Use the Mass Edit Security Assignment Tool
Use the Mass Edit Security Assignment tool to modify the security settings for any number of records at once. You can perform these security mass-edits only on records for which you're authorized as owner.
There's one special case: If you're assigned the Risk Administrator job role, you can act as the owner of every record in your system, even those for which you haven't been directly selected as owner. Because that feature makes the role very powerful, it should be assigned to few users.
Broadly, the procedure for security mass edits involves selecting the records you want to update, and then defining how security should change for those records. But an access or transaction control may generate thousands of incidents. To accommodate such large numbers, you use either of two specialized procedures to select records as you mass-edit incident security. More on these in a minute.
Other records for which you can mass-edit security assignments include models and advanced controls; processes, risks, controls, issues, remediation plans, assessments, and surveys; and role-certification projects. You can also update the owners, editors, or viewers selected for user-assignment groups, or update their membership. Here's how:
-
Navigate to Risk Management > Risk Management Data Security. Select the Mass Edit Security Assignment tab.
-
In a Select Object field, select an object to update security for records of that object. A list of object records appears.
-
Optionally, filter the list of object records. Click Show Filters, and enter filtering parameters in the Filters panel. Then click Search.
You may want to apply certain filters regularly to discover records whose security needs updating: If you selected the User Group Membership object, you can filter for groups with ineligible members or with no members. If you selected any other object, you can filter for records with users or groups that are ineligible for an authorization you specify, for instance processes with owners who are no longer eligible. Or you can filter for records missing eligible users or groups for an authorization, for example advanced controls with no editors.
-
Optionally, review existing assignments for records in your list. If you selected the User Group Membership object, select a Group Members link for each group to view its current membership. Or if you selected any other object, click a Security Assignment link for each record to view its current security assignments.
-
Select the checkboxes for records whose security authorizations you want to reassign. Or click a Select All checkbox. If you filtered the list of records, the Select All option applies only to the records returned by your filter.
-
Click the Edit button.
-
Enter values in a Define Security Assignment Goals panel. Then click Continue.
-
In a What Assignment Type Do You Want to Update field, select Group Assignment or User Assignment.
-
In a What Action Do You Want to Perform field, select Append to add users or groups to records, Remove to remove them from records, or Replace to substitute one user or group for another in records. Subsequent options depend on the selection you make here.
-
-
If you selected the User Assignment and Append options in step 7, a Define Security Assignment Authorizations panel becomes active. Make selections, then click Continue.
-
Select Owner, Editor, or Viewer in a What Authorization Do You Want to Update list field. This is required.
-
Depending on the object you selected, checkboxes representing object-specific authorizations may also appear. Optionally select among them.
If you made any other combination of selections in step 7, the Define Security Assignment Authorizations panel doesn't apply and so disappears from view.
-
-
In a final "Identify" panel, your options depend on previous selections.
-
If you chose to append or remove users or groups, select checkboxes representing any number of users or groups to be added or removed. You can filter the list of users or groups; use the Show Filters option to enter filtering parameters. Again, if you filter and click the Select All checkbox, it applies only to the users or groups returned by your filter.
-
If you chose to replace a user or group, search for and select a single user or group you want to replace, and a single user or group you want to replace it with.
-
-
Click the Submit button.
If you're mass-editing security for access or transaction incidents, one option is to use the preceding procedure with adaptations:
- As you complete step 2, select Access Incident or Transaction Incident in the Select Object field. An Advanced Control Name field appears. In it, search for a control; you'll be updating security for the incidents it has generated. (For any other type of object, this field doesn't apply, and so doesn't appear.)
- As you complete step 5, the list of incidents includes a maximum of 500 records, but the control may have generated more. The page notifies you of the total number of incidents. You can select from the initial list or a filtered list. You may instead click the Select All checkbox to update security for the total number of incident records, not just the 500 on display.
A second option is to select incidents for mass-edit. For complete details, see the Mass-Edit Incidents topic and, in particular, its "Select Incidents from the Results Page" section. But in summary:
-
Start from either the Controls page in the Advanced Controls work area or the Results by Control Summary page in the Results work area. In the record of a control, click its Results Count value.
-
A Results page lists incidents generated by the control you selected. Filter the list to include only those you want to edit. Then click a Mass Edit button.
-
In a Mass Edit page, select a Mass Edit Security radio button.
-
That takes you to the Mass Edit Security Assignment tool. The incidents you want to update are already selected, so all that's left is to define how you want to update them. To do that, complete steps 7 through 10 of the preceding procedure.