GRCM 7.8 User With Admin Role Can Add Test Result In Mgmt Assessment Without Permissions

(Doc ID 1450207.1)

Last updated on MAY 07, 2012

Applies to:

Oracle Governance, Risk and Compliance Manager - Version 7.8 and later
Information in this document applies to any platform.

Symptoms

The ADMIN user has access to adding Assessment Results to the Controls and Risks. Here are the steps:

1. Ensured the ADMIN is NOT added to any workflow sections from the e100server.config file from the readme file in patchset 11.

2. Login to the GRCM as ICAdmin and create a new Business Process

     a. Set the Owner as Contributor1

     b. Under Management Assessment set the Reviewer as Reviewer1

     c. Add an Assertion, Risk, and Control

     d. Approve until Released

3. Login as a user that has the Admin Role 'GRCMAdmin' and Initiate Assessment

     a. Click 'Initiate Assessment > OK

     b. Assessment Type: Operational, Test Period: 2012 Q4, Due Date: 3/31/2011, Reviewer: Reviewer1

     c. Next, Next, Next, Next, Finish d. Click 'Start Assessment' > Message > ok

4. In the Management Assessment Test the functionality as GRCMAdmin

     a. The 'Edit' button is NOT available

     b. The Admin user can click on the 'Assess' button for both Control and Risk

     c. The Process table also has the 'Assess' button available if everything is assessed

     d. The 'Edit' button is NOT available, so the Admin user can not Complete Assessment

The problem is the Admin user has 'Assess' permission to the Controls and Risks. It is being requested the Admin user not have the permission to assess any business objects.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms