Voting

Individual field types react differently when their content is modified through a data
import. Additionally, some fields require specific data formats for successful
imports. The following table provides information on data import results and data
requirements for various field types.

Field Type Result in Data Import and Data Requirements

Cross CAST values can be specified only during an import update. If you are
Application adding additional field values rather than updating existing values with
Status your data import, this field is not available in the Application Fields
Tracking drop-down list on the second page of the Data Import Wizard. CAST
(CAST) values are specified in the target/child application. Because a CAST value
is specific to two different records, you must include unique identifiers for
both the parent and the child record.

Example
To update the Implementation Status of two vulnerabilities on 10 assets,
you need 20 rows of data. You need the asset identifier, for example, IP
Address or Asset Name, the vulnerability identifier, for example, BugTraq
ID, and a status value, for example, Implemented.

Cross- The values that you import into a Cross-Reference field must be key-field
Reference values for the related application. If you import values that are not key-
field values for the related application, the data importer cannot link
records in the import application to records in the cross-referenced
application.

IP Address An IP Address value must be formatted as four octets separated by

periods. Each octet can contain one, two, or three numbers. The following
is an example of an import value for an IP Address field:
1.160.10.240

Matrix When importing data into this field type, you must specify the column
name and corresponding row value for each column in the Matrix field.
Column names are separated from row values with a comma, and a
semicolon is used to separate column and row pairs.
The following is an example of an import value for a Matrix field:
Maintenance Burden, Low; Portability, Medium; Power Consumption,
High

In this example, "Maintenance Burden," "Portability," and "Power

Chapter 6: Working with Records 169

 RSA Archer GRC Platform Solutions User Guide

Field Type Result in Data Import and Data Requirements

Consumption" are column names, and "Low," "Medium," and "High" are
the corresponding row values.

Note: If you import a Matrix value that contains a column or row value
that does not display in the application's Matrix field, that column or row
is added to the Matrix field. If you do not want additional columns or
rows to be added to your Matrix field during a data import, ensure that
your external data file only includes Matrix values that appear in your
application's Matrix field.

Numeric If the application with which you are working has a ranged Numeric
field, and you import values that are outside of the field's defined ranges,
records with these values are not returned when users execute advanced
searches in the application using numeric-range filters.
Also, if you import numeric values that exceed your Numeric field's
maximum number of decimal places, the values are rounded off to meet
the field's requirements. If you import values with fewer decimal places
than the minimum number of decimal places allowed in the Numeric
field, these values are padded with zeros, for example, 4.22000.
In addition, if you import values that are above or below the Numeric
field's minimum and maximum values, an error is reported.

Record If you import an empty value into a Record Permissions field, the field is
Permissions empty in the new or updated record, even if the field is configured with
one or more default values. When no value is selected in the Record
Permissions field, the only users who have access to the record are those
who are assigned the System Administrator access role, and those who are
assigned as owners of the application.

Sub-Form A Sub-Form field can be active or inactive during the import process;
however, the actual sub-form storing the data from the data import must
be active.

170 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Field Type Result in Data Import and Data Requirements

Text This field is updated regardless of the content of your data import.

User/Groups Users are identified using last_name, first_name, middle_name format.

List Groups are identified by their name. If there is more than one user or
group with the same value (name), the first one (based on the system ID)
is used. Multiple values are separated with the secondary delimiter
specified on the first page of the Data Import Wizard. If you try to import
a user or group that is not a valid selection among the User/Groups List
field values list, an error is reported. If you import an empty value into
the User/Groups List field, the field is empty in the new or updated
record, even if the field is configured with one or more default values.

Values List If you import a value into a Values List field that is not included in the
field's values list, the value is added to the values list. If the values list is
global, the imported value is displayed in the global values list for all
fields configured to use it.

Note: Importing a record with all of the values that you want your values
list to include is an easy way to add those values to the list.

Using Excel as a .CSV Editor

While Microsoft Excel is a tool that most users have for editing comma-separated
values (.csv), it occasionally may make changes to your data file that you do not
expect. If you use Excel only to preview your files, there should be no problems.
However, if you save your file in Excel, you may find that the saved version is
different from what you anticipated.
Note the following types of changes that may occur in your files:
l Date Values. Excel converts these to use its format. You can use this feature to
your advantage if you are pulling values in from disparate sources.
l Points of Precision. Excel manipulates decimal places to use its format.
l Quoted Strings. Excel uses quoted strings if they are necessary, and strips
extra ones if they are not.
l Cell Limitations. A cell in an Excel spreadsheet holds a finite number of
characters. If your .csv file exceeds this limit, saving it in Excel corrupts your
data.

Enable End Users to Perform Data Imports

Complete this task to extend data-import rights to end users. You must be the
application owner, configure the Navigation Menu to display the Data Import
option, and grant rights to the Data Import Wizard to end users through their access
role or roles.

Chapter 6: Working with Records 171

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Navigation Menu tab.

3. Select the Display Item option adjacent to the data import item.
4. Click Save.
5. From the Navigation Menu, select Access Control.
If you do not have rights to the Access Control feature, contact an Access
Control administrator to complete the remaining steps.
6. Open the Manage Access Roles page.
This page lists all of the access roles for the application.
7. On the Role tab, select the role whose privileges you want to modify to grant
end-user access to the Data Import Wizard.
8. Click the Rights tab.
9. From the Application list, select the application that you just configured to
display the Data Import link in the Navigation Menu.
10. For the [Application Name]: Data Import page, select Read, Create, and
Update.
11. Click Save.

Importing Data Using the Data Import Wizard

The Data Import Wizard guides you through the data import process.
After you prepare your external data file and your application, questionnaire, or
sub-form for data import, you can begin the import process in the Data Import
Wizard.
You must complete the following tasks in order to complete the Data Import
Wizard:
1. Access the Data Import Wizard
2. Select the Data File and Import Options
3. Select Unique Record Identifiers

172 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

4. Map Import Data to Application Fields

5. Review Data Import Wizard Settings
6. Initiate Data Validation and Import

Access the Data Import Wizard

Complete this task to access the Data Import Wizard from the Navigation Menu. If
you are an application owner, you can access the Wizard from the Manage Data
Import page.

Note: You can also access the Data Import Wizard from the Navigation Menu of an
application, if your account has been granted appropriate privileges. If the
application contains levels or sub-forms, the Platform prompts you to select the
level or sub-form before the wizard starts.

Before You Begin

See Data Import Preparation.

Procedure
1. Navigate to the Manage Data Imports page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Integration.
A menu of Integration pages is displayed.
c. Click Manage Data Imports.
This page enables you to import data to applications and questionnaires for
which you have ownership rights.
2. In the Name column, locate and click the name link for the application,
questionnaire, or sub-form that you want to receive the data import.
The Data Import Wizard opens.

Next Steps
Select the Data File and Import Options

Select the Data File and Import Options

Complete this task to specify the file format and to select other advanced import
options.

Before You Begin

Access the Data Import Wizard

Chapter 6: Working with Records 173

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. Click Browse to select the source file for the data that you want to import. The
file that you select must be a flat, delimited-values file. Additionally, verify that
the source file is closed.

Note: If you make changes to the source file after you have uploaded it to the
Data Import Wizard, you must return to this step and upload the file again
before initiating the data validation and import process.

2. In the Format Options section, select the characters that your data file uses as
its Field and Values Delimiters. If your data file's Field Delimiter is something
other than a comma or a tab, enter the correct character in the Other field.
Likewise, if your Values Delimiter is something other than a semicolon or pipe
(|), enter the correct character in the Other field.
3. In the Locale field, select the locale of the input file.
4. If the first row of data in your file contains field names instead of actual record
data, select File Contains Header Row in the Header Row field. If the first
row of data in your file contains actual record data, select File Does Not
Contain Header Row in the Header Row field.
5. In the HTML Formatting field, indicate whether fields in your data file contain
HTML formatting.
6. In the Advanced Options section, make selection for the following fields:
l Are any field values quoted in your data file? If the answer is yes, select
the double quotes or single quotes option.
l Should imported records be allowed to trigger notifications? If
notifications are enabled for the application into which you are importing
data, you can select to send notifications for your imported records.
Important: Consider this option carefully. If you are importing a large
number of records, triggering a notification email for each of these records
could produce a heavy load on the email accounts of users who are
subscribed to a notification template for the application.

l Should invalid cross references be imported? If you select Import

Invalid Cross References, records that contain invalid cross-reference
values are imported, but the invalid values are left out of the import. If you
select Do Not Import Invalid Cross-References, each record's cross-
references are validated, and if any are found to be invalid, the Data Import
Wizard reports errors after the Validating Records import stage and prevents
you from completing the data import.
l How should existing references be handled? If you select to replace
existing cross-reference values, the existing data in the application is
replaced with the data from the import file. Data existing prior to the import
process is removed. If you select to append cross-referenced data, the system

174 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

leaves all existing values in the record intact and adds new cross-reference
values from the data file to the records.
7. Click Next.

Note: Be certain that you have selected the source file (see step 1) so that you
can advance to the next window of the Data Import Wizard.

Next Steps
Select Unique Record Identifiers

Select Unique Record Identifiers

Complete this task to select the unique record identifiers. A unique identifier is a
field (or a combination of fields) whose values in individual records are different
from all other records. For example, the Tracking ID field, when configured as
System ID, is a unique identifier because the value for that field is different for
every record.
If you are updating existing records or importing sub-form entries, there is a Unique
Identifiers control group on the second page of the Data Import Wizard.
If you are updating entries in a sub-form that does not contain a Tracking ID field or
any other field with unique values, you can use a combination of fields to establish
the unique identifier. For example, you can select a Text field and a Date field if
the combined values of those fields are different for every sub-form entry.

Note: The Tracking ID field can only be used as a unique identifier if configured as
System ID. If configured as Application ID, it is not available for use as a unique
identifier.

By establishing a unique identifier, the Data Import Wizard maps import data to
existing data in the application. If you are updating application records with your
data import, the unique identifier matches records in your import file with existing
records in the application. If you are importing data into a sub-form, the unique
identifier correctly matches your sub-form entries to their parent application
records.
The steps for selecting unique record identifiers vary depending on the type of data
import you are performing.

Before You Begin

l Access the Data Import Wizard
l Select the Data File and Import Options

Chapter 6: Working with Records 175

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. On page 2 of the Data Import Wizard, in the General Information section,
select one of the following options:
l Import New Records. If you are importing new records, existing records in
your application remain unchanged. The new records are added to the
existing population of records in the application.
l Update Existing Records. If you are updating existing records, the system
examines your existing records and, when it finds a match between a record
in your application and a record in your external data file, the existing record
is updated with the imported record. If your external data file contains
records that do not match any records in your application (according to the
unique record identifier that you specify), those unmatched records are added
as new records in your application.
2. If you are updating existing records with your data import, do the following:

a. In Application Field(s), click .

b. Select one or more fields whose values serve as the unique record identifier.
This allows the Data Import Wizard to match records in your external data
file with records in the application, questionnaire, or sub-form.

Next Steps
Map Import Data to Application Fields

Map Import Data to Application Fields

Complete this task to import file to fields in an application or sub-form. To assist
you in this process, the second page of the Data Import Wizard provides a preview
of the first 20 rows of data in your import file, which gives you additional
confirmation when correlating columns of data to application or sub-form fields.

Before You Begin

l Access the Data Import Wizard
l Select the Data File and Import Options
l Select Unique Record Identifiers

Procedure
1. For each field in the Import Fields row, select the corresponding field in the
Application Fields row from the lists. This allows you to map data from your
import file to the appropriate fields in your application or sub-form. If you do not
want to import one or more columns of data from your import file, select Do
Not Import from the list in those columns.

176 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Note: If you are updating existing records or importing sub-form entries, you
must map the field that you selected as a unique identifier to the appropriate
field in the field mapping grid. Otherwise, an error message is displayed. For
more information on unique identifiers, see Select Unique Record Identifiers.
Additionally, import values for a Cross-Reference field must be key field values
for the cross-referenced application. If the values are not key field values, the
importer cannot link the records.

2. If you have mapped a Date field in the import file to a Date field in the
application, specify the format for date and time values in the import file.
The format for these values in the import file must be consistent. The examples
to the right of the date and time drop-down lists update according to the
selections that you make, enabling you to verify your choices.
3. Click Next.

Next Steps
Review Data Import Wizard Settings

Review Data Import Wizard Settings

Complete this task to review the data import settings on the Wizard Summary page
before initiating the import process.

Before You Begin

l Access the Data Import Wizard
l Select Data File and Import Options
l Select Unique Record Identifiers
l Map Import Data to Application Fields

Procedure
1. On page 3 of the Data Import Wizard, review the data import settings.
2. To change any of the settings, click Previous to return to the appropriate Data
Import Wizard page. For more information on a particular page, see the Help
content for that page.

Next Steps
Initiate Data Validation and Import

Initiate Data Validation and Import

Complete this task to initiate the import process after reviewing the data import
settings on the Wizard Summary page.

Chapter 6: Working with Records 177

 RSA Archer GRC Platform Solutions User Guide

Before You Begin

l Access the Data Import Wizard
l Select Data File and Import Options
l Select Unique Record Identifiers
l Map Import Data to Application Fields
l Review Data Import Wizard Settings

Procedure
1. When you are satisfied with the Data Import Wizard settings, click Import to
initiate the validation and import of your data.
Once you click Import, the system begins a three-stage import process:
l Validating Records
l Building the Import File
l Importing/Updating Records
In the Validating Records stage, each record in your data file is examined for
errors. If you click Cancel during the Validating Records stage, your data
import is aborted. When the Validating Records stage completes, the Data
Import Wizard reports any errors that are found, up to the first 100 errors. If
errors are found, the import process terminates, and you must correct these
errors before attempting to import the records again.
2. If necessary, correct errors, and begin the import process again (starting on the
first page of the Data Import Wizard).
For more information on correcting errors, see Data Validation Errors.
If no errors are found in the Validating Records stage, the system continues
with the Building the Import File stage, where your import file is built record by
record. During this stage, you can abort the import by clicking Cancel.

Important: You must not close this window or log off from the system during
this stage of the import process. Doing so causes adverse results.

Note: Invalid HTML or XML characters in the external data file are stripped
from the data during the import process to prevent import errors.

When the Importing/Updating stage completes, the Overall Import Status

message is displayed. This message includes the number of records that are
successfully imported into the application. If unexpected errors occurred during
the import process that prevented one or more records from being imported,
these records automatically are exported to a .csv file.

178 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

The Overall Import Status message provides a link to this external .csv file.
Once you have corrected the problems that prevented these records from being
imported, you can attempt to import these records again.
3. Once the import is completed successfully, click Continue.

Data Validation Errors

After you click Import in the Data Import Wizard, the Platform validates your
external data and reports any errors. If errors are found, the Platform terminates the
import process and you must correct the errors in your data file before attempting
your data import again (starting on the first page of the Data Import Wizard). The
Wizard can report up to 100 errors. If your data file contains more than 100 errors,
they are not all reported.
The following table describes errors that can occur during the data validation
process and provides possible resolutions.

Error Explanation and Possible Solution

All unique identifiers must be If you are importing new sub-form records, you must
mapped for insert map the fields that you selected to serve as the
application's unique identifier to those fields in the
field mapping grid.

All unique identifiers must be If you are updating existing master or sub-form records,
mapped for update you must map the field that you selected to serve as the
application's unique identifier to that field in the field
mapping grid.

Column mismatch Your external data file contains a value that does not
match the data type of the field to which the value is
mapped. For example, the value might be a text string
while the field that you are attempting to import the
value into only accepts date values. To correct this
problem, change the value in your data file to match
the data type required by the field to which you are
mapping the value.

Chapter 6: Working with Records 179

 RSA Archer GRC Platform Solutions User Guide

Error Explanation and Possible Solution

Could not locate group name
This error can occur if your external data file contains a
group value that is not a group value established in the
system. To correct this problem, either change the
group value in your data file so it matches a group in
the system, or add the group from your data file to the
system from the Manage Groups page in the Access
Control feature.

Date does not match expected
format
Your external data file contains a date that does not
match the date format that you specified for the import.
To correct this problem, reformat the date value so it
matches the format that you selected in the Data Import
Wizard.

Field is required
Your external data file is missing one or more values
for a required field. You can resolve this problem by
entering the required values in your import file or by
changing the field in your application so it is no longer
a required field.

Field requires a selected value Your external data file is missing a value for a Values
List field that requires a selected value. To correct this
problem, enter the required value in your data file or
change the field in your application so it no longer
requires a certain number of value selections.

Imported sub-form record
cannot have multiple parents
This error can occur if you are importing sub-form data,
and the field from the parent record that you selected as
the unique identifier contains non-unique data. To
correct this problem, select a unique field value from
the parent record to serve as the application's unique
record identifier.

Invalid IP Address Your external data file contains a value for an IP

Address field that is not correctly formatted. To correct
this problem, reformat the value according to the
guidelines in the IP Address entry in Field Types for
Data Imports.

Invalid key or keys for cross
application status field for
application
This error can occur if you are updating records with a
Cross-Application Status Tracking (CAST) field and
you do not specify valid, unique identifiers for the
parent-application and child-application records
associated with the CAST field. To correct this
problem, see the Cross-Application Status Tracking

180 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide
Error
Invalid matrix format
Invalid number
Invalid tracking ID
Multiple columns are mapped
to the same field
Number is larger than
maximum value
Chapter 6: Working with Records
Explanation and Possible Solution
(CAST) entry in Field Types for Data Imports.
Your external data file contains a value for a Matrix
field that is not formatted correctly. To correct this
problem, reformat the value according to the guidelines
in the Matrix entry in Field Types for Data Imports.
This error can occur if you are importing a value into a
Numeric field that contains alphabetic characters. To
correct this problem, change the value in your external
data file so it contains only numeric characters.
This error can occur if you are doing an import update,
and the Tracking ID field in your external data file
contains a value that is not a valid tracking ID for the
application into which you are importing. The tracking
ID value may not exist in the system, or it may be a
valid tracking ID for another application. To correct
this problem, change the value in your data file so it is
a valid, unique tracking ID for the import application.
This error can occur if more than one field from your
data import file is mapped to the same application field.
If you are performing a sub-form data import, a field
from your data import file may be mapped to the same
field as the parent record. To correct this problem, make
sure that your application fields are mapped to different
fields and that the import data fields are mapped to the
sub-form fields.
This error can occur if you are importing a value into a
Numeric field that is above the maximum value
allowed for the field. To correct this problem, examine
the Numeric field in your application to determine the
maximum value it allow and change the value in your
data file, so it falls at or below that maximum value.
181
 RSA Archer GRC Platform Solutions User Guide

Error Explanation and Possible Solution

Number is smaller than This error can occur if you are importing a value into a
minimum value Numeric field that is below the minimum value
allowed for the field. To correct this problem, examine
the Numeric field in your application to determine the
minimum value it allows and change the value in your
data file, so it falls at or above that minimum value.

Too many cross references This error can occur if a record in your external data
selected file contains more values for a Cross-Reference field
than the maximum number of value selections that field
allows. To correct this problem, examine the Cross-
Reference field in your application to determine how
many values can be selected for the field, and then
reduce the number of values in your data file so they fit
within that limit.
If the number of values selected in your data file does
not exceed the value limit for your Cross-Reference
field, this error can also occur if the key field for the
cross-referenced application is not unique and your
Cross-Reference field maps to one of the non-unique
values. To correct this, verify that the key field of the
cross-referenced application is unique.

Unsupported import type This error can occur if you are importing new records
and attempt to import data into a Tracking ID field. To
correct this problem, select Do Not Import from the list
for the Tracking ID field in the field mapping grid.

Unsupported link type This error can occur if you are updating records with
your data import and you select a field type for the key
field that cannot serve as the key field for a record.
Examples of field types that cannot serve as the key
field for a record include First Published Date, Last
Updated Date, Record Status, and Related Records. To
correct this problem, select a field type for the key field
that can serve as the key field for a record.

182 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Field Types for Data Imports

You can import external field data into any of the following field types:

l Cross-Application Status Tracking l Record Permissions (only if the field is

(only available for import updates) configured to allow manual selection)
l Cross-Reference l Related Records
l Date (unless the field is configured as l Sub-Form
a calculated field)
l Text (unless the field is configured as a
l IP Address calculated field)
l Matrix l User/Groups List
l Numeric (unless the field is l Values List (unless the field is configured
configured as a calculated field) as a calculated field)

Field Types for Sub-Form Data Input

The following field types are supported for sub-form data import:
l Cross-Reference
l Date (unless the field is configured as a calculated field)
l IP Address
l Numeric (unless the field is configured as a calculated field)
l Text (unless the field is configured as a calculated field)
l User/Groups List
l Values List (unless the field is configured as a calculated field)

Unsupported Field Types

The following field types are not supported for data import:

l Access History l Image

l Attachment l Last Updated Date
l Discussion l Multiple Reference Display Control
l External Links l Record Status
l First Published Date l Tracking ID
l History Log l Voting

Chapter 6: Working with Records 183

 RSA Archer GRC Platform Solutions User Guide

Data Requirements and Import Results

Individual field types react differently when their content is modified through a data
import. Additionally, some fields require specific data formats for successful
imports. The following table provides information on data import results and data
requirements for various field types.

Field Type Result in Data Import and Data Requirements

Cross Application CAST values can be specified only during an import update.
Status Tracking (CAST) If you are adding additional field values rather than updating
existing values with your data import, this field is not
available in the Application Fields drop-down list on the
second page of the Data Import Wizard. CAST values are
specified in the target/child application. Because a CAST
value is specific to two different records, you must include
unique identifiers for both the parent and the child record.

Example
To update the Implementation Status of two vulnerabilities
on 10 assets, you need 20 rows of data. You need the asset
identifier, for example, IP Address or Asset Name, the
vulnerability identifier, for example, BugTraq ID, and a status
value, for example, Implemented.

Cross-Reference The values that you import into a Cross-Reference field must
be key-field values for the related application. If you import
values that are not key-field values for the related
application, the data importer cannot link records in the
import application to records in the cross-referenced
application.

IP Address An IP Address value must be formatted as four octets

separated by periods. Each octet can contain one, two, or
three numbers. The following is an example of an import
value for an IP Address field:
1.160.10.240

Matrix When importing data into this field type, you must specify
the column name and corresponding row value for each
column in the Matrix field. Column names are separated from
row values with a comma, and a semicolon is used to
separate column and row pairs.
The following is an example of an import value for a Matrix
field:
Maintenance Burden, Low; Portability, Medium; Power
Consumption, High

184 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Field Type Result in Data Import and Data Requirements

In this example, "Maintenance Burden," "Portability," and

"Power Consumption" are column names, and "Low,"
"Medium," and "High" are the corresponding row values.

Important: Ifyou import a Matrix value that contains a

column or row value that does not display in the
application's Matrix field, that column or row is added
to the Matrix field. If you do not want additional
columns or rows to be added to your Matrix field
during a data import, ensure that your external data
file only includes Matrix values that display in your
application's Matrix field.

Numeric If the application with which you are working has a ranged
Numeric field, and you import values that are outside of the
field's defined ranges, records with these values are not
returned when users execute advanced searches in the
application using numeric-range filters.
Also, if you import numeric values that exceed your Numeric
field's maximum number of decimal places, the values are
rounded off to meet the field's requirements. If you import
values with fewer decimal places than the minimum number
of decimal places allowed in the Numeric field, these values
are padded with zeros, for example, 4.22000.
In addition, if you import values that are above or below the
Numeric field's minimum and maximum values, an error is
reported.

Record Permissions If you import an empty value into a Record Permissions field,
the field is empty in the new or updated record, even if the
field is configured with one or more default values. When no
value is selected in the Record Permissions field, the only
users who have access to the record are those who are
assigned the System Administrator access role, and those who
are assigned as owners of the application.

Sub-Form A Sub-Form field can be active or inactive during the import

process; however, the actual sub-form storing the data from
the data import must be active.

Chapter 6: Working with Records 185

 RSA Archer GRC Platform Solutions User Guide

Field Type Result in Data Import and Data Requirements

Text This field is updated regardless of the content of your data

import.

User/Groups List Users are identified using following format: last_name, first_
name middle_name. Groups are identified by their name. If
there is more than one user or group with the same value
(name), the first one (based on the system ID) is used.
Multiple values are separated with the secondary delimiter
specified on the first page of the Data Import Wizard.
If you try to import a user or group that is not a valid
selection among the User/Groups List field values list, an
error is reported.
If you import an empty value into the User/Groups List field,
the field is empty in the new or updated record, even if the
field is configured with one or more default values.

Values List If you import a value into a Values List field that is not
included in the field's values list, the value is added to the
values list. If the values list is global, the imported value is
displayed in the global values list for all fields configured to
use it.

Note: Importing a record with all of the values that you

would like your values list to include is an easy way to add
those values to the list.

186 Chapter 6: Working with Records

 RSA Archer GRC Platform Solutions User Guide

Chapter 7: Completing Questionnaires

Questionnaire Records
Questionnaire records are designed to assess compliance against an internal control
or a regulatory requirement. If you are responsible for managing a business process,
technical asset, vendor relationship, or some other organizational object, you may
be asked to fill out a questionnaire record.
For instructions on how to complete the questionnaire record, see Fill Out a
Questionnaire Record.

Question Formats
When you fill out a questionnaire, you may be presented with questions in any of
the following formats:
l Attachment. This question type allows you to upload documents or images to
provide supporting information or evidence.
l Cross-Reference. This question type enables you to associate the questionnaire
record you are filling out with records from another application or questionnaire.
For example, you could answer the question "Who is responsible for monitoring
the security of the server room?" by selecting a user from your related Contacts
application.
l Date. This question type allows you to enter or select a date value.
l Numeric. This question type enables you to enter positive or negative numeric
values.
l Text. This question type allows you to provide a free-form response.
l Values List. This question type allows you to select from a predefined list of
answers.

Add a New Questionnaire Record

Complete this task to add new records in that questionnaire to which you have
create privileges for a questionnaire through your access role or roles. When
creating a questionnaire record, all fields defined as public are displayed for you,
along with any private fields for which you have been granted access rights.
You can create a new questionnaire record from three locations: the Navigation
Menu, the Search Results page, and an existing questionnaire record in view or edit
mode.

Note: Questionnaire records also can be created through a campaign.

Chapter 7: Completing Questionnaires 187

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. Do one of the following:
l To create a questionnaire record from the Navigation Menu, click to expand
the questionnaire branch and click Add New.
l To create a record from the Search Results page for a given questionnaire or
from an existing record, click in the toolbar.
The Add New Record dialog box opens.

2. In the Add New Record dialog box, click and select the record from the
target application that you want to assess through the questionnaire record.
3. Click OK.
The record name is displayed in the Target field.
4. Click Apply.
A new questionnaire record opens.

Fill Out a Questionnaire Record

Complete this task to fill out a questionnaire record that is designed to assess
compliance against an internal control or a regulatory requirement.

Procedure
1. Access the questionnaire record in one of the following ways:
l If you received the questionnaire as an email attachment, click the link
provided in the email.
l From the target record. For example, if you are the asset administrator for
your organization's accounting application, you may be able to access the
questionnaire record for that server from the "Accounting Application"
record in your Assets application.
l From the Navigation Menu, expand the questionnaire, click Display All and
locate your assignment on the Search Results page.
2. Review the instructions listed in the Instructions section. These instructions
describe four steps:
l Answer questions.
l Add comments.
l Change the status.
l Save or Exit the questionnaire.
3. Complete the appropriate fields in the General Information section.
4. Answer the questions provided in the questionnaire.

188 Chapter 7: Completing Questionnaires

 RSA Archer GRC Platform Solutions User Guide

5. Add comments to questions as appropriate:

a. Click next to the question and complete the appropriate fields in the
Questionnaire Comments page.
b. Click Save.

Note: When a comment has been added to a question, the Comment icon
changes from to .

6. Submit the questionnaire for approval:

a. In the General Information section, select Submitted from the Submission
Status list.
b. Verify that the remaining fields in the General Information section are
completed as appropriate.
c. Click Submit.

Review a Questionnaire Record

Complete this task to review a questionnaire record in the Review stage after an
individual has submitted a completed questionnaire.
As a reviewer, you are responsible for ensuring the accuracy of the answers
provided in the record. In addition, if you find the questionnaire inadequate, you can
add comments to specific questions requesting that the submitter provide more
detail or justification for an answer. After editing the questionnaire record for
accuracy and making any necessary comments, you need to either approve or reject
the content.

Procedure
1. Review the submitted answers for accuracy. If you notice any errors or find an
answer that is not supported with sufficient documentation, do one of the
following:
l Click next to the question to attach a comment describing the error.
This enables the original submitter to understand what steps need to be taken
so that the questionnaire record can be approved.
l Correct the answer.

Note: When a comment has been added to a question, the Comment icon
changes from to .

2. In the Reviewer field, click and select your name.

Chapter 7: Completing Questionnaires 189

 RSA Archer GRC Platform Solutions User Guide

3. From the Review Status list, select the desired status:

l Rejected. Select to send the record back to the submitter. The submitter then
references your comments to ensure the questionnaire meets the expected
requirements.
l Approved. Select to approve the record.
4. Click Save and Close.

190 Chapter 7: Completing Questionnaires

 RSA Archer GRC Platform Solutions User Guide

Chapter 8: Managing Tasks

Tasks
Many business processes that are automated using the Platform require the ability to
create, assign, and manage the tasks of various users. To assist you with these
activities, the Platform includes a Task Management application. Through the Task
Management application, you easily can track and manage open and completed
activities associated with specific content records and regulate the manner in which
task management activities are implemented across your solutions. Administrators
can select to enable task management capabilities for any application in the
Platform.
When task management capabilities are enabled for an application, tasks related to
content records in that application are tracked and logged in a Related Records field
called Open Tasks/Activities. In addition to viewing tasks in a content record, your
administrator also can enable the My Tasks iView. This Report iView allows you
to select reports detailing tasks that have been assigned to you.
For example, using Task Management, a risk manager can create assignments to
correct an assessment finding. The assigned individual can view all assigned
remediation tasks in the My Tasks iView. As the remediation progresses, the
original risk manager can track the completion status of all remediation tasks by
viewing a single content record or running a search on a group of findings.
You can access the Task Management application from an application that has been
enabled with task management capabilities. For example, if you are reviewing a
Password Requirements record in the Policy Exception application and task
management capabilities have been enabled, you can click Add New in the Open
Tasks/Activities field to create and assign a task associated for that specific content
record.
You can perform the following Task Management tasks:
l Create and Assign a Task
l View Tasks Associated with a Record
l View Your Tasks
l Complete a Task

Create and Assign a Task

Complete this task to create, assign, track, and manage open and completed
activities associated with specific content records in the Platform.

Chapter 8: Managing Tasks 191

 RSA Archer GRC Platform Solutions User Guide

The Task Management application centralizes all tasks and activities, enabling end
users and administrators to view detailed reports describing the status of open tasks
and a history of completed tasks.
If an administrator has enabled Task Management for an application, the Platform
displays a Related Records field named Open Tasks/Activities in the application's
content records.

Procedure
1. Open a content record in an application that has been enabled with Task
Management capabilities.
2. In the application's content record, click Add New in the Open
Tasks/Activities field to open a new Task Management record.
3. From the Subject list, select the value that best describes the type of task you
are assigning.
4. From the Priority list, select the value that best describes the priority level for
this task.
5. In the Due Date field, enter the date by which the task should be completed or
select the date by clicking .
6. From the Status list, select Not Started.
7. From the Related To list, select the application with which this task is
associated and select the content record that this task is associated with.
8. In the Assigned To field, assign a user to complete the task.
9. In the Description field, enter a detailed description of the task that needs to be
completed.
10. Click Save to assign the task record to the designated user.

Next Steps
View Tasks Associated with a Record

View Tasks Associated with a Record

Complete this task to view all tasks associated with a specific content record. Open
tasks are displayed in the Open Tasks/Activities section, and completed tasks are
displayed in the Closed Tasks section.

Procedure
1. Open a content record in an application that has been enabled with task
management capabilities.
2. In the Open Tasks/Activities or Closed Tasks section, select the task that you

192 Chapter 8: Managing Tasks

 RSA Archer GRC Platform Solutions User Guide

want to view.
The Task record opens in View mode.

Next Steps
View Your Tasks

View Your Tasks

Complete this task to review and access all tasks that have been assigned to you in
the My Tasks iView on a workspace to which you have access.

Procedure
1. Navigate to a workspace that displays the My Tasks iView.
2. In the My Tasks iView, select one of the available reports from the Display
list.
3. From the report, select the task that you want to view.
The Task record opens in View mode.

Next Steps
Complete a Task

Complete a Task
Complete this task to document the resolution of an assignment. You must update
the task status, enter the completion date for the task, and describe the steps taken
to complete the task.

Procedure
1. Do one of the following to open a task record:
l If Task Management is enabled for an application, select the record that
contains the task and from the Open Tasks/Activities, Related Records
field, select the desired task.
l In the My Tasks iView, select Current Tasks from the Display list and
select the desired task.
2. Click to edit the record.
3. From the Status list, select Complete or Deferred.
These values close the task.
4. In the Completion Date field, enter the date the task was finished, or select the
date by clicking .

Chapter 8: Managing Tasks 193

 RSA Archer GRC Platform Solutions User Guide

5. If the task was deferred to another user, click in the Delegates field to
select that user.
6. In the Resolution field, enter a detailed description of how the task was
resolved.
7. Review your content for clarity and accuracy and click Save to complete the
task.
The task is displayed in the Activity History field on the related content record.

194 Chapter 8: Managing Tasks

 RSA Archer GRC Platform Solutions User Guide

Chapter 9: Using Discussion Forums

Discussion Forums
A discussion forum is a structured, secure environment where you can participate in
focused conversations with other application users. Discussion forums are a good
place to ask questions, share opinions, offer solutions, and explore new ideas. When
you post a message to a discussion forum, the message is immediately available to
other forum members, and the message remains displayed in the forum until the
forum administrator archives or deletes it.
You can access discussion forums from the end-user Discussion Forums feature
within the Navigation Menu. If an application administrator has included a
Discussion field within an application, you can also access content-specific
discussion forums within individual records. For example, if you are reviewing a
Password Requirements record in the Policies application, you could click the View
Forum link in the Discussion field to discuss changes to the record with other policy
administrators.
Forums that you access through the Navigation Menu are organized into discussion
communities by subject or theme. A single community can contain any number of
forums; however, you can only view forums for which you have been enrolled as a
member.
As a discussion forum member, you are assigned a role that determines your rights
within the forum. Depending on the role your discussion forum administrator has
assigned to you for a particular forum, you may have rights to:
l Read posts
l Post replies to existing topics
l Post new topics
l Delete your own posts
l Edit posts belonging to others
l Delete posts belonging to others
l Add users or groups to the forum and assign roles to them
l Remove forum access for existing users and groups
l Manage forum properties
l Merge topics (threads) within a forum

A discussion forum can also be configured to allow anonymous posting. A forum

administrator can require all posts within a forum to be made anonymously, or the
administrator can enable you to choose whether to post anonymously or to identify
yourself.

Chapter 9: Using Discussion Forums 195

 RSA Archer GRC Platform Solutions User Guide

A helpful way to keep track of new discussion forum posts is to bookmark or

subscribe to topics within your forums. When you bookmark a topic, you can
quickly access it from your bookmarks list, which saves you the time of scrolling
through a forum looking for topics of interest to you. When you subscribe to a topic,
you are alerted by email each time a new post is added to the topic. You also can
subscribe to entire forums to receive emails each time a post is added to any topic
within the forum.
For a list of the tasks that you can perform to participate in Discussion Forums, see
Participating in a Discussion Forum.

Discussion Forums Icon Legend

The following table describes icons that are unique in the Discussion Forums
feature.

Icon Description

You have read all posts in this discussion community, forum, or

topic.

This discussion community, forum, or topic contains new posts for

you to read.

This discussion community, forum, or topic has recently experienced

a large number of postings and information that you have viewed.
You have read all posts in this community, forum, or topic.

This discussion community, forum, or topic recently experienced a

large number of postings and information that you have viewed. The
community, forum, or topic contains new posts for you to read.

This discussion forum or topic is locked, and you have read all posts
in it.

This discussion forum or topic is locked, and it contains new posts.

Discussion Forums Terminology

The definitions of terms in the following table are specific to the Discussion Forums
feature.

196 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

Term Definition

Archived Forum An archived forum is hidden entirely from forum

participants. No messages can be read or posted in the
forum. However, an archived forum can be made available
again to forum participants by a community or forum
administrator.

Community This is an organizational structure for grouping one or

more related discussion forums. A community itself is not
a forum and cannot receive posts.

Community Administrator This is a user who has been granted the rights to view,
edit, and delete all forums in a selected community,
regardless of whether the user has been enrolled as a
member of those forums. Discussion community
administrators also can add new forums in their assigned
communities.

Content-Specific Forum A discussion forum that is linked directly to a specific

content record. It cannot be accessed through the
Discussion Forums application. Instead, users can access it
by clicking View Forum in the Discussion field in a
record.

Forum A discussion area focused on a specific subject or theme.

A forum is housed in a discussion community. The sole
purpose of the forum is to act as a container for
information exchange relative to one specific subject.
Each forum can contain many topics, and those topics
should all relate back to the central subject or theme
established by the forum.

Forum Administrator When a forum creator assigns a user as an administrator of

a selected forum, the administrator has rights to post
messages and to edit and delete posts made by any forum
participant. Forum administrators also can enroll
additional members or revoke the membership of any user
or group.

Forum Membership To access and contribute to a forum, a user must be

enrolled as a member of that forum. Each member is
assigned a specific role that governs the user's rights in
the forum.

Forum Role Each member of a forum is assigned a specific role, which

Chapter 9: Using Discussion Forums 197

 RSA Archer GRC Platform Solutions User Guide

Term Definition

is a named grouping of rights. A user's role dictates what

the user can and cannot do in a particular discussion
forum. For example, administrators might create a role
called "Reader," which is assigned to users who need the
ability to view all posts in a given forum, but who will
not be permitted to respond to those posts or to contribute
new topics for discussion.

Hot Topic A topic is considered "hot" if it has been replied to or

viewed several times in a short period of time. Hot topics
are displayed with a star icon so users can easily identify
them. Community and forum administrators define the
criteria for topics marked as "hot," and these criteria can
vary from forum to forum. For example, in one forum, a
hot topic may be defined as one that has received 10
posts in the last 3 days and has been viewed 20 times in
the last day. In another forum, a hot topic may be defined
simply as one that has received 5 posts in the last day.

Locked Forum Messages in a locked forum can be read by users, but no

new messages can be posted to the forum.

Locked Topic When a topic is locked, users are not permitted to reply to
it. The topic and its previous replies, however, remain
visible to users. Locked topics can be unlocked at any
time by users who have the proper rights.

Moderator When a forum creator assigns a user as a moderator of a

selected forum, that moderator has rights to post messages
and to edit and delete posts made by any forum
participant. They also can enroll additional members or
revoke the membership of any user or group, and they can
manage the forum's properties, including its expiration
plan, reply depth, display options, and so on. In addition,
moderators can merge topics in the forum.

Post A generalized term referring to any type of message

submitted to a forum. Topics and replies are specific types
of posts.

198 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

Term Definition

Reply A post that is submitted in response to an existing post.

Replies provide the means for exchanging thoughts,
opinions, or supporting information relative to a given
topic.

Thread A single topic and all of its related replies. The topic-
directed discussion that occurs in a forum is thought of as
"threaded" because you can trace the path of information
from the original topic down through all of its reply
postings.

Topic A top-level post that poses a question or otherwise

establishes the context for a thread of discussion. Topics
serve as containers for replies.

Traditional Forum A standard discussion forum built through the Discussion

Forums feature.

Explore the Discussion Community Listing

Complete this task to explore the Discussion Community Listing page to see all
discussion communities that contain at least one forum of which you are a member.
If you have been assigned as a community administrator or forum creator for a
particular discussion community, that community also is displayed on this page,
regardless of whether it contains any forums.
A discussion community is an organizational structure that groups together forums
with similar subjects or themes. From this listing, you can see the name and
description of each community, and you can see how many forums and topics each
community contains.

Procedure
1. Navigate to the Discussion Community Listing page:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.
b. In the Navigation Menu, expand that solution.
c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click Communities.

Chapter 9: Using Discussion Forums 199

 RSA Archer GRC Platform Solutions User Guide

The Discussion Community Listing page is displayed. This page lists the
discussion forum communities that contain at least one forum of which you
are a member.
2. To view discussion forums within a community, click the community name.
The Forums page is displayed. For more information on this page, see Explore
the Discussion Forums Listing.

Explore the Discussion Forums Listing

Complete this task to explore the Forums page that shows all of the discussion
forums for which you are a member in the selected discussion community.
If you are an administrator for the selected community, this page contains all
forums within the community, regardless of your membership within them. This
page offers a description of each forum (if provided by the forum creator) along
with the number of topics and posts each forum contains. In addition, you can
quickly identify the forums that contain posts that you have not yet read by looking
for the Contains New Posts icon in the far-left column.
For discussion community administrators and forum creators, the Forums page also
provides controls for adding, editing and deleting forums within the selected
discussion community.

Procedure
1. Navigate to the Manage Discussion Forums page:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion forum is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
2. Click the discussion community that contains the forums that you want to view.
The Forums page is displayed and contains all existing forums within the
selected community.
If you are a forum participant, see Participating in a Discussion Forum for help on
accessing a forum from the Discussion Forums Listing page.

200 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

Participating in a Discussion Forum

A discussion forum is a structured, secure environment where you can participate in
focused conversations with other application users.
You can perform the following tasks to participate in a discussion forum:
l Edit a Discussion Forum Post
l Email a Discussion Forum Post
l Explore the Discussion Community Listing
l Explore the Discussion Forums Listing
l Export the Contents of a Discussion Forum
l Filter and Sort Topics
l Lock or Unlock a Topic
l Post a Message to a Discussion Forum
l Print a Post or Topic
l Search for Posts in a Discussion Forum
l Bookmark a Topic
l Manage Discussion Forum Subscriptions

Post a Message to a Discussion Forum

Complete this task to add a new topic or reply to a post in a forum for which you
have been assigned participation rights. Your message is added to the discussion
thread and can be viewed and replied to by all members of the forum.

Before You Begin

Enroll as a participant in the discussion forum in which you want to post a message.
Participants can have varying levels of privileges, including add, edit, view, and
delete forum content.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.

Chapter 9: Using Discussion Forums 201

 RSA Archer GRC Platform Solutions User Guide

This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. To add a new topic, click Add New in the toolbar.
The New Message dialog box opens.
3. To reply to an existing post:
a. Click the post that you want to reply to.
The message is displayed in the Message section.
b. Click Reply in the toolbar of the Message section.
The Reply To dialog box opens.
4. In the Subject field, enter a title for your post.
If you are replying to an existing post, this field is prepopulated with "Re: [post
name]," but you can change this title as needed.
5. (Optional) If the forum creator has enabled you to post anonymously in the
forum, select the Post this message as Anonymous option to the right of the
Subject field to conceal your identity.
6. In the Body field, enter and edit the content of your message.
You can format the text that you enter using the Rich Text Editor toolbar at the
top of the page.
7. To add attachments to the message, click Add in the Attachments section and
select the files in the Upload dialog box.
8. To subscribe to the forum and receive an email message when a new topic is
posted, select one of the options in the Subscribe field.
9. To bookmark the topic, select the option in the Bookmark field.
10. Click Save.

Edit a Discussion Forum Post

Complete this task to edit your own posts and the posts of other forum participants.

Note: If this option is not available, you do not have appropriate rights to edit the
post.

202 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. Click the post that you want to edit.
The message is displayed in the Message section.
3. In the Message section, click the Options menu and click Edit this Post.
The Edit Post page is displayed. If this option is not available, you do not have
the appropriate privileges to edit the post.
4. In the Subject field, edit the title of the post.
5. (Optional) If the forum creator has enabled you to post anonymously in the
forum, select the Post this message as Anonymous option to the right of the
Subject field to conceal your identity.
6. In the Body field, enter and edit the content of your message.
You can format the text that you enter in this field using the Rich Text Editor
toolbar at the top of the page.
7. To add attachments to the message, click Add in the Attachments section and
select the files in the Upload dialog box.
8. To subscribe to the forum and receive an email message when a new topic is
posted, select one of the options in the Subscribe field.
9. To bookmark the topic, select the option in the Bookmark field.
10. Click Save.

Chapter 9: Using Discussion Forums 203

 RSA Archer GRC Platform Solutions User Guide

Delete a Discussion Forum Post

Complete this task to delete your own posts or the posts of other forum participants.
Deleting a post also deletes all replies nested beneath that post.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. Click the post that you want to delete.
The message is displayed in the Message section.
3. In the Message section, from the Options menu, select Delete this Post.

Note: If this option is not available, you do not have appropriate rights to delete
the post.

A dialog box opens confirming the delete.

4. Click OK.

Email a Discussion Forum Post

Complete this task to send an email copy of a post to a colleague.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

204 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. Click the post that you want to email.
The message is displayed in the Message section.
3. In the Message section, click the Options menu and click Email a friend.
A new message opens in your email system with a link to the post in the body of
the message.
4. Send the message to the appropriate recipients.

Note: The recipient must have proper access rights to display the link.

Print a Post or Topic

Complete this task to print a single post or the entire contents of a forum.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.

Chapter 9: Using Discussion Forums 205

 RSA Archer GRC Platform Solutions User Guide

d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. Click the post that you want to print.
The message is displayed in the Message section.
3. In the Message section, click the Options menu and click Print this post or
Print this topic.
A dialog box opens with the parameters of the print job.
4. Select the appropriate print options and click Print.

Export the Contents of a Discussion Forum

Complete this task to export the contents of a discussion forum to either of these
formats:
l Microsoft Word
l HTML

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.

206 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

2. Click .
The Export Options dialog box opens.
3. Select the file format option.
The File Download dialog box opens.
4. Click Save.
5. Specify a location for the file and click Save.

Lock or Unlock a Topic

Complete this task to lock a topic within that forum to prevent any more replies.
You can also unlock a topic that has previously been locked.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. Click a post in the topic that you want to lock or unlock.
The message is displayed in the Message section.
3. Do one of the following:
l To lock the topic, in the Message section, click the Options menu, point to
Personal Options and select Lock this Topic.
l To unlock the topic, in the Message section, click the Options menu, point to
Personal Options and clear the Lock this Topic option.

Chapter 9: Using Discussion Forums 207

 RSA Archer GRC Platform Solutions User Guide

Note: If the Lock this Topic checkbox is not available, you do not have
appropriate rights to lock or unlock the topic.

Filter and Sort Topics in a Discussion Forum

Complete this task to filter the topics to contain only certain types of topics and you
can change the sort order of the topics.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. To filter the list, click the Filter list and select the topic type, for example, Hot
Topics, Topics with Unread Posts, Topics Posted Today, and so on.
By default, all topics within the forum are displayed.
3. To change the sort order of topics, click the Topics heading and rearrange as
desired.
By default, topics are displayed from top to bottom in newest-to-oldest order.

Search for Posts in a Discussion Forum

Complete this task to search for specific posts within a forum using the Search field
at the top of the Forum page.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

208 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. In the Search field, enter keywords for the posts that you want to find and click
.
The results of your search are displayed on the Forum Search page.

Note: If a large number of posts display on the Forum Search Results page, you
can sort the display of posts by clicking a subject or date/time sort option in the
Sort By list at the top of the page.

Bookmark a Topic
Complete this task to bookmark topics in the forum, creating a list of Favorites that
you can quickly access again.
Your bookmarks are stored on the Manage Discussion Forum Bookmarks page, and
from this page, you can open any bookmarked topic or delete a bookmark.
For information on subscribing to a discussion forum so you can receive email alerts
when new posts are made, see Manage Discussion Forum Subscriptions.

Procedure
1. Select the topic that you want to bookmark:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

Chapter 9: Using Discussion Forums 209

 RSA Archer GRC Platform Solutions User Guide

c. Click Discussion Forums to expand the menu.

This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.
The Forums page is displayed with a list of existing forums within the
community.
e. Click the discussion forum that you want to work with.
The Forum page is displayed for that discussion forum.
f. Click the topic.
The first message is displayed in the Message section.
2. Click the Options menu, point to Personal Options and select Bookmark this
Topic.
The topic is added to your list of bookmarks on the Manage Discussion Forum
Bookmarks page.
3. To remove a bookmark, select the topic, click the Options menu, point to
Personal Options and clear the Bookmark this Topic option.

Manage Discussion Forum Subscriptions

Complete this task to subscribe to an entire forum or to individual topics or posts
within a forum to receive email notifications when users post new messages.
To learn how to bookmark a topic, see Bookmark a Topic.

Procedure
1. Select the discussion forum that you want to manage:
a. Click a workspace that contains a solution that includes the Discussion
Forums feature.

Note: If you are accessing a record-specific discussion forum, go directly to

the record where that discussion form is located and skip to step 2 of this
procedure.

b. In the Navigation Menu, expand that solution.

c. Click Discussion Forums to expand the menu.
This menu lists the available discussion communities and includes links to
Communities and Preferences.
d. Click the discussion community that contains the forum that you want to
manage.

210 Chapter 9: Using Discussion Forums

 RSA Archer GRC Platform Solutions User Guide

The Forums page is displayed with a list of existing forums within the
community.
e. Click the forum that you want to manage.
The Forum page is displayed for the selected forum.
2. In the Message section, click the Options menu, point to Personal Options and
select one of the following options:
l Subscribe to all posts in the Forum. When you subscribe to a forum, you
receive an email each time a user posts a message within any of the forum's
topics.
l Subscribe to all posts in this Topic. When you subscribe to a topic, you
receive an email each time a reply is posted anywhere within the topic
thread.
l Subscribe to this Post. When you subscribe to an individual post within a
topic thread, you will receive an email when any forum member replies to
that post.

Chapter 9: Using Discussion Forums 211

RSA Archer GRC Platform 5.4
Sub-Forms
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Sub-Forms

Contents

Preface 5
About this Guide 5
Product Documentation 6
Support and Service 6
Chapter 1: Sub-Forms 9
Create a Sub-Form 9
Create a Sub-Form within an Application 9
Change the Status of a Sub-Form 10
Set the Design Language for a Sub-Form 11
Attach Documentation to a Sub-Form 11
Remove Documentation from a Sub-Form 12
Add a Field to a Sub-Form 13
Assign Sub-Form Owners 14
Delete a Sub-Form 15
Chapter 2: Sub-Form Layout 17
Customizing a Sub-Form's Layout 17
Add Sections to a Sub-Form's Layout 17
Create Tabbed Groupings of Fields in a Sub-Form 19
Manage the Visibility Properties of a Field in a Sub-Form 20
Add Text Boxes to a Sub-Form's Layout 21
Add Placeholders to a Sub-Form's Layout 22
Add Custom Objects to a Sub-Form's Layout 23
Arrange Elements in a Sub-Form's Layout 24
Chapter 3: Reports 27
Sub-Form Reports 27

3
 RSA Archer GRC Platform Sub-Forms

Preface

About this Guide

A sub-form is a special grouping of fields that can be embedded in any application
and used to collect information in individual records. When users add or edit a
record in an application that contains a sub-form, they can fill out the sub-form one
or more times to input all necessary data. For example, if an application contains a
sub-form designed to collect comments about trouble tickets, users could fill out a
sub-form embedded within a trouble tickets record to log comments about the ticket.
Creating a sub-form is similar to creating an application. You must first establish its
basic structure, which includes naming and describing the sub-form and activating it
for use. Then you must add and arrange fields in the sub-form and, if desired, assign
ownership rights for the sub-form to other administrative users. Finally, to embed
the sub-form that you created in an application, you must create a Sub-Form field in
the selected application and link that field to your predefined sub-form.
You can perform the following tasks to manage sub-forms:
l Create a Sub-Form
l Change the Status of a Sub-Form
l Attach Documentation to a Sub-Form
l Remove Documentation from a Sub-Form
l Add a Field to a Sub-Form
l Customize a Sub-Form's Layout
l Assign Sub-Form Owners
l Create a Sub-Form Field within an Application
l Delete a Sub-Form

Preface 5
 RSA Archer GRC Platform Sub-Forms

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

6 Preface
 RSA Archer GRC Platform Sub-Forms

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform Sub-Forms

Chapter 1: Sub-Forms

Create a Sub-Form
You can create a sub-form to include in an application using the Manage Sub-Forms
page. You can create an original sub-form, or you can create a sub-form by copying
and modifying the properties of an existing one. If you select to copy a sub-form,
your new sub-form contains all of the fields and structural components of the copied
sub-form, but it does not include any attachment files or sub-form entries.

Procedure
1. Navigate to the Manage Sub-Forms page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
2. Click Add New.
3. Do one of the following:
l To create a new sub-form, select Create a New Sub-Form from scratch
and click OK.
l To copy an existing sub-form, select Copy an existing Sub-Form, select the
sub-form that you want to copy from the list and click OK.
4. In the Name box, enter a name for the sub-form and click OK.

Next Steps
Change the Status of a Sub-Form

Create a Sub-Form within an Application

You can embed a predefined sub-form in an application by creating a Sub-Form
field using the Manage Applications page.
For more information on sub-forms and creating a sub-form, see Managing Sub-
Forms.

Before You Begin

Create a Sub-Form

Chapter 1: Sub-Forms 9
 RSA Archer GRC Platform Sub-Forms

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

This tab displays all existing fields in the application along with controls for
adding, editing, and deleting fields.
3. Click the Add New link.
4. Under Advanced, select Sub-Form and click OK.
The Manage Field page is displayed.
5. On the General tab, enter a name for the field, and provide a description.

6. In the Sub-Form field, click , select the predefined sub-form that you want
to embed in the application and click OK.
7. Click the Options tab and select any additional options that you want to apply to
the field.
On this tab, there is a variety of options for the display, status, and search
functionality of the Sub-Form field.
8. (Optional) Click the Help Text tab and add field-level Help to provide users
with guidance on how they should interact with the field.
9. On the Access tab, set the Sub-Form field to Public or Private.
10. Click Save.

Change the Status of a Sub-Form

You can change the status of a sub-form. A sub-form can be set to a status of
Active or Inactive. Active sub-forms can be selected for display in an application,
and users can enter data in those sub-forms according to their access rights at the
application, record and field level.
Inactive sub-forms cannot be selected for display in an application. If a sub-form
that is already embedded in an application is inactive, the Sub-Form field that
displays the sub-form will also be inactivated, and all data stored in the sub-form
will be removed from view within the application’s records. If the inactive sub-form
is then moved to Active status, the Sub-Form field must also be reactivated before
the data stored in that field is displayed again.

10 Chapter 1: Sub-Forms
 RSA Archer GRC Platform Sub-Forms

Note: Data stored in a sub-form is not deleted when the sub-form is inactivated. It
is hidden from view until the sub-form and the corresponding Sub-Form field are
reactivated.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. In the Status field on the General tab, select the status for the sub-form, Active
or Inactive.

Next Steps
Attach Documentation to a Sub-Form

Set the Design Language for a Sub-Form

The design language for a new sub-form is set automatically to the default language
for the instance. If you create a sub-form in a different language, set the design
language for the sub-form to reflect the different language used for field names and
other user interface elements.

Procedure
1. Click Administration > Application Builder > Manage Sub-Forms.
2. Select a sub-form.
3. In the General tab > Options section, select the design language in the
Language field.
4. Click Apply.

Attach Documentation to a Sub-Form

You can attach documentation to a sub-form. You can include design documents,
sign off information, and so on, and you can view the name, size, type, and upload
date for each attached document.

Chapter 1: Sub-Forms 11
 RSA Archer GRC Platform Sub-Forms

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. In the Documentation section on the General tab, click Add New.

The File Upload dialog box opens.
3. Click Add New and browse to the file that you want to upload to the sub-form.
4. Select the file and click Open.
The file is displayed in the list.
5. Click OK.
6. Repeat steps 3-5 for any additional files that you want to upload.
7. Click OK to upload the files to the sub-form.
8. Click Apply.

Next Steps
Add a Field to a Sub-Form

Remove Documentation from a Sub-Form

You can remove documentation from a sub-form.

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. In the Documentation section on the General tab, locate the file that you want
to remove from the sub-form and click in its row.

12 Chapter 1: Sub-Forms
 RSA Archer GRC Platform Sub-Forms

Add a Field to a Sub-Form

You can add a field to a sub-form from both the Fields tab and the Layout tab on the
Manage Sub-Forms page.
The following field types are not supported in sub-forms:
l Cross-Application Status Tracking
l Discussion
l History Log
l Matrix
l Record Permissions
l Sub-Form

Note: To protect data integrity, the application prohibits field type changes, for
example, you cannot change a Date field to a Text field, once a field has been
created.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Do one of the following:

l Add a field from the Fields tab. Click Add New, select whether to create an
original field or copy an existing field. If you selected to create an original
field, select the type of field that you want to create. Configure the options
for your field and click Save.
l Add a field from the Layout tab. From the Add New Field list, select the
desired field type. Configure the options for your field and click Save.
The field is created and added to the sub-form.

Next Steps
Customize a Sub-Form's Layout

Chapter 1: Sub-Forms 13
 RSA Archer GRC Platform Sub-Forms

Assign Sub-Form Owners

You can select the users who serve as "owners” of a sub-form. Sub-form owners
have full editing rights over their designated sub-forms, meaning that they can fully
customize a sub-form’s properties from the Manage Sub-Forms page.

Note: In contrast to application owners, sub-form owners do not automatically

receive any special access rights for the content stored in the sub-form. Owning a
sub-form simply grants you rights to modify the sub-form’s properties.

If you have been assigned as a sub-form owner for one or more sub-forms, you can
open those sub-forms for editing from the Manage Sub-Forms page. If no users have
been assigned ownership for a sub-form, only users who have been granted the
System Administrator access role can open the sub-form for editing.

Note: If you create a new sub-form, you are automatically granted ownership rights
to that sub-form. However, your rights can be revoked by any other user who is
subsequently granted ownership of the sub-form.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Administration tab..

3. In the Sub-Form Owners field, click .

4. From the Available list, select the users or groups who should serve as owners
for the sub-form. To revoke sub-form ownership from a user or group, click
Remove to the right of the appropriate name in the Selected list.

14 Chapter 1: Sub-Forms
 RSA Archer GRC Platform Sub-Forms

To search for a specific name, in the Find field, enter the name and (if
applicable) select the type from the adjacent list and click Search. The results
of your search are displayed in the Search Results node in the Available list.

5. Click Apply.

Next Steps
Create a Sub-Form Field within an Application

Delete a Sub-Form
If you have delete permissions to the Manage Sub-Forms page, you can delete sub-
forms for which you have ownership rights.

Important: Extreme caution should be taken when deleting sub-forms because once
a sub-form is deleted, all data in that sub-form are lost permanently.

Note: Sub-forms that are referenced by Sub-Form fields in applications may not be
deleted. To delete a sub-form, you must first delete the Sub-Form fields that are
referencing the sub-form. To view the Sub-Form fields that are referencing a given
sub-form, navigate to the Manage Sub-Forms page of that sub-form, and review the
Related Applications section on the General tab.

Procedure
1. Navigate to the Manage Sub-Forms page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
2. Click to select the row of the sub-form that you want to delete.

3. Click for that sub-form.

A Warning dialog box opens.
4. To confirm the deletion, click OK.

Chapter 1: Sub-Forms 15
 RSA Archer GRC Platform Sub-Forms

Chapter 2: Sub-Form Layout

Customizing a Sub-Form's Layout

From the Layout tab on the Manage Sub-Form page, you can control the layout of
fields in a sub-form, and you can add sections, supporting text, and custom controls
to create an intuitive interface for users as they create entries in the sub-form. This
tab also provides a drag-and-drop control for organizing sub-form elements in
multiple columns, which enables you to make effective use of larger monitors and
greater screen resolution.
Other important features on the Layout tab include the following:
l By removing a field from the sub-form layout, you can hide the field from end-
user view without deactivating or deleting the field.
l You can provide field-level help using text boxes, which can be placed anywhere
on the layout.
l Page shading options enable you to further customize the look of individual sub-
forms.

You can perform the following tasks to customize a sub-form layout:

l Add Sections to a Sub-Form's Layout
l Create Tabbed Groupings of Fields in a Sub-Form
l Manage the Visibility Properties of a Field in a Sub-Form
l Add Text Boxes to a Sub-Form's Layout
l Add Placeholders to a Sub-Form's Layout
l Add Custom Objects to a Sub-Form's Layout
l Arrange Elements in a Sub-Form's Layout

Next Steps
Assign Sub-Form Owners

Add Sections to a Sub-Form's Layout

You can create sections or headings in a sub-form's layout. Sections are tools for
grouping related fields together.
The Layout tab provides a convenient drag-and-drop interface for creating and
arranging sections.

Before You Begin

Create a Sub-Form

Chapter 2: Sub-Form Layout 17

 RSA Archer GRC Platform Sub-Forms

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Layout tab.

3. Click Add New Layout Object to display a list of layout objects.
4. Drag and drop the Add Section option to the layout area.
When you release your mouse, the section snaps into place in the sub-form
layout, and the Section Description dialog box opens, allowing you to define the
section’s properties.
5. In the Section Name field, enter the heading that you want to display in the
layout.
For example, you might create a section called “Contact Information” to group
together information about a contact's phone, fax, and email, as shown in the
following figure.

6. In the Default Visibility field, determine whether the section should be

expanded or collapsed by default.
7. (Optional) To add an information panel to provide your end users with additional
details about the section, select Panel Text and enter the text that you want to
display.
8. (Optional) To add additional Help text to provide your end users with detailed
instructions and background information about the section, select Help Text and
enter the text that you want to display.
You can customize your text and add dynamic elements, such as images and
Flash animation, using the options available in the Rich Text Editor toolbar.
9. Click OK.
10. Click Apply.

18 Chapter 2: Sub-Form Layout

 RSA Archer GRC Platform Sub-Forms

Create Tabbed Groupings of Fields in a Sub-Form

You can arrange fields, tabs, and tab sets to create an easy-to-use interface for
users as they add and edit records in the sub-form. Tab sets are a grouping tool for
related tabs. Tabs are a grouping tool for related fields, and by arranging fields on
tabs—especially in sub-forms with a large number of fields—you can help users
quickly find the fields they need to access.

Note: If a user does not have access to any of the fields on a tab, the tab is not
displayed when the user adds or edits records within the sub-form.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Layout tab.

3. To add a new tab set to the page layout, expand Add New Layout Object in
the left pane, click Add Tab Set and drag it into the layout area.
The Tab Set Name dialog box opens.
4. In the Tab Set Name field, enter a name for the tab set.
5. From the Height list, select one of the following options:
l To use default height settings for the tabs in the tab set, select All and click
OK.
l To select the height in pixels for the tabs in the tab set, select the value and
click OK.
6. On the Layout tab, in the layout section, click the tab set that you want to move
and drag it to its new location. Arrange the tab sets until they are displayed in
the correct order.
7. To add a tab to a tab set:
a. Click the New tab in the tab set that you added.
b. In the Tab Name field, enter a name for the tab.
c. To display a tab by default when users open the application, select Display
this tab by default when users first access the page.

Chapter 2: Sub-Form Layout 19

 RSA Archer GRC Platform Sub-Forms

Note: The default tab is displayed first for users when they add or edit
records in the application. It does not have to be the left-most tab. If a user
does not have access to any of the fields on the default tab, the default tab is
not displayed and the tab with the application’s key field is displayed instead
as the default.

d. Click OK.
8. To add fields to a tab, use the drag-and-drop feature on the Layout page to
arrange the fields until they are displayed in the correct order.

Note: Before you can add fields to a tab, you must first add a section to a tab.

9. To delete a tab, click the arrow to the right of the tab and select Delete Tab.
Important: To delete a tab, you first must remove all tabs, sections, fields, and
objects contained in the tab .

10. To delete a tab set, click the arrow to the right of the title that you want to
delete and select Delete Tab Set.
Important: To delete a tab set, you first must remove all tabs, sections, fields,
and objects contained in the tab set.

11. Click Apply.

Manage the Visibility Properties of a Field in a Sub-Form

When creating sections in a sub-form's layout on the Layout tab of the Manage Sub-
Forms page, certain fields are displayed as their own section in the layout. Fields
that are displayed as their own section allow users to expand or collapse the field
when adding or editing sub-form entries.
The following field types are defined as sections:
l Attachment field
l Cross-Reference field using the grid display control
l Related Records field using the grid display control

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.

20 Chapter 2: Sub-Form Layout

 RSA Archer GRC Platform Sub-Forms

c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Layout tab.

3. Click the drop-down arrow for the field that you want to configure as its own
section and select Edit Display Properties.
The Field Name dialog box opens.
4. Select whether to have the field expanded or collapsed by default.
5. Click OK.
6. Click Apply.

Add Text Boxes to a Sub-Form's Layout

You can create text boxes in a sub-form's layout. Text boxes are fixed text areas
that you can use to provide guidance or additional information users may need to
successfully interact with the sub-form's fields.
The Layout tab provides a convenient drag-and-drop interface for creating and
arranging text boxes.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Layout tab.

3. Click Add New Layout Object to display a list of layout objects.
4. Drag and drop the Add Text Box option to the layout area.
When you release your mouse, the text box snaps into place in the sub-form
layout, and the Text Box dialog box opens, allowing you to define the properties
of the text box.
5. In the Text Box Name field, enter a name for the text box.
This name is displayed on the Layout tab of the Manage Sub-Forms page, but it
is not displayed for end users when they interact with the sub-form in an
application.

Chapter 2: Sub-Form Layout 21

 RSA Archer GRC Platform Sub-Forms

6. In the Text field, enter the text that you want to show in the text box when it is
displayed for users as they interact with the sub-form in an application.
For example, you could provide instructions, definitions of new terms or
background information to help users understand a particular process. The
following example shows a text box arranged among fields in a sub-form.

7. Select one of the following options to use to display the text box for users as
they interact with the sub-form in an application:
l Edit Mode. Display for users as they add and edit records in the sub-form.
l View Mode. Display for users when they view saved records in the sub-
form.
8. Click OK.
9. Click Apply.

Add Placeholders to a Sub-Form's Layout

You can create placeholders in a sub-form's layout. The purpose of a placeholder is
to force other controls to a specific location in the sub-form. Placeholders are
essentially blank text areas that you can add to the layout to create space between
other sub-form elements, such as fields, sections, text boxes, and custom controls.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

22 Chapter 2: Sub-Form Layout

 RSA Archer GRC Platform Sub-Forms

2. Click the Layout tab.

3. Click Add New Layout Object to display a list of layout objects.
4. Drag and drop the Add Placeholder option to the layout area.
When you release your mouse, the placeholder snaps into place in the sub-form
layout.
5. Click Apply.

Add Custom Objects to a Sub-Form's Layout

You can create custom objects in a sub-form's layout. Custom objects enable you to
enter HTML or JavaScript code that you have written to create buttons or other
objects.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Layout tab.

3. Click the Add New Layout Object option to display a list of layout objects.
4. Drag and drop the desired object into the layout area.
When you release your mouse, the custom object snaps into place in the sub-
form layout, and the Custom Object dialog box opens, allowing you to define the
properties of the object.
5. In the Name field, enter a name for the custom object.
This name is displayed on the Layout tab of the Manage Applications page, but
it is not displayed for end users when they add, edit, or view records in the
application.
6. In the Description field, enter a description for the object.
7. In the Code field, enter or paste the HTML or JavaScript code for the object.

Chapter 2: Sub-Form Layout 23

 RSA Archer GRC Platform Sub-Forms

8. In the Display field, select one of the following methods to use to display the
object for users as they add and edit records in the application:
l Edit Mode. Display the custom object when editing a record.
l View Mode. Display the custom object when viewing a record.
l Both. Display the custom object when viewing or editing a record.
9. Click OK.
10. Click Apply.

Arrange Elements in a Sub-Form's Layout

You can arrange sub-form elements, such as fields, tab sets, sections, text boxes,
placeholders and custom objects, in a sub-form's layout using a drag-and-drop
interface.

Before You Begin

Create a Sub-Form

Procedure
1. Select the sub-form that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder > Manage Sub-Forms.
c. In the Sub-Form Name column, click the sub-form.

Note: If the sub-form name is not linked, you cannot edit the sub-form.

2. Click the Layout tab.

3. Do the following to arrange elements in the sub-form layout:
l Drag a Field into the Sub-Form Layout. Click the field in the Available
Fields list and drag it to the appropriate position in the layout.
l Drag a Section, Text Box, Placeholder or Custom Object into the Sub-
Form Layout. Click the layout element under the Available Fields, Add
New Field, or Add New Layout Object list and drag it to the appropriate
position.
l Move a Single Element in the Layout. To move a field, tab set, section,
text box, placeholder, or custom object, click the element and drag it to the
desired location.
When you release your mouse, the element snaps into place.

24 Chapter 2: Sub-Form Layout

 RSA Archer GRC Platform Sub-Forms

l Configure Element Span Properties. If you are working in a two-column

layout and you want a field, text box, placeholder, or custom object to span
across columns, click the drop-down arrow to the right of the element name,
click Edit Span Properties and in the Span Properties dialog box, select
from the following spanning options.

Column Span Options Row Span Options

Do Not Span Columns. The Do Not Span Rows. The element consumes
element will consume only one only one row of space.
column of space.

Span Two Columns. The Span. The element consumes the number of
element will always span across rows you select from the Rows spin box.
the columns. If you change the
application's column settings to
two columns, the element will
then span two columns.

l Remove an Element from the Layout. To remove a field, section, text box,
placeholder, or custom object from the sub-form layout, click the element and
drag it to the Available Fields list. The element is not deleted; however,
users cannot see it when they interact with the sub-form in an application.

Note: Leaving a field in the Available Fields list rather than arranging it in
the sub-form's layout can be useful if you want the field to remain active but
you do not want it exposed to users. For example, you may have a system
field that is referenced in a formula for a calculated field. It would be
important for the field to remain active so the system can continue to
populate the field’s value and use those values in calculations, but you might
want to hide the field from view for end users.

l Delete a Sub-Form Element. To permanently delete a field, section, text

box, placeholder, or custom object from a sub-form's layout, click the drop-
down arrow for the element in the layout and click Delete [element name].
You also can delete a field from the Fields tab on the Manage Sub-Form
page by clicking in the far-right column for the field that you want to
delete.

Important: If you delete a field, all record data stored in that field is lost. The
only exceptions to this are system field types (Tracking ID, First Published
Date, Last Updated Date, and Record Status). If you delete a system field
type, data previously stored in the field is maintained in the database, and the
system continues to populate the field in new and updated records, even
though that data is not visible through the user interface.

4. Click Apply.

Chapter 2: Sub-Form Layout 25

 RSA Archer GRC Platform Sub-Forms

Chapter 3: Reports

Sub-Form Reports
A Sub-Form Detail Report is available for each sub-form in the Platform. You can
access these reports by clicking on the Manage Sub-Forms page.
For each field within the sub-form, the following general information is provided:
l Field Name
l Field ID
l Field Type
l Status
l Description
l Display Control
l Field Permissions

Chapter 3: Reports 27
RSA Archer GRC Platform 5.4
Training and Awareness
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Training and Awareness

Contents

Preface 5
About this Guide 5
Product Documentation 7
Support and Service 7
Chapter 1: About Training and Awareness 9
Training and Awareness Terminology 9
Chapter 2: Campaigns 11
Managing Training and Awareness Campaigns 11
Sample Training and Awareness Campaign 11
Create a Training and Awareness Campaign 11
Delete a Training and Awareness Campaign 12
Chapter 3: Presentation Events 15
Managing Presentation Events 15
Create a Presentation Event 15
Update General Information for a Presentation Event 16
Define the Content of a Presentation Event 17
Select Delivery Options for an Email Presentation Event 18
Select Delivery Options for a Prompt Presentation Event 19
Select Recipients for a Presentation Event 20
Delete an Event 21
Chapter 4: Acceptance Events 23
Managing Acceptance Events 23
Create an Acceptance Event 23
Update General Information for an Acceptance Event 24
Define the Content of an Acceptance Event 25
Select Delivery Options for an Acceptance Event 26
Select Recipients for an Acceptance Event 27
Delete an Event 28
Chapter 5: Quiz Events 29
Managing Quiz Events 29
Create a Quiz Event 29
Update General Information for a Quiz Event 30
Define the Content of a Quiz Event 31
Select Delivery Options for a Quiz Event 32
Select Recipients for a Quiz Event 33
Configure Question and Answer Settings 34
Determine Quiz Behavior 35
Create Questions for a Quiz Event 36
Configure Display Order of Questions 38
Import Questions into a Quiz Event 39
Delete an Event 39

3
 RSA Archer GRC Platform Training and Awareness

Chapter 6: Reports 41
Training and Awareness Reports 41

4
 RSA Archer GRC Platform Training and Awareness

Preface

About this Guide

The Training and Awareness feature enables administrators to construct and deliver
training and awareness communications to selected users and groups. Using this
feature, administrators can expose users to policy changes and additions, broadcast
information regarding special events, and assess users’ understanding of various
issues. Training and awareness communications are organized as campaigns with
one or more events. Campaigns support the coordination of three event types:
l Presentation. Presentation events allow for information to be broadcast to users
or groups using email or prompts at logon. Recipients of presentation events are
not required to acknowledge receiving the event or to respond to the content of
the event. Presentation events represent a passive form of communication.
l Acceptance. Acceptance events extend presentation events to require action
from the recipient. These events are presented to users as a prompt when they
log on to the Platform. Users receiving an acceptance event are required to
accept or decline the event. Communicating an Acceptable Use policy is an
example of how to execute an acceptance event to ensure that users within an
organization have read the necessary material associated with their role.
l Quiz. Quiz events enable administrators to test users' knowledge of application
content. These events are presented to users as a prompt when they log on to the
Platform. A quiz event is an excellent method for determining not only that a
user received or accepted an event, but also that they have a complete
understanding of the required reading. The content for the quiz can be displayed
prior to the quiz or can be available for users to review as they take the quiz.
Quiz events offer a variety of options, including requiring a passing percentage,
complete customization of questions and answers, specifying "tip" options for
incorrect answers and more.

Each event within a campaign contains a start and stop date to allow organizations
to build events in advance of delivery. The stop date enables organizations to
specify an end to an event if the information it contains becomes irrelevant or no
longer requires distribution. Various formatting and delivery options are available
for complete customization of events. All events can include custom text and
content from any application. Events can be directed to a single user, multiple
users, a single group, or multiple groups.

Preface 5
 RSA Archer GRC Platform Training and Awareness

The three types of Training and Awareness events— presentation, acceptance, and
quiz— can be developed together to create highly effective campaigns for
education and assessment. For example, you could deliver a presentation event to
your end-user community informing them that your organization's Internet Use
policy is being revised and describing the proposed changes. You then could present
the revised Internet Use policy in the form of an acceptance event, requiring them
to accept the policy or decline it with an explanation of their choice. Finally, you
could deliver a quiz event to the same users, requiring them to correctly answer a
series of questions about the revised policy.
When developing a Training and Awareness campaign, you can create any number
of events, selecting the event types that are appropriate for your purpose and the
information you need to communicate. For each event you create, you must provide
a subject, enter content, or select it from within the Platform and configure
presentation and delivery options. In addition, if you are creating a quiz event, you
must create questions and their corresponding answers.
For additional information on training and awareness campaigns, see the following
topics:
l Sample Training and Awareness Campaign
l Training and Awareness Terminology
l Training and Awareness Reports

You can perform the following tasks:

l Create a Training and Awareness Campaign
l Delete a Training and Awareness Campaign
l Create a Presentation Event
l Create an Acceptance Event
l Create a Quiz Event
l Delete an Event

6 Preface
 RSA Archer GRC Platform Training and Awareness

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

Preface 7
 RSA Archer GRC Platform Training and Awareness

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

8 Preface
 RSA Archer GRC Platform Training and Awareness

Chapter 1: About Training and Awareness

Training and Awareness Terminology

The following table defines terms related to the Training and Awareness feature.

Term Definition

Acceptance Event Acceptance events extend presentation events to

require action from the recipient. These events are
presented to users as a prompt when they log on to
the Platform. Users receiving an acceptance event are
required to accept or decline the event.
Communicating an Acceptable Use policy is an
example of how to execute an acceptance event to
ensure that users within an organization have read the
necessary material associated with their role. Users
may choose to decline the information presented, but
they must enter an explanation for their action.

Campaign A campaign is an organizational structure that groups

together training and awareness events with similar
subjects/themes. For example, a campaign called
"Password Compliance Training" could contain a
presentation event called "Passwords and Security
Parameters," an acceptance event called "Password
Change Policy," and a quiz event called "Password
Change Policy Quiz."

Presentation Event Presentation events allow information to be

communicated to users and groups using email or
prompts at logon. Recipients of presentation events
are not required to acknowledge receiving the event
or to respond to the content of the event. Presentation
events represent a passive form of communication.

Quiz Event Quiz events enable administrators to test users'

knowledge of application content. These events are
presented to users as a prompt when they log on to
the system. A quiz event is an excellent method for
determining not only that users have received or
accepted an event, but also that they have a solid
understanding of the required reading. The content for
the quiz can be displayed prior to the quiz or can be
available for users to review as they take the quiz.

Chapter 1: About Training and Awareness 9

 RSA Archer GRC Platform Training and Awareness

Term Definition

Quiz events offer a variety of options, including

requiring a passing percentage, complete
customization of questions and answers, specifying
"tip" options for incorrect answers, and more.

10 Chapter 1: About Training and Awareness

 RSA Archer GRC Platform Training and Awareness

Chapter 2: Campaigns

Managing Training and Awareness Campaigns

A campaign is an organizational structure that groups together Training and
Awareness events with similar subjects and themes.
To view a timeline of a Training and Awareness campaign, see Sample Training
and Awareness Campaign.
You can perform the following tasks to manage campaigns:
l Create a Training and Awareness Campaign
l Delete a Training and Awareness Campaign

Sample Training and Awareness Campaign

The following timeline shows how a Training and Awareness campaign containing
several events can be delivered over a period of several weeks.

January 1: Send an email to all system

administrators that the company’s VPN policy
has been changed. Include a copy of the policy
for administrators to review.
January 19: Greet system administrators with a
reminder to read the VPN policy.
February 1: Send a follow-up email to system
administrators to inform them that a quiz on the
new VPN policies will be administered on
February 9.
February 9: Administer the VPN policy quiz to
system administrators. Optionally set a minimum
passing grade or provide them with open book
guidance. Allow enough days for everyone to
take the quiz.
February 28: Review the quiz results and
determine the next course of action.

Create a Training and Awareness Campaign

From the Manage Training and Awareness Campaigns page, you can add and edit
campaigns.

Chapter 2: Campaigns 11
 RSA Archer GRC Platform Training and Awareness

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. On the Training and Awareness Campaigns toolbar, click Add New.
3. In the Campaign Name field, enter a name for the campaign.
4. In the Description field, enter a brief description of the campaign.
5. Click Save.
The campaign is displayed on the Training and Awareness Campaigns page.
The Empty status is displayed in the Status column because you have not added
any events.

Next Steps
Add events to the campaign. Depending on the type of event that you want to add,
see one of the following topics:
l Create a Presentation Event
l Create an Acceptance Event
l Create a Quiz Event

Delete a Training and Awareness Campaign

If you no longer need a Training and Awareness campaign, you can delete it from
the system.

Note: Deleted campaigns cannot be recovered.

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.

12 Chapter 2: Campaigns
 RSA Archer GRC Platform Training and Awareness

2. Click the row and view the description of the campaign that you want to delete.

3. Click for that campaign.

A Warning dialog box opens.
4. To confirm the delete, click OK.

Chapter 2: Campaigns 13
 RSA Archer GRC Platform Training and Awareness

Chapter 3: Presentation Events

Managing Presentation Events

Presentation events allow for information to be broadcast to users or groups using
email or prompts at logon. Recipients of presentation events are not required to
acknowledge receiving the event or to respond to the content of the event.
Presentation events represent a passive form of communication.
For a description of the event types, see Training and Awareness Terminology.
Use the Manage Training and Awareness Events page to create and configure
presentation events.
You can perform the following tasks to configure presentation events:
l Create a Presentation Event
l Update General Information for a Presentation Event
l Define the Content of a Presentation Event
l Select Delivery Options for an Email Presentation Event
l Select Delivery Options for a Prompt Presentation Event
l Select Recipients for a Presentation Event
l Delete an Event

Create a Presentation Event

You can create and configure a presentation event, and specify whether it is an
email or prompt event.
For a description of the event types, see Training and Awareness Terminology.
For an overview of the complete configuration process, see Managing Presentation
Events.

Before You Begin

Create a Training and Awareness Campaign

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.

Chapter 3: Presentation Events 15

 RSA Archer GRC Platform Training and Awareness

This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. Click the campaign in which you want to create a new event.
3. Click Add New in the Training and Events section header.
The Add Event dialog box opens.
4. Do one of the following:
l To use the settings of an existing presentation event as the starting point for
your new event, select Copy an existing Event and select the existing event
from the Training and Awareness Events list.
l To select new settings for the event, select Create a new Event from
scratch and select Presentation from the Event Types list.
5. Click OK.
6. If you selected to create a new event, the Add New dialog box opens, enabling
you to select whether to create an email presentation event or a prompt
presentation event. Select Email or Prompt and click OK.
The Manage Event page is displayed for the new event.

Next Steps
Update General Information for a Presentation Event

Update General Information for a Presentation Event

You can name the event, set its status, and enter a description.
For an overview of the complete configuration process, see Managing Presentation
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Presentation Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.

16 Chapter 3: Presentation Events

 RSA Archer GRC Platform Training and Awareness

d. Click the campaign that contains the event.

e. Click the event.
2. Complete the General Information section:
a. In the Name field, enter a name for the event.
b. To prevent the event from running, select Inactive from the Status list.
Otherwise, select Active.
c. In the Description field, enter a brief description.
3. Click Apply.
If you have not completed all required fields for the event, you cannot save the
event. Continue to complete the remaining fields.

Next Steps
Define the Content of a Presentation Event

Define the Content of a Presentation Event

You can define or modify the content of a presentation event by entering custom
text or selecting pre-built content from any application for which you have
ownership rights. Entering content from an application enables you to communicate
relevant information to specific users using pre-built information, such as
Acceptable Use policies. You can use introductory text to describe the application
content or to provide instructions for taking quizzes.
For an overview of the complete configuration process, see Managing Presentation
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Presentation Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.

Chapter 3: Presentation Events 17

 RSA Archer GRC Platform Training and Awareness

2. Click the Content tab.

3. In the Introduction field, enter the text that you want to be displayed at the top
of the event email or prompt.
You can format the text that you enter in this field using the Rich Text Editor
toolbar at the top of the page.
4. (Optional) To provide content from an application after the introductory text:

a. In the Content field, click .

The Applications dialog box opens.
b. Select an application or questionnaire from the list and click OK.
The Record Lookup dialog box opens.
b. Select the record or records to include in the event and click OK.
c. In the Closing field, enter the text that you want to be displayed at the
bottom of the event email or prompt.
You can format text you enter in this field using the Rich Text Editor toolbar
at the top of the page.
9. Click Apply.
If you have not completed all required fields for the event, you cannot save the
event. Continue to complete the remaining fields.

Next Steps
Select delivery options. Depending on the type of presentation event, see one of the
following topics:
l Select Delivery Options for a Prompt Presentation Event
l Select Delivery Options for an Email Presentation Event

Select Delivery Options for an Email Presentation Event

You can configure the delivery options of an email presentation event.
For an overview of the complete configuration process, see Managing Presentation
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Presentation Event

18 Chapter 3: Presentation Events

 RSA Archer GRC Platform Training and Awareness

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Delivery tab and perform the following steps:
a. In the Delivery Date field, click and select a date to deliver the event.
b. In the Subject field, enter a subject for the event to provide to end users.
c. In the From Address field, enter the email address that you want to be
displayed as the From line in the header of reminder emails.
This must be a valid, deliverable email address. Depending on the
configuration of your email system, notifications may not process if the
From address is not deliverable.
d. In the From Alias field, enter a name to identify the group or individual
associated with the From address.
For example, if the From address is [email protected], the
alias might be "Policy Team".
3. Click Apply.
If you have not completed all the required fields, a warning message is
displayed. Continue with the next topic or topics to complete the remaining
fields.

Next Steps
Select Recipients for a Presentation Event

Select Delivery Options for a Prompt Presentation Event

You can configure the delivery options for a prompt presentation event.
For an overview of the complete configuration process, see Managing Presentation
Events.

Chapter 3: Presentation Events 19

 RSA Archer GRC Platform Training and Awareness

Before You Begin

l Create a Training and Awareness Campaign
l Create a Presentation Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Delivery tab and perform the following steps:
a. Under Delivery Options, in the Title field, enter a title for the event.
b. To specify whether users can skip the event, select whether to allow
unlimited skips, a specific number of skips, or whether to force the user to
accept the event from the Skip Setting list.
c. In the Begin Presentation Prompt field, click and select a date to begin
the event.
d. To specify an end date so that the event is active for only a range of dates,
click in the End Presentation Prompt field and select a date to end the
event.
e. Under Reminders, from the Event Reminder list, select whether to not
send reminders or whether to send a reminder after a specified number of
days. If you select to send a reminder, specify the Reminder Frequency,
From Address, and From Alias in the fields provided.
3. Click Apply.
If you have not completed all the required fields, you cannot save the event.
Continue to complete the remaining fields.

Next Steps
Select Recipients for a Presentation Event

Select Recipients for a Presentation Event

You can add and remove recipients for an event. These recipients can be individual
users or groups of users.

20 Chapter 3: Presentation Events

 RSA Archer GRC Platform Training and Awareness

For an overview of the complete configuration process, see Managing Presentation

Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Presentation Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Recipients tab.
3. From the Available list, select the users and groups who you want to receive the
event.
To search for a specific user or group, enter the name in the Find field, select
the name type from the adjacent list and click . The results of your search are
displayed in the Available list.

4. To remove a user or group from the list of recipients, click to the right of the
appropriate name in the Selected list.
5. Click Save.

Delete an Event
If you no longer need an event, you can delete it from the system.

Note: Deleted events cannot be recovered.

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.

Chapter 3: Presentation Events 21

 RSA Archer GRC Platform Training and Awareness

This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. Click the campaign from which you want to delete the event.
3. On the Manage Training and Awareness Events page, click the row and view
the description of the event that you want to delete.

4. Click for that event.

A Warning dialog box opens.
5. To confirm the delete, click OK.

22 Chapter 3: Presentation Events

 RSA Archer GRC Platform Training and Awareness

Chapter 4: Acceptance Events

Managing Acceptance Events

Acceptance events extend presentation events to require action from the recipient.
These events are presented to users as a prompt when they log on to the Platform.
Users receiving an acceptance event are required to accept or decline the event.
Communicating an Acceptable Use policy is an example of how to execute an
acceptance event to ensure that users within an organization have read the
necessary material associated with their role.
For a description of the event types, see Training and Awareness Terminology.
Use the Manage Training and Awareness Events page to create and configure
acceptance events.
You can perform the following tasks to configure acceptance events:
l Create an Acceptance Event
l Update General Information for an Acceptance Event
l Define the Content of an Acceptance Event
l Select Delivery Options for an Acceptance Event
l Select Recipients for an Acceptance Event
l Delete an Event

Create an Acceptance Event

You can create and configure acceptance events.
For a description of the event types, see Training and Awareness Terminology.
For an overview of the complete configuration process, see Managing Acceptance
Events.

Before You Begin

Create a Training and Awareness Campaign

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.

Chapter 4: Acceptance Events 23

 RSA Archer GRC Platform Training and Awareness

This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. Click the campaign in which you want to create a new event.
The Manage Training and Awareness Events page is displayed.
3. Click Add New in the Training and Events section header.
The Add Event dialog box opens.
4. Do one of the following:
l To use the settings of an existing acceptance event as the starting point for
your new event, select Copy an existing Event and select the existing event
from the Training and Awareness Events list.
l To select new settings for the event, select Create a new Event from
scratch and select Acceptance from the Event Types list.
5. Click OK.
The Manage Event page is displayed for the new event.

Next Steps
Update General Information for an Acceptance Event

Update General Information for an Acceptance Event

You can name the event, set its status, and enter a description.
For an overview of the complete configuration process, see Managing Acceptance
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create an Acceptance Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.

24 Chapter 4: Acceptance Events

 RSA Archer GRC Platform Training and Awareness

2. Complete the General Information section:

a. In the Name field, enter a name for the event.
b. To prevent the event from running, select Inactive from the Status list.
Otherwise, select Active.
c. In the Description field, enter a brief description.
3. Click Apply.
If you have not completed all required fields for the event, you cannot save the
event. Continue to complete the remaining fields.

Next Steps
Define the Content of an Acceptance Event

Define the Content of an Acceptance Event

You can define or modify the content of an acceptance event by entering custom
text or selecting prebuilt content from any application for which you have ownership
rights. Entering content from an application enables you to communicate relevant
information to specific users using prebuilt information, such as Acceptable Use
policies. You can use introductory text to introduce application content or to provide
instructions for taking quizzes.
For an overview of the complete configuration process, see Managing Acceptance
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create an Acceptance Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Content tab.
3. In the Introduction field, enter the text that you want to be displayed at the top
of the event email or prompt.

Chapter 4: Acceptance Events 25

 RSA Archer GRC Platform Training and Awareness

You can format the text that you enter in this field using the Rich Text Editor
toolbar at the top of the page.
4. (Optional) To provide content from an application after the introductory text:

a. In the Content field, click .

The Applications dialog box opens.
b. Select an application or questionnaire from the list and click OK.
The Record Lookup dialog box opens.
b. Select the record or records to include in the event and click OK.
c. In the Closing field, enter the text that you want to be displayed at the
bottom of the event email or prompt.
You can format text you enter in this field using the Rich Text Editor toolbar
at the top of the page.
9. Click Apply.
If you have not completed all required fields for the event, you cannot save the
event. Continue to complete the remaining fields.

Next Steps
Select Delivery Options for an Acceptance Event

Select Delivery Options for an Acceptance Event

You can configure the delivery options for an acceptance event.
For an overview of the complete configuration process, see Managing Acceptance
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create an Acceptance Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.

26 Chapter 4: Acceptance Events

 RSA Archer GRC Platform Training and Awareness

2. Click the Delivery tab and perform the following steps:

a. Under Delivery Options, in the Title field, enter a title for the event.
b. To specify whether users can skip the event, select whether to allow
unlimited skips, a specific number of skips, or whether to force the user to
accept the event from the Skip Setting list.
c. Click in the Begin Acceptance field and select a date to begin the event.
d. To specify an end date so that the event is active for only a range of dates,
click in the End Acceptance field and select a date to end the event.
e. Under Reminders, from the Event Reminder list, select whether to not
send reminders or whether to send a reminder after a specified number of
days. If you select to send a reminder, specify the Reminder Frequency,
From Address, and From Alias in the fields provided.
3. Click Apply.
If you have not completed all the required fields, you cannot save the event.
Continue to complete the remaining fields.

Next Steps
Select Recipients for an Acceptance Event

Select Recipients for an Acceptance Event

You can add and remove recipients for an event. These recipients can be individual
users or groups of users.
For an overview of the complete configuration process, see Managing Acceptance
Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create an Acceptance Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.

Chapter 4: Acceptance Events 27

 RSA Archer GRC Platform Training and Awareness

2. Click the Recipients tab.

3. From the Available list, select the users and groups who you want to receive the
event.
To search for a specific user or group, enter the name in the Find field, select
the name type from the adjacent list and click . The results of your search are
displayed in the Available list.

4. To remove a user or group from the list of recipients, click to the right of the
appropriate name in the Selected list.
5. Click Save.

Delete an Event
If you no longer need an event, you can delete it from the system.

Note: Deleted events cannot be recovered.

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. Click the campaign from which you want to delete the event.
3. On the Manage Training and Awareness Events page, click the row and view
the description of the event that you want to delete.

4. Click for that event.

A Warning dialog box opens.
5. To confirm the delete, click OK.

28 Chapter 4: Acceptance Events

 RSA Archer GRC Platform Training and Awareness

Chapter 5: Quiz Events

Managing Quiz Events

Quiz events enable administrators to test users' knowledge of application content.
These events are presented to users as a prompt when they log on to the Platform.
A quiz event is an excellent method for determining not only that a user received or
accepted an event, but also that they have a complete understanding of the required
reading. The content for the quiz can be displayed prior to the quiz or can be
available for users to review as they take the quiz. Quiz events offer a variety of
options, including requiring a passing percentage, complete customization of
questions and answers, specifying "tip" options for incorrect answers, and more.
For a description of the event types, see Training and Awareness Terminology.
Use the Manage Training and Awareness Events page to create and configure quiz
events.
You can perform the following tasks to configure quiz events:
l Create a Quiz Event
l Update General Information for a Quiz Event
l Define the Content of a Quiz Event
l Select Delivery Options for a Quiz Event
l Select Recipients for a Quiz Event
l Configure Question and Answer Settings
l Determine Quiz Behavior
l Create Questions for a Quiz Event
l Import Questions into a Quiz Event
l Configure Display Order of Questions
l Delete an Event

Create a Quiz Event

You can create and configure quiz events.
For a description of the event types, see Training and Awareness Terminology.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

Create a Training and Awareness Campaign

Chapter 5: Quiz Events 29

 RSA Archer GRC Platform Training and Awareness

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. Click the campaign in which you want to create a new event.
The Manage Training and Awareness Events page is displayed.
3. Click Add New in the Training and Events section header.
The Add Event dialog box opens.
4. Do one of the following:
l To use the settings of an existing presentation event as the starting point for
your new event, select Copy an existing Event and select the existing event
from the Training and Awareness Events list.
l To select new settings for the event, select Create a new Event from
scratch and select Quiz from the Event Types list.
5. Click OK.
The Manage Event page is displayed for the new event.

Next Steps
Update General Information for a Quiz Event

Update General Information for a Quiz Event

You can name the event, set its status, and enter a description.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.

30 Chapter 5: Quiz Events

 RSA Archer GRC Platform Training and Awareness

This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Complete the General Information section:
a. In the Name field, enter a name for the event.
b. To prevent the event from running, select Inactive from the Status list.
Otherwise, select Active.
c. In the Description field, enter a brief description.
3. Click Apply.
If you have not completed all required fields for the event, you cannot save the
event. Continue to complete the remaining fields.

Next Steps
Define the Content of a Quiz Event

Define the Content of a Quiz Event

You can define or modify the content of a quiz event by entering custom text or
selecting pre-built content from any application for which you have ownership
rights. Entering content from an application enables you to communicate relevant
information to specific users using pre-built information, such as Acceptable Use
policies. You can use introductory text to introduce application content or to provide
instructions for taking quizzes.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.

Chapter 5: Quiz Events 31

 RSA Archer GRC Platform Training and Awareness

d. Click the campaign that contains the event.

e. Click the event.
2. Click the Content tab.
3. In the Introduction field, enter the text that you want to be displayed at the top
of the event email or prompt.
You can format the text that you enter in this field using the Rich Text Editor
toolbar at the top of the page.
4. (Optional) To provide content from an application after the introductory text:

a. In the Content field, click .

The Applications dialog box opens.
b. Select an application or questionnaire from the list and click OK.
The Record Lookup dialog box opens.
b. Select the record or records to include in the event and click OK.
c. In the Closing field, enter the text that you want to be displayed at the
bottom of the event email or prompt.
You can format text you enter in this field using the Rich Text Editor toolbar
at the top of the page.
5. Click Apply.
If you have not completed all required fields for the event, you cannot save the
event. Continue to complete the remaining fields.

Next Steps
Select Delivery Options for a Quiz Event

Select Delivery Options for a Quiz Event

You can configure the delivery options for a quiz event.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.

32 Chapter 5: Quiz Events

 RSA Archer GRC Platform Training and Awareness

c. Click Manage Training and Awareness Campaigns.

This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Delivery tab and perform the following steps:
a. Under Delivery Options, in the Title field, enter a title for the event.
b. To specify whether users can skip the event, select whether to allow
unlimited skips, a specific number of skips, or whether to force the user to
accept the event from the Skip Setting list.
c. Click in the Begin Quiz field and select a date to begin the event.
d. To specify an end date so that the event is active for only a range of dates,
click in the End Quiz field and select a date to end the event.
e. Under Reminders, from the Event Reminder list, select whether to not
send reminders or whether to send a reminder after a specified number of
days. If you select to send a reminder, specify the Reminder Frequency,
From Address, and From Alias in the fields provided.
3. Click Apply.
If you have not completed all the required fields, you cannot save the event.
Continue to complete the remaining fields.

Next Steps
Select Recipients for a Quiz Event

Select Recipients for a Quiz Event

You can add and remove recipients for an event. These recipients can be individual
users or groups of users.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.

Chapter 5: Quiz Events 33

 RSA Archer GRC Platform Training and Awareness

c. Click Manage Training and Awareness Campaigns.

This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Recipients tab.
3. From the Available list, select the users and groups who you want to receive the
event.
To search for a specific user or group, enter the name in the Find field, select
the name type from the adjacent list and click . The results of your search are
displayed in the Available list.

4. To remove a user or group from the list of recipients, click to the right of the
appropriate name in the Selected list.
5. Click Save.

Next Steps
Configure Question and Answer Settings

Configure Question and Answer Settings

You can update settings including whether to number questions and answers, and
whether questions should be manually or automatically ordered.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.

34 Chapter 5: Quiz Events

 RSA Archer GRC Platform Training and Awareness

2. Click the Questions tab.

3. In the Question and Answer Settings section, from the Question Numbering
list, specify whether to number questions and the type of numbering to use.
4. From the Question Display Order list, select whether to order the questions
manually or to order them randomly.
5. From the Answer Numbering list, select whether to number answers and the
type of numbering to use.
6. Click Apply.
If you have not completed all the required fields, a warning message is
displayed. Continue with the next topic or topics to complete the remaining
fields.

Next Steps
Determine Quiz Behavior

Determine Quiz Behavior

You can modify an existing quiz event.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Questions tab.
3. (Optional) To require users to pass the quiz with a specific grade, in the Quiz
Behavior section, enter the percentage required to receive a passing grade in
the Passing Grade field.

Chapter 5: Quiz Events 35

 RSA Archer GRC Platform Training and Awareness

Users who pass the quiz are allowed to continue on to the application. The
process for users failing to meet the required percentage is based on other
specific settings in this section.
4. (Optional) To require users to pass the quiz, select Force retakes from the
Passing Requirements list.
If a user does not pass the quiz, he or she is prompted to retake the quiz up to
the maximum number of retakes specified in the Retake Limit field. If a user
cannot pass the quiz within the specified number of retakes, he or she is
allowed to continue on to the application.
5. To limit the number of times a user can retake a quiz, specify that number in the
Retake Limit field.
6. To allow users to view incorrect answers when retaking a quiz, select Mark
incorrect quiz answers on retakes from the Show Grading list.
Incorrect answers are displayed with a red X, and correct answers are indicated
with a green checkmark.
7. To allow users to review the content you added in the Content tab while they
take the quiz, select Allow content review during the quiz from the Review
Content list.
This allows users to navigate back and forth between the quiz and the content,
enabling them to take an "open-book" style quiz.
8. Click Apply.
If you have not completed all the required fields, a warning message is
displayed. Continue with the next topic or topics to complete the remaining
fields.

Next Steps
Create Questions for a Quiz Event

Create Questions for a Quiz Event

You can add questions and answers to your quiz event.
To import questions from another quiz, see Import Questions into a Quiz Event.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

36 Chapter 5: Quiz Events

 RSA Archer GRC Platform Training and Awareness

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Questions tab.
3. In the Questions section, click Add New.
4. Do one of the following:
l To use the settings of an existing question as a starting point for your new
question, select Copy an existing Question and select the existing question
from the list.
l To select new settings for a question, select Create a new Question from
scratch.
5. Click OK.
The Manage Question dialog box opens.
6. In the Question field, enter the question text.
7. In the fields under Answer, enter the answer text.
8. To add a new answer to the question, click Add New and enter the answer in
the blank field. Repeat this step as necessary to create the number of answers
for the question.

Note: Once you have created an answer, you can edit it directly in the field.

9. Select the checkbox to the right of the answer that you want to serve as the
correct answer for the question.
10. From the list below the Answers fields, select the appropriate method for
ordering the answers. If you want the answers to be sorted in random order for
each quiz participant, select Random Answer Order from the list. To arrange
the answers in a specific order, select Manual Answer Order.
11. To allow users to select more than one answer when responding to the question,
select Users can select more than one answer for this question.
12. To provide a hint for quiz participants if they answer the question incorrectly,
enter the hint in the Hint field.

Chapter 5: Quiz Events 37

 RSA Archer GRC Platform Training and Awareness

You can format the text in this field using the Rich Text Editor toolbar.
13. If you selected Manual Answer Order and you want to change the display
order of the questions, click Configure Display Order in the Questions
section, and in the Question Display Order dialog box, drag the questions into
the correct order and click OK.
14. Click OK to save your question and answers.
15. Click Apply.
If you have not completed all the required fields, a warning message is
displayed. Continue with the next topic or topics to complete the remaining
fields.

Next Steps
Configure Display Order of Questions

Configure Display Order of Questions

You can configure the order in which questions are displayed.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Questions tab.
3. In the Questions section, click Configure Display Order.
4. In the Question Display Order dialog box, click and drag the questions to the
correct order.
5. Click OK.

38 Chapter 5: Quiz Events

 RSA Archer GRC Platform Training and Awareness

The questions are displayed in the revised order in the Questions section.
6. Click Save.

Import Questions into a Quiz Event

You can import questions from another quiz in the system.
To create new questions for your quiz, see Create Questions for a Quiz Event.
For an overview of the complete configuration process, see Managing Quiz Events.

Before You Begin

l Create a Training and Awareness Campaign
l Create a Quiz Event

Procedure
1. Select the event that you want to update:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
d. Click the campaign that contains the event.
e. Click the event.
2. Click the Questions tab.
3. In the Questions section, click Import.
The Import Questions page is displayed.
4. Select a quiz from the list and click OK.
The questions are displayed in the Questions section.
5. Click Apply.
If you have not completed all the required fields, a warning message is
displayed. Continue with the next topic or topics to complete the remaining
fields.

Next Steps
Configure Display Order of Questions

Delete an Event
If you no longer need an event, you can delete it from the system.

Chapter 5: Quiz Events 39

 RSA Archer GRC Platform Training and Awareness

Note: Deleted events cannot be recovered.

Procedure
1. Navigate to the Manage Training and Awareness page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Training and Awareness.
c. Click Manage Training and Awareness Campaigns.
This page lists all of the campaigns in the system and enables you to edit
campaigns for which you have ownership rights.
2. Click the campaign from which you want to delete the event.
3. On the Manage Training and Awareness Events page, click the row and view
the description of the event that you want to delete.

4. Click for that event.

A Warning dialog box opens.
5. To confirm the delete, click OK.

40 Chapter 5: Quiz Events

 RSA Archer GRC Platform Training and Awareness

Chapter 6: Reports

Training and Awareness Reports

The following table describes system reports within the Training and Awareness
feature. You can find these reports by selecting View Training and Awareness
Reports from the Training and Awareness menu.

Report Description

Campaign Events This report provides a detailed list of Training and

Awareness events. For each event, the report provides a
summary of the event's properties. You can filter this report
by campaign and event.

Campaign Response This report allows you to view individual user responses to
Detail Training and Awareness events. The report provides the
name of each user who participated in an event, the event
name, the response type, the response date, and any
comments the user included with his or her response. You
can filter this report by campaign, event, and response type.

Campaign Response This report provides a summary of responses for individual

Summary events within Training and Awareness campaigns. For each
event, you can view the event name, status and type, and
you can view the number of users who responded to the
event, broken down by response type. You can filter this
report by campaign.

Campaign Status This report lists all events within individual Training and
Details Awareness campaigns and provides the current status of
each event. You can filter this report by campaign.

Campaign Status This report provides a summary of all Training and

Summary Awareness campaign statuses. It shows the number of
completed, empty, in progress, and queued campaigns.

Chapter 6: Reports 41
 RSA Archer GRC Platform Training and Awareness

Report Description

Quiz Event Question This report provides question details for Training and
Detail Awareness quizzes. For each quiz question, you can view
the percentage of users who selected each answer. You can
filter this report by campaign, quiz, and question.

Quiz Event Results This report provides results for Training and Awareness
Detail quizzes. For each quiz, you can view results for individual
participants, including the percentage of questions each
user answered correctly and the number of times each user
retook the quiz. You can filter this report by campaign and
by quiz.

Quiz Event Results This report provides results for Training and Awareness
Summary quizzes. For each quiz, you can view the number of users
who passed or failed the quiz along with the number of
users who skipped the quiz or never responded. You can
filter this report by campaign and by quiz.

Quiz Event User This report provides user details for Training and
Detail Awareness quizzes. For each quiz question, you can view
the user’s entry, the correct answer and the status (correct or
incorrect) of the user’s entry. You can filter this report by
campaign, quiz, and user.

42 Chapter 6: Reports
RSA Archer GRC Platform 5.4
Values Lists
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Values Lists

Contents

Preface 5
About this Guide 5
Product Documentation 6
Support and Service 6
Chapter 1: Values Lists 9
Create Values 9
Modify List Values 11
Configure the Sort Order for a Values List 12
Nest Values in a Values List 14
Values List Attributes in XML 15
Import a Values List 16
Export a Values List 17
Delete a Value from a Values List 18
Delete Multiple Values from a Values List 19
Chapter 2: Field-Specific Values Lists 21
Managing Field-Specific Values Lists 21
Creating a Field-Specific Values List 21
Add a New Field-Specific Values List 22
Define Field-Specific Values for a Matrix Field 22
Define General Information for a Field-Specific Values List 24
Modify a Field-Specific Values List 24
Convert a Field-Specific Values List to a Global Values List 25
Chapter 3: Global Values Lists 27
Managing Global Values Lists 27
Creating a Global Values List 27
Add a New Global Values List 28
Define General Information for a Global Values List 28
Modify a Global Values List 29

3
 RSA Archer GRC Platform Values Lists

Preface

About this Guide

Values List and Matrix fields enable users to make selections from predefined
values. Values lists can be one of two kinds:
l Global. Global values lists can be accessed and reused by other administrators.
l Field-Specific. A field-specific values list is considered “local” to its related
Values List or Matrix field, meaning that it cannot be used again to populate
other fields.

From the Application Builder, you can quickly establish global and field-specific
values lists by entering the values manually or by importing them from an external
XML file.
You can perform the following tasks to manage Values List fields:
l Add a New Field-Specific Values List or Add a New Global Values List
l Configure the Sort Order for a Values List
l Create Values
l Delete a Value from a Values List
l Delete Multiple Values from a Values List
l Export a Values List
l Import a Values List
l Modify List Values
l Nest Values in a Values List

Preface 5
 RSA Archer GRC Platform Values Lists

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

6 Preface
 RSA Archer GRC Platform Values Lists

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform Values Lists

Chapter 1: Values Lists

Create Values
You can create the values that are displayed to users as the available selections in
global, field-specific, and questionnaire values lists. The process for adding values
to these types of lists is identical.

Before You Begin

If you are creating values for an existing Values List, access the appropriate
Values List page from Administration workspace.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Values section, click Add New.
3. In the Text Value field, enter the value as you want it to display in the values
list.
4. (Optional) In the Description field, enter a description.
If the field is configured to display description links, users will be able to view
this description by clicking the linked value.

Chapter 1: Values Lists 9

 RSA Archer GRC Platform Values Lists

5. By default, Active is selected, which makes the value available for selection on
the user interface. If you do not want users to be allowed to select the value,
clear Active.
Inactive values are not available for selection, but existing usages of the value
are preserved.
6. (Optional) To set the value you are working with as a default selection when the
values list is displayed to users, select Default Selection.

Note: When a user adds a new record in an application or questionnaire that

contains a Values List field with a default value, the default value automatically
is selected in the Values List field, regardless of the user’s access to the field.
For example, if a user has read-only access to a Values List field with a default
value of “In Progress,” when the user saves the record, the value of this field is
set to “In Progress” even though the user cannot edit the field. Users with full
access to the field can change the default value if desired.

7. To associate a numeric value with your text value, enter the appropriate number
in the Numeric Value field.
For example, if your text value is "High," you might assign it a numeric value of
"10." The Numeric Value field accepts positive, negative, and decimal values.
Using the Calculations feature, you can reference these numeric values in
calculated field formulas.
8. To apply color to the value's text, follow these steps:

a. Click to the right of the Text Color field.

The Color Selector opens. This dialog box provides a small grouping of
basic colors and an interface for defining custom colors.
b. To select a predefined color, click the desired color in the Basic Colors
control group.
c. To define a custom color, click the Custom tab and enter an RGB or HTML
color code in the fields provided.
A preview of your custom color is displayed in the color swatch.
b. Click OK to save your color choice and close the Color Selector dialog box.

Note: If you associate a color with a values list item, the color is displayed in
records in view mode. Values list items are not displayed in color when users
add or edit records unless the user has read-only access to the field.

9. To include an image to represent your value, in the Image field, click and
in the Graphic Selector dialog box, select from the following options:
l Select a Graphic from a Library. In the Available Graphics control group,
select the option next to the graphic that you want to assign to the values list

10 Chapter 1: Values Lists

 RSA Archer GRC Platform Values Lists

item and click OK.

l Add a New Graphic. In the Available Graphics control group, click Add
New to browse for and select the file. Once you have selected a file, click
Open to add the graphic to the Files to Upload list. Click OK to begin the
upload of the file.
Once the file is uploaded, you can select the file to be the image that displays
for the value.

Note: If you associate an image with a values list item, the image is displayed
in records in view mode in place of the value name. Values list items are not
displayed as an image when users add or edit records unless the user has read-
only access to the field.

10. If you want users to enter descriptive text associated with the value, perform the
following steps:
a. Select Other.
b. From the Height list, select the desired height for the text box.
c. In the Default Text field, enter the text that you want to be displayed by
default next to the values list control.
Note: Enabling this property causes the values list control to display a required
text box on the user interface. For example, if you have a value of "N/A," you
can use the Other option to force users to enter information supporting their
selection of the "N/A" value.
Only one value for each values list may have the Other option enabled.
Changing the Other option from one value to another results in the loss of all
data entered in the “Other” field associated with the original value. For
example, suppose you have a values list where the value “N/A” is enabled with
the Other option. If you enable the value “None of the Above” with the Other
option, all data contained in the “Other” field associated with the “N/A” value
is erased.

11. Click Save.

Modify List Values

You can modify the list values that are displayed to users as the available selections
in global, field-specific, and questionnaire values lists. The process for adding
values to these types of lists is identical.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

Chapter 1: Values Lists 11

 RSA Archer GRC Platform Values Lists

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Values section, in the Structure pane, click the linked value name that you
want to modify.
3. Edit properties as necessary.
4. Click Save.

Configure the Sort Order for a Values List

You can configure the display order of the values in global, field-specific, and
questionnaire values lists by sorting items alphanumerically, placing them in a
specific order, or arranging them randomly to support certain questionnaire formats.
The process for sorting values in these lists is identical.

Note: Alphanumeric sort is not supported for values lists that contain values in
multiple languages.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

12 Chapter 1: Values Lists

 RSA Archer GRC Platform Values Lists

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Values section, from the Sort Order list located below the Structure pane,
select one of the following options:
l Custom. The values are displayed in the specific order that you define. To
adjust the order of values, click and drag the value to the desired position in
the list.
l Ascending. The values are displayed in ascending alphanumeric order. For
example, the values "High," "Medium," and "Low" would be displayed in the
following order: High, Low, Medium.
l Descending. The values are displayed in descending alphanumeric order.
For example, the values "High," "Medium," and "Low" would be displayed in
the following order: Medium, Low, High.
l Random. The values are displayed in a different order in every record. This
variation in display order minimizes the chance that end users detect patterns
in the values' display or make assumptions about the “correctness” of a
particular response based on the values' presentation.
3. Click Save.

Chapter 1: Values Lists 13

 RSA Archer GRC Platform Values Lists

Nest Values in a Values List

When you have a large list of values, you can group the values in a nested, or
hierarchical, structure to make them easier to find. You may define as many levels
of values as you need and specify which values are “children” and which are
“parents.” You can also choose whether the parent value is selectable. When
values are in a hierarchical structure, they are displayed in this structure when
viewing and editing the field.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Values section, click to select the value that you want to nest.
The properties of that field are displayed in the fields to the right.
3. Drag the value to the desired position in the values list. To make the value a
child of another value, drop it directly on top of the desired field.
Pop-up text indicates whether you are dropping in (to become a child), dropping
after (to become a child value), or dropping before (to promote the field one
level).
4. If a parent value functions as the title for a list of child values, and you do not
want the user to be able to select it, select the parent value and clear the This
value is available for selection checkbox.
5. Click Save.

14 Chapter 1: Values Lists

 RSA Archer GRC Platform Values Lists

Values List Attributes in XML

When you create or update a custom or global values list, you quickly can define
the properties of your values by importing those properties from an external XML
file.
The following table describes each attribute in the XML structure.

Attribute Description

name This required attribute is the name of the value as you want it
to display in the values list. It maps to the Text Value field on
the Edit Value page.

active This required attribute defines whether the values list item is
available for selection on the user interface. It maps to the
Active field on the Edit Value page. Use the value "true" or
"false" with this attribute.

value This optional attribute is the numeric value associated with the
text value name. For example, you could associate the numeric
value "10" with the text value "High." This attribute maps to
the Numeric Value field on the Edit Value page.

description This optional attribute is the description of the value. It maps

to the Description field on the Edit Value page.

selectedDefault This required attribute defines whether the values list item is
the default selection. It maps to the Default Selection field on
the Edit Value page. Use the value "true" or "false" with this
attribute.

textColor This optional attribute is the HTML color code to apply to the
value. It maps to the Text Color field on the Edit Value page.

status This required attribute defines whether the properties of this

value can be modified. A value of “0” means administrators
can edit the value. A value of “1” means that the value is
"locked;" only the name and description of the value can be
modified. A value of "2" means that the value is "static;" no
properties can be modified.

otherTextEnabled This optional attribute associates the "Other" text field with
the values list item. It maps to the Other field on the Edit
Value page. Use the value "true" or "false" with this attribute.
Only one value per values list can be defined as "Other."

Chapter 1: Values Lists 15

 RSA Archer GRC Platform Values Lists

Attribute Description

otherTextHeight This optional attribute defines the height of the "Other" text
field. This attribute can be used only in conjunction with the
otherTextEnabled attribute.

otherTextDefault This optional attribute defines the default text for the "Other"
text field. This attribute can be used only in conjunction with
the otherTextEnabled attribute.

image This optional attribute is the name of the image file associated
with the values list item. When you import a values list item
that has an image attribute (the filename of the image), the Plat-
form maps the image attribute to a file name on the server. The
Platform displays the image associated with the filename on
the server. If an exact match cannot be found, no image is dis-
played. This attribute does not accommodate the import of
new or updated images.

Import a Values List

When you create or update a custom or global values list, you quickly can define
the properties of your values by importing those properties from an external XML
file.
If you are updating an existing values list and you import a value with a node name
that matches an existing value in the list, that existing value is updated with the
properties contained in your import file. Any values in your XML file that do not
match an existing value in the list are imported as new values.
Values can be imported in global, field-specific, and questionnaire values lists. The
process for adding values to these types of lists is identical.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

16 Chapter 1: Values Lists

 RSA Archer GRC Platform Values Lists

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Values section, click Import.
3. Click Add New to browse for and select the XML file.
Your XML file must have a structure similar to the following example.

For a description of each attribute in the XML structure, see Values List

Attributes in XML.
4. Once you have selected a file, click Open to add the file to the Files to Upload
list.
5. Click OK to begin the import of your values.
The values defined in your XML file are added to the list.

Export a Values List

You can export a values list to an external XML file using the export feature for
global, field-specific, and questionnaire values lists. You can make changes to the
values in the XML file and re-import the list to quickly update your values.

Chapter 1: Values Lists 17

 RSA Archer GRC Platform Values Lists

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Values section, click Export.
3. Select to Open or Save the XML file.

Delete a Value from a Values List

You can delete a value from global, field-specific, and questionnaire values lists.
When you delete a value from a global, field-specific, or questionnaire values list,
that value no longer is available for selection. Only non-selected values can be
deleted. If you attempt to delete a value that has been selected in one or more
records, the Platform provides an informational message stating that the value may
not be deleted.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

18 Chapter 1: Values Lists

 RSA Archer GRC Platform Values Lists

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page for the values list that you want to update, in the
Structure pane in the Values section, select the value that you want to delete.
3. In the Properties pane, click Delete for the value that you want to delete.
4. Click Save.

Delete Multiple Values from a Values List

You can delete multiple values from a global, field-specific, or questionnaire values
list by exporting the values list as an XML file and deleting the values from the
exported list. The Bulk Delete feature enables you to upload the revised XML file,
and removes the deleted values from the values list accordingly.

Before You Begin

Delete values from an exported values list. For information on exporting a values
list, see Export a Values List.

Procedure
1. Navigate to the appropriate Values List page according to one of the following
values list type procedures.

Chapter 1: Values Lists 19

 RSA Archer GRC Platform Values Lists

Global Field-Specific Questionnaire

a. Click the a. Click the a. Click the

Administration Administration Administration
workspace. workspace. workspace.
b. On the Navigation b. On the Navigation b. On the Navigation
Menu, click Menu, click Menu, click
Application Builder > Application Builder Application Builder >
Manage Global Values > Manage Manage
Lists. Applications. Questionnaires.
c. Click the application c. Click the
that you want to questionnaire that you
update. want to update.
d. In the Manage d. In the Manage
Application page, Questionnaire page,
click the Fields tab > click the Fields tab >
Values List. Values List.

2. On the Values List page, click Bulk Delete in the Values toolbar.
The File Upload dialog box opens.
3. Click Add New and browse to the revised values list XML file.
4. Click Open.
5. Click OK.
The values list is updated according to the selected XML file.
6. Click Save.

20 Chapter 1: Values Lists

 RSA Archer GRC Platform Values Lists

Chapter 2: Field-Specific Values Lists

Managing Field-Specific Values Lists

Values List and Matrix fields enable users to make selections from predefined
values. A field-specific values list is considered “local” to its related Value List or
Matrix field, meaning that it cannot be used again to populate other fields. Custom
values lists are useful in cases where the values do not make sense in the context of
another application or field. For example, a field-specific values list with the values
“Draft” and “Final” may be useful only for a Status field in a Document Repository
application.
From the Application Builder, you can quickly establish field-specific values lists
by entering the values manually or by importing them from an external XML file.
To manage field-specific values lists, perform the following tasks:
l Modify List Values
l Configure the Sort Order for a Values List
l Nest Values in a Values List
l Define Field-Specific Values for a Matrix Field
l Define General Information for a Field-Specific Values List
l Modify a Global Values List
l Import a Values List
l Export a Values List
l Convert a Field-Specific Values List to a Global Values List
l Delete a Value from a Values List
l Delete Multiple Values from a Values List

Creating a Field-Specific Values List

From the Manage Applications page, you can create a field-specific values list for
a Values List field. A field-specific values list is considered "local" to its related
Values List field, meaning that it cannot be used again to populate other Values List
fields. When creating a field-specific values list, you can name and arrange values
and select a default value.
When creating a field-specific values list, you can perform the following tasks:
l Add a Field-Specific Values List
l Define General Information for a Field-Specific Values List

Chapter 2: Field-Specific Values Lists 21

 RSA Archer GRC Platform Values Lists

l Create Values

Add a New Field-Specific Values List

You can add a new field-specific values list. A field-specific values list is
considered "local" to its related Values List field, and cannot be used again to
populate other Values List fields.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab and click Add New.

3. On the Add Field page, do one of the following:
l To use the settings of an existing global values list as a starting point, select
Copy an existing Field and select Values List from the Field Types list.
l To select new settings for a global values list, select Create a new Field
from scratch.
4. Click OK.

Next Steps
Define General Information for a Field-Specific Values List

Define Field-Specific Values for a Matrix Field

A Matrix field allows you to display a two-dimensional array of checkboxes,
allowing users to plot or rank responses relative to the two factors posed by the
dimensions. During the field creation process, you can select to populate a Matrix
field's column and row values with global values lists or to create custom column
and row values. If you select to create field-specific values, you can define those
values from the Fields tab on the Manage Applications page. Field-specific column
and row values are considered local to the Matrix field because you cannot reuse
these values for other fields.

22 Chapter 2: Field-Specific Values Lists

 RSA Archer GRC Platform Values Lists

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

If you selected to define custom values for your Matrix field during the field
creation process, the Column Values and Row Values links are displayed in the
Field Type column.

Note: If you selected to use global values lists to populate the Matrix field's
column and row values, the Column Values and Row Values links are not
displayed on the Fields tab of the Manage Applications page.

3. In the Field Type column, click Column Values to open the Manage Global
Values List page.
This page provides controls for naming and arranging column values.
4. To add a new value, click Add New in the Values control group.
5. To edit the properties of an existing value, in the Structure list of the Values
control group, click the name.
6. In the Text Value field, enter the value as you want it to display in the values
list. Enter a description in the Description field.
7. To make the value available for selection by the user, select Active. If you do
not want users to be allowed to select the value, clear the Active checkbox.
Inactive values are not available for selection, but existing usages of the value
are preserved.
8. Click Save in the page toolbar to save the value and return to the Manage Fields
page.
9. In the Field Type column , click Row Values to open the Manage Field -
Specific Values List page.
10. Repeat steps 4-8 above to create row values for the Matrix field.
11. Click to return to the Manage Applications page.

Chapter 2: Field-Specific Values Lists 23

 RSA Archer GRC Platform Values Lists

Define General Information for a Field-Specific Values List

When you create a field-specific values list, you need to define a name and
description for the new field-specific values list.

Before You Begin

Add a New Field-Specific Values List

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the General Information section:
a. In the Name field, enter the name for the list.
b. Verify that Field - Specific List is displayed in the Values List field.
c. In the Description field, enter a description.
4. Click Apply and in the Alias field, update the alias for the list. For more
information, see Alias Names.

Next Steps
Create Values

Modify a Field-Specific Values List

You can modify a field-specific values list for a Values List field. A field-specific
values list is considered "local" to its related Values List field, meaning that it
cannot be used again to populate other Values List fields.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

24 Chapter 2: Field-Specific Values Lists

 RSA Archer GRC Platform Values Lists

Note: If you cannot select the application, you do not have access rights to
the application.

2. Edit properties as necessary.

3. Click Save.

Convert a Field-Specific Values List to a Global Values List

Because field-specific lists are specific to the field in which they are created, they
cannot be reused in other Values List fields. However, to reuse a field-specific
values list, you can convert the field-specific values list to a global values list,
making it available for use in any Values List, Cross-Application Status Tracking,
or Matrix field.

Procedure
1. Select the application that you want to update:
a. Click the Administration workspace.
b. From the Navigation Menu, select Application Builder > Manage
Applications.
c. Click the application.

Note: If you cannot select the application, you do not have access rights to
the application.

2. Click the Fields tab.

3. In the Field column, click the field that you want to configure.
The Manage Field page is displayed.
4. On the General tab, in the Action field, click the Promote to Global Values
List link.
5. Click Save.

Chapter 2: Field-Specific Values Lists 25

 RSA Archer GRC Platform Values Lists

Chapter 3: Global Values Lists

Managing Global Values Lists

Values List and Matrix fields enable users to make selections from predefined
values. Global values lists can be accessed and reused by other administrators. For
example, if you create a global values list that includes project statuses (pending, in
process, under review, completed, and so on), and you use this global values list in
an Exception Requests application, other administrators can use this values list in
applications that they are creating, such as Incidents.
From the Application Builder, you can quickly establish global values lists by
entering the values manually or by importing them from an external XML file.
To manage global values lists, perform the following tasks:
l Modify List Values
l Configure the Sort Order for a Values List
l Nest Values in a Values List
l Define General Information for a Global Values List
l Modify a Global Values List
l Import a Values List
l Export a Values List
l Delete a Value from a Values List
l Delete Multiple Values from a Values List

Creating a Global Values List

From the Manage Global Values Lists page, you can create global values lists,
which can be used to populate Values List, Cross-Application Status Tracking, and
Matrix fields in an application. These lists are considered "global" because they can
be accessed and reused by other administrators. For example, if you create a global
values list that includes project statuses (pending, in process, under review,
completed, and so on), and you use this global values list in an Exception Requests
application, other administrators can use this values list in applications they create,
such as an Incidents application.

Important: If you grant a user or group access to the Manage Global Values Lists
page on the Manage Access Roles page, these individuals have access to all global
values lists in the Platform. If you want a user to have access to specific global
values lists and not all lists, select the appropriate CRUD access for the individual
global values list on the Manage Access Roles page.

Chapter 3: Global Values Lists 27

 RSA Archer GRC Platform Values Lists

When creating a global values list, you can perform the following tasks:
l Add a New Global Values List
l Define General Information for a Global Values List
l Create Values

Add a New Global Values List

You can add a global values list. Global values lists can be accessed and reused by
other administrators.

Procedure
1. Navigate to the Manage Global Values Lists page:
a. Click the Administration workspace.
b. On the Navigation Menu, click Application Builder > Manage Global
Values Lists.
2. In the Manage Global Values Lists page toolbar, click Add New.
3. Do one of the following:
l To use the settings of an existing global values list as a starting point, select
Copy an existing Values List and select the existing values list from the
Available Actions list.
l To select new settings for a global values list, select Create a new Values
List from scratch.
4. Click OK.

New Steps
Define General Information for a Global Values List

Define General Information for a Global Values List

You can name a values list and enter a description. This information is displayed on
the Manage Global Values List for users to make selections from the predefined
values list in the system.

Before You Begin

Add a New Global Values List

28 Chapter 3: Global Values Lists

 RSA Archer GRC Platform Values Lists

Procedure
1. Navigate to the Manage Global Values Lists page:
a. Click the Administration workspace.
b. On the Navigation Menu, click Application Builder > Manage Global
Values Lists.
2. Click the global values list.
The Manage Global Values List page is displayed for you to configure the
properties for the global values list.
3. In the General Information section, do the following:
a. In the Name field, enter the name for the list.
b. In the Description field, enter a description.
4. Click Apply and in the Alias field, update the alias for the list. For more
information, see Alias Names.

Next Steps
Create Values

Modify a Global Values List

You can edit global values lists, which can be used to populate Values List, Cross-
Application Status Tracking, and Matrix fields in an application. These lists are
considered "global" because they can be accessed and reused by other
administrators.

Important: If you grant a user or group access to the Manage Global Values Lists
page on the Manage Access Roles page, these individuals have access to all global
values lists in the Platform. If you want a user to have access to specific global
values lists and not all lists, select the appropriate CRUD access for the individual
global values list on the Manage Access Roles page.

Procedure
1. Navigate to the Manage Global Values Lists page:
a. Click the Administration workspace.
b. On the Navigation Menu, click Application Builder > Manage Global
Values Lists.
2. In the Name column, click the linked list name that you want to modify.
The Manage Global Values List page is displayed in edit mode.
3. Edit properties as necessary.
4. Click Save.

Chapter 3: Global Values Lists 29

RSA Archer GRC Platform 5.4
Workflows
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Workflows

Contents

Preface 5
About this Guide 5
Product Documentation 6
Support and Service 7
Chapter 1: Workflows 9
Activate a Workflow Process for an Application or Questionnaire 9
Configure Workflow Options 9
Configure Workflow End Stage 10
Inactivate a Workflow Process for an Application 11
Chapter 2: Workflow Stages 13
Managing Workflow Stages 13
Create a Workflow Stage 13
Configure Workflow Stage Properties 14
Specify the Assignment Criteria for a Workflow Stage 15
Specify Default Assignees 16
Configure Advanced Stage Properties 17
Reorder the Stages of a Workflow Process 18
Delete a Workflow Stage 19
Chapter 3: Workflow Notifications 21
Managing Workflow Notifications 21
Create a Workflow Notification 21
Update the General Properties of a Workflow Notification 22
Define the Layout of a Workflow Notification 23
Select the Content of a Workflow Notification 24
Define the Email Properties of a Workflow Notification 25
Delete a Workflow Notification 26

3
 RSA Archer GRC Platform Workflows

Preface

About this Guide

The Workflow feature enables an organization to define a process for moving a
record through stages for review and validation before publishing it to end users.
Administrators can create unique workflow processes for any application, any level
in a leveled application, or any questionnaire in the system for which they have
been assigned ownership rights. Defining a workflow process involves establishing
review and validation stages, determining the order to route content, assigning
designated personnel to each stage, and configuring content review assignment
notifications.
Once a formal workflow process has been defined within an application, records
that are subsequently added and/or edited are routed through the process. As
records move through content review stages, a detailed history of all content
modifications is electronically maintained by person, date and time.
In leveled applications, workflow processes are configured separately for each
level.
When you activate a workflow, several fields are added to the Available Fields list
for the application or questionnaire. The system uses these fields to manage the
workflow feature. The fields are:
l Workflow Stage. A read-only field used by the system to manage workflow
stages.
l Workflow Comments. A system-managed field that provides access to the
workflow discussion forum for individual records.
l Workflow Assignees. A read-only field used by the system to manage user
access to a record that resides in a particular workflow stage.
l Workflow History. A system-managed field that maintains a change history for
each record.

When a user assigned to a record displays it within the workflow process, the
Workflow toolbar is displayed at the top of the record. This toolbar includes the
following options:
l Accept. Saves any changes made to the record and advances it to the next stage
in the workflow process.
l Reject. Saves any changes made to the record and demotes it to the previous
stage in the workflow process.

Preface 5
 RSA Archer GRC Platform Workflows

l Comment. Opens a discussion forum dedicated exclusively to the current

record. This button only displays if the Comments option has been enabled for
the workflow stage.
l Reassign. Enables Application Owners to reassign the record to a different
user. This option is only available to Application Owners.
l History. Displays a history log of the record that includes a description of the
changes made to the record during the workflow process.

Record permissions still apply for records in workflow process. All users with
proper access privileges can view a record in the workflow process. However, only
users that have been assigned a record in the workflow process can accept or reject
it.
You can perform the following tasks to manage workflow:
l Activate a Workflow Process for an Application
l Configure Workflow Options
l Create a Workflow Stage
l Create a Workflow Notification
l Configure the End Stage
l Inactivate a Workflow Process for an Application

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

6 Preface
 RSA Archer GRC Platform Workflows

Guide Description

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.

Preface 7
 RSA Archer GRC Platform Workflows

The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC

initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

8 Preface
 RSA Archer GRC Platform Workflows

Chapter 1: Workflows

Activate a Workflow Process for an Application or Questionnaire

Once you have configured a workflow process, you can activate it by changing the
Status field to Active. For leveled applications, you can activate the workflow
process for each level independently.

Before You Begin

Configure a workflow process. See Create a Workflow Stage.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, click the Start stage.
6. In the Workflow Status section, in the Status field, select Active.
7. Click Save.
The workflow process is activated and the system begins enrolling records in
the workflow process based on the workflow options selected.

Configure Workflow Options

You can set basic workflow options that are associated with the Start stage.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.

Chapter 1: Workflows 9
 RSA Archer GRC Platform Workflows

2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, click the Start stage.
6. In the Workflow Options section, in the Enrollment Model field, select an
enrollment model:
l All Records
l New Records Only
l Updated Records Only
7. To use a copy of the original record for the workflow process, in the Create
Record Copy field, select Record Version.
This enables the original record to continue to be available to users while the
copy is reviewed in the workflow process.
8. Click Apply.

Configure Workflow End Stage

You can set workflow options that are associated with the End stage.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, click the End stage.
6. In the Completed Status Name field, enter a name to associate with complete
records.
7. In the Completed Record Access field, select the access level of records that
have completed the workflow process:

10 Chapter 1: Workflows
 RSA Archer GRC Platform Workflows

l Standard. Removes any access restrictions imposed during workflow. To

use this option, the application must have a Record Permissions field.
l Public. Enables all users to access records that are released from workflow.
l Private. Enables you to grant access to selected users or groups when
records are released from workflow.
8. Click Save.

Inactivate a Workflow Process for an Application

You can inactivate a workflow process for an application. To prevent records from
entering the workflow process, change the value in the Status field to Inactive.

Note: You cannot inactivate a workflow process if there are records enrolled in any
of the workflow stages.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, click the Start stage.
6. In the Workflow Status section, in the Status field, select Inactive.
7. Click Save.
The workflow process is inactivated and records will no longer enter the
workflow process.

Chapter 1: Workflows 11
 RSA Archer GRC Platform Workflows

Chapter 2: Workflow Stages

Managing Workflow Stages

Defining a workflow process involves establishing review and validation stages,
determining the order to route content, assigning designated personnel to each stage,
and configuring content review assignment notifications.
You can perform the following tasks to manage workflow stages:
l Create a Workflow Stage
l Configure Workflow Stage Properties
l Specify the Assignment Criteria for a Workflow Stage
l Specify Default Assignees
l Configure Advanced Stage Properties
l Reorder the Stages of a Workflow Process
l Delete a Workflow Stage

Create a Workflow Stage

By default, the workflow process includes a Start stage and an End stage. To set up
a workflow process, you need to add and configure one or more additional
workflow stages.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, click Add New. If this is the first stage that you are
adding, see Configure Stage Properties.
For all subsequent stages, the Add New Stage dialog box opens.

Chapter 2: Workflow Stages 13

 RSA Archer GRC Platform Workflows

6. Do one of the following:

l To use the settings of an existing workflow stage as a starting point for your
new workflow stage, select Copy an Existing Stage and select the existing
workflow stage from the Available Workflow Stages list.
l To select new settings for a workflow stage, select Create a new Stage
from scratch.
7. Click OK.
The new stage displays in the Stages section on the Workflow tab. When this
stage is selected, the Stage Properties and Advanced Stage Properties sections
also display.

Next Steps
Configure Stage Properties

Configure Workflow Stage Properties

You can modify the name of a workflow stage.

Before You Begin

Create a Workflow Stage

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Stage Name field, enter the name of the
stage.
The name displays under the stage in the Stages section.
7. To send a notification to users when the record enters the workflow stage, click
in the Notifications field and select a notification. To create a new notification,
see Create a Workflow Notification.

14 Chapter 2: Workflow Stages

 RSA Archer GRC Platform Workflows

8. Click Apply.
If you have not completed all of the required fields, a warning message is
displayed.

Next Steps
Specify the Assignment Criteria for a Workflow Stage

Specify the Assignment Criteria for a Workflow Stage

You can define rules that automatically assign records to users. Multiple rules work
cumulatively. This step is not required. If no records satisfy the criteria, the record
is assigned to the default assignees.
To specify default assignees, see Specify Default Assignees.

Before You Begin

l Create a Workflow Stage
l Configure Stage Properties

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Assignment Criteria field, in the Rules
section, click Add New.
The Assignment Rule dialog box opens.
7. In the Name field, enter a name for the rule.
8. In the Description field, enter a description for the rule.

Chapter 2: Workflow Stages 15

 RSA Archer GRC Platform Workflows

9. In the Criteria section, each row on this page represents one set of filter
criteria. Use the fields provided to specify the field to evaluate, the operator, the
value or values and, if applicable, the relationship to the subsequent row of filter
criteria:

Note: To create additional conditions, click Add New.

a. In the Field To Evaluate column, select the field to evaluate for one or
more specific values.
b. In the Operator column, select the filter operator.
c. In the Value(s) column, select the values for the condition.
d. If you have created more than one condition, you can apply advanced logic
to your search criteria.
10. In the Assignment section, select the groups, users, and fields to be assigned
the record in the workflow process:
a. Click Select to open the selection box.
b. In the Available section, double-click a group, user, or field to display it in
the Selected section
c. Click OK.

Note: To search for a specific user or group, expand the User or Group node
and double-click the value. Your selection is displayed in the Selected column.

11. Click OK.

The rule displays in the Rules section.
12. Repeat steps 6 through 11 to add new rules as needed.
13. Click Apply.
If you have not completed all the required fields, a warning message is
displayed. Continue with the next topic or topics to complete the remaining
fields.

Next Steps
Specify Default Assignees

Specify Default Assignees

You can specify default assignees for records in a workflow process. When no
records meet the criteria specified by the rules in the Assignment Criteria field, or
when there are no rules created, records are assigned to the users specified in the
Default Assignees field.

16 Chapter 2: Workflow Stages

 RSA Archer GRC Platform Workflows

Before You Begin

l Create a Workflow Stage
l Configure Stage Properties
l Specify the Assignment Criteria for a Workflow Stage

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.

6. In the Stage Properties section, in the Default Assignees field, click to

open the selection box and perform the following steps:
a. In the Available section, select the groups, users, or fields (user group or
record permissions fields) to be assigned the record in the workflow
process.
The only fields available for selection are Record Permission fields or
User Group lists.
b. Click a group, user, or field to display it in the Selected section and click
OK.

Note: To search for a specific user or group, expand the User or Group node
and double-click the value. Your selection is displayed in the Selected section.

7. Click Apply.

Next Steps
Configure Advanced Stage Properties

Configure Advanced Stage Properties

You can configure workflow Advanced Stage properties.

Chapter 2: Workflow Stages 17

 RSA Archer GRC Platform Workflows

Before You Begin

l Create a Workflow Stage
l Configure Stage Properties
l Specify the Assignment Criteria for a Workflow Stage

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Advanced Stage Properties section, in the Assignment Model field,
select an assignment model:
l Round Robin. Randomly assigns records to qualified users.
l Multiple - Edit Owner. The first user to save a record under review
becomes the owner.
l Multiple - Concurrent. Any qualified user can accept the record and move
it to the next stage.
7. To enable users to post comments associated with the record, in the Comments
field, select Content Discussion.
If selected, the Comment button displays on the Workflow toolbar for the users
assigned to the record.
8. (Optional) To require users to post a comment when rejecting a record, in the
Rejection Reason field, select Comment on Rejection.
9. Click Save.

Reorder the Stages of a Workflow Process

You can change the order of stages in a workflow process at any time, even while
records are currently enrolled in the workflow process.

18 Chapter 2: Workflow Stages

 RSA Archer GRC Platform Workflows

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to reorder.
6. Drag the stage to the desired location.
The new order is displayed.
7. Click Save.

Delete a Workflow Stage

You can delete a workflow stage, however, you cannot delete a stage when one or
more records are currently enrolled in it.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to delete.

6. Click in the Stage graphic.

A confirmation dialog box opens.

Chapter 2: Workflow Stages 19

 RSA Archer GRC Platform Workflows

7. Click OK.

Important: Even though the stage is no longer visible in the Stages section, it is
not deleted from the system until you click Apply or Save.

8. Click Apply.
If any records are enrolled in the stage, a warning message displays and you
cannot delete the stage.

20 Chapter 2: Workflow Stages

 RSA Archer GRC Platform Workflows

Chapter 3: Workflow Notifications

Managing Workflow Notifications

You can configure the workflow process to automatically send email notifications
to users and groups that are assigned to a record for review. The notifications are
sent when a record:
l Is enrolled in workflow
l Moves to a new stage (except the End stage)
l Is manually reassigned by the Application Owner

You can configure a workflow notification for any stage in the workflow process.
You can use the same notification for multiple stages or create unique notifications
for each stage.
You can perform the following tasks to manage workflow notifications:
l Create a Workflow Notification
l Update the General Properties of a Workflow Notification
l Define the Layout of a Workflow Notification
l Select the Content of a Workflow Notification
l Define the Email Properties of a Workflow Notification
l Delete a Workflow Notification

Create a Workflow Notification

You can create a new workflow notification either by creating a new, original
template or copying an existing template, then naming and describing the template.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

Chapter 3: Workflow Notifications 21

 RSA Archer GRC Platform Workflows

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Notifications field, click Edit.
If you have made changes to the workflow process but have not saved the
changes, a warning dialog opens. Click Yes to save changes and continue. The
Manage Workflow Notifications page is displayed.
7. Click Add New.
8. Do one of the following:
l To use the settings of an existing workflow notification as a starting point for
your new workflow notification, select Copy an existing Workflow
Notification and select the existing workflow notification from the list.
l To select new settings for the workflow notification, select Create a new
Workflow Notification from scratch.
9. Click OK.

Next Steps
Update the General Properties of a Workflow Notification

Update the General Properties of a Workflow Notification

You can set basic properties of a workflow notification, including name and
description.

Before You Begin

Create a Workflow Notification

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.

22 Chapter 3: Workflow Notifications

 RSA Archer GRC Platform Workflows

5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Notifications field, click Edit.
The Manage Workflow Notifications page is displayed.
7. In the Workflow Notifications section, click the notification that you want to
edit.
8. On the General tab, complete the General Information section:
a. In the Name field, enter a name for the notification.
b. In the Description field, describe the notification.
9. Review the information in the remaining fields in this section.
10. Click Apply.

Next Steps
Define the Layout of a Workflow Notification

Define the Layout of a Workflow Notification

You can choose the letterhead to display on a notification, as well as define its page
layout.

Before You Begin

Create a Workflow Notification

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Notifications field, click Edit.
The Manage Workflow Notifications page is displayed.
7. In the Workflow Notifications section, click the notification that you want to
edit.

Chapter 3: Workflow Notifications 23

 RSA Archer GRC Platform Workflows

8. On the General tab, scroll down to the Template Design section.

9. In the Letterhead field, click , and select the desired letterhead.

10. In the Body Layout field, click to open the Body Layouts page.
11. Select a layout, and click OK.
12. Verify that the preview displayed in the Preview field meets your needs.
13. Click Apply.

Next Steps
Select the Content of a Workflow Notification

Select the Content of a Workflow Notification

You can define the content of a workflow notification, using both static and
dynamic content. Static content is text that remains the same for every notification,
while dynamic content is content that changes based on the unique parameters.

Before You Begin

l Create a Workflow Notification
l Define the Layout of a Workflow Notification

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Notifications field, click Edit.
7. In the Workflow Notifications section, click the notification that you want to
edit.
8. Click the Content tab.
The Template Design section is displayed.

24 Chapter 3: Workflow Notifications

 RSA Archer GRC Platform Workflows

9. In the Subject field, enter the text that you want to display in the email subject
line.
You can also include fields (but not reports or links) in the subject line as
dynamic information. To enter a field, place your cursor in the desired location,
click the Select a Field arrow and select the appropriate field from the list.

Note: You cannot include the following fields in the subject line: Attachment,
Cross-Application Status Tracking, Image, Record Permissions, Risk
Assessment, Sub-Form, Questionnaire Reference, Access History, and History
Log.

10. In the Body fields, enter the text that you want to display in the body of the
message. You can use the options in the Rich Text Editor toolbar to modify the
appearance of the text.
l To include fields, reports, and links in the body, place your cursor in the
desired location and click the Select a Field drop-down, the Select a Report
drop-down, or the Select a Link select icon. Select the desired information to
insert it into the body.
l To change the layout of the boxes that make up the Body fields, click the
General tab and from the Body Layout field in the Template Design
section, select a layout.
11. Click Apply.

Next Steps
Define the Email Properties of a Workflow Notification

Define the Email Properties of a Workflow Notification

You can define the From address for the notification and enter an alias for the
address as needed. You can also select the importance of the email and determine
whether to enable read-receipt functionality.

Before You Begin

l Create a Workflow Notification
l Update the General Properties of a Workflow Notification
l Define the Layout of a Workflow Notification
l Select the Content of a Workflow Notification

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.

Chapter 3: Workflow Notifications 25

 RSA Archer GRC Platform Workflows

b. In the Navigation Menu, click Application Builder.

c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Notifications field, click Edit.
7. In the Workflow Notifications section, click the notification that you want to
edit.
8. Click the Delivery tab.
9. Complete the Email Properties section:
a. In the From Address field, enter the "From" address .
This must be a valid email address.
b. In the From Alias field, enter the appropriate alias.
c. In the Importance field, select the appropriate importance level.
d. In the Read Receipt field, select to enable or disable return receipts.
This option is only available if you have enabled Read Receipt functionality
in the Global Notification Settings.
10. Click Save.

Delete a Workflow Notification

If you no longer need a workflow notification, you can delete it from the system.

Procedure
1. Navigate to the Manage Applications or Manage Questionnaires page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Application Builder.
c. Click Manage Applications or Manage Questionnaires.
2. Click the application or questionnaire that you want to update.

Note: If you cannot select one, you do not have Edit privileges to it.

3. Click the Workflow tab.

26 Chapter 3: Workflow Notifications

 RSA Archer GRC Platform Workflows

4. If the application is leveled, select the tab for the level for which you want to
configure a workflow process.
5. In the Stages section, select the stage that you want to configure.
6. In the Stage Properties section, in the Notifications field, click Edit.
7. Click the row of the notification that you want to delete.
The row expands to display a description of the notification.

8. Click for that notification.

A Warning dialog box opens.
9. To confirm the delete, click OK.

Chapter 3: Workflow Notifications 27

RSA Archer GRC Platform 5.4
Workspaces and Dashboards
June 2013
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm.
Trademarks
RSA, the RSA Logo, RSA Archer, RSA Archer Logo, and EMC are either registered trademarks or trademarks of EMC
Corporation ("EMC") in the United States and/or other countries. All other trademarks used herein are the property of their
respective owners. For a list of RSA trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm.
License Agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may
be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This
software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on Encryption Technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR
FITNESS FOR A PARTICULAR PURPOSE.

Copyright © 2010-2013 EMC Corporation All Rights Reserved. Published in the USA.
RSA Archer GRC Platform Workspaces and Dashboards

Contents

Preface 5
About this Guide 5
Product Documentation 6
Support and Service 6
Chapter 1: Workspaces 9
Managing Workspaces 9
Create a Workspace 10
Update the General Properties of a Workspace 10
Select the Options for a Workspace 11
Attach Documentation to a Workspace 12
Configure the Navigation Menu Options for a Workspace 13
Add Quick Reference Links to a Workspace 14
Create and Manage Folders for a Quick Reference Link 15
Select Dashboards for a Workspace 16
Configure the Display Order for Dashboards within a Workspace 17
Assign Access Rights to a Workspace 18
Configure the Display Order for Workspaces 19
Delete a Workspace 19
Chapter 2: Dashboards 21
Managing Dashboards 21
Create a Dashboard 21
Update the General Properties of a Dashboard 22
Determine the Layout Design of a Dashboard 23
Attach Documentation to a Dashboard 24
Select iViews to Display on a Dashboard 24
Define the Layout of a Dashboard 25
Create a Global iView 26
Assign Access Rights to a Dashboard 27
Delete a Dashboard 28
Chapter 3: Global iViews 31
Managing Global iViews 31
Create a Global iView 31
Update the General Properties of a Global iView 33
Create and Manage the Folder for a Global iView 34
Change the Options for a Global iView 35
Attach Documentation to a Global iView 37
Assign Access Rights to a Global iView 38
Delete a Global iView 39

3
 RSA Archer GRC Platform Workspaces and Dashboards

Preface

About this Guide

The Workspaces and Dashboards feature is designed to allow organizations to
promote security awareness and efficient, effective communication by providing
users with quick access to information and tools related to their job functions.
Through Workspaces and Dashboards, administrators can create dashboards and
iViews to display reports, links, embedded web pages, RSS feeds, and other custom
content. Administrators can display these iViews to end users through workspaces,
which are pages of related content.
iViews can provide users at all levels in an organization’s hierarchy with the
information they need to make decisions, complete tasks, and stay up to date.
Examples of content that may be displayed through iViews include content review
queues, links to security policies, links to industry or regulatory sites, embedded
web pages, recent vulnerability alerts, company financial information, technology-
related links and news, logon information, and security questions and answers.
By grouping iViews with related content into dashboards and applying those
dashboards to workspaces, administrators can create custom views for specific user
audiences. For example, a Workspaces and Dashboards administrator could create
an Incident Management workspace for personnel involved in investigating and
resolving security incidents. This workspace could contain iViews that display
investigation assignments in each user’s queue, which show the status of all
unresolved investigations and provide links to internal and external resources.
Users can access a workspace by clicking the workspace tab at the top of the page.
For each workspace, administrators can customize the Navigation Menu to display
only solutions with related content, allowing users to access the information and
tools they need without having to sort through a lengthy menu of solutions and
applications. For example, if a user clicks the Policy Management workspace tab,
the Navigation Menu might display only applications that reside in the Policy
Management solution.
For administrative users with access to at least one page in the Platform features, a
special Administration workspace is displayed. The Administration workspace
provides users with access to administrative information, and links and reports are
displayed through iViews. In addition, users can access Platformfeatures such as
Access Control, Workspaces and Dashboards, and Application Builder from this
workspace.

Preface 5
 RSA Archer GRC Platform Workspaces and Dashboards

Product Documentation
For information about the RSA Archer GRC Platform 5.x, see the following
documentation.

Guide Description

Administrator Guide Provides Platform administrators with a system

overview, guidelines for navigating, and detailed
instructions for key tasks.

Control Panel Guide Provides administrators with instructions for

configuring each instance of the Platform.

Installation Guide Provides administrators with instructions for preparing,

installing, configuring, and testing the Platform.

Release Notes Provides Platform administrators with detailed listing of

new features, fixed issues, and known issues at the time
of the current release.

User Guide Provides end users with guidelines for navigating,

detailed instructions for key tasks, and information
about using Platform communication tools.

Web Services API Reference Provides IT managers and programmers with a list of
Guide the available web services for programmatically
interfacing with the release. This guide provides
formatting guidelines for field results, field inputs, and
search inputs, and provides sample code for searching,
adding and updating users, and updating assets.

You can access the Platform 5.x documentation from the RSA Archer Community
at https://community.emc.com/community/connect/grc_ecosystem/rsa_archer.

Support and Service

Customer www.emc.com/support/rsa/index.htm
Support
Information

Customer [email protected]
Support E-mail

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Community archer

6 Preface
 RSA Archer GRC Platform Workspaces and Dashboards

RSA Archer https://community.emc.com/community/connect/grc_ecosystem/rsa_

Exchange archer_exchange

RSA Solution https://gallery.emc.com/community/marketplace/

Gallery

RSA SecurCare https://knowledge.rsasecurity.com/cleartrust/ct_
Online logon.asp?CTAuthMode=BASIC&language=en&CT_ORIG_
URL=https%3A%2F%2Ffanyv88.com%3A443%2Fhttps%2Fknowledge.rsasecurity.com%3A443%2F&c
t_orig_uri=%2F

The RSA Archer Community enables collaboration among eGRC clients, partners,
and product experts. Members actively share ideas, vote for product enhancements,
and discuss trends that help guide the RSA Archer product roadmap.
The RSA Archer Exchange is an online marketplace dedicated to supporting eGRC
initiatives. The Exchange brings together on-demand applications along with
service, content, and integration providers to fuel the success of RSA Archer
clients.
The RSA Solution Gallery provides information about third-party hardware and
software products that have been certified to work with RSA products. The gallery
includes Secured by RSA Implementation Guides with step-by-step instructions and
other information about interoperation of RSA products with these third-party
products.
The RSA SecurCare Online provides unlimited access to a wealth of resources on
the web, 24 hours a day. The secure system provides members access to a support
knowledgebase, to download current platform patches and bug fixes, to sign up for
notifications, to manage your support cases and more.

Preface 7
 RSA Archer GRC Platform Workspaces and Dashboards

Chapter 1: Workspaces

Managing Workspaces
Workspaces are tabbed groupings of dashboards and iViews with related content.
Users can access a workspace from any page in the system by clicking the
Workspace tab at the top of the page.

Note: When there are more tabs than can fit across the top of the page, a More tab
is displayed to the right of the workspace tab strip to allow users to select from a
list of workspaces.

By grouping iViews with related content into dashboards, administrators can create
custom views for specific user audiences. For example, an administrator could
create an Incidents workspace for personnel involved in investigating and resolving
security incidents. This workspace could contain dashboards with iViews that
display investigation assignments in each user’s queue, which show the status of all
unresolved investigations and provide links to internal and external resources.
Dashboards can be configured to display multiple iViews, a single iView that
consumes the entire page, or an embedded web page.

Note: An individual iView can be displayed in multiple dashboards.

Each time an Application Builder administrator creates a new solution, a

workspace is automatically created for that solution. The workspace shares the
solution's name, and access to the workspace is granted to the administrator who
created the solution. Once a solution-based workspace has been created,
Workspaces and Dashboard administrators can configure the workspace's
properties, including its content, Navigation Menu settings, and access rights.
You can perform the following tasks to configure workspaces:
l Create a Workspace
l Update the General Properties of a Workspace
l Select the Options for a Workspace
l Attach Documentation to a Workspace
l Configure the Navigation Menu Options for a Workspace
l Add Quick Reference Links to a Workspace
l Create and Manage the Folders for a Quick Reference Link
l Select Dashboards for a Workspace
l Configure the Display Order for Dashboards Within a Workspace

Chapter 1: Workspaces 9
 RSA Archer GRC Platform Workspaces and Dashboards

l Assign Access Rights to a Workspace

l Configure the Display Order for Workspaces
l Delete a Workspace

Create a Workspace
Complete this task to add new workspaces or edit existing workspaces.
For an overview of the complete configuration process, see Managing Workspaces.

Procedure
1. Navigate to the Manage Workspaces page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
2. Click Add New to open the Add Workspace window.
3. Do one of the following:
l To create a new workspace, select Create a new Workspace from
scratch.
l To copy an existing workspace, select Copy an existing Workspace and
select the workspace that you want to copy from the Workspaces list.
4. Click OK.
5. Complete the General Information section:
a. In the Name field, enter a name for the workspace.
b. In the Description field, enter a description for the workspace.
This description is displayed on the Manage Workspaces page in list mode.
6. Click Apply.

Next Steps
Update the General Properties of a Workspace

Update the General Properties of a Workspace

Complete this task to name a workspace, set its status, and enter a description in
the General Information section.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

10 Chapter 1: Workspaces
 RSA Archer GRC Platform Workspaces and Dashboards

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Complete the General Information section:
a. In the Name field, enter a name for the workspace.
b. To activate the workspace, select Active from the Status list. To inactivate
the workspace, select Inactive from the Status list.

Note: If you select to inactivate the workspace, it no longer is displayed for

the user to access it.

c. In the Description field, enter a description of the workspace.

3. Click Apply.

Next Steps
Select the Options for a Workspace

Select the Options for a Workspace

Complete this task to select whether a workspace is required, defaulted, or optional
for users and whether users can remove the workspace from their workspace tab
strip.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.

Chapter 1: Workspaces 11
 RSA Archer GRC Platform Workspaces and Dashboards

2. To determine the behavior of the workspace, select one of the following options
from the Behavior list in the Options section:
l Required. The workspace is always displayed in the workspace tab strip for
users with access to it, and those users cannot remove it.
l Default. The workspace is displayed in the workspace tab strip by default
for all users with access to it, and those users can remove it.
l Optional. The workplace is available for users who have access to it, but it
is not displayed by default.
3. To allow users to create personal dashboards in the workspace, select Enable
from the Personal Dashboards setting.
4. Click Apply.

Next Steps
Attach Documentation to a Workspace

Attach Documentation to a Workspace

Complete this task to attach documentation to the workspace or download current
files in the Documentation section.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. To attach documentation to the workspace:
a. In the Documentation section, click Add New.
The File Upload dialog box opens.
b. Click Add New and select the file that you want to upload.
c. Click OK.
3. To download attached documentation to the workspace:
a. In the Name column, click the filename.
b. In the File Download dialog box, click Save.

12 Chapter 1: Workspaces
 RSA Archer GRC Platform Workspaces and Dashboards

c. Select the location where you want to save the document and click Save.
4. Click Apply.

Next Steps
Configure the Navigation Menu Options for a Workspace

Configure the Navigation Menu Options for a Workspace

Complete this task to customize the display of the Navigation Menu for an
individual workspace.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Click the Navigation Menu tab.
3. In the Navigation Menu Display section, select from the following options:
l Collapsed. Select to have the Navigation Menu for the workspace default to
a collapsed state.
l Expanded. Select to have the Navigation Menu for the workspace default to
an expanded state.
l Hidden. Select to remove the Navigation Menu from display when users
view the workspace. When this option is selected, users cannot access the
Navigation Menu when they view the workspace.
4. If you selected the Collapsed or Expanded option, define how you want
solutions and applications to be displayed in the Navigation Menu according to
the following options:
l Display All. Select to have the Navigation Menu display all solutions and
applications that are available to users when they view the workspace.
l Selected. Select to filter the solutions that are displayed in the Navigation
Menu when users view the workspace. From the Available list that is
displayed, select the solutions that you want to be displayed in the Navigation
Menu.

Chapter 1: Workspaces 13
 RSA Archer GRC Platform Workspaces and Dashboards

5. To further customize the Navigation Menu for the workspace, select Expanded
from the Selected list for individual solutions and their corresponding
applications.
When a solution is expanded, all applications in that solution are displayed by
default. If an application is expanded, all operation links that are available for
that application are displayed by default.

Note: You can collapse a solution and expand an application in that solution. In
this case, when users expand the solution, the application expands by default.

6. To display an Administration solution in the Navigation Menu that contains all

applications for which a user has access, select Display in the Administration
control. To hide this solution, clear Display.

Note: Examples of applications include Access Control, Workspaces and

Dashboards, and Application Builder. If a user does not have access to any
Platform features, the Administration solution is not displayed in the Navigation
Menu.

Next Steps
Add Quick Reference Links to a Workspace

Add Quick Reference Links to a Workspace

Complete this task to add quick reference menus and links to the top of a
workspace. This is useful for providing fast access to frequently viewed features.
The Quick Reference bar displays links just below the workspace tab strip.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Click the Quick Reference tab.
3. Click Add New Link in the Quick References Links list.
The link settings are displayed in the Properties list.

14 Chapter 1: Workspaces
 RSA Archer GRC Platform Workspaces and Dashboards

4. From the Type list, select one of the following:

l Internal Page. Allows the user to link to internal pages and functions. Make
the selection from the Link To list and select the target page from the
Available list. Click OK. Enter the name of the link in the Display Name
field. Enter the description in the Description field.
l Report. Allows the user to link to personal and global reports. Make the
selection from the Link To list and select the target report from the
Available list. Click OK. Enter the name of the link in the Display Name
field. Enter the description in the Description field.
l Dashboard. Allows the user to link to personal and global dashboards. Make
the selection from the Link To list and select the target dashboard from the
Available list. Click OK. Enter the name of the link in the Display Name
field. Enter the description in the Description field.
l External Link. Allows the user to create links to external sites. When a user
clicks the link, the external site is displayed in the workspace section. Make
the selection from the Link To list and enter the site address in the Link To
field. Make a selection from the Action list according to how you want the
site to open in the user's workspace. Enter the name of the link in the Display
Name field. Enter the description in the Description field.
l Solution. Allows the user to link to personal and global solutions. Make a
selection from the Link To list and select the target solution from the
Available list. Click OK.
l Content Record. Allows the user to link to personal and global records.
Click to make a selection from the Record Lookup list. Select the target
record and click OK. Enter the name of the link in the Display Name field.
Enter the description in the Description field.
5. Click Apply.

Next Steps
Create and Manage the Folders for a Quick Reference Link

Create and Manage Folders for a Quick Reference Link

Complete this task to organize quick references to be displayed at the top of a
workspace. This feature is useful for organizing quick reference links into logical
groupings for the user. The Quick Reference bar displays folders as a list just
below the workspace tab strip.
For an overview of the complete configuration process, see Managing Workspaces.

Chapter 1: Workspaces 15
 RSA Archer GRC Platform Workspaces and Dashboards

Before You Begin

l Create a Workspace
l Add Quick Reference Links to a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Click the Quick Reference tab.
3. To add a folder, click Add New Folder in the Quick Reference Links list.
The Display Name field is displayed in the Properties list.
4. In the Display Name field, enter a name for the folder.
The new folder is added to the Quick References Links list.
5. To organize the folder, drag and drop the folder name in the Quick Reference
Links section.
You can organize multiple folders by sequence and by hierarchy. To place one
folder inside of another folder, drag and drop the folder name over the parent
folder where you want it to be displayed.
6. To organize the links, drag and drop the link names in the Quick Reference
Links section.
You can organize the links by sequence and by folder. To place a link inside of
a folder, drag and drop the link name over the parent folder where you want it to
be displayed.
7. Click Apply.

Next Steps
Select Dashboards for a Workspace

Select Dashboards for a Workspace

Complete this task to group and organize multiple iViews to be displayed in a
workspace. Dashboards are groupings of iViews and reports that are available for
selection from the Dashboard list in the toolbar.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

16 Chapter 1: Workspaces
 RSA Archer GRC Platform Workspaces and Dashboards

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Click the Dashboards tab.
3. Click Select Dashboards to open the Add Dashboards dialog box.
4. Select the dashboards from the Name column and click OK.
5. Click Apply.

Next Steps
Configure the Display Order for Dashboards within a Workspace

Configure the Display Order for Dashboards within a Workspace

Complete this task to group and organize multiple dashboards to be displayed in a
workspace. Dashboards are groupings of iViews and reports that are available for
selection from the Dashboard list in the toolbar.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Click the Dashboards tab.
3. Click Configure Display Order.
4. In the Dashboard Display Order dialog box, drag and drop the dashboards in
the sequence that you want them presented for the user and click OK.
5. (Optional) To remove a dashboard from the workspace, click in the Actions
column.
6. Click Apply.

Chapter 1: Workspaces 17
 RSA Archer GRC Platform Workspaces and Dashboards

Next Steps
Assign Access Rights to a Workspace

Assign Access Rights to a Workspace

Complete this task to assign user access rights for a workspace. You can assign
public access to everyone in the system or by individual users, groups, roles, or
solutions.
For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Select the workspace that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
d. In the Name column, click the workspace.
2. Click the Access tab.
3. Select whether the workspace is public or private:
l Public. Allow all users in the system access to this workspace.
l Private. Allow only specific users and groups access to this workspace.
4. If you selected Private, select one of the following options from the Available
list to assign or revoke access rights for the workspace:
l Group. In the Available list, expand the Group node and select the groups
whose members you want to have access to the workspace.
l User. In the Available list, expand the User node and select the users who
you want to have access to the workspace.
l Role. In the Available list, expand the Role node and select the roles whose
assigned users you want to grant workspace access rights.
l Solution. In the Available list, expand the Solution node and select the
solutions whose users you want to assign workspace access rights.
5. To revoke access rights from a group, solution, role, or user, click in the
Selected list.
6. Click Save.

Next Steps
Configure the Display Order for Workspaces

18 Chapter 1: Workspaces
 RSA Archer GRC Platform Workspaces and Dashboards

Configure the Display Order for Workspaces

Complete this task to define the order in which workspaces are displayed in the
user's workspace tab strip.

Note: Not all users have access to all workspaces, but the order of the workspaces
still pertains to each user.

For an overview of the complete configuration process, see Managing Workspaces.

Before You Begin

Create a Workspace

Procedure
1. Navigate to the Manage Workspaces page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.
2. In the Workspaces toolbar, click Configure Display Order.
The Workspace Display Order dialog box opens.
3. Drag and drop the workspaces in the sequence that you want them displayed for
the user.
4. Click OK to return to the Manage Workspaces page.

Delete a Workspace
Complete this task to delete a workspace from the system. This permanently purges
the workspace from the database as well as any personal dashboards associated
with it. Global dashboards associated with it are not deleted.

Note: If you delete a workspace, it cannot be recovered.

Procedure
1. Navigate to the Manage Workspaces page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Workspaces.

2. Click in the Actions column.

3. Click OK in the warning dialog box.

Chapter 1: Workspaces 19
 RSA Archer GRC Platform Workspaces and Dashboards

Chapter 2: Dashboards

Managing Dashboards
Dashboards are groupings of iViews with related content. Users can access a
dashboard from within a workspace by selecting from the Dashboard list in the page
toolbar. This feature allows administrators to group multiple iViews into a single
dashboard so the user can easily access multiple iViews from one workspace.
Administrators can build global dashboards and enable users to build personal
dashboards:
l Global dashboards. Can be viewed by all users that have been assigned global
access by administrators on the Access tab of the Manage Dashboards page.
These dashboards cannot be edited by users, but can be rearranged. Any
modifications to the layout or size of the iViews are saved for that user's current
session only.
l Personal dashboards. Can be created and viewed by all users that have been
assigned access by group, user, role, or solution on the Access tab of the
Manage Dashboards page. Personal dashboards are specific to the user and are
not confined to the user's current session only. Users can modify the layout and
size of the iViews, and the changes are saved in real time.

You can perform the following tasks to manage dashboards:

l Create a Dashboard
l Update the General Properties of a Dashboard
l Determine the Layout Design of a Dashboard
l Attach Documentation to a Dashboard
l Select iViews to Display on a Dashboard
l Define the Layout of a Dashboard
l Create a Global iView
l Assign Access Rights to a Dashboard
l Delete a Dashboard

Create a Dashboard
Complete this task to add new dashboards or edit existing dashboards. You can
also determine the layout and assign user access for the dashboards.
For an overview of the complete configuration process, see Managing Dashboards.

Chapter 2: Dashboards 21
 RSA Archer GRC Platform Workspaces and Dashboards

Procedure
1. Navigate to the Manage Dashboards page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
2. Click Add New.
3. Do one of the following:
l To create a new dashboard, select Create a new Dashboard from scratch.
l To copy an existing dashboard, select Copy an existing Dashboard and from
the Dashboards list, select a dashboard to copy.
4. Click OK.
5. Complete the General Information section:
a. In the Name field, enter a name for the dashboard.
b. In the Description field, enter a description for the dashboard.
This description is displayed on the Manage Dashboards page in list mode.
6. Click Apply.

Next Steps
Update the General Properties of a Dashboard
Assign Access Rights to a Dashboard

Update the General Properties of a Dashboard

Complete this task to update the name, status, and description of a dashboard.
For an overview of the complete configuration process, see Managing Dashboards.

Before You Begin

Create a Dashboard

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
d. Click the dashboard.

22 Chapter 2: Dashboards
 RSA Archer GRC Platform Workspaces and Dashboards

2. Complete the General Information section:

a. In the Name field, enter a name for the dashboard.
b. To activate the dashboard, select Active from the Status list. To inactivate
the dashboard, select Inactive from the Status list.

Note: If you select to inactivate the dashboard, it is no longer displayed for

the user to access it.

c. In the Description field, enter a description for the dashboard.

This description is displayed on the Manage Dashboards page in list mode.
3. Click Apply.

Next Steps
Determine the Layout Design of a Dashboard

Determine the Layout Design of a Dashboard

Complete this task to select and preview the layout design of the dashboard. This
section determines the column structure of the dashboard.
For an overview of the complete configuration process, see Managing Dashboards.

Before You Begin

Create a Dashboard

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
d. Click the dashboard.
2. From the Column Layout list in the Layout Design section, select options to
determine the layout design.
These options determine the number of columns displayed on the dashboard and
the percentage of the page each column occupies. You can preview the layout
of your selection in the Preview control.
3. Click Apply.

Next Steps
Attach Documentation to a Dashboard

Chapter 2: Dashboards 23
 RSA Archer GRC Platform Workspaces and Dashboards

Attach Documentation to a Dashboard

Complete this task to attach documentation to the dashboard or download current
files in the Documentation section.
For an overview of the complete configuration process, see Managing Dashboards.

Before You Begin

Create a Dashboard

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
d. Click the dashboard.
2. In the Documentation section, click Add New.
The File Upload dialog box opens.
3. Click Add New, select the file that you want to upload and click OK.
4. To download attached documentation to the dashboard:
a. Click the filename in the Name column.
b. Click Save in the File Download dialog box.
c. Select the location where you want to save the document and click Save.
5. Click Apply.

Next Steps
Select iViews to Display on a Dashboard

Select iViews to Display on a Dashboard

Complete this task to add existing global iViews to a dashboard or create a new
global iView.
For an overview of the complete configuration process, see Managing Dashboards.

Before You Begin

Create a Dashboard

24 Chapter 2: Dashboards
 RSA Archer GRC Platform Workspaces and Dashboards

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
d. Click the dashboard.
2. Click the Layout tab.
3. Click Select iViews in the Dashboard Layout toolbar and in the Method
section of the iView Type Selection dialog box, select one of the following
options:
l Create a new Global iView from scratch. To create a new global iView
from existing iView types, select this option. For more information on
creating a Global iView, see Create a Global iView.
l Select from Global iView Library. To select from existing global iViews
organized by folders of related content, select this option and click OK.
4. Click Apply.

Next Steps
Define the Layout of a Dashboard

Define the Layout of a Dashboard

Complete this task to rearrange and remove existing iViews to display in the order
that you want.
For an overview of the complete configuration process, see Managing Dashboards.

Before You Begin

l Create a Dashboard
l Determine the Layout Design of a Dashboard
l Select iViews to Display on a Dashboard

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.

Chapter 2: Dashboards 25
 RSA Archer GRC Platform Workspaces and Dashboards

c. Click Manage Dashboards.

d. Click the dashboard.
2. Click the Layout tab.
3. To rearrange the iViews , drag and drop the iViews in the Dashboard Layout
section in the order that you want them displayed.
4. To remove an iView, select Remove from the individual iView list.
5. Click Apply.

Create a Global iView

Complete this task to add new global iViews or edit existing iViews when
managing a dashboard.

Before You Begin

l Create a Workspace
l Create a Dashboard

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
d. Click the dashboard.
2. Click the Layout tab.
3. Click Select iViews.
4. Do one of the following:
l To create a new iView, select Create a new Global iView from scratch.
l To copy an existing iView, select Copy an existing Global iView.
5. If you selected Create a new Global iView from scratch, select one of the
following iView types.

26 Chapter 2: Dashboards
 RSA Archer GRC Platform Workspaces and Dashboards

iView Type Description

Canvas Enables you to select from predefined templates with various

presentations for content and graphics.

Custom Enables you to display custom text, HTML, or Flash

presentations or to execute custom scripts, such as
JavaScript.

Embedded URL Enables you to embed entire web pages directly in an iView.

Links List Enables you to create links to websites, intranet sites, and
frequently used internal application pages, such as Add New
Record, Advanced Search, and Discussion Forums within a
single iView.

Report Enables you to display global reports in a single iView. In

addition, you can display charts generated through a
statistics search.

Quick Search Enables you to display search criteria options in an iView

for the user to search records across applications.

RSS Feed Enables you to display data from an RSS feed. RSS feeds
contain headlines and summary information from articles on
websites supporting RSS.

Video Enables you to embed video directly in an iView using

HTML.

6. If you selected Copy an existing Global iView, select an iView from the
Available iViews list to copy.
7. Click OK.
The iView Configuration page is displayed, ready for you to add or edit iView
information.

Next Steps
Update the General Properties of a Global iView

Assign Access Rights to a Dashboard

Complete this task to assign access rights for a dashboard. You can select to make
the dashboard public or private and assign access based on group, user, role, or
solution.
For an overview of the complete configuration process, see Managing Dashboards.

Chapter 2: Dashboards 27
 RSA Archer GRC Platform Workspaces and Dashboards

Before You Begin

Create a Dashboard

Procedure
1. Select the dashboard that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.
d. Click the dashboard.
2. Click the Access tab.
3. Select whether the dashboard is public or private:
l Public. Allow all users in the system access to this dashboard.
l Private. Allow only specific users and groups access to this dashboard.
4. If you selected Private, select whether to assign or revoke access rights for the
dashboard from the Available list according to the following options:
l Group. In the Available list, expand the Group node and select the groups
whose members should have access to the dashboard.
l User. In the Available list, expand the User node, and select the users who
should have access to the dashboard.
l Role. In the Available list, expand the Role node and select the roles with
assigned users you want to assign dashboard access rights.
l Solution. In the Available list, expand the Solution node and select the
solutions with users you want to assign dashboard access rights.
5. To revoke access rights from a group, solution, role, or user, click in the
Selected list.
6. Click Save.

Delete a Dashboard
Complete this task to delete a dashboard from the system. This permanently purges
the dashboard from the database as well as any personal iViews associated with it.
Global iViews associated with it are not deleted.

Note: If you delete a dashboard, it cannot be recovered.

28 Chapter 2: Dashboards
 RSA Archer GRC Platform Workspaces and Dashboards

Procedure
1. Navigate to the Manage Dashboards page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
A menu of Workspaces and Dashboards pages is displayed.
c. Click Manage Dashboards.

2. Click in the Actions column.

3. Click OK in the warning dialog box.

Chapter 2: Dashboards 29
 RSA Archer GRC Platform Workspaces and Dashboards

Chapter 3: Global iViews

Managing Global iViews

An iView is a window of information that can display reports, charts, links to
internal pages, links to external sites, embedded web pages, and other custom
content, such as Flash presentations and graphics. When you access the Platform,
there are several iViews displayed in the opening page. These iViews are grouped
into a dashboard and dashboards are grouped into workspaces. Workspaces, which
display as tabs across the top of the screen, can contain several dashboards,
providing you with quick access to information relevant to your job functions.
By clicking the various workspace tabs that display at the top of your screen, you
can access iViews through dashboards that are related to specific subjects. For
example, a Home workspace might contain iViews with links to frequently used
pages and instructional iViews for accessing information and completing tasks
within various applications. An Incidents workspace might contain a dashboard that
contains iViews with security incidents for which you are an investigator.
iViews can be configured according to the specific iView type. For example, for a
Report iView, you can include one or many reports. When you configure this iView
type, you select the report or reports you want included. You can then determine the
selection order of the reports in the iView and identify the report that is initially
displayed to the user. Additionally, you can allow horizontal scrolling for any of the
selected reports so that the report contents extends beyond the width of the iView.
You can perform the following tasks to configure global iViews:
l Create a Global iView
l Update the General Properties of a Global iView
l Create and Manage the Folder for a Global iView
l Change the Options for a Global iView
l Attach Documentation to a Global iView
l Assign Access Rights to a Global iView
l Select iView to Display on a Dashboard
l Delete a Global iView

Create a Global iView

Complete this task to add new global iViews or edit existing iViews.

Chapter 3: Global iViews 31

 RSA Archer GRC Platform Workspaces and Dashboards

Before You Begin

l Create a Workspace
l Create a Dashboard

Procedure
1. Navigate to the Manage Global iViews page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.
2. Click Add New.
3. Do one of the following:
l To create a new iView, select Create a new Global iView from scratch.
l To copy an existing iView, select Copy an existing Global iView.
4. If you selected Create a new Global iView from scratch, select one of the
following iView types.

iView Type Description

Canvas Enables you to select from predefined templates with various

presentations for content and graphics.

Custom Enables you to display custom text, HTML, or Flash

presentations or to execute custom scripts, such as
JavaScript.

Embedded URL Enables you to embed entire web pages directly in an iView.

Links List Enables you to create links to websites, intranet sites, and
frequently used internal application pages, such as Add New
Record, Advanced Search, and Discussion Forums within a
single iView.

Report Enables you to display global reports in a single iView. In

addition, you can display charts generated through a
statistics search.

32 Chapter 3: Global iViews

 RSA Archer GRC Platform Workspaces and Dashboards

iView Type Description

Quick Search Enables you to display search criteria options in an iView

for the user to search records across applications.

RSS Feed Enables you to display data from an RSS feed. RSS feeds
contain headlines and summary information from articles on
websites supporting RSS.

Video Enables you to embed video directly in an iView using

HTML.

5. If you selected Copy an existing Global iView, select an iView from the
Available iViews list to copy.
6. Click OK.
The Manage Global iView page is displayed, ready for you to add or edit
workspace information.

Next Steps
Update the General Properties of a Global iView

Update the General Properties of a Global iView

Complete this task to update the name, status, and description of a global iView.
For an overview of the complete configuration process, see Managing Global
iViews.

Before You Begin

Create a Global iView

Procedure
1. Select the iView that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.
d. In the Name column, click the iView.
2. Complete the General Information section:
a. In the Name field , enter a name for the iView.
b. To activate the iView, select Active from the Status list. To inactivate the
iView, select Inactive from the Status list.

Chapter 3: Global iViews 33

 RSA Archer GRC Platform Workspaces and Dashboards

c. In the Description field, enter a description for the iView.

This description is displayed on the Manage Dashboards page in list mode.
3. From the Folder list, select a category to display the iView under on the
Manage iViews page.
4. Click Apply.

Next Steps
Create and Manage the Folder for a Global iView

Create and Manage the Folder for a Global iView

Complete this task to create a new folder or rearrange your iViews to display in a
different folder. This is the organization that is displayed in the Global iViews
section on the Manage iViews page.
For an overview of the complete configuration process, see Managing Global
iViews.

Before You Begin

Create a Global iView

Procedure
1. Select the iView that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.
d. In the Name column, click the iView.
2. Create a folder for the iView:
a. In the Folder control of the General Information section, click Edit.
b. In the Manage Folders window, click Add New.
c. Enter the name of the folder and click OK.
d. In the Folder list, ensure the correct folder is selected.
3. To display the iView in a different folder, select the desired folder from the
Folder list in the General Information section.
4. Click Apply.
Your changes are displayed in the Manage iViews page.

Next Steps
Change the Options for a Global iView

34 Chapter 3: Global iViews

 RSA Archer GRC Platform Workspaces and Dashboards

Change the Options for a Global iView

Complete this task to update the options for an iView. The options vary based on
the type of iView that you are modifying.
For an overview of the complete configuration process, see Managing Global
iViews.

Before You Begin

Create a Global iView

Procedure
1. Select the iView that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.
d. In the Name column, click the iView.
2. On the General tab, update the options for the iView in the Options section
based on the following iView types.

iView Type Action

Canvas
1. In the Canvas Style field, click to select a layout
in the Selected Layout Template dialog box.
2. Browse through the layouts, select the layout and
click OK.
3. Enter a name in the Title field and enter the content in
the Content field.

Custom Enter the content in the Custom Content field and select
an option from the Refresh Rate list.

Embedded URL 1. Select an address from the URL list and enter the
address in the URL field.
2. Select an option from the Refresh Rate list.

Chapter 3: Global iViews 35

 RSA Archer GRC Platform Workspaces and Dashboards

iView Type Action

Links List 1. Make selections from the Layout and Column

Display lists in the Options section.
2. If you selected Simple List from the Layout list, from
the Available Links list in the Configuration section,
select the links that you want to display in the iView.
To add a custom URL, select an address from the URL
list, enter the address in the URL field and click Add.
3. If you selected Descriptive Links from the Layout list,
click Add New in the Configuration section. From the
Link list in the Links dialog box, select a link and
enter a name for the link in the Name field. Select a
primary graphic and action and click OK.

Report 1. From the Available Reports list, select the report or

reports that you want displayed in the iView.
2. To determine the selection order of the reports in the
iView, highlight the report title and use the
arrows to arrange the reports in the preferred order.

Note: The first report listed is the report that is

initially displayed to the user.

3. For each report that you want to allow horizontal

scrolling, select Enable Scrolling.
When this option is selected, the contents of the report
extends beyond the width of the iView and a
horizontal scroll bar is displayed below the iView for
scrolling through the contents.

36 Chapter 3: Global iViews

 RSA Archer GRC Platform Workspaces and Dashboards

iView Type Action

Quick Search 1. Make a selection from the Column Display list.

2. To display the description in the iView, select Embed
the iView description in the iView.
3. To add a search button, click Add in the Search
Button field, locate the graphic in the Graphic Selector
dialog box and click OK.
4. To define the applications for the search, click Add
New in the Applications section. From the
Application Name list, select the application that you
want to associate the iView to. Make selections from
the Visibility and Defaulted Behavior lists.

RSS Feed 1. Select an address from the URL list and enter the URL
address in the URL field.
2. From the Feed Elements control, select the display
options that you want. From the Articles Displayed
list, select the number of articles that you want
displayed.
3. From the Refresh Rate list, select how often you want
the feed refreshed.
4. From the Authentication list, select your
authentication preferences. From the Days Displayed
list, select the number of days to display the feed.

Video In the Embedded Video HTML field, enter the embedded

HTML or the URL.

3. Click Apply.

Next Steps
Attach Documentation to a Global iView

Attach Documentation to a Global iView

Complete this task to attach documentation to a global iView or download current
files in the Documentation section.
For an overview of the complete configuration process, see Managing Global
iViews.

Before You Begin

Create a Global iView

Chapter 3: Global iViews 37

 RSA Archer GRC Platform Workspaces and Dashboards

Procedure
1. Select the iView that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.
d. In the Name column, click the iView.
2. To attach documentation to the iView:
a. In the Documentation section, click Add New.
The File Upload dialog box is displayed.
b. Click Add New and select the file that you want to upload.
c. Click OK.
3. To download attached documentation to the global iView:
a. In the Name column in the Documentation section, click the filename that
you want to download.
b. In the File Download dialog box, click Save.
c. Select the location where you want to save the document and click Save.
4. Click Apply.

Next Steps
Assign Access Rights to a Global iView

Assign Access Rights to a Global iView

Complete this task to assign access rights for an iView. You can make the global
iView public or private and assign access based on group, user, role, or solution.
For an overview of the complete configuration process, see Managing Global
iViews.

Before You Begin

Create a Global iView

Procedure
1. Select the iView that you want to modify:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.
d. In the Name column, click the iView.

38 Chapter 3: Global iViews

 RSA Archer GRC Platform Workspaces and Dashboards

2. Click the Access tab.

3. Select from the following Display options:
l Public. Allow all users in the system access to this iView.
l Private. Allow only specific users and groups access to this iView.
4. If you selected Private, assign or revoke access rights for the global iView
according to the following options:
l Group. In the Available list, expand the Group node and select the groups
whose members should have access to the iView.
l User. In the Available list, expand the User node and select the users who
should have access to the iView.
l Role. In the Available list, expand the Role node and select the roles with
assigned users that you want to assign iView access rights.
l Solution. In the Available list, expand the Solution node and select the
solutions with users that you want to assign iView access rights.
5. To revoke access rights from a group, solution, role, or user, click in the
Selected list.
6. Click Save.

Next Steps
Select iViews to Display on a Dashboard

Delete a Global iView

Complete this task to delete an iView from the system. This permanently purges the
dashboard from the database. You must have administrator access to delete global
iViews.

Note: If you delete an iView, it cannot be recovered.

Procedure
1. Navigate to the Manage Global iViews page:
a. Click the Administration workspace.
b. In the Navigation Menu, click Workspaces and Dashboards.
c. Click Manage Global iViews.

2. In the Actions column, click .

3. Click OK in the warning dialog box.

Chapter 3: Global iViews 39