- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-21-2018 01:34 AM
Hi,
What is the role required to access attestation results for a control?
sn_compliance.admin doesnt let user to view attestation result.
Thanks.
Solved! Go to Solution.
- Labels:
-
Policy and Compliance Management
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2018 12:56 PM
Hi Balaji,
When you are on the attestation type , eg: GRC Attestation there is a role field on the attestation type. The user with that role mentioned on the specific attestation type should be able to assess the respective attestation. By default it's sn_compliance.user as far as i remember.
Thanks,
Ashik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-29-2018 01:16 PM
Just for the clarity.
If you provide sn_compliance.attestation_creator to all the users, they can also edit the attestations right ?
you requirement is just to make the attestation available (view) via the control ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2018 03:17 AM
You're absolutely correct, Ashik.
Among the OOB roles, sn_compliance.user suits control owner. But the issue, is control couldn't view any of the attestations and not move the state forward to review/monitor with sn_compliance.user role.
And if sn_compliance.manager role is assigned to control owner, it lets access to other controls, creating new profile, profile types.
Is there a median role where control owner's role is restricted to the control assigned to?
Thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-05-2018 01:29 PM
Hi Balaji,
sn_compliance.user will attest the control via the attestation and hence the control state will automatically move from attest -> review once the attestation is submitted. Based on the attestation result, it also sets the status of the control. hence sn_compliance.user doesn't see the ui action to push it to review on the control form
BR,
Ashik
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-08-2018 08:27 PM
Thanks for the response, Ashik.
As you rightly said, assigning sn_compliance.attestation_creator isn't the right solution for the control owner to view the attestation responses. Because it even lets the control owner to delete the attestation responses.
What is the right role/way to let control owner view the attestation response and not let him delete the attesation response?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-10-2018 12:56 PM
Hi Balaji,
When you are on the attestation type , eg: GRC Attestation there is a role field on the attestation type. The user with that role mentioned on the specific attestation type should be able to assess the respective attestation. By default it's sn_compliance.user as far as i remember.
Thanks,
Ashik