Hi,
In our business scenario we have defined various Critical Action Risks and SOD based risks.
In access request Risk Violations tab, Permission Level is ticked by default. So when an approver receives a request for a role which has these risks, SOD based risks are highlighted to them and he cannot proceed without mitigating them.
However If I uncheck the "Permission Level" and "Critical Action" and select "Critical Permission" check box and run Risk Analysis again, all the risks are gone because we don't use Critical Permission Risks. At this point approver is able to approve the access request, even though there are Permission Level/Critical Action level violations present in the request.
Is this behavior correct? My understanding is that approver should not be able to approve as long as there's a risk present without mitigating it.
I couldn't find any configuration parameter to prevent the request from approval in such case.
We have already set following parameters:
1. 1072 = YES (Mitigation of critical risk required before approving the request)
2. MSMP Workflow Stage Task Settings has Configuration Paramater, 'Approve Despite Risks' as unchecked
Please advise.