1. Using Advanced Controls
  2. Review Incidents Generated by a Control

Review Incidents Generated by a Control

The Results page for a control displays a grid in which each row represents an incident the control has generated. By default, the page displays pending incidents (those at the In Investigation state), but if you have rights to view incidents at other states, you can search for them.

Apart from those discussed below, columns are self-explanatory. You may find that some columns you want to see are hidden by default. Click View > Columns to select the columns appropriate for your purposes. If the results include date values, you can select a Display Time Stamp option to show time values with the dates.

Review Transaction Incidents

Each transaction incident is the record of a transaction that violates the control. However, a single violation may generate multiple incidents. For example, a control that detects duplicate invoices would generate an incident for each of the duplicated invoices.

Default columns include Result ID, Status, Group, Grouping Value, result attributes selected for the model from which the control was deployed, and any derived attributes.

  • Result ID is an identifying value that serves as a link to pages where you can view or edit the incident. As an alternative, you can select the row for an incident, then click Edit to go directly to the edit page for the incident.
  • Group and Grouping Value display information that varies:
    • A filter may use the Equals condition to set an attribute of a business object equal to itself. For each incident generated by that control, the Group field reports the business object and attribute. The Grouping Value field reports the common value of this attribute.
    • A filter may find transactions with similar values for a specified attribute. For each incident generated by that control, the Group field displays the word "Similar" and the specified attribute. The Grouping Value field displays the value of that attribute.
    • A function filter may calculate a value for a specified attribute across a group of transactions. For each incident generated by that control, the Group field identifies the function and the specified attribute. The Grouping Value field displays the calculated value.
  • Incident Information displays the value of the first attribute among those selected to characterize the suspect transaction. It's not available by default, but you can select it for display.

Review Access Incidents

Each access incident consists of information about the path through which a user is assigned one of the access points involved in a conflict. Typically, a single access conflict involves multiple incidents, presenting information about multiple assignments that the control defines as conflicting.

Default columns include Global User, User First Name, User Last Name, Role, Access Entitlement, Access Point, Incident Information, Conflicting Roles, Group, Investigator, Comments, and Attachments. Rows are sorted by global user.

  • Access Point identifies an access point that the control defines as inherently risky or conflicting with other access points. Its assignment to an individual user is the focus of the result record.
  • Incident Information reports the path to that focal access point. However, there are actually two incident-information columns:
    • The Incident Information column is included by default in access-control results, and it uses display names to identify roles in the path. But display names may not be unique.
    • Incident Information Codes uses role codes to identify roles in the path, and every role code is unique. Although this column isn't included among the results by default, you can select it for display.
  • Global User, User First Name, and User Last name identify the person assigned the Incident Information access point.
  • Access Entitlement identifies the entitlement (if any) that's named in the control and includes the Incident Information access point.
  • Group identifies one or more access points that the control defines as conflicting with the Incident Information access point.
  • Role identifies the role that grants the user access to the Incident Information access point.
  • Conflicting Roles identifies roles that grant the user access to the Group access points.
  • Data Source identifies the data source in which the Incident Information path exists.
  • Result ID isn't available by default, but you can select it for display. If you do, it serves as a link to pages where you can view or edit the incident. As an alternative, you can select the row for an incident, then click Edit to go directly to the edit page for the incident.

For access controls, it's sometimes true that the assignment of a single role grants rights to the access points a control defines as conflicting. You can filter the incidents generated by an access control to display only those conflicts. Click the Conflicts within a single role check box.

Related Topics