Skip to content

Reviewing Fiori What If Analysis Results

To view results, go to the What If Analysis page by selecting What If Analysis NEW from the left navigation.

A table lists the analyses, including:

  • ID – What If Analysis identification number.
  • Status – Pending, completed, faulted.
  • User(s) – Usernames included in the simulation. For long lists, select to see all usernames.
  • % Mitigated – Percentage of identified risks that are currently mitigated, along with the number mitigated out of the total number of risks. “Added by” indicates that the risks were added by the What If simulation. “Existed before” indicates that the risks already existed prior to adding in the What If conditions.
  • Rulebook – Rulebook used to run the simulation.
  • Completion Date – Date the simulation was completed.
  • Created Date – Date the simulation was created.
  • Created By – Email of the user who created the simulation.

For columns with a Filter icon , select the icon to filter that column. Use Clear Filters at the top right to clear all filters from your view.

Reviewing Simulation Results at the Risk Level

When you locate your analysis in the Risk Analysis tab, select the View icon next to it to examine the simulation results on the What If Result – Risk Level page. This shows a listing of the risks produced by the simulation. Each row represents a single risk for a single user.

The Risk Level table includes:

  • Simulation Impact – Impact of the proposed changes, rated as Removed Risk, Existing Risk (unchanged by the proposed modifications), Existing Risk with Changes (if there are fewer or more permissions with the proposed modifications), or New Risk (this is the first time the risk was identified).
  • Username – The username associated with the risk; this field is blank for a new user simulation.
  • Full Name – The full name associated with the account.
  • Rulebook – Name of the rulebook applied to the simulation.
  • Risk Code – Risk’s identifying code.
  • Risk Name – Name of the risk.
  • Risk Rating – Severity of the risk to the business.
  • Mitigation Status – Status of existing mitigations.
  • Mitigations – Mitigations that have been applied to the risk.
  • Business Process – Process impacted by the risk.
  • Business Functions – Code indicating the impacted business functions.
  • Permission Hits Count – Number of permissions impacted by the proposed changes.
    • Added By counts the number of new permissions that would contribute to the risk.
    • Existed Before counts the number of permissions that the user already had contributing to the risk before the proposed changes.
    • Removed After counts the number of permissions that would be eliminated by the proposed changes.

From the Risk Level page, you can view additional details for any identified risk by selecting the View icon in the Action column.

Applying Mitigations

You can apply mitigations to a risk on the What If Result – Risk Level page. If mitigations are available, the Actions dropdown in the risk’s row will be enabled.

  1. In the Action column, select Actions dropdown > Apply Mitigation.
  2. In the Mitigations Available window, find a mitigation and select Actions dropdown > View Mitigation Details or Actions dropdown > Apply Mitigation.
  3. If you selected View Mitigation Details, review the details on the Mitigating Controls – Maintenance page.
  4. If you selected Apply Mitigation, add a comment in the Mitigation Note field. Optionally, you can set a date for the mitigation to expire. Select Submit.

Reviewing Risk Permission Details

The What If Result – Detail Level page shows entitlement and permission level details specific to the selected risk that either surfaced due to proposed changes, or existed prior to the simulation.

What If result detail page shows a table of completed simulations

This analysis includes the following data:

  • Change Type - Identifies whether permissions are being added, removed, or were preexisting, which is identified as NoChange.
  • Business Function Code - Code indicating the impacted business functions.
  • Business Function Name - Name of the impacted business function.
  • Permission Group - This is the logical grouping of permissions. For SAP, these are generally transaction codes. They may also be Fiori apps. Groupings can be customized in your rulebook.
  • Auth Object - The SAP authorization object.
  • Field - The field of the SAP authorization object.
  • SAP Value From - The authorization FROM field value as assigned in SAP.
  • SAP Value To - The authorization TO field value as assigned in SAP.
  • Risk Value From - The authorization FROM field value as defined in the rulebook.
  • Risk Value To - The authorization TO field value as defined in the rulebook.

  • Role Name - Name of the role responsible for the permission risk line.

    Note

    If Parent Role is blank, this role is directly assigned to the user. If Parent Role is not blank, this role is inherited by the user from the composite parent.

  • Profile Name – Name of the profile responsible for the permission risk line.

    Note

    If role name is blank, this profile is directly assigned to the user, otherwise the profile name is inherited from the role.

  • Is Derived - Boolean indicating whether or not the role is derived from a master role.

  • Parent Role - The parent role assigned to the user.

    Note

    Parent role is blank for permissions assigned from a single role or assigned directly from a profile.

Select the Filter icon to filter the columns. Select Clear Filters at the top right to clear all filters from your view.

Select Request Details at the upper right to see the details about the request properties and generation. These include:

  • What If Request ID
  • What If Created Time
  • Extract ID
  • Extract Created Date
  • Analysis ID
  • Rulebook ID
  • Rulebook Name
  • Number of existing user conflicts
  • Number of new user conflicts
  • Number of removed conflicts
  • User ID
  • Listing of Roles Added or Removed

To return to the What If Analysis list from the Risk Level view, select the Back button at the upper right.

Note

Using the Back button above the table will retain any filters applied to the prior grid, while using the browser's back button will not.

Rerunning a What If Analysis

In the Actions dropdown for each analysis row on the What If Analysis page, as well as in the Actions dropdown above the What If Result – Risk Level and the What If Result – Detail Level page, there are two options for rerunning a What If analysis:

  • Rerun with changes – Displays a New Simulation window that is prepopulated with the same parameters as the analysis that was selected. You can adjust your parameters and run a new analysis.
  • Rerun without changes – Runs a new analysis with the same parameters.

For either option, any mitigations you have updated are included when you rerun the simulation.

Documentation Feedback

Feedback is provided as an informational resource only and does not form part of SailPoint’s official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.