and more in a single search tool across platforms. Read the announcement here. |
03/14/2024 08:30 AM
Hi,
I have 2 Mitigation Controls, One Mitigation Control is for Ruleset1 and other Mitigation Control is for Ruleset2.
MC1 -> Ruleset1 -> Owner1
MC2 -> Ruleset2 -> Owner2
Owner2 is able is view both MC1 and MC2. Is there any configuration that needs to be done to restrict the owner2 from viewing owner1?
The concern is owner2 is seeing details and also has the ability to edit the Mitigation control that he does not know what that mitigation control is and also edit the pre mitigation association which is more concerning.
Thanks,
Deepa.S
03/14/2024 08:45 PM
Where it is visible under SOD tab or request Approval ?
03/18/2024 07:47 AM
User with SAV Role ROLE_SOD_OWNER is able to view all the mitigation controls.
When it comes to Ruleset, Risks, the user can view only the objects for which they are the owner, expecting the same behavior with Mitigation Control too.
Thanks,
Deepa.S
03/18/2024 09:13 PM
Mitigation controls are not filtered based on owner , Please raise idea ticket for enhancement.
Validated in v24.2
04/22/2024 12:02 PM
Any idea how are mitigation controls approached if it is not filtered based on owner in the industry? What are the best practices to implement?
What is recommended workflow for Mitigation Control?
Thanks,
Deepa.S
04/22/2024 03:08 PM
You can provide view access using analytics report