Skip to content

Importing or Updating Mitigating Controls

Add or update mitigating control data to Access Risk Management by importing it via a spreadsheet.

  1. Go to Risks > Mitigating Controls.
  2. If you need to add mitigating controls for the first time, download the Excel template. Select Import, then Download Template.
  3. If you need to update or add to the mitigating controls that are already in your system, download them in a spreadsheet by selecting Export.

  4. Update the spreadsheet and save your changes.

    Caution

    Importing mitigating controls performs a full overwrite of all existing mitigating controls, control owners, and mappings. Make sure that all entries are present in your spreadsheet or they will be deleted.

    • In the provided Excel template, each column has an explanation of what information belongs there. Select a cell to view the explanation.

    • Any field that requires an enumerated value has data validation. Dropdowns will only allow you to select a permissible value.

    • For each control, you can specify a Valid From and a Valid To date; this allows you to control when a control should take effect and when it should expire. Valid To dates are required, but Valid From dates are optional. When there is no Valid From date, the control takes effect the day it is added.

    Note

    No users will be mitigated for controls with a Valid From date in the future until that date is reached. No users will be mitigated for controls with a Valid To date in the past.

    • You can create a control that is not activated by setting the Is Enabled value to FALSE. No users will be mitigated until Is Enabled is set to TRUE.

    • Control to risk mapping and risk to user mapping is combined on the Mappings sheet. You need to repeat the Control Code, Rulebook Name, and the Risk Code for each mapping rule that you create.

    • Once you add a single mapping rule for a given control and risk, then the system will automatically create the relationship between the control and the risk when it’s imported.
    • On the Mappings tab, you can only select a control that has already been entered on the first tab.
    • The Rulebook Name must be entered exactly as it appears in the Access Risk Management UI.
    • The Risk Code must exist in the specified rulebook.
    • The Type column determines whether the mapping rule will be applied to all users or specific users.
    • The System Name must be entered exactly as it appears in the Access Risk Management UI.
    • For mapping rules of Type ‘All Users,’ you may either specify a single system in the System Name column to restrict the mapping to only that system, or, if you leave the System Name column blank, the mapping will apply to all of your systems governed by Access Risk Management.
    • For mapping rules of Type ‘All Users,’ you must leave the Attribute and Value columns blank.
    • For mapping rules of Type ‘Specific Users,’ you must specify the Attribute value as ‘ERP_SYSTEM_USER_ID’ at this time. Additional Attribute values may be supported in future releases.
    • The Value column should only be populated for mapping rules of Type ‘Specific Users’ and must exactly match the username of the user to be mitigated from the specified ERP system.
    • Control Owners is a separate tab in the spreadsheet. You may set more than one user to be the Primary owner, but you must set at least one. Any user specified here must exist in the Access Risk Management application.
    • Specifying a Valid To value on the Mappings tab causes the mapping rule to expire after the specified date.

  5. Select Risks > Mitigating Controls to return to the Mitigating Controls – Maintenance page and select Import.

  6. Use Select Files to add your saved .xlsx file.
  7. Select Upload.

Note

There may be a gap of up to 30 minutes between the time you upload the spreadsheet and the Mitigations Report being updated with the new data.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.